This thread is now deprecated, please refer to: [Only registered and activated users can see links. Click Here To Register...] for updates
Thanks you very much, DaxterSoul.
---------------------------------------------------------------------------
Sorry for posting here, but SRO Coding corner it's totally dead, that is why I have to post it here.
I am working with Mr. Florian0 trying to spoof packets from AgentServer to Gameserver. So far, we are able to make Gameserver start listening on a different port, so we can then bind the original port with an analyzer and redirect it to the new port.
With it, we can tap into the communication between AgentServer and Gameserver, but this concept applies to any other module in Silkroad that receives its certification from another module (ehem, all of 'em).
Now, there are two big issues to attend:
1) The code is working, but messy, so, to organize it and make it easier we must refactorate it. But the "hard part" it's completed already, which was tricking the modules to bind another port
2) The second issue it's the packet parsing which I don't know if it is either malfunctioning or the packets from AS to GS are somethimes huge and repetitives.
It says VSRO, but it can be applied to any silkroad files
Due the fact that it modifies cert packet A003 on the fly to change the desired ports
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
Please, your help is needed since this is a whole new approach, we don't know yet what can we accomplish with this, but based on logic, we can be able to make the Gameserver do desired work's without needing to do a lot of ASM.
---------- UPDATE ------------
So far, I've encountered that data parsed is not accurate when packet is encrypted, this is due the fact that handshake is not being properly placed. Apparently AS sends handshake_response to gameserver as first communication, but, never challenge setup. Maybe challenge setup was sent by farm manager in first place? but I really don't know, please, check it out.
---------- UPDATE 2 (06/20/2016) --------------
System now parses the packet properly, also, a new communication system has been implemented (thank you, Drew Benton)
[Only registered and activated users can see links. Click Here To Register...]
--------- UPDATE 3 (06/20/2016) ---------------
As a proof of concept, I am showing how can remotely move another char, thanks to the hook between AS and GS we are able to make another char do desired stuff.
[Only registered and activated users can see links. Click Here To Register...]
ERRORS!!!!
Encrypted packets are not working, anyone can help with that?
HINT: in order for the proper decryption of encrypted packets, the system MUST be able to handle the whole handshake process, the problem is, we need to keep it dynamic, so the system can work with any module, so work has to be done to fix that... for now, only unencrypted packets, please, help!.
Thanks you very much, DaxterSoul.
---------------------------------------------------------------------------
Sorry for posting here, but SRO Coding corner it's totally dead, that is why I have to post it here.
I am working with Mr. Florian0 trying to spoof packets from AgentServer to Gameserver. So far, we are able to make Gameserver start listening on a different port, so we can then bind the original port with an analyzer and redirect it to the new port.
With it, we can tap into the communication between AgentServer and Gameserver, but this concept applies to any other module in Silkroad that receives its certification from another module (ehem, all of 'em).
Now, there are two big issues to attend:
1) The code is working, but messy, so, to organize it and make it easier we must refactorate it. But the "hard part" it's completed already, which was tricking the modules to bind another port
2) The second issue it's the packet parsing which I don't know if it is either malfunctioning or the packets from AS to GS are somethimes huge and repetitives.
It says VSRO, but it can be applied to any silkroad files
Due the fact that it modifies cert packet A003 on the fly to change the desired ports
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
Please, your help is needed since this is a whole new approach, we don't know yet what can we accomplish with this, but based on logic, we can be able to make the Gameserver do desired work's without needing to do a lot of ASM.
---------- UPDATE ------------
So far, I've encountered that data parsed is not accurate when packet is encrypted, this is due the fact that handshake is not being properly placed. Apparently AS sends handshake_response to gameserver as first communication, but, never challenge setup. Maybe challenge setup was sent by farm manager in first place? but I really don't know, please, check it out.
---------- UPDATE 2 (06/20/2016) --------------
System now parses the packet properly, also, a new communication system has been implemented (thank you, Drew Benton)
[Only registered and activated users can see links. Click Here To Register...]
--------- UPDATE 3 (06/20/2016) ---------------
As a proof of concept, I am showing how can remotely move another char, thanks to the hook between AS and GS we are able to make another char do desired stuff.
[Only registered and activated users can see links. Click Here To Register...]
ERRORS!!!!
Encrypted packets are not working, anyone can help with that?
HINT: in order for the proper decryption of encrypted packets, the system MUST be able to handle the whole handshake process, the problem is, we need to keep it dynamic, so the system can work with any module, so work has to be done to fix that... for now, only unencrypted packets, please, help!.
