How To find/figure out the String Offsets in Protocol Packet after Converting?

12/22/2017 12:08 moudixblack#1
after the 3D Edition or 3.0 of Co version whatever

there are many packets have been proto now such as
2500
10014
10010
10017
1004
1110

i can get the uint offets and its okay with meh

but like packet 2500 its gonna be a shit of 00(zeros)00 bec after converting or shifting whatever with these

PHP Code:
  public static uint[] Read7BitEncodedInt(byte[] buffer)
        {
            List<uintptr2 = new List<uint>();

            for (int i 0buffer.Length; )
            {
                if (<= buffer.Length)
                {
                    int tmp buffer[i++];

                    if (tmp == 0)
                        while (true)
                        {
                            if (buffer.Length) break;
                            tmp buffer[i++];
                            if (tmp 128)
                            {
                                ptr2.Add((uint)tmp);
                                break;
                            }
                            else
                            {
                                int result tmp 0x7f;
                                if ((tmp buffer[i++]) < 128)
                                {
                                    result |= tmp << 7;
                                    ptr2.Add((uint)result);
                                    break;
                                }
                                else
                                {
                                    result |= (tmp 0x7f) << 7;
                                    if ((tmp buffer[i++]) < 128)
                                    {
                                        result |= tmp << 14;
                                        ptr2.Add((uint)result);
                                        break;
                                    }
                                    else
                                    {
                                        result |= (tmp 0x7f) << 14;
                                        if ((tmp buffer[i++]) < 128)
                                        {
                                            result |= tmp << 21;
                                            ptr2.Add((uint)result);
                                            break;
                                        }
                                        else
                                        {
                                            result |= (tmp 0x7f) << 21;
                                            result |= (tmp buffer[i++]) << 28;
                                            ptr2.Add((uint)result);
                                            break;
                                        }
                                    }
                                }
                            }
                        }
                }
                else break;
            }
            return ptr2.ToArray(); 
i just need a hint or a link can explain that part:rtfm: coz with my searching for it im always finding for the files not for the packets/sniffers i mean

i hope anyone can help me with that xD
12/22/2017 16:25 Spirited#2
It's not the "3D Edition" of Conquer. It's a zero. Not a D. A zero. 3.0. And you can guess packet structures, you can log packet structure and analyze them (more guessing), or you can reverse engineer the client (requires a lot of knowledge of assembly language and disassembly techniques).
12/22/2017 17:31 moudixblack#3
Quote:
Originally Posted by Spirited View Post
It's not the "3D Edition" of Conquer. It's a zero. Not a D. A zero. 3.0. And you can guess packet structures, you can log packet structure and analyze them (more guessing), or you can reverse engineer the client (requires a lot of knowledge of assembly language and disassembly techniques).
first thanks for your answer <3 im appreciate that

ik that is why i said 3.0 client xD they did nth

and i know its about guessing in the packets im good with it but the problem is

before converting to normal

i can see the strings but there offsets its likely not the right one

im talking after converting the packets shifted the results with uints buffer with the code that i typed

but im just talking about that packet for example 2500
it has alot of string of server names and co made it proto

after converting everything string turns to zeros

that why i was asking there is a way to convert to uints and strings ?

or
strings only xD ?

bec im not good enough with reversing tools as assembly lang or the others like it

would you please just tell me a hint about with packets? im not asking about to give me codes coz its gonna waste your time

to shift it for uint

i should select 7 offsets and shit them and a check with max length 127

but what about strings ? that is the part i want to know that is all

and here is some example from my proxy

Before

[Only registered and activated users can see links. Click Here To Register...]

After

[Only registered and activated users can see links. Click Here To Register...]
12/23/2017 10:09 Ultimation#4
Quote:
Originally Posted by moudixblack View Post
first thanks for your answer <3 im appreciate that

ik that is why i said 3.0 client xD they did nth

and i know its about guessing in the packets im good with it but the problem is

before converting to normal

i can see the strings but there offsets its likely not the right one

im talking after converting the packets shifted the results with uints buffer with the code that i typed

but im just talking about that packet for example 2500
it has alot of string of server names and co made it proto

after converting everything string turns to zeros

that why i was asking there is a way to convert to uints and strings ?

or
strings only xD ?

bec im not good enough with reversing tools as assembly lang or the others like it

would you please just tell me a hint about with packets? im not asking about to give me codes coz its gonna waste your time

to shift it for uint

i should select 7 offsets and shit them and a check with max length 127

but what about strings ? that is the part i want to know that is all

and here is some example from my proxy

Before

[Only registered and activated users can see links. Click Here To Register...]

