account authorization packet (1086)

09/22/2019 23:21 coolco#1
is ther any easy way to force the client to send another packet id isntead? im tring to get some short of protection, i know it can be done with dll injection but that is a bit far of my league xD so if it can be done with another easyer way please let me know
09/22/2019 23:29 iBotx#2
I guess the only was is to hook over SendMsg/ReceiveMsg or hook over the send and try to decrypt the packet, change ids and re-encrypt it but that'd be a stupid thing to do if you do the steps above would be much better. Rather than that I guess no.
09/23/2019 00:38 JaniQ#3
You can hook the function that creates the packet and create your own instead.
09/23/2019 12:47 teroareboss1#4
you can check Angelius bot project. he hook the CNetwork class.

[Only registered and activated users can see links. Click Here To Register...]

this for last version:

Code:
BYTE pattern[] = { 0x51,0x50,0xB9,0x00,0x00,0x00,0x00,0xE8,0x00,0x00,0x00,0x00,0x5E,0xC3,0x6A,0x04 };
bool wildcards[] = { 0,0,0,1,1,1,1,0,1,1,1,1,0,0,0,0 };
PBYTE  match = (PBYTE)Scan::FindMemoryPattern(pattern, wildcards, sizeof(wildcards));
match += 2;

   // PrintDebugHex("CNetworkmatch: ", (DWORD)match);

DWORD callDstInter;
ReadProcessMemory(GetCurrentProcess(), (LPVOID)(match +1), &callDstInter, sizeof(callDstInter), NULL);//match + 1 for call
NetwordAddress = callDstInter;
Code:
BYTE pattern[] = { 0x6A,0x0C,0xB8,0x00,0x00,0x00,0x00,0xE8,0x00,0x00,0x00,0x00,0x8B,0xF1,0x89,0x75,0xE8,0x33,0xDB,0x39,0x5E,0x18 };
bool wildcards[] = { 0,0,0,1,1,1,1,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0 };
PBYTE  match = (PBYTE)Scan::FindMemoryPattern(pattern, wildcards, sizeof(wildcards));
//PrintDebugHex("CNetworkSend: ", (DWORD)match);
SendPacketAddress = (DWORD)match;
Code:
static void SendToServer(const char* msg, int len)
{
	__asm
	{
	    push len
            PUSH DWORD PTR DS:[msg]
            MOV ECX, NetwordAddress
            CALL SendPacketAddress
	}
}
Special Thanks to Angelius .