20 00 1F 04 20 E2 08 01 7E 79 D2 27 39 34 2E 32 33 36 2E 30 2E 31 34 35 00 00 00 00 B8 16 00
Thanks for responding.Quote:
Example of the packet. I have no idea what its structure is though, sorry :)Code:20 00 1F 04 20 E2 08 01 7E 79 D2 27 39 34 2E 32 33 36 2E 30 2E 31 34 35 00 00 00 00 B8 16 00
I do, however, know that the first byte two bytes is the size, the 17th and 18th byte is the packet type (0x36), and byte 13 to 31 seem to be constant.
The easiest approach would be to hook/alter/breakpoint the SendPacket() and ReceivePacket() functions inside Conquer, before they get encrypted/decrypted and get the data from there.Quote:
So if you don't have it can I assume that it is truly as complicated as I've found to get?
And if so, how do other people have it?
Or, is there another method used to decrypt and understand the packets from TQ's server?
Very much appreciated! I know of and have the Blowfish encryption algorithm so that is no problem. I have no experience with hooking into .exe files so I'll read up on that.Quote:
I use a homemade debugger for it.
However, I believe Conquer uses Blowfish as encryption, I have no idea how that is encrypted/decrypted though, but there's probably plenty of guides around on the Internet.
You could just trace back from WS_32.Recv and WS_32.Send to find the function that decrypts/encrypts packets and then start tracing forward.
Good luck, whatever you decide to do.
/// <summary>
/// 0x41F (Server->Client)
/// </summary>
public unsafe struct AuthResponsePacket
{
public ushort Size;
public ushort Type;
public uint Key2;
public uint Key1;
private fixed sbyte szIPAddress[16];
public int Port;
}
Thank you for your response.Quote:
in response to the packet IAmHawtness posted,
Is my C# structure for it.Code:/// <summary> /// 0x41F (Server->Client) /// </summary> public unsafe struct AuthResponsePacket { public ushort Size; public ushort Type; public uint Key2; public uint Key1; private fixed sbyte szIPAddress[16]; public int Port; }
Basically, with every packet, you need to make assumptions what would be in it, so say my HP is 13452, and you believe this packet contains my HP, we convert that to hex 13452 -> 0x34BC and flip it "BC 34". Now look for "BC 34" in the dump of your packet, and if you find it, it is most likely the offset for HP. Repeat this action on another packet of the same type to confirm it.Quote:
Regarding encryption:
I assume I can just use the Blowfish encryption from andy's source. I would simply copy-paste the class and use the DLL. I like to understand what I use but for something like encryption I don't yet need to care about how it does what it does.
Regarding the structure:
After seeing your post I believe I'm asking the wrong question because I can decipher what the programming-language-structure of the packet is from private server sources. I'm not sure what I'm asking so I will try to explain with an example.
Example:
I want to code my private server to respond when the client requests to view someone's gear. I can decrypt the packets sent from TQ's server through a proxy but I don't understand the values I would see. I've read (and IAmHawtness confirmed) that the first 2 bytes of any packet hold the size and I have a formula to get the ID but no idea about the others. Maybe bytes 20-50 hold the Potency value of the gear. How do I figure that out?
P.S. I would really like to talk to someone on MSN about this.