Quote:
Originally Posted by pussyhater
good job. would love to know what packet sniffer/sender you used on bypassing the encryption ak use. obviously what you did is a huge step on the future of ak hacking
|
None.
OllyDbg to backtrace the client's "sendPacket" function.
then it was just trial and error (stepping one instruction every time) to find the pre-encrypted buffer.
once I've found it, I hooked that function and logged the packets to the console and also to a .txt file.
I then found the chat packet in the log and I've tried to modify the buffer on-the-fly to make sure it's all working well.
it was working and then it was back to OllyDbg to see what calls are made inside that function.
because at least one of them is obviously the encryption.
I took note of all the calls in that function and went to IDA to look for what will seem like an encryption.
in IDA it was pretty easy rule out the ones that weren't the encryption function as there was only one really "complicated" function.
I then went back to OllyDbg to understand the arguments of that function better in real-time.
took a little bit more work but once I've understood what each argument is I could re-write the entire encryption function on my own.
added it to the DLL I was injecting earlier and now I can simply send packets.
This was optional but I've also kept the "sendPacket" function hooked.
I redirected all of the packets from the original function to my own function where there were 2 simple calls, encrypt and send. instead of bunch of other stuff in the original function.
So.. that's pretty much it.
.
