Packet Encryption Guide

There needs to be more interest in bot making for EO, so I may aswell describe how to decrypt the packets, doesn't look like anyone else has. I look forward to seeing some bots in the making. Ask any questions if you need to.

The packet encryption method is almost the same as Conquer, except new encryption keys and a slightly altered method. You can find the CO encryption guide [Only registered and activated users can see links. Click Here To Register...], or in [Only registered and activated users can see links. Click Here To Register...]

The first noticeble difference is the encryption keys. The new ones are

Second, is the first packet received. The CO guide shows how it is on Eudemons. If you ignore the quote from Ultima about the packet being 32 bytes instead of 28, it'll be fine. When the CO guide was written, it was as Eudemons is now. They added 4 bytes to the packet to include the port number, but not in Eudemons.

Next, is creating the 3rd and 4th key. The method is a little different.

The final change is the decryption of the packages. In CO, there were 2 xors with the keys, and then you would invert the result (a nybble swap), then Xor by 0xAB. In EO, you simply xor with the keys and discard the nybble swap and xor 0xAB, so it simply looks like

#pinned

There needs to be more interest in bot making for EO, so I may aswell describe how to decrypt the packets, doesn't look like anyone else has. I look forward to seeing some bots in the making. Ask any questions if you need to.

The packet encryption method is almost the same as Conquer, except new encryption keys and a slightly altered method. You can find the CO encryption guide here, or in german

The first noticeble difference is the encryption keys. The new ones are

CODE
uint8_t FullKey1[256] = {
0x1F,0xCA,0x29,0xAC,0x03,0x1E,0x2D,0xA0,0x27,0xB2, 0x71,0xD4,0x8B,0x86,0xF5,0x48,
0x2F,0x9A,0xB9,0xFC,0x13,0xEE,0xBD,0xF0,0x37,0x82, 0x01,0x24,0x9B,0x56,0x85,0x98,
0x3F,0x6A,0x49,0x4C,0x23,0xBE,0x4D,0x40,0x47,0x52, 0x91,0x74,0xAB,0x26,0x15,0xE8,
0x4F,0x3A,0xD9,0x9C,0x33,0x8E,0xDD,0x90,0x57,0x22, 0x21,0xC4,0xBB,0xF6,0xA5,0x38,
0x5F,0x0A,0x69,0xEC,0x43,0x5E,0x6D,0xE0,0x67,0xF2, 0xB1,0x14,0xCB,0xC6,0x35,0x88,
0x6F,0xDA,0xF9,0x3C,0x53,0x2E,0xFD,0x30,0x77,0xC2, 0x41,0x64,0xDB,0x96,0xC5,0xD8,
0x7F,0xAA,0x89,0x8C,0x63,0xFE,0x8D,0x80,0x87,0x92, 0xD1,0xB4,0xEB,0x66,0x55,0x28,
0x8F,0x7A,0x19,0xDC,0x73,0xCE,0x1D,0xD0,0x97,0x62, 0x61,0x04,0xFB,0x36,0xE5,0x78,
0x9F,0x4A,0xA9,0x2C,0x83,0x9E,0xAD,0x20,0xA7,0x32, 0xF1,0x54,0x0B,0x06,0x75,0xC8,
0xAF,0x1A,0x39,0x7C,0x93,0x6E,0x3D,0x70,0xB7,0x02, 0x81,0xA4,0x1B,0xD6,0x05,0x18,
0xBF,0xEA,0xC9,0xCC,0xA3,0x3E,0xCD,0xC0,0xC7,0xD2, 0x11,0xF4,0x2B,0xA6,0x95,0x68,
0xCF,0xBA,0x59,0x1C,0xB3,0x0E,0x5D,0x10,0xD7,0xA2, 0xA1,0x44,0x3B,0x76,0x25,0xB8,
0xDF,0x8A,0xE9,0x6C,0xC3,0xDE,0xED,0x60,0xE7,0x72, 0x31,0x94,0x4B,0x46,0xB5,0x08,
0xEF,0x5A,0x79,0xBC,0xD3,0xAE,0x7D,0xB0,0xF7,0x42, 0xC1,0xE4,0x5B,0x16,0x45,0x58,
0xFF,0x2A,0x09,0x0C,0xE3,0x7E,0x0D,0x00,0x07,0x12, 0x51,0x34,0x6B,0xE6,0xD5,0xA8,
0x0F,0xFA,0x99,0x5C,0xF3,0x4E,0x9D,0x50,0x17,0xE2, 0xE1,0x84,0x7B,0xB6,0x65,0xF8
};

