[Question]Sniffing and encrypting Packets?

Hello,

I'm trying to sniff the packets between my client and the server (Official CO),
First of all i want to know, is using Wireshark is a good idea to sniff?

so one of the packets i sniffed is i guess the jump packet sent from my client:
[Only registered and activated users can see links. Click Here To Register...]

as i understand that the 2 first bytes are for size,
but when converting the hex values, i get big integers, which im pretty sure is not the size of the packet(duhh cuz the packets are encrypted, but worth a try ...)

so ...
I read in some posts, that CO uses 4 keys and the Blowfish algorithm,
and correct me if im wrong:
the first 2 keys are sent to the client (i dont know when?),
then the other 2 keys are calculated later (using the first 2 keys i guess?)

so my question,
where are these 2 keys are sent to the client??
and can i capture them and use them later??

Thank you.

Almost every public source contains an implementation of the encryption algorithm TQ uses. And they have been using Blowfish for as long as i can remember up until Cast 5 was added.

So if i were you i would download one of them, Set it up and debug it to understand what the f is going on.

However i can't answer any if your questions for tow reasons.
1- The fact that your asking such questions tells me that you are totally unfamiliar with Cast/Blowfish algorithms.
2- Any answer that i will provide will be followed by WTF???

Good luck.

Quote:

Originally Posted by { Angelius } Almost every public source contains an implementation of the encryption algorithm TQ uses. And they have been using Blowfish for as long as i can remember up until Cast 5 was added. So if i were you i would download one of them, Set it up and debug it to understand what the f is going on. However i can't answer any if your questions for tow reasons. 1- The fact that your asking such questions tells me that you are totally unfamiliar with Cast/Blowfish algorithms. 2- Any answer that i will provide will be followed by WTF??? Good luck.

Yea, i read some code, and they mentioned a EncryptionKey like ProxyParadise was using "C238xs65pjy7HU9Q"
Is it the same key till now? (it like from 2011 so i dont think so)
my question is how can i get that EncryptionKey myself?

Quote:

Originally Posted by yassine_hell Yea, i read some code, and they mentioned a EncryptionKey like ProxyParadise was using "C238xs65pjy7HU9Q" Is it the same key till now? (it like from 2011 so i dont think so) my question is how can i get that EncryptionKey myself?

Reverse engineering the client.

Quote:

Originally Posted by yassine_hell Yea, i read some code, and they mentioned a EncryptionKey like ProxyParadise was using "C238xs65pjy7HU9Q" Is it the same key till now? (it like from 2011 so i dont think so) my question is how can i get that EncryptionKey myself?

[Only registered and activated users can see links. Click Here To Register...]

Quote:

Originally Posted by Super Aids [Only registered and activated users can see links. Click Here To Register...]

O_O ... BUT .. BUT ....
Thank you ....

Quote:

Originally Posted by yassine_hell O_O ... BUT .. BUT .... Thank you ....

But what?

Quote:

Originally Posted by Super Aids But what?

So simple ... didn't except that at all ...
some ppl here are just making it seem HARD

Quote:

Originally Posted by yassine_hell So simple ... didn't except that at all ... some ppl here are just making it seem HARD

Well, that's not reverse engineering. That's just opening an executable in notepad and showing constant strings that have ASCII/CP1252 encoding. Private servers have a tendency to change the location and format of that string, which can complicate things just a little bit.

Quote:

Originally Posted by Spirited Well, that's not reverse engineering. That's just opening an executable in notepad and showing constant strings that have ASCII/CP1252 encoding. Private servers have a tendency to change the location and format of that string, which can complicate things just a little bit.

Yea, i know, i mean the finding of that key,
another thing i read in that executable, is AES, 0.o what are they using it for, packets still enrypted using Blowfish right?

Quote:

Originally Posted by yassine_hell Yea, i know, i mean the finding of that key, another thing i read in that executable, is AES, 0.o what are they using it for, packets still enrypted using Blowfish right?

If I'm not mistaking, it might be for Server.dat. The client has the ability to decrypt the file, but not encrypt it (so don't get any ideas).

Conquer has used multiple different encryptions and currently uses a few. I don't know the exact ones they use right now since I am not up to date, but I assume their "custom" auth encryption, RC5 (password right?) and CAST5 atm. Might be wrong, but yah.

Quote:

Originally Posted by Spirited If I'm not mistaking, it might be for Server.dat. The client has the ability to decrypt the file, but not encrypt it (so don't get any ideas).

If you can reverse the decryption, you can make the encryption.

Quote:

Originally Posted by Spirited If I'm not mistaking, it might be for Server.dat. The client has the ability to decrypt the file, but not encrypt it (so don't get any ideas).

RSA is used to encrypt the server.dat file. AES is probably residual code from linking OpenSSL.

Quote:

Originally Posted by Super Aids Conquer has used multiple different encryptions and currently uses a few. I don't know the exact ones they use right now since I am not up to date, but I assume their "custom" auth encryption, RC5 (password right?) and CAST5 atm. Might be wrong, but yah. If you can reverse the decryption, you can make the encryption.

RC5 is still used for the password encryption ? I though they added a custom one at some point. Anyway, TQ used commonly RC5, Blowfish & CAST5.

True for most algorithms, false for RSA. You can reverse the algorithm, but, you need the private key for encrypting the file. It is not available and only the public key (used to decrypt the file) is in the executable. You can always generate a new private-public keys pair, and update the executable.

I have no idea if RC5 is still used, like I said I am not up to date. I haven't touched Conquer past monks.