Register for your free account! | Forgot your password?

Go Back   elitepvpers > MMORPGs > Battle of the Immortals
You last visited: Today at 01:05

  • Please register to post and access all features, it's quick, easy and FREE!

BOI Packet Encryption

Discussion on BOI Packet Encryption within the Battle of the Immortals forum part of the MMORPGs category.

Old   #1
elite*gold: 115
Join Date: Oct 2007
Posts: 9,390
Received Thanks: 12,338
BOI Packet Encryption

I've made some research about the packet encryption used in this game and I thought I'd share them.

BOI uses a simple XOR-Algorithm. Each byte of a packet is being XORed with the value of the previous byte. The first byte of every packet indicates its length. Furthermore the first byte of the very first packet sent after the connection was established is being XORed with the value 0xCD.

Let's say the client sends this packet right after connecting to the server.
0x06 0xA7 0x57 0x04 0x01 0x41
Since this is the first packet sent by the client the first byte (0x06) gets XORed with 0xCD. The 2nd byte is XORed with the 1nd byte, the 3rd one with the 2nd one and so on.
In the end the encrypted packet looks like this:
0xCB 0xA1 0xF0 0x53 0x05 0x40
Now image a second packet is sent:
0x03 0xAB 0x34
The first byte (0x03) is now XORed with 0x41 as the prevous original packet ends with this byte. This leads to the following encrypted packet:
0x42 0xA8 0x9F

In C-Code the Encryption-Function would look like this:
char LastByte = 0xCD;

Encrypt(char *src, char *dst, int len)
	for (int i = 0; i < len; i++)
		dst[i] = src[i] ^ LastByte;
		LastByte = src[i];
... and the Decryption-Function:
char LastByte = 0xCD;

Decrypt(char *src, char *dst, int len)
	for (int i = 0; i < len; i++)
		dst[i] = src[i] ^ LastByte;
		LastByte = dst[i];

ms​ is offline  
9 Users
Old 07/30/2010, 07:58   #2
elite*gold: 0
Join Date: Sep 2005
Posts: 372
Received Thanks: 86
In English it means.... ?

woodyfly is offline  
Old 07/30/2010, 08:17   #3
elite*gold: 0
Join Date: Sep 2009
Posts: 92
Received Thanks: 19
It means that you can decrypt BOI packets using XOR swap algorithm and see whats in it...
FamousOnion is offline  
Old 07/30/2010, 12:43   #4
elite*gold: 0
Join Date: Dec 2007
Posts: 27
Received Thanks: 5
soooo nice

anthemsk8er is offline  
Old 07/30/2010, 16:40   #5
elite*gold: 115
Join Date: Oct 2007
Posts: 9,390
Received Thanks: 12,338
Not only the first byte of each packet is responsible for its length, but the first 4 bytes.
ms​ is offline  
1 User
Old 07/31/2010, 16:30   #6
elite*gold: 0
Join Date: Nov 2007
Posts: 2
Received Thanks: 0
Smile Hello

Can You Teach Us The Way Step By Step?
gold_lust is offline  
Old 07/31/2010, 18:30   #7
elite*gold: 0
Join Date: Oct 2008
Posts: 154
Received Thanks: 4
there is no way lol, he just said that encryption is weak and can be easily cracked into.. if u cant understand how to do it from what he wrote.. then give it up right away..
ProToPro is offline  
Old 08/02/2010, 18:20   #8
elite*gold: 20
Join Date: Apr 2008
Posts: 2,929
Received Thanks: 1,755
Disconnect made a proxy for BOI, just check the other thread, you wouldn't understand the
encrypt<->decrypt functions with your knowledge, also theres no point in trying to explain it step by step.
PunkS7yle is offline  
Old 08/04/2010, 16:19   #9
elite*gold: 0
Join Date: Jul 2007
Posts: 120
Received Thanks: 71
Very nice find, ill try to reverse engineer the packets, and make a packet bot.
blackmorpheus is offline  
Old 08/04/2010, 20:15   #10
elite*gold: 0
Join Date: May 2009
Posts: 13
Received Thanks: 1
just an ideea ... try research on looting test with feather what packets u send / get and without and try to find a way to manualy send those packets (when recieve packet of dropped item auto send loot packet ...) im totaly out of this only know my way @ AUTOIT ... but as i sed just an ideea
cr4zykid is offline  
Old 08/09/2010, 00:39   #11
elite*gold: 0
Join Date: Sep 2006
Posts: 1,100
Received Thanks: 395
thanks man that relieves me a lot of work ^^
any ideas on what could be possible with the packets in BoI? actually im having a look at teleport walking and map teleport. the idea of auto loot without a feather is good ill have a look at it ^^

