I've been wondering around the net for 2 days, searching for cabal-related informations and so far this forum is the most productive programming community I've come across .
My current project is to write a cabal bot for a friend, but it turned out harder than I thought it would , even though I have experience in this domain.
At first I considered doing a memory based bot but, seeing what a pain in the ass GG is and how much I suck at reversing disassembled exe ,I gave up .
The screen-capturing/color-detecting method barrely crossed my mind since ,unless an out of process method is absolutly required, it sucks monkey balls .
So what's left is the packet sniffing method , by far my favorite
(what's funnier than studying packet struct?), but again , as expected, it's not a piece of cake .I did my best to go on alone, but I've come to the limit of my understanding and my current programming skills don't allow me to exploit some of the data I acquired from this forum .
Let me sum-up this data :
The informations below come from someone else's research , and I do not in any way claim them as my own .
All of it comes from NovaCygni's very informative posts.
-Packets are encrypted, obviously
-Encryption algorithm is altered Rijndael
-Encryption uses an IV, wich is stocked into the exe.
-Encryption key is found using the IV , a key in the exe , and another one during the pre-login handshake .
-Proxy should be loaded as a dll using GG itself .
I also found some pieces of code around that were useful , kinda , I read about cabot but wasn't able to retrieve the source , since all posts about it seems to have been deleted for some reason .
So far the only thing I did is to implement the pure AES algorithm, but I don't know what encryption mode is used , from IV usage I'm guessing CBC or CTR.
Would appreciate a clue or two about this
, if you could also tell me how AES is altered you would be of great help .Of course I'm not asking for premade code, just basic algorithm change explanation .
Second thing which gave me buttache is the IV and key 1 recovery , altough I know how to use IDA and such I realy have no idea where to start looking for this ...shtuff .
Voila , hope you guys will agree to share this kind of precious knowledge
.Joseph .