After

[Only registered and activated users can see links. Click Here To Register...]

what a fucking mess...
Code:
public static uint[] Read7BitEncodedInt(byte[] buffer) 
        { 
            List<uint> ptr2 = new List<uint>(); 

            for (int i = 0; i < buffer.Length; ) 
            { 
                if (i + 2 <= buffer.Length) 
                { 
                    int tmp = buffer[i++]; 

                    if (tmp % 8 == 0) 
                        while (true) 
                        { 
                            if (i + 1 > buffer.Length) break; 
                            tmp = buffer[i++]; 
                            if (tmp < 128) 
                            { 
                                ptr2.Add((uint)tmp); 
                                break; 
                            } 
                            else 
                            { 
                                int result = tmp & 0x7f; 
                                if ((tmp = buffer[i++]) < 128) 
                                { 
                                    result |= tmp << 7; 
                                    ptr2.Add((uint)result); 
                                    break; 
                                } 
                                else 
                                { 
                                    result |= (tmp & 0x7f) << 7; 
                                    if ((tmp = buffer[i++]) < 128) 
                                    { 
                                        result |= tmp << 14; 
                                        ptr2.Add((uint)result); 
                                        break; 
                                    } 
                                    else 
                                    { 
                                        result |= (tmp & 0x7f) << 14; 
                                        if ((tmp = buffer[i++]) < 128) 
                                        { 
                                            result |= tmp << 21; 
                                            ptr2.Add((uint)result); 
                                            break; 
                                        } 
                                        else 
                                        { 
                                            result |= (tmp & 0x7f) << 21; 
                                            result |= (tmp = buffer[i++]) << 28; 
                                            ptr2.Add((uint)result); 
                                            break; 
                                        } 
                                    } 
                                } 
                            } 
                        } 
                } 
                else break; 
            } 
            return ptr2.ToArray();


Just do the opposite of the following function.. clean and simple

Code:
static byte[] Encode7Bits(int x)  
        {  
            List<Byte> Result = new List<byte>();  
            do 
            {  
                int tmp = x & 0x7f;  
                x = x >> 7;  
                if (x > 0)  
                    tmp |= 0x80;  
                Result.Add((byte)tmp);  
            } while (x > 0);  
            return Result.ToArray();  
        }
12/23/2017 13:42 moudixblack#5
Quote:
Originally Posted by Ultimation View Post
what a fucking mess...
Code:
public static uint[] Read7BitEncodedInt(byte[] buffer) 
        { 
            List<uint> ptr2 = new List<uint>(); 

            for (int i = 0; i < buffer.Length; ) 
            { 
                if (i + 2 <= buffer.Length) 
                { 
                    int tmp = buffer[i++]; 

                    if (tmp % 8 == 0) 
                        while (true) 
                        { 
                            if (i + 1 > buffer.Length) break; 
                            tmp = buffer[i++]; 
                            if (tmp < 128) 
                            { 
                                ptr2.Add((uint)tmp); 
                                break; 
                            } 
                            else 
                            { 
                                int result = tmp & 0x7f; 
                                if ((tmp = buffer[i++]) < 128) 
                                { 
                                    result |= tmp << 7; 
                                    ptr2.Add((uint)result); 
                                    break; 
                                } 
                                else 
                                { 
                                    result |= (tmp & 0x7f) << 7; 
                                    if ((tmp = buffer[i++]) < 128) 
                                    { 
                                        result |= tmp << 14; 
                                        ptr2.Add((uint)result); 
                                        break; 
                                    } 
                                    else 
                                    { 
                                        result |= (tmp & 0x7f) << 14; 
                                        if ((tmp = buffer[i++]) < 128) 
                                        { 
                                            result |= tmp << 21; 
                                            ptr2.Add((uint)result); 
                                            break; 
                                        } 
                                        else 
                                        { 
                                            result |= (tmp & 0x7f) << 21; 
                                            result |= (tmp = buffer[i++]) << 28; 
                                            ptr2.Add((uint)result); 
                                            break; 
                                        } 
                                    } 
                                } 
                            } 
                        } 
                } 
                else break; 
            } 
            return ptr2.ToArray();


Just do the opposite of the following function.. clean and simple

Code:
static byte[] Encode7Bits(int x)  
        {  
            List<Byte> Result = new List<byte>();  
            do 
            {  
                int tmp = x & 0x7f;  
                x = x >> 7;  
                if (x > 0)  
                    tmp |= 0x80;  
                Result.Add((byte)tmp);  
            } while (x > 0);  
            return Result.ToArray();  
        }


hey bro thanks for your answer too

but there is one problem that you didnt get it

im talking about the strings in converted packet

i wanna realize how the string in the converted packet appearing

bec in unconverted packet its gives a false info

i mean a false offsets of the strings
i want to know to a hint of how to convert it like that function that i typed

however your codes its okay bro

but it will convert to the int

and im just talking about strings from proto to normal xD

according to my function its decrypting the protocol buffer to normal one with uints only and its working fine

i just dont know what should i use in a new function to decrypt to normal one with strings
got me now xD ?

Anyway thanks for everyone who tryed to help me <3 i got the missing part if anyone got the same problem so you should read this

[Only registered and activated users can see links. Click Here To Register...]

and thanks to spirited and ultimation <3

#Closed
12/25/2017 13:01 Ultimation#6
you could setup a protobuf transaction object, i believe there is already code on github for this, though i can't remember what it is called, protobuf.net or something... and once you have removed the header data from the packet you can just parse it into the transaction object and it should deserialise correctly.