Does anyone know if in-game packets (like move or magic) are encrypted with blowfish only or if there is also a DHkeyexchange? Thanks.
Game packets blowfish only?
06/02/2010 11:18
princeofpain#1
06/02/2010 12:32
Warlax#2
there is a dhkey exchange to set up the blow fish, and also magic has an extra encryption
06/03/2010 09:59
Ian*#3
Only the game server connection packet is blowfish as far as i know.
Encrypted with blowfish, then uses a dh key exchange to pass the data to the server
Encrypted with blowfish, then uses a dh key exchange to pass the data to the server
06/03/2010 10:10
princeofpain#4
Hmm, so then what are the other packets like move or attack encrypted with?
06/03/2010 14:27
.Summer#5
blowfish is for 5018+
06/04/2010 01:51
Ian*#6
I'm pretty sure he knows that? Conquer's up to what? 5260 or something now?Quote:
blowfish is for 5018+
You're post was totally irrelevant.
Anyways... move/ attack aren't encrypted at all. Just send them straight threw.
Auth server is encrypted with RC5, the keys are public, if you can get a hold of a copy of qoproxy just use a java decompiler and check it out for the keys.
I believe there are spell packet encryption/ decryption algo's around somewhere.
Just use the search button, may not be any on this site however.
EDIT: and .Summer I can't believe you already have more posts than me and you just signed up this month! hahaha.
Fucking incredible.
06/04/2010 06:48
princeofpain#7
Thanks Ian, what about the incoming move/attack packets that the server sends to me. Are those encrypted or raw?
06/04/2010 08:44
Warlax#8
prince i think ur in way over ur head
06/04/2010 11:05
princeofpain#9
Haha thanks for the warning but I'm not giving up. I just want to be able to decrypt the packets being sent back and forth so I can figure out the packet structures.
Right now my packets don't have any consistent form at all... the first short doesn't give me the size and the next short doesn't give me the type. If move/attack packets aren't encrypted then why are my packets all structureless =[
Thanks for the help, everyone. Really appreciate it.
Right now my packets don't have any consistent form at all... the first short doesn't give me the size and the next short doesn't give me the type. If move/attack packets aren't encrypted then why are my packets all structureless =[
Thanks for the help, everyone. Really appreciate it.
06/04/2010 18:52
s.bat#10
After you have successfully decrypted an incoming packet. How are you forming those shorts? Conquer Online uses the Little Endian byte order. Most classes in Java only offer Big Endian.Quote:
The packets themselves are encrypted using the Blowfish encryption, but the data in those packets are not encrypted any further, AFAIK. However, after decrypting the magic packet, the spell type still needs to be decrypted further by use of another algorithm.
Could someone clear a few things up for me?
Doesn't TQ use a modified version of RC5 in order to cipher the passwords, and don't they use a cipher built in-house in order to encrypt and decrypt the (edit: AUTH) packets? I didn't think it was entirely RC5, or perhaps I misread Ian*'s post.
Thanks for your time.
06/04/2010 22:40
princeofpain#11
Thanks s.bat. This was the problem. I got everything worked out now.Quote:
06/06/2010 07:47
Ian*#12
Eh.. im logging packets i receive after decryption and packets i send are before encryption, so I couldn't be totally sure on the whole blowfish thing.
But yeah, they could be.
The packets should follow a structure pattern.
For example a General Data packet... 0x271A, it's used for lots of different things,
attacking, using portals, umm.. idk there are like 20 or more subtypes to just that one packet.
A lot of packet id's are used for the same things. just check for subtypes, remember that :)
But yeah, they could be.
The packets should follow a structure pattern.
For example a General Data packet... 0x271A, it's used for lots of different things,
attacking, using portals, umm.. idk there are like 20 or more subtypes to just that one packet.
A lot of packet id's are used for the same things. just check for subtypes, remember that :)
06/06/2010 15:43
Warlax#13
lol memory proxy ftw eh? :)Quote:
But yeah, they could be.
The packets should follow a structure pattern.
For example a General Data packet... 0x271A, it's used for lots of different things,
attacking, using portals, umm.. idk there are like 20 or more subtypes to just that one packet.
A lot of packet id's are used for the same things. just check for subtypes, remember that :)
06/06/2010 19:27
Ian*#14
Yeah. Way the hell easier to test shit out on, the constant logging in and out on a full proxy is irritating and not only is it a longer process to set up, but there's no benefits besides the possibility of going clientless.Quote:
I don't really even bot, I just like exploits and such :>