[Discuss] Wolfteam Private Server Files - [Developers Only]

06/06/2021 07:47 XByteX#1

Hey guys.

I was playing around incomplete Wolfteam private server that has been released by b6ooy located at this link
[Only registered and activated users can see links. Click Here To Register...]

And I tried alot of clients like 2008 - 2015 - 2016 - 2017.

And by reversing Game Packets I found that all of these versions encrypting packets before sending it to the master server and it changes packets every time it send it.

And I found that the source doesn't have any decryption method to analyze received data, and when restaring the game, it sends another encrypted packets so the master server gets different id as it doesn't have any decrypted method that I explained before, so it can't continue its work and doesn't show the channel list due to wrong ids.

HTML Code:

short msgId = (short) ((header[1] & 0xff) + ((header[2] & 0xff)*0x100));

HTML Code:

in.readFully(recv_buffer, 0, dataSize);

[Only registered and activated users can see links. Click Here To Register...]

So the question is: does b6ooy was using another lower wolfteam client that sends a fixed packets to the server? Or he reversed the game and make the client sends a fixed packets instead of encrypted one?

09/10/2021 16:09 NosNight#2

This is the first time I've seen something like this xd. I'll try it right now and write it as a comment.

12/13/2021 09:03 warss78#3

Quote:

Originally Posted by NosNight

This is the first time I've seen something like this xd. I'll try it right now and write it as a comment.

do you have news

09/01/2023 17:00 Apolet#4

Wolf's wolf.xfs file contains the cshell.dll file.
Package names are specified in wt_server

I opened cshell.dll with ida pro, I found the string cs_br_chainlist_req, I examined the function and there is a function where they get time information
( v2=GetTickCount();
srand(v2);)
this helps to send different packets each time. When you fill the srand with nop, the first packet is now Generating by username but still sending encrypted packet

(apolet 541915213261023 200) fe605db8184cb68ae9d9ed564d6d9b59d1235c2eef9b1ed7

(user 452456482387 200)fe605db8184cb68a25293950850645e3dc10122252cc82 50
(user 452456482387 200)fe605db8184cb68a25293950850645e3dc10122252cc82 50

10/01/2023 11:58 lakuli#5

Tutorial setup pls ?

03/10/2024 18:25 Apolet#6

I apologize in advance for waking up the topic. bo6oy removed the encryption on the client, so this server was able to write the file up to here. I also removed the client->server encryption. Now I have solved part of the decryption algorithm in the client in the server->client process. I can process the packages, but there are still a few xor operations that I have forgotten. I need to find them and see what I can do.

05/04/2025 00:50 Axel34#7

Quote:

Originally Posted by Apolet

I apologize in advance for waking up the topic. bo6oy removed the encryption on the client, so this server was able to write the file up to here. I also removed the client->server encryption. Now I have solved part of the decryption algorithm in the client in the server->client process. I can process the packages, but there are still a few xor operations that I have forgotten. I need to find them and see what I can do.

vay apolet :D ReizSultanS ben xd