[Help] Debugging with GG / Packet Encryption

iktov2 · 04/24/2013, 19:49

Hello,

Just looking for a little bit of information for people who have worked with this game before:

1: Did they ever add any kind of packet encryption, or can I simply hook Send() and log packets, and send my own without Enc/Dec the packets.

2: Is there any "Easy" way to use olydebug on the newest game client GameGuard enabled. I have never worked with GameGuard much before and I know it probably requires a lot more than a few simple patches to bypass(I just want to be able to use Olly to BP some stuff and whatnot, find client functions and structs ect...).

Thanks for any tips.

Broomop · 04/25/2013, 10:11

if you make sure the string aren't detected you should be ok with ollydbg. but its a anti cheat its going to be a pain lol. and yes they use encryption for alot of stuff.

iktov2 · 04/27/2013, 22:00

Quote:

Originally Posted by Broomop

if you make sure the string aren't detected you should be ok with ollydbg. but its a anti cheat its going to be a pain lol. and yes they use encryption for alot of stuff.

Anybody know what kind of encryption they use on the packets? I injected a .dll with WS2_32 send hooked and logged out some packets. Looks like parts of the packets are encrypted and some aren't.

Also, how can you attach olly to the client, since GG blocks the debug port?

Fir3andIc3 · 04/29/2013, 16:28

Not sure but i think it was Blowfish encryption.

iktov2 · 04/30/2013, 22:41

Quote:

Originally Posted by Fir3andIc3

Not sure but i think it was Blowfish encryption.

Thats what I was thinking. I have no experience with Blowfish encryption other than a few things I have read on the net. But when I logged the packets with just a simple ws232_send hook they came out something like this:

Code:

0x64 0x93 0x97 0x0FFFF83 0x44 0x89 0x22 0x89 0xFFFFFFF92 0x44 //just an example not an actual packet

The bytes that don't come out with the 0xFFFFFFF seem to be consistent so I am assuming they only encrypt the regions of data in the packet that correspond with some game functionality(such as Skill IDs, Item IDs/values, Cooldowns ect...)???

Anyways the only packet encryption I have worked with so far was XOR, game simply XOR'ed the packet Buffer with a Key stored in a static address just before its call to send, so it was simple to do.

Does anybody have any information I could find on locating/working with blowfish encryption in game clients?

Also would be nice to hook Olly up to the game if anybody knows anything about that.

Thanks for any input.