LemoniscooL is offline  
Old 09/28/2011, 11:55   #12
elite*gold: 0
Join Date: Feb 2011
Posts: 335
Received Thanks: 171
Does anyone know if this encryption is up to date?
Arco. is offline  
Old 09/28/2011, 12:26   #13
elite*gold: 100
Join Date: Nov 2007
Posts: 259
Received Thanks: 33
when i attach WPE and begin recording packets nothing happens. no packets are being recorded. why?
xAvengerx is offline  
Old 09/28/2011, 23:55   #14
elite*gold: 0
Join Date: Feb 2008
Posts: 191
Received Thanks: 134
Originally Posted by xAvengerx View Post
when i attach WPE and begin recording packets nothing happens. no packets are being recorded. why?
You need to check WSASend and WSARecv, not just send and recv.

SuneC is offline  

« help me please | Battle of the Immortals II beta started yesterday »

Similar Threads
[Question] Packet Encryption
02/13/2010 - Kal Online - 53 Replies
Hello guys, I have question about encryption Aparently decrypt/encrypt doesn't work (with this key?), so I was thinking, that you might help me out . I used encryption from SyronX's source (BakaBug's). Image describes: Hook, Nothing, Decrypted, Encrypted again Image
Packet encryption.
06/22/2009 - Shaiya - 2 Replies
Not sure if anyone has tried making a proxy yet, other than the one that is stickied (which is injected and I imagine directly hooks the games send function bypassing the need for encryption?). Anyway, just curious if anyone knows what sort of encryption is being used on packets? US server for the record.
Help with Packet Encryption?
04/16/2009 - General Coding - 9 Replies
can someone help with these packets? im completely lost lol.i typed in A,B,ABC aand recorded the 3 packets A 2C 35 52 66 BF 66 15 E1 2C 3A D6 AD E3 29 82 A9 BC C5 EE F5 90 A9 1A 71 0C CD 06 3D FC 3A F6 5C A7 A1 4C 30 63 CD 03 AE 12 A6 20 88 1E C0 E8 95 19 F3 3D A7 42 3A 09 22 B A7 9E F9 6D D4 5D 9E 6A F7 81 0D D6 B8 22 D9 52 57 8E E5 9E 9B 92 31 9A 97 F6 DD 46 A7 11 ED A7 6C 8A E7 7B 08 F6 48 65 09 EE C8 80 76 78 00 1D 81 8B 85 BF 79 F2 D1 BA
Packet Encryption
02/22/2007 - General Coding - 4 Replies
so heute mal nichts zu tun also hab ich mal nach einem opfer ausschau gehalten und stie▀ dabei auf steam steam ist wie vermutlich jeder wei▀ eine online platform zum kaufen und spielen von spielen einige dinge die ich mir ueberlegt hab: steam bruter no-recoil hack fuer cs ein steam bruter gab es soweit ich wei▀ noch nicht und koennte sich als sehr nuetzlich erweisen natuerlich sollte er interface unabhaengig sein und rein auf packet basis arbeiten keke wireshark angeschmissen...
Packet encryption
09/19/2005 - Lineage 2 - 1 Replies
Hi,I&#39;m trying to make a simple L2 bot, but i got stuck in begginning - in the packet encryption. I rewrote the l2j login thread sources (those about encryption) but it doesn&#39;t work. Has anyone any description of L2 packet encryption. And second question - what Init packet (server packet,nr. 0) means? I guess that it something related with encryption, but in l2j sources that packet content is hardcoded. Thanks for replies (if any ;) )

All times are GMT +1. The time now is 01:05.

Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2019 elitepvpers All Rights Reserved.