Packet decoding

08/12/2009 12:27 r3v3ng3r#1
Hi ! Today I just wrote a simple proxy in autoit for ksro, to sniff the packets , but yeah I knew it is encrypted.

This is an example first packet 0x2500005000000EF7360258FEDD153B370000009B000000A6 FF776C62225323D37E6C13555A852137DC3612

Where clearscrean told me 25 00 is the lenght 00 50 is opcode 00 00 is magic bytes and the 0EF7360258FEDD153B370000009B000000A6FF776C62225323 D37E6C13555A852137DC3612 is the handshake.

So my question now how to decode the next packets by knowing the handshake. If somebody could help me , or upload sr33 source I would be pleased.
08/12/2009 13:05 pushedx#2
I already have these uploaded on RS since I don't maintain my site:

[Only registered and activated users can see links. Click Here To Register...]

[Only registered and activated users can see links. Click Here To Register...] (sr33 replacement)

Everything you need is there for the packet protocol though. Good luck :)
08/12/2009 13:44 r3v3ng3r#3
thank you for the fast helpfull reply :) ^^

after I logged in to game , the client connects to 121.254.153.19 this ip addres, but i have my media.pk2 patched , both gwgt1.silkroadonline.co.kr and gwgt2.silkroadonline.co.kr . how can i patch my sro_client(?) not to connect that ip, connect 127.0.0.1
08/13/2009 16:01 soadmania#4
Quote:
Originally Posted by r3v3ng3r View Post
thank you for the fast helpfull reply :) ^^

after I logged in to game , the client connects to 121.254.153.19 this ip addres, but i have my media.pk2 patched , both gwgt1.silkroadonline.co.kr and gwgt2.silkroadonline.co.kr . how can i patch my sro_client(?) not to connect that ip, connect 127.0.0.1
edit your hosts lol =)

gwgt1.silkroadonline.co.kr 127.0.0.1
gwgt2.silkroadonline.co.kr 127.0.0.1
08/14/2009 10:57 r3v3ng3r#5
ohh yeah i made that but no , that didn't solve that cus they are login servers only , no game servers
08/15/2009 04:07 pushedx#6
Quote:
Originally Posted by r3v3ng3r View Post
thank you for the fast helpfull reply :) ^^

after I logged in to game , the client connects to 121.254.153.19 this ip addres, but i have my media.pk2 patched , both gwgt1.silkroadonline.co.kr and gwgt2.silkroadonline.co.kr . how can i patch my sro_client(?) not to connect that ip, connect 127.0.0.1
It's easier to just modify the packet itself when it's received from the server before the client process it. However, you would then need to make edx33 (or your own proxy) connect to that original IP. You'd also need your own hook DLL in that case since the edx33 was made for ISRO and that specific hook is hard coded for ISRO.

The design of sr33/edx33 was really Silkroad specific and now that I know a lot more than I did when I first wrote it, it's not a great design. I mean it's good, but not good enough for me. I've been working on replacements for them, but nothing is ready for release and probably won't be for some time. There are a lot of other issues to take care of with more powerful generic tools that I'm still considering.

It might be easier to just code your own tools in the mean time to work around those problems. The concept of a proxy is simple and I'm sure you can understand that part. The proxy hook for the client just needs Windows Detours (easiest way but you don't have to use it) and an injection method to get the DLL into a client. The last thing you need to do is patch the user security seed as detailed n the readme.