Full Attack Decode

Page 1 of 2

01/21/2015 14:03 AhmedZero#1

Hello,
That's Full Attack Decode

PHP Code:


			
public class AttackDecode

    {

        public static void PacketArray(byte[] Packet)

        {

            ushort Length = BitConverter.ToUInt16(Packet, 0);

            ushort Type = BitConverter.ToUInt16(Packet, 2);

            int Time1 = BitConverter.ToInt32(Packet, 4);

            int Time2 = BitConverter.ToInt32(Packet, 8);

            ushort SpellID = BitConverter.ToUInt16(Packet, 28);

            ushort ResponeDamage = BitConverter.ToUInt16(Packet, 30);

            uint Attacker = BitConverter.ToUInt32(Packet, 12);

            uint Attacked = BitConverter.ToUInt32(Packet, 16);

            ushort X = BitConverter.ToUInt16(Packet, 20);

            ushort Y = BitConverter.ToUInt16(Packet, 22);

            ushort AttackType = BitConverter.ToUInt16(Packet, 24);            

            //X,Y Decryption

            Y = (ushort)(Y ^ Attacker ^ 0xB99B);

            Y = (ushort)(RotateLeftushort(Y, 5) + 0x76DE);

            X = (ushort)(X ^ Attacker ^ 0x2ED6);

            X = (ushort)(RotateLeftushort(X, 1) - 0x22EE);

            //SpellID

            SpellID = (ushort)(X ^ Attacker ^ 0x915D);

            SpellID = (ushort)(RotateLeftushort(SpellID, 3) + 0x14BE);

            //TargetUID

            Attacked = (RotateRightuint(Attacked, 13) ^ 0x5F2D2463 ^ Attacker) - 0x746F4AE6;

            //ResponeDamage

            if ((int)SpellID >= 1000

      && ((int)SpellID <= 1002 || SpellID == 1030 || SpellID == 1125 || SpellID == 1150 || SpellID == 1160 || SpellID == 1165))

                ResponeDamage ^= (ushort)0x6279u;

           ResponeDamage  = (ResponeDamage ^ 0x3721) - (ushort)((Time2 & 0xFF) << 8);



        }

        public static uint RotateLeftuint(this uint value, int count)

        {

            return (value << count) | (value >> (32 - count));

        }



        public static uint RotateRightuint(this uint value, int count)

        {

            return (value >> count) | (value << (32 - count));

        }

        public static ushort RotateLeftushort(this ushort value, short count)

        {

            return (ushort)(((value << count) | (value >> (16 - count))) & 0xFFFF);

        }



        public static ushort RotateRightushort(this ushort value, short count)

        {

            return (ushort)(((value >> count) | (value << (16 - count))) & 0xFFFF);

        }

    }

im dont test it yet thanks :D .

01/21/2015 14:07 Best Coder 2014#2

This has been public knowledge for like 5 years, maybe more, I believe ... :confused:

01/21/2015 14:14 AhmedZero#3

the decrypt of Response Damage not available in old Attack Decode.

01/21/2015 14:17 Thorev#4

Well his other thread MsgTick (1012) had me going '10 years ago..' so now it's only 5 years ago. Progress sir, progress.

01/21/2015 14:20 AhmedZero#5

Give me old thread of Packet MSGTick 1012 have the same encryption system.

01/21/2015 14:28 Thorev#6

Pretty sure there is no old thread since nobody felt it was necessary to post it LOL

01/21/2015 14:36 AhmedZero#7

i know it's lol but i post it if anyone need it and when i search information about that packet, i found that information.
the packet it's not too bad.

Quote:

Originally Posted by CptSky

The MsgTick (1012) packet is used by TQ to disconnect people with bad connection. It is probably the best solution to ping the client.

i release that thread for learning i get Decode by using Debugger.
and i want know if the Code is work or not?

