Memory Address of Post Encrypted Send Packet

10/13/2010 13:29 xmen01235#1
Currently I am working on memory based proxy but I have a problem in finding the address of the pre-encrypted send packet data. I think i found out the address of the receive packet(from server), as per attached, but I'm not sure it that was really the address.

Anyone please help me how to locate the address of pre-encrypted send packet.

The title is misleading but I mean Post-decryption of receive packet buffer and pre-encryption of send packet buffer.
10/13/2010 16:23 gabrola#2
Well if you need post-encryption packets just hook the winsock send methods. Unless you mean pre-encryption/post-decryption, well I don't have much info, but from your screenshot, that seems to be the packet buffer address.
10/13/2010 16:49 xmen01235#3
Quote:
Originally Posted by gabrola View Post
Well if you need post-encryption packets just hook the winsock send methods. Unless you mean pre-encryption/post-decryption, well I don't have much info, but from your screenshot, that seems to be the packet buffer address.
I need the pre-encryption and post-decryption buffer data bro.
10/13/2010 20:36 IAmHawtness#4
You need to find some place in Conquer.exe where the un-encrypted packet is accessed from. The smartest thing is to find the function that encrypts and sends packets to the server, hook the function (using whatever method you feel like using), and read/edit the parameters of the function (the parameters are most likely something like packet address and packet size)
10/14/2010 14:14 KraHen#5
Can`t you decrypt it? o.0
10/14/2010 20:25 Ian*#6
Quote:
Originally Posted by KraHen View Post
Can`t you decrypt it? o.0
There's no need to decrypt it when you can make the client encrypt and decrypt it for you :p
10/15/2010 08:11 xmen01235#7
Quote:
Originally Posted by IAmHawtness View Post
You need to find some place in Conquer.exe where the un-encrypted packet is accessed from. The smartest thing is to find the function that encrypts and sends packets to the server, hook the function (using whatever method you feel like using), and read/edit the parameters of the function (the parameters are most likely something like packet address and packet size)
Yah I tried searching it bro but it is like I am searching a single sand in the beach, I mean I am so noob in this memory thingy. I read some basic on hooking and I think I need to study assembly 101 first. :(

But while checking back my screenshot, I can really conclude that it is the buffer address and I think this is where SV had been develop. I am developing one application now to use that information to create my own bot similar to SV. I am using the PostMessage of mouse and keyboard to automate my client while I am updating the client information via that receive buffer. But one thing i am worried is the mouse background checker of the conquer client or at least someone give me an idea how to defeat the background checker of conquer client without editing the client itself.

So my plan right now will be like this as follows:
1. I will read the receive buffer and since I have already a packet based proxy then I have also the structure of most of the important packet so it will be easier for me to map the several packet into my application.
2. Find a best method to use Postmessage mouseclick while defeating the client background checker.
3. I will implement a Postmessage mouseclick in my application, in automating the action from my client(e.g. attacking monster,jumping, fbing and etc.)

And planning to implement it in VB dot net.
Quote:
Originally Posted by KraHen View Post
Can`t you decrypt it? o.0
Actually I can but I just want to get rid with the en/de things since anytime TQ can change their en/de. Just making my bot live like forever :P.(I also have my own customized packet based proxy, but I'm not planning to release it yet).

Quote:
Originally Posted by Ian* View Post
There's no need to decrypt it when you can make the client encrypt and decrypt it for you :p
Yah exactly bro. Hope you will share your knowledge to us :P...
10/15/2010 23:50 IAmHawtness#8
Quote:
Originally Posted by xmen01235 View Post
Yah I tried searching it bro but it is like I am searching a single sand in the beach, I mean I am so noob in this memory thingy. I read some basic on hooking and I think I need to study assembly 101 first. :(

But while checking back my screenshot, I can really conclude that it is the buffer address and I think this is where SV had been develop. I am developing one application now to use that information to create my own bot similar to SV. I am using the PostMessage of mouse and keyboard to automate my client while I am updating the client information via that receive buffer. But one thing i am worried is the mouse background checker of the conquer client or at least someone give me an idea how to defeat the background checker of conquer client without editing the client itself.

So my plan right now will be like this as follows:
1. I will read the receive buffer and since I have already a packet based proxy then I have also the structure of most of the important packet so it will be easier for me to map the several packet into my application.
2. Find a best method to use Postmessage mouseclick while defeating the client background checker.
3. I will implement a Postmessage mouseclick in my application, in automating the action from my client(e.g. attacking monster,jumping, fbing and etc.)

And planning to implement it in VB dot net.


Actually I can but I just want to get rid with the en/de things since anytime TQ can change their en/de. Just making my bot live like forever :P.(I also have my own customized packet based proxy, but I'm not planning to release it yet).



Yah exactly bro. Hope you will share your knowledge to us :P...
I would recommend that you use functions from inside Conquer.exe instead of sending mouse-click messages to the Conquer window using PostMessage. Unless you know how to convert in-game coordinates to mouse coordinates, it's really not a good idea.
10/17/2010 13:02 Korvacs#9
Why would you want or even need to send mouse/keyboard messages to the client when you have complete control over send and receive. Just use the client to decrypt/encrypt and have your bot do all the work.
10/20/2010 02:59 xmen01235#10
Quote:
Originally Posted by Korvacs View Post
Why would you want or even need to send mouse/keyboard messages to the client when you have complete control over send and receive. Just use the client to decrypt/encrypt and have your bot do all the work.
If I am very good in hooking then I will really do that way bro but I'm still studying this method. I am looking for some basic example in the net right now and hopefully I can make one for this purpose. Assembly is very painful for my eyes and how I wish I can learn it in quickest time lol.

Btw, thanks a lot for your encryption wiki it really helps a lot on my packet structuring :).