I thought the header would be 4 Bytes long not 2??
Aura uses WSASend so i would use that probably too. Do you have the correct PTR to the socket?
The definition of a "header" can be quite loose at times.
Usually, a header is anything that comes before the actual packet data (not the raw packet) and has a fixed size.
Now, it depends on your definition here, would you say the opcode is part of the header or the actual packet data (not the raw packet)?
I'd say it's part of the actual packet since it's encrypted as well.
To sum it up, the header contains only 2 bytes (it's an unsigned short) for the packet length.
The raw packet can be divided into 2 parts right away. The length and the encrypted packet:
[XX XX] [...]
The decrypted packet can also be divided into 2 parts right off the bat. The opcode and the packet data:
[XX XX] [...]
In my definition both are headers (they're always there, always the same size and always before the actual packet data).
But they're 2 different headers the way I see it. Because the second one comes only after you decrypt the packet.
And a tiny note about WSASend:
After you select a character, the client would start using WSAAsyncSelect to send packets.
So you mean Oriya9, it actually uses WSAAsynSelect rather than WSASend? But how come it just passes the call and still proceeds to WSASend?
Edit:
Hm. It sounds crazy but, after the encryption call, it calls the WSAAsyncSelect.. So i guess, your right, but I still dont know why WSAAsynSelect needs to be used.. >.< Maybe i'll try to call WSAAsyncSelect then WSASend()
So you mean Oriya9, it actually uses WSAAsynSelect rather than WSASend? But how come it just passes the call and still proceeds to WSASend?
Edit:
Hm. It sounds crazy but, after the encryption call, it calls the WSAAsyncSelect.. So i guess, your right, but I still dont know why WSAAsynSelect needs to be used.. >.< Maybe i'll try to call WSAAsyncSelect then WSASend()
That's correct.
It's like that because of how the network library they are using was developed.
If you'd look at all the window handles under the game's process ("game.bin") you'll see another window, other than the actual game window.
That window is being used by the network library to achieve asynchronous socket behavior.
It's not that common in online games but it's still a valid way to achieve this goal.
Just in case it wasn't clear, it's worth mentioning that the encryption is being done pre-WSASend only for the "LoginServer".
After that, all of the packets that are being sent to the "GameServer" are dealt the way you mentioned (Encryption > WSAAsyncSelect > WSASend).
As for sending your own packets. You don't have to use WSAAsyncSelect. You can use WSASend right away.
You just need to encrypt the packet properly. And depending on how you do it, you might need to update the encryption key manually.
The definition of a "header" can be quite loose at times.
Usually, a header is anything that comes before the actual packet data (not the raw packet) and has a fixed size.
Now, it depends on your definition here, would you say the opcode is part of the header or the actual packet data (not the raw packet)?
I'd say it's part of the actual packet since it's encrypted as well.
To sum it up, the header contains only 2 bytes (it's an unsigned short) for the packet length.
The raw packet can be divided into 2 parts right away. The length and the encrypted packet:
[XX XX] [...]
The decrypted packet can also be divided into 2 parts right off the bat. The opcode and the packet data:
[XX XX] [...]
In my definition both are headers (they're always there, always the same size and always before the actual packet data).
But they're 2 different headers the way I see it. Because the second one comes only after you decrypt the packet.
And a tiny note about WSASend:
After you select a character, the client would start using WSAAsyncSelect to send packets.
For me a header is like the head of th packed, it contains values like ID, Size, Sequence(if necessary), etc. so the packet would have atleast the size of the header to be sent. Like you've said after the headers comes the actual data of the packet which gets processed.
But the first short of RECV and SEND shouldn't be the size, it's the Packet ID and actually it's and Index for a function-table which handles the packet data.
For me a header is like the head of th packed, it contains values like ID, Size, Sequence(if necessary), etc. so the packet would have atleast the size of the header to be sent. Like you've said after the headers comes the actual data of the packet which gets processed.
But the first short of RECV and SEND shouldn't be the size, it's the Packet ID and actually it's and Index for a function-table which handles the packet data.
didn't know that with WSASyncSelect too! thank you
You are right, that's exactly what I was talking about.
What you've shown is the unencrypted packet. And as I've said in the post above, it doesn't have the length.
The length is being added to the new buffer after the encryption.
This is why I said you could say there are 2 headers in the packet.
One which is in the unencrypted packet (the opcode) and the other one which is in the encrypted packet (the length).
[OPCODE] [PACKET DATA]
Turns into:
[LENGTH] [ENCRYPTED PACKET (Opcode + Packet data)]
Obviously the second one is the one that is being sent to the server.
Aaaaaaand... A random factoid:
What you call a "Packet ID" is commonly called an "opcode", which stands for "Operation Code"
That's correct.
It's like that because of how the network library they are using was developed.
If you'd look at all the window handles under the game's process ("game.bin") you'll see another window, other than the actual game window.