uint8_t FullKey2[256] = {
0x3F,0x50,0x95,0x8A,0x23,0xFC,0x49,0x86,0x67,0x08, 0xDD,0x62,0x0B,0x74,0x51,0x1E,
0x0F,0x40,0xA5,0xBA,0x73,0x6C,0xD9,0x36,0x37,0xF8, 0xED,0x92,0x5B,0xE4,0xE1,0xCE,
0xDF,0x30,0xB5,0xEA,0xC3,0xDC,0x69,0xE6,0x07,0xE8, 0xFD,0xC2,0xAB,0x54,0x71,0x7E,
0xAF,0x20,0xC5,0x1A,0x13,0x4C,0xF9,0x96,0xD7,0xD8, 0x0D,0xF2,0xFB,0xC4,0x01,0x2E,
0x7F,0x10,0xD5,0x4A,0x63,0xBC,0x89,0x46,0xA7,0xC8, 0x1D,0x22,0x4B,0x34,0x91,0xDE,
0x4F,0x00,0xE5,0x7A,0xB3,0x2C,0x19,0xF6,0x77,0xB8, 0x2D,0x52,0x9B,0xA4,0x21,0x8E,
0x1F,0xF0,0xF5,0xAA,0x03,0x9C,0xA9,0xA6,0x47,0xA8, 0x3D,0x82,0xEB,0x14,0xB1,0x3E,
0xEF,0xE0,0x05,0xDA,0x53,0x0C,0x39,0x56,0x17,0x98, 0x4D,0xB2,0x3B,0x84,0x41,0xEE,
0xBF,0xD0,0x15,0x0A,0xA3,0x7C,0xC9,0x06,0xE7,0x88, 0x5D,0xE2,0x8B,0xF4,0xD1,0x9E,
0x8F,0xC0,0x25,0x3A,0xF3,0xEC,0x59,0xB6,0xB7,0x78, 0x6D,0x12,0xDB,0x64,0x61,0x4E,
0x5F,0xB0,0x35,0x6A,0x43,0x5C,0xE9,0x66,0x87,0x68, 0x7D,0x42,0x2B,0xD4,0xF1,0xFE,
0x2F,0xA0,0x45,0x9A,0x93,0xCC,0x79,0x16,0x57,0x58, 0x8D,0x72,0x7B,0x44,0x81,0xAE,
0xFF,0x90,0x55,0xCA,0xE3,0x3C,0x09,0xC6,0x27,0x48, 0x9D,0xA2,0xCB,0xB4,0x11,0x5E,
0xCF,0x80,0x65,0xFA,0x33,0xAC,0x99,0x76,0xF7,0x38, 0xAD,0xD2,0x1B,0x24,0xA1,0x0E,
0x9F,0x70,0x75,0x2A,0x83,0x1C,0x29,0x26,0xC7,0x28, 0xBD,0x02,0x6B,0x94,0x31,0xBE,
0x6F,0x60,0x85,0x5A,0xD3,0x8C,0xB9,0xD6,0x97,0x18, 0xCD,0x32,0xBB,0x04,0xC1,0x6E
};


Second, is the first packet received. The CO guide shows how it is on Eudemons. If you ignore the quote from Ultima about the packet being 32 bytes instead of 28, it'll be fine. When the CO guide was written, it was as Eudemons is now. They added 4 bytes to the packet to include the port number, but not in Eudemons.

Next, is creating the 3rd and 4th key. The method is a little different.

CODE
/*I use "AccountID" and "CryptoKey", where they were written as "key1" and "key2" in the CO guide.*/
uint32_t tmpkey1 = CryptoKey >> 0xB | CryptoKey << 0x15;
tmpkey1 += AccountID >> 0x7 | AccountID << 0x19;
tmpkey1 ^= 0x6279;
tmpkey1 ^= CryptoKey;
uint32_t tmpkey2 = (uint32_t)(tmpkey1 * tmpkey1);

for (i=0;i<256;i++) {
Key3[i] = Key1[i] ^ &tmpkey1[i%4];
Key4[i] = Key2[i] ^ &tmpkey2[i%4];
}


The final change is the decryption of the packages. In CO, there were 2 xors with the keys, and then you would invert the result (a nybble swap), then Xor by 0xAB. In EO, you simply xor with the keys and discard the nybble swap and xor 0xAB, so it simply looks like

CODE
if (ClientGamePacket && ToServer) packet[i] = packet[i] ^ Key3[Counter % 256] ^ Key4[Counter / 256];
else packet[i] = packet[i] ^ Key1[Counter % 256] ^ Key2[Counter / 256];
Counter++;
/*ClientGamePacket is just a bool that you set to true after you have sent the first packet to the game server. ToServer is a bool that is set true on packets sent from the client, false on any sent from the server.*/


RIIIIIIIIIIIIIIIIIIIIIIIIIGHT!!

Easy detail plz didnt under stand!!

it will take ages to get all packets decrypted and put into code...
but when all is collected.. there will be bots in the makings :)

there this called art ep...someone in this forum that his friend used the encryption packets(or whatever it is called)...he said that his friend used art ep in trading. This is what he said in the first message he put:

A friend of mine has managed to do a trade hack, he did it like this:
1)with art money he changed the quantity of ep he has, (this is just client side)
2)then he goes trade with someone, he puts trade 3000000
3)he edits the trading packets so instead of trading 3000000 it trades 0
4)he confirms
5)the other guys will see as if he was trading 3000000 ep, but hes trading 0.

