Rappelz packets

01/03/2014 02:48 Rift2552#1
Hey i found the function to encrypt packets and send them to server in rappel ph. Made a dll that calls the function, and anyway it worked, it encrypted the packet for me and sent it to the server.

Its a bit complicated though the function address keeps changing everytime rappelz loads and the function also requires the base address to an array of address's for the fuctions rappelz use.

In middle of writing code to pattern match the code to for the function and the base address list. Hopefully code will still be the same in us version. Anyone with a gg bypass want to team up and see if we can make a packet sender for rappelz us version?
01/05/2014 16:49 gr4ph0s#2
Yes you can do it GG don't affect it but you have to be carefull because if GG server don't have an answerd from the client you are disconnected.

The only one way to bypass GG is to have a sframe with GG and an other sframe without GG and send all data from GG to the sframe with GG ;)
01/05/2014 23:35 TheBrain_#3
Quote:
Originally Posted by Rift2552 View Post
Its a bit complicated though the function address keeps changing everytime rappelz loads and the function also requires the base address to an array of address's for the fuctions rappelz use.
the function adress keeps changing becouse you havent 'freezed' the process on special set-points on startup. ( search for packet id {4......M(J@80....a!} ) and freeze it on that point and tell it to null the first 16bytes(out of 32).

That should prevent it from changing.

another method is to send a packet directed at sframe (using the handler acception IO_PACKET), and attach it to the handler of your GG.dll file.

When you send this MAKE SURE you send it in this pattern:

-Convert tekst to bytes
-Make an byte-array of the bytes we catched earlier
-Encrypt byte-array with: Captainherlock(packet_key) to rc4
-Convert rc4 to 3 blocks, and make the 2nd block SHA-1 encrypted.
-Encrypt the 3th block with RSA standard(packet_key)
-Convert the 1st block with the 3th block to hex and cast it as a ''stream'' before sending.

Hope this helps you out :), if you want u can pm me and ask my Skype i can send you the packets that sframe sends.