Help with cryptography

05/13/2012 22:04 konsowa#1

Hello ppl, so ive been learning general hacking methods for quite a decent while now, first i started out with small things such as memory hacks and then i started learning even more which led me to packet sniffing and that led me to the idea of fiddling around with conquer. Now that ive had a chance to play around with it i decided to hook the connect function of the game and i was successful at doing so, i also managed to get the client to connect to my socket first rather than connect to the TQ server and now that ive done so i kind of have my own little proxy kinda haha, a man in the middle, but now im stuck the packets that r going through r encrypted and i would like to know how i can decrypt them and is it necessary that i learn to use a debugger such as olly?

Thanks,
Konsowa

05/14/2012 02:00 Spirited#2

Quote:

Originally Posted by konsowa

Hello ppl, so ive been learning general hacking methods for quite a decent while now, first i started out with small things such as memory hacks and then i started learning even more which led me to packet sniffing and that led me to the idea of fiddling around with conquer. Now that ive had a chance to play around with it i decided to hook the connect function of the game and i was successful at doing so, i also managed to get the client to connect to my socket first rather than connect to the TQ server and now that ive done so i kind of have my own little proxy kinda haha, a man in the middle, but now im stuck the packets that r going through r encrypted and i would like to know how i can decrypt them and is it necessary that i learn to use a debugger such as olly?

Thanks,
Konsowa

Can you not hook the packet sniffer to before the packet gets encrypted?

05/14/2012 07:11 konsowa#3

I don't think so, well if it is possible then which function will I be hooking now?

05/14/2012 08:56 pro4never#4

If you're already hooking the client then simply hook the send and receive methods. The packets being processed are pre/post encryption at that point.

Look at hawtness' hooking framework for an example.

05/14/2012 09:24 konsowa#5

Oh ok ill try hooking them and ill see how things go from there ill tell u how I did when I get home coz now I'm at skool.

Thank you for the help!

Okay so i hooked the send and recv methods. So now i have the send function
int recv(
__in SOCKET s,
__out char *buf,
__in int len,
__in int flags
);

so what i understood from ur post is that what ever is in buf is not encrypted and that i shud be using the data inside buf and its encrypted in the send method. Please correct me if im wrong. If i was rite then how can i pass these packets to the proxy??

Note: I'm Detouring..

05/15/2012 19:25 konsowa#6

Still waiting for an answer..and how do i run conquer in C# without play.exe?

05/15/2012 21:00 denominator#7

You need to blacknull the exe from code, again as P4N rightly stated take a look at the hooking methods that IamHawtness posted.

05/15/2012 22:19 konsowa#8

Well, i tried doing that by using this line of code yet i got some kind of error from conquer
Process.Start(ConquerPath, "blacknull");

error: Game Data Set Init Failed.

i also tried removing the argument thinking it wud give me the "Please run Play.exe" messagebox yet i still got the same error

note: I did get a folder in my projects debug folder called debug and it contains a file, I attached it.

Any idea how i can solve this problem?

05/15/2012 22:24 IAmHawtness#9

Quote:

Originally Posted by konsowa

Well, i tried doing that by using this line of code yet i got some kind of error from conquer
Process.Start(ConquerPath, "blacknull");

error: Game Data Set Init Failed.

i also tried removing the argument thinking it wud give me the "Please run Play.exe" messagebox yet i still got the same error

note: I did get a folder in my projects debug folder called debug and it contains a file, I attached it.

Any idea how i can solve this problem?

Are you using the hooking framework? If not, you need to specify the working directory too.

05/15/2012 22:27 konsowa#10

Thanks bro it works now but im still a bit confused in terms of the packets are they really decrypted when i get them in my hooked recv?

05/16/2012 11:47 IAmHawtness#11

Quote:

Originally Posted by konsowa

Thanks bro it works now but im still a bit confused in terms of the packets are they really decrypted when i get them in my hooked recv?

If you hook recv function in ws2_32.dll, the packets are definitely not decrypted. You'd have to hook somewhere inside Conquer.exe after the packet has been decrypted.

You could look at my samples in the ".NET hooking library take two" thread to see how I do it if you need that