The problem are packets, he didnt tell mw how to decrypt/encrypt them. I been trying for weeks but i cant get it. So we need help from CO guys who made programs that encrypt/decrypt packets, so rolleyes.gif , if anyone wants to help :P ...

cross-eyed.gif' border='0' alt='Help with packets plz cross-eyed.gif' />

Thanks
Vans

by:Vanz(Threadstarter in: Trade Hack)

Quote:

Originally posted by gzcloud@Nov 4 2006, 02:37 there this called art ep...someone in this forum that his friend used the encryption packets(or whatever it is called)...he said that his friend used art ep in trading. This is what he said in the first message he put: A friend of mine has managed to do a trade hack, he did it like this: 1)with art money he changed the quantity of ep he has, (this is just client side) 2)then he goes trade with someone, he puts trade 3000000 3)he edits the trading packets so instead of trading 3000000 it trades 0 4)he confirms 5)the other guys will see as if he was trading 3000000 ep, but hes trading 0. The problem are packets, he didnt tell mw how to decrypt/encrypt them. I been trying for weeks but i cant get it. So we need help from CO guys who made programs that encrypt/decrypt packets, so rolleyes.gif , if anyone wants to help :P ... cross-eyed.gif' border='0' alt='Help with packets plz cross-eyed.gif' /> Thanks Vans by:Vanz(Threadstarter in: Trade Hack)

it wont work that way..
still he sends a packet of trading 3000000 eps.. and it is sent to server.. not to the other user directy.. and when the package are recieved at the server it checks if you have that amount if not it will fail.. so your friend is eighter a lier.. or he has hacked the main database :)

still the art eps just shows on your computer.. not the targets computer..
even if he manage to encrypt and sent a packet saying trade 3000000 eps.. he still have to got that on his char :D

Quote:

Originally posted by nooneatall+Nov 15 2006, 15:00--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (nooneatall @ Nov 15 2006, 15:00)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin--gzcloud@Nov 4 2006, 02:37 there this called art ep...someone in this forum that his friend used the encryption packets(or whatever it is called)...he said that his friend used art ep in trading. This is what he said in the first message he put: A friend of mine has managed to do a trade hack, he did it like this: 1)with art money he changed the quantity of ep he has, (this is just client side) 2)then he goes trade with someone, he puts trade 3000000 3)he edits the trading packets so instead of trading 3000000 it trades 0 4)he confirms 5)the other guys will see as if he was trading 3000000 ep, but hes trading 0. The problem are packets, he didnt tell mw how to decrypt/encrypt them. I been trying for weeks but i cant get it. So we need help from CO guys who made programs that encrypt/decrypt packets, so rolleyes.gif , if anyone wants to help :P ... cross-eyed.gif' border='0' alt='Help with packets plz cross-eyed.gif' /> Thanks Vans by:Vanz(Threadstarter in: Trade Hack)

it wont work that way..
still he sends a packet of trading 3000000 eps.. and it is sent to server.. not to the other user directy.. and when the package are recieved at the server it checks if you have that amount if not it will fail.. so your friend is eighter a lier.. or he has hacked the main database :)

still the art eps just shows on your computer.. not the targets computer..
even if he manage to encrypt and sent a packet saying trade 3000000 eps.. he still have to got that on his char :D [/b][/quote]
It seems you haven't tried it =)

Hey Vanz, don't forget about your topic on "Trade Hack".....as you say that "It seems you haven't tried it = )", it seems that you already know...tell us and reply on the topic Trade Hack... :?

it will be nice if it will work that way that the victim will still get the eps or gold...because even you don't have eps, he will get it and he will not report it to Eudemons....

I think that, that idea is terrible. It would ruin the EuDemons economy. Having a decent working bot would be nice though.

Yeah, mostly because I doubt this encryption guide works or if those keys are still correct.

a good start would be having an interface to send data to EO like they did for anarchy online, they have a (php based) file that inplements basic function allowing to chat in the channels when this is done it will be quite easy to make bots
and that would not be a banning as i would be totaly harmless but constructive (org bots, market bot)

By "no noob questions", I meant, if you don't know what it does, or how to use it, stay out of this thread. This is for people who DO know how to use it, and may want to ask some questions related to the login procedure or something reasonable.

I'm not going to teach you how to use it. I could fill up this whole forum teaching you computer science. You could probably take a year on a comp science course at college and still not be able to. Asking how to use some code in a forum is never going to get you anywhere. If you ever want to program something or hack a game, you need to be able to use your own initiative and search, use google. A year on a comp science course can be tackled in a couple of months if you think for yourself. Tutors slow you down.

Now, I would appreciate it if our new mod will delete all the crappy replies in this thread, so that when someone comes to ask a reasonable question, they are not faced with spam. Thanks.

if a noob will ask you like me, then you ignore it. and anyway, im not asking anymore. the most important is that you already told them that.