I want to learn about packets

09/06/2007 18:08 BoomSub#1
Could someone who knows about packets teach me about them please.

Questions I Have =

1. What is a good program to capture packets with (For Conquer)
2. Are conquer packets encrypted and how well?
3. Is it possible to unencrypt them?
4. What stops us from sending fake packets?
5. What is packet capturing useful for?
09/06/2007 18:32 unknownone#2
1. There's not really a good app(other than what's been posted here) for capturing co packets, mainly because of the encryption. You can use generic apps like WPE pro (make sure you get 0.9Alpha for NT/XP), Ethereal, Wirehsark etc, to capture packets but they're useless in their encrypted form.

2, 3. They are encrypted, nothing difficult though. There's a guide in the guides section on decrypting them, although said guide makes it sound more difficult than it actually is. Someone has probably already written an algorithm in your programming language of choice, so shouldn't be need to recode it.

The encryption runs on counters that start from when you log in, so you need to keep track of the number of bytes received from login aswell as the keys received at login.

4. Mainly the counters. If you try sending fake packets from a generic packet sender, the encryption wont allow you to resend fake ones etc, though some packet senders allow some scripting, it's simpler to make your own. Once you can keep track of counters and keys from client to server, it's very easy to intercept packets and fake what you wish.

5. Anything. You can send pretty much whatever you want as long as the server is capable of reading it. Packet crafting is a very descreet way of hacking games, because you can effectively make it undetectable to clients and rootkits, where memory hacking is much more detectable. If you know enough about the protocol, you can make your own client to clone the original and the server will have no idea you're using different.
It's also much simpler than memry hacking.
09/06/2007 18:46 BoomSub#3
What stops us from sending the server a packet that can make up move any place?.
09/06/2007 19:03 unknownone#4
This stops it.

if (magnitude(pythag(cur_pos.x, cur_pos.y)_ - magnitude(pythag(dest_pos.x, dest_pos.y)) >= 20) you jumped to far.

Nothing stopping you from speeding up jumps though.
09/06/2007 20:06 BoomSub#5
hmmm, how about changing packets and make it look like your someone different. For example telling the server that player X moved to x,y. (within the movement rules). It identifies each player in a certain way?.
09/06/2007 20:44 unknownone#6
Well, they're pretty dodgy on that, not very good at keeping things synchronised.

If you put someone else's ID in there, you will still move, all absolute movement is linked to the socket descriptor. However, the jump packets aren't checked for a correct player ID, but just forwarded to people on your screen, so it will appear to people within spawn range that you stay still and the ID you insert moves. You can exploit this to avoid melee attacks, it's particularly effective at evading aimbots.

The server is pretty strict with everything tied to movement. There was a teleport hack that used the "throw back" feature, for example when you tried to jump the guild gate and got put back in front of it, the packet used for it could be shaped to teleport anywhere on the map. I'm pretty sure they fixed it, but they've "unfixed" things in the past when patching.

One suggestion might be to try a Guard Jump packet with your own char, since you can see Guards clearly jump further than players.
09/06/2007 21:07 BoomSub#7
So would be making someone else move easy to do?.

Im new to packet editing so would i personaly be able to do it?.

Also if you can make them move couldnt you make them do other things like drop a item or something similar?
09/06/2007 21:21 unknownone#8
You can't actually make them move, you can only make them appear to move to those on screen. This is temporary, as soon as they move, or someone goes off the screen and comes back on, everything will be corrected. If you spam some packets quite fast with someone's playerid, their screen will go blank of all players because of the incorrectly forwarded packet. This again, is temporary.

I don't know if you'll personally be able to do it, I have no idea of your programming knowledge.
09/06/2007 22:16 BoomSub#9
hmm could you help me with decryting? i read the guide but i didnt understand it.

The packet i have is:

4C 56 84 70 89 DC 0C 8C 71 41 C2 78 1C 7A 83 F4 LV.p....qA.x.z..
A9 66 AF 10 51 72 67 EC .f..Qrg.


Any links to decrypt this would be great also.
09/06/2007 22:17 high6#10
Quote:
Originally Posted by unknownone View Post
You can't actually make them move, you can only make them appear to move to those on screen. This is temporary, as soon as they move, or someone goes off the screen and comes back on, everything will be corrected. If you spam some packets quite fast with someone's playerid, their screen will go blank of all players because of the incorrectly forwarded packet. This again, is temporary.

I don't know if you'll personally be able to do it, I have no idea of your programming knowledge.
Since you seem to know a lot about packets, what does an decrypted connect packet look like? Does it have data, username, data, server?
09/07/2007 00:15 unknownone#11
Quote:
Originally Posted by BoomSub View Post
hmm could you help me with decryting? i read the guide but i didnt understand it.

The packet i have is:

4C 56 84 70 89 DC 0C 8C 71 41 C2 78 1C 7A 83 F4 LV.p....qA.x.z..
A9 66 AF 10 51 72 67 EC .f..Qrg.


Any links to decrypt this would be great also.
As I said. You need counters. I can't tell anything from that packet as is, unless I assume I know what the packet type is, send it through a loop checking every possiblity of 65536 indexes and 429billion possible crypto keys.

Quote:
Originally Posted by high6 View Post
Since you seem to know a lot about packets, what does an decrypted connect packet look like? Does it have data, username, data, server?
Code:
struct login_packet {
uint16_t length;
uint16_t p_type;
char user_name[16];
char password_hash[16];
char server_name[16];
};
09/07/2007 02:31 Real~Death#12
there is a guide in my favorites list,and possibly a link to a tool that will make the 3/4 keys.Packets control the game everything is basicly done with packets,there are a lot of thing that can be done you just have to experement with all kinds of stuff find a flaw/and exploit it.wpe is WORTHLESS,cus of the encryption.search for crack made by behelmit(spelled his ame wrong i think sorry)crack will send packets,but if nothing else jjust use a proxy and set the filter to 9999 so it shows all packets and watch what happens when you do things like exchange gem for needle in blue mouse quest.find a way to expliot it,its no easy but not as hard as you might think.see what is recived and sent find a way to block packets and respond back manualy.if yuo ever want REAL HACKS packets are the way to go....the world is yours
09/07/2007 03:04 high6#13
Quote:
Originally Posted by unknownone View Post
As I said. You need counters. I can't tell anything from that packet as is, unless I assume I know what the packet type is, send it through a loop checking every possiblity of 65536 indexes and 429billion possible crypto keys.



Code:
struct login_packet {
uint16_t length;
uint16_t p_type;
char user_name[16];
char password_hash[16];
char server_name[16];
};
Also it looks like it uses the encryption function for both encrypting and decrypting how does that work? Does it just use 2 different byte arrays. 1 for encrypting and 1 for decrypting?
09/07/2007 17:48 high6#14
Quote:
Originally Posted by unknownone View Post
As I said. You need counters. I can't tell anything from that packet as is, unless I assume I know what the packet type is, send it through a loop checking every possiblity of 65536 indexes and 429billion possible crypto keys.
Actually if I understand the encryption function right there are only 10000 possible ways.