01/21/2015 18:42 Thorev#8

The people who know enough, know the stuff that you post.
The people who don't know anything aren't going to bother reading or trying to understand what code you posted. Those are the people that go; 'plssss i ned source downlaod link ok ty bb'.

That pretty much sums up this community.

01/21/2015 20:53 pro4never#9

Yahhh... just re-stating.

This is in every public source and has been for YEARS. If anyone had any need to understand how to process interaction packets, the most logical first step would to be see how other sources do it.

Boom, 100+ examples of it already written in every style you could hope to see.

Redux for example which is years old and even when I wrote that... I just copied the code out of a source that was old even at that time.

Code:

        private static void EncodeMagicAttack(InteractPacket* packet)
        {
            if (packet->isEncoded)
                return;
            packet->isEncoded = true;
            packet->MagicType = (ushort)(Common.ExchangeShortBits(packet->MagicType - (uint)0x14be, 3) ^ packet->UID ^ 0x915d);
            packet->Target = Common.ExchangeLongBits(((packet->Target - 0x8b90b51a) ^ packet->UID ^ 0x5f2d2463), 32 - 13);
            packet->X = (ushort)(Common.ExchangeShortBits(packet->X - (uint)0xdd12, 1) ^ packet->UID ^ 0x2ed6);
            packet->Y = (ushort)(Common.ExchangeShortBits((packet->Y - (uint)0x76de), 5) ^ packet->UID ^ 0xb99b);
            packet->MagicLevel = (ushort)((packet->MagicLevel + 0x100 * (packet->Timestamp % 0x100)) ^ 0x3721);
        }

        private static void DecodeMagicAttack(InteractPacket* packet)
        {
            if (packet->isDecoded)
                return;
            packet->isDecoded = true;
            packet->MagicType = (ushort)(0xFFFF & (Common.ExchangeShortBits((packet->MagicType ^ packet->UID ^ 0x915d), 16 - 3) + 0x14be));
            packet->MagicLevel = (ushort)(((byte)packet->MagicLevel) ^ 0x21);
            packet->Target = (Common.ExchangeLongBits(packet->Target, 13) ^ packet->UID ^ 0x5f2d2463) + 0x8b90b51a;
            packet->X = (ushort)(0xFFFF & (Common.ExchangeShortBits((packet->X ^ packet->UID ^ 0x2ed6), 16 - 1) + 0xdd12));
            packet->Y = (ushort)(0xFFFF & (Common.ExchangeShortBits((packet->Y ^ packet->UID ^ 0xb99b), 16 - 5) + 0x76de));
        }

Code:

        public static uint ExchangeShortBits(uint data, int bits)
        {
            data &= 0xffff;
            return ((data >> bits) | (data << (16 - bits))) & 0xffff;
        }

        public static uint ExchangeLongBits(uint data, int bits)
        {
            return (data >> bits) | (data << (32 - bits));
        }

01/21/2015 21:03 Best Coder 2014#10

Quote:

Originally Posted by pro4never

Yahhh... just re-stating.

This is in every public source and has been for YEARS. If anyone had any need to understand how to process interaction packets, the most logical first step would to be see how other sources do it.

Boom, 100+ examples of it already written in every style you could hope to see.

It's even in the leaked EO source as well, if I remember correctly.

01/21/2015 22:12 AhmedZero#11

pro4never,
im just training my self of using IDA Pro.
and i want to know if the code is Correct or not?
thanks for your replying.

01/21/2015 23:34 ImmuneOne#12

Could you break down the information for me? I'm a bit slow when it comes to understanding things like this.

01/22/2015 00:55 lostsolder05#13

[Only registered and activated users can see links. Click Here To Register...]

01/22/2015 15:02 _DreadNought_#14

Quote:

Originally Posted by AhmedZero

pro4never,
im just training my self of using IDA Pro.
and i want to know if the code is Correct or not?
thanks for your replying.

why can't you just test it yourself?

01/22/2015 15:21 AhmedZero#15

because im not professional and i want to see the opinions about that.

Page 1 of 2