[Question(s)] Direction/coordinates in packets

10/27/2012 00:57 Freszone#1

Hi!
Not sure if this is the right section, but I'll post this here anyway :)
I've been working past few days on my private server "bot" (at first I'll just do aimbot and some other stuff, maybe expanding it later. Doing this mainly for learning purposes).
So far I've managed to set up received and sent packet logging, modifying and blocking.
Now I'm trying to figure out how the coordinates used for instance in fb/ss action packets (packet type 1022) are calculated.
I would really appreciate any help, been looking for this for quite a while now without any progress :o
For me they don't make any sense, other than that they are related to the point where you click ( if you don't move your mouse or if you click the same area of the screen later, you get roughly the same values. However you also get roughly the same values in some other spots too... :D And I'm pretty sure that they aren't degrees since I get the same value in different directions)
And yeah, the packet structure is the one of 5095 (5100 in Korvacs's awesome packet wiki, thanks a lot to him) client but I think they are quite the same in other patches too :)

10/27/2012 01:47 pro4never#2

Sounds to me like you're not decrypting the packet. Skill packets have a separate layer of encryption (iirc it's a XOR of your character ID + some other tweaks) applied to the skill id, skill level and skill x/y.

If decrypted properly, the X/Y are literally what coord you right clicked on.

Look at a private server source, or existing bot example for examples of handling it and you should be just fine.]

<edit>

Here's encrypt/decrypt code thanks to devnull (sadly not on my comp so assembla was all I had access to :D

Spoiler

10/27/2012 02:44 Freszone#3

Thanks for reply :)
After searching a bit I found the encryption for this packet (and maybe some other too).
Since my bot is memory based I haven't had to decrypt/encrypt any packets yet , but now I found it easier to make a decrypt/encrypt function for this.
Also managed to "crack" that last value in 1022 packet which seemed quite random to me.
So far this has been really good practice for me in C++, asm and reversing :)
And it also feels good when you've tracked some thing for perhaps even hours and then you see get how it's done :D
And btw got to give some credit to you, watched your videos when I started this "project" and learned at least a few new things from them :)

10/28/2012 19:18 pro4never#4

Hey not a problem. It's always nice coming across people on here actually willing to put in the time to get things to work. It gets rather disheartening listening to people ask to be spoon fed 24/7 so you win a gold star xD

Keep up the work. I'm sure we'll see plenty of awesome stuff from you if you stick with it.

10/29/2012 22:48 Freszone#5

Okay, just a little update how my project is doing now :)
So, after like 5 hours of try and error I managed to get all the needed encryptions/decryptions reversed.
Seems like they were a bit modified from the original, found some dead beefs and stuff from there :D
But anyway, it hardly ever misses your target unless you have some lag or he/she walks ( just got the last damn encryptions done so now I can concentrate on stuff like updating coords from walk packets and making a speedhack ).
For some reason I can't manage to get my own injector/launcher working on my own pc ( probably something to do with build settings in Visual Studio?)...
And yeah, atm I have no user interface and I've done all the debugging with DebugView :D
I made a logging class that could interact with a UI through sockets but it seems that since the connect function is hooked by the original launcher/anti-bot I can't get it working :|
But maybe UI isn't that important for now :)