That window is being used by the network library to achieve asynchronous socket behavior.
It's not that common in online games but it's still a valid way to achieve this goal.
Just in case it wasn't clear, it's worth mentioning that the encryption is being done pre-WSASend only for the "LoginServer".
After that, all of the packets that are being sent to the "GameServer" are dealt the way you mentioned (Encryption > WSAAsyncSelect > WSASend).
As for sending your own packets. You don't have to use WSAAsyncSelect. You can use WSASend right away.
You just need to encrypt the packet properly. And depending on how you do it, you might need to update the encryption key manually.
Yeah there was another windows it has name like "5.x.x.x.x class: Network something"
I did what you mentioned but still it doenst respond, like as if nothing happens.. I've back read your other post, and you mentioned that the call is actually the WSAConnect rather than WSASend, so maybe i should try to detour that function and call it.
Edit:
-----
I did mimic the args of the WSASend, still no hope of sending packets...
I also mimic the args of WSAAsyncselect
Build packet > Encrypt using the encryption function > Send via WSASend > No response
Edit2:
XOR Table is changing everytime a new packet is encrypted.. @.@
--- Final...
I got it working now. =) Just have to encrypt the packet again, Too bad can't make PE for it >.< I'm just using client's encryption function..
The XOR-Function changes the table actually.
Why not? Just use the Crypto-Functions to receive the data instead of the WSASend/WSARecv.
Btw Omdihar posted the XOR-Function so it's not that hard to write a PE
Why not? Just use the Crypto-Functions to receive the data instead of the WSASend/WSARecv.
Btw Omdihar posted the XOR-Function so it's not that hard to write a PE
Yeah yeah, I got the Xor-Function (Which is a secondary encryption too),
i can just use the function to encrypt my buffer, but the problem is the primary encryption.. It uses some sort of xor table too.. But i've got a prototype and its working fine now..
Heh. Thanks! =) Currently looking for the recv packet right now. and see if it has the enemy entity or object entity to it. =) Btw if you know it, the list of monsters available around you.
I guess I found already the Enemy/World Entity, that returns all NPCs, Mobs, materials and others that surrounds the player accordance to its FOV.
Code:
MOV ECX,DWORD PTR DS:[0x123724C]
MOV ECX, [ECX+0x624]
MOV ECX, [ECX] -> usually starts with 0DF????? -> First Address is the Character Entity. Then proceeding enemy list are located at the first address of the character entity, loops back to starting address which is 0DF????? when all enemies are listed and done. =)
Pointer to Number of Enemies in Map
MOV ECX,DWORD PTR DS:[0x123724C]
MOV ECX, [ECX+0x628] -> Returns # of Enemies in the map
**** Enemy Arrays ****
Enemy Entity Structure....: [A0 1C 07 01] 00 00 00 00 [2B F4 FF FF] [40 68 70 28]
Args......................: [A0 1C 07 01] or [60 ED 06 01] -> Considered as [Enemy/NPC] or [Player]
[2B F4 FF FF] -> EnemyID/PlayerID/MaterialID
[40 68 70 28] -> Player/Enemy/Material Class Structure
Note:
Class Structure of the Enemy is the same as the PlayerStruct posted by Thr!ce ->>
std::function of a function returning an std::function 11/11/2013 - C/C++ - 19 Replies Nun muss ich nach langer Zeit auch mal wieder einen Thread erstellen, weil mir Google nicht mehr weiterhelfen kann.
Ich verzweifle an Folgendem Vorhaben:
#include <Windows.h>
#include <string>
#include <iostream>
using namespace std;
Running Function 2 after Function 1 finished 09/15/2013 - AutoIt - 3 Replies Hey, its me again.
Im stuck on a problem since yesterday and as much as i hate to ask for help, i really dont know what else to try. I want Function 2 to run after Function 1 has finished. I tried GuiCtrlSetOnEvent and MsgLoop, but i dont really understand it. I tried to read tutorials but they didnt help at all.
The line that are underline is what im talking about. I want gamestart() to run first and when its finished, i want iniviteteam() to run.
#AutoIt3Wrapper_UseX64=n...
Encryption of DO 04/04/2013 - DarkOrbit - 28 Replies Hey,
I talked with a guy, who is interested in coding.
He looked for the encryption just for fun and gave me this:
http://pastebin.com/2iLKJUcs
Maybe it helps. I don't know :)
Please dont ask, what this is or how to use it.
Its for the better developer here ala Heaven, Gnome or First
[VIP-function] ToxicSYS [VIP-function] 08/14/2010 - WarRock Hacks, Bots, Cheats & Exploits - 1 Replies heeeey E-pvpers :pimp:
this is a new hack by TSYS
Status : UNDETECTED
Functions (VIDEO) :
YouTube - WarRock - Bikini event VIP hack
