Dear Saweet

First off, thank you for providing the E*PVP community with 9Disciples.

Second off, HOW U MAKE SUCH A PRO PROXY?
Share with me your ways of MITM.
I know that you modify the D9 client so that the connection looks like this
Client <-> 9Disciple <-> Server
So 9Disciple can read write and edit packets sent between the client and the server.

But how do you decrypt the packets/send them without disconnecting?
And sorry If what I have here is wrong, I have very limited experience with proxies.

i have asked too many times the same thing, maybe we need a sniffer who send packets with correct checksum and we can do our experiments.

Quote:

Originally Posted by sheik_gray i have asked too many times the same thing, maybe we need a sniffer who send packets with correct checksum and we can do our experiments.

If we're lucky maybe saweet will answer :P

If 9D is anything like Conquer Online, we need to decrypt the packets using a key, and then the right checksum will automatically be appended to the packets (I THINK)

Maybe Saweet can enlighten us?

Saweet, oh Saweet. Where are you? Do you see what happens when you leave for three days?

Quote:

Originally Posted by DeathByMoogles If we're lucky maybe saweet will answer :P If 9D is anything like Conquer Online, we need to decrypt the packets using a key, and then the right checksum will automatically be appended to the packets (I THINK) Maybe Saweet can enlighten us? Saweet, oh Saweet. Where are you? Do you see what happens when you leave for three days?

The key can be found inside the launcher if I'm not mistaken.. It takes someone who knows what he's doing to find out where exactly the code is crypted though -.-"

There by the way is a tut somewhere here.. It uses this logic:

Find out the basic 'structure' of the chat-package using WPE
- Like.. 00 00 01 = world chat, 00 00 02 = party chat, 00 00 03 = whisper etc.
Next - find out what's the message you type (it's a certain part changing alot)

Once done, start using OllyDbg - set a BP somewhere you THINK the key is, and manually step true code.
- Type in-game "aaaaAAA" and check ollydbg for that > compare with what u get from WPE.
- Now scan the memory using OllyDbg for that message (aaaaAAA),
- ... Dunno how to finish the job. But you need to make use of OllyDbg's function that it show's all the changed hex-code in red (or black idk), so there you can check at what function the plain text aaaaAAA changes in something you get in your WPE log's/packets.

Now that you've found what function encrypts, you can start looking for the method/key used (Hopefully some X0R'ing or similar simple - but probably not, although the code is ageing..)

Quote:

Originally Posted by RzrBck The key can be found inside the launcher if I'm not mistaken.. It takes someone who knows what he's doing to find out where exactly the code is crypted though -.-" There by the way is a tut somewhere here.. It uses this logic: Find out the basic 'structure' of the chat-package using WPE - Like.. 00 00 01 = world chat, 00 00 02 = party chat, 00 00 03 = whisper etc. Next - find out what's the message you type (it's a certain part changing alot) Once done, start using OllyDbg - set a BP somewhere you THINK the key is, and manually step true code. - Type in-game "aaaaAAA" and check ollydbg for that > compare with what u get from WPE. - Now scan the memory using OllyDbg for that message (aaaaAAA), - ... Dunno how to finish the job. But you need to make use of OllyDbg's function that it show's all the changed hex-code in red (or black idk), so there you can check at what function the plain text aaaaAAA changes in something you get in your WPE log's/packets. Now that you've found what function encrypts, you can start looking for the method/key used (Hopefully some X0R'ing or similar simple - but probably not, although the code is ageing..)

Sounds like a pain in the ass.
Saweet should just release a guide for those of us who know what we're doing on how to patch the .exe to connect to a loopback address :rolleyes:

Quote:

Originally Posted by DeathByMoogles Sounds like a pain in the ass. Saweet should just release a guide for those of us who know what we're doing on how to patch the .exe to connect to a loopback address :rolleyes:

and a spoilered tut on how to 'do it yourself' for me:handsdown:, as I'm more interested in figuring out stuff with ollydbg than hacking D9 :3

Saweet is busy working... And if you need to find a key id inside the client cant you guys try something like the program we used for NHTL ? Old 9dVN dupe hack..

Quote:

Originally Posted by DeathByMoogles First off, thank you for providing the E*PVP community with 9Disciples. Second off, HOW U MAKE SUCH A PRO PROXY? Share with me your ways of MITM. I know that you modify the D9 client so that the connection looks like this Client <-> 9Disciple <-> Server So 9Disciple can read write and edit packets sent between the client and the server. But how do you decrypt the packets/send them without disconnecting? And sorry If what I have here is wrong, I have very limited experience with proxies.

bumping

I am not giving away my secret sauce!

hahahaha

come on give us some we need it.

no use begging man

why not all vn players can hack stuff and sell it for money but we cant come on help us
at least whit quest repeat tool/i heard something from vn?

ya but the vn ppl who make money made it just like saweet why would he divulge his business oppurtunity? lol

yep true. so nothing from hack k