and so forth with the following bytes of keys and code?
ummm why are you working in binary?
If you just wanna take the packet and decrypt it, first of all you need to know if this packet is from the client or if its from the server, if this is a game server packet and its from the client you also need to know Key3 and Key4
D3 has an int value of 211
so if this was a packet from the server then
((211 XOR Key1(Key1Counter)) XOR Key2(Key2Counter))
Convert result integer to hex value
Reverse the string (PRE ZERO OR POST 0 Dependant on client or server packet)
Convert Hex to an Integer XOR 171
Increment KeyCounter
I dunno wat your trying todo or what programming language your working in so i cant help much more than that
and so forth with the following bytes of keys and code?
ummm why are you working in binary?
If you just wanna take the packet and decrypt it, first of all you need to know if this packet is from the client or if its from the server, if this is a game server packet and its from the client you also need to know Key3 and Key4
D3 has an int value of 211
so if this was a packet from the server then
((211 XOR Key1(Key1Counter)) XOR Key2(Key2Counter))
Convert result integer to hex value
Reverse the string (PRE ZERO OR POST 0 Dependant on client or server packet)
Convert Hex to an Integer XOR 171
Increment KeyCounter
I dunno wat your trying todo or what programming language your working in so i cant help much more than that [/b][/quote]
i wasn't using any programming language, I was XORing manually, that's y I converted it to binary. And yes, it's a packet from the server. I just don't understand the following: do we start applying the counter since the first packet we receive when we connect or since the beggining of each packet? Basically what I did up there was:
D3 XOR AB -> 78 //first XORing
78 -> 87 //inverted
87 XOR 62 -> E5 //With the first byte from the 2nd key
E5 XOR 9D -> 78 //With the first byte from the 1st key.
On the other process I only changed to the 2nd byte from the 1st key and, of course, decrypted the 2nd byte from the packet.
Originally posted by HFMuRdOc@Aug 3 2006, 18:06 i wasn't using any programming language, I was XORing manually, that's y I converted it to binary. And yes, it's a packet from the server. I just don't understand the following: do we start applying the counter since the first packet we receive when we connect or since the beggining of each packet? Basically what I did up there was:
D3 XOR AB -> 78 //first XORing
78 -> 87 //inverted
87 XOR 62 -> E5 //With the first byte from the 2nd key
E5 XOR 9D -> 78 //With the first byte from the 1st key.
On the other process I only changed to the 2nd byte from the 1st key and, of course, decrypted the 2nd byte from the packet.
Is this procedure correct?
the 2 counters are set to 0 at the login server and then reset to 0 at the game server, they are incremented from the time you connect once for every byte. You increment the first counter until it reaches 255 then u reset it to 0 and increment the second counter by 1 then u repeat this until the second counter hits 255 at which time you reset them both to 0, this is based on you using an array for the keys which will run from 0 - 255
your proceedure is correct if you where decrypting a packet from the client to the server, you need to reverse it to decrypt a packet from the server to the client
Originally posted by tester+Aug 3 2006, 19:26--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (tester @ Aug 3 2006, 19:26)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin--HFMuRdOc@Aug 3 2006, 18:06 i wasn't using any programming language, I was XORing manually, that's y I converted it to binary. And yes, it's a packet from the server. I just don't understand the following: do we start applying the counter since the first packet we receive when we connect or since the beggining of each packet? Basically what I did up there was:
D3 XOR AB -> 78 //first XORing
78 -> 87 //inverted
87 XOR 62 -> E5 //With the first byte from the 2nd key
E5 XOR 9D -> 78 //With the first byte from the 1st key.
On the other process I only changed to the 2nd byte from the 1st key and, of course, decrypted the 2nd byte from the packet.
Is this procedure correct?
the 2 counters are set to 0 at the login server and then reset to 0 at the game server, they are incremented from the time you connect once for every byte. You increment the first counter until it reaches 255 then u reset it to 0 and increment the second counter by 1 then u repeat this until the second counter hits 255 at which time you reset them both to 0, this is based on you using an array for the keys which will run from 0 - 255
your proceedure is correct if you where decrypting a packet from the client to the server, you need to reverse it to decrypt a packet from the server to the client [/b][/quote]
so, since this packet was sent from the server to the client i'd have to do
Code:
D3 XOR 9D -> 4E
4E XOR 62 -> 2C
2C -> C2
C2 XOR AB -> 69
right?
I'm going to try to do a decrypter in C, but i'm still trying to fid an eBook explaining packet capturing and editing.
Originally posted by HFMuRdOc@Aug 3 2006, 19:18 so, since this packet was sent from the server to the client i'd have to do
Code:
D3 XOR 9D -> 4E
4E XOR 62 -> 2C
2C -> C2
C2 XOR AB -> 69
right?
I'm going to try to do a decrypter in C, but i'm still trying to fid an eBook explaining packet capturing and editing.
You wouldn't neccesarily xor with 9D and 62. It depends entirely on the decryption counter. The counter does not start at zero for each packet, so that would only work if your packet there is the first packet sent/received.
It is possible to figure out what the counter was at when you got that packet. basically, you would loop 0-65536, and decrypt the first 2 bytes, then compare them to the length of the packet in bytes. The first 2 bytes of a decrypted packet contain the packet length.
There isn't really need for an ebook about packet capturing, its a simple topic, theres are tutorials on the internet, even on the MSDN site. Basically you just need to set up a few TCP connections, and receive data as a char[] array. Read the winsock examples on msdn, and also read Beej's guide (), which is a little more detailed, but its written for berkley sockets, not winsock (although winsock is berkley compliant). It covers all the basics you need.
Also PM me or tester your msn addy if you need help, alot easier to help over msn than the forum.
Originally posted by unknownone+Aug 3 2006, 22:09--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (unknownone @ Aug 3 2006, 22:09)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin--HFMuRdOc@Aug 3 2006, 19:18 so, since this packet was sent from the server to the client i'd have to do
Code:
D3 XOR 9D -> 4E
4E XOR 62 -> 2C
2C -> C2
C2 XOR AB -> 69
right?
I'm going to try to do a decrypter in C, but i'm still trying to fid an eBook explaining packet capturing and editing.
You wouldn't neccesarily xor with 9D and 62. It depends entirely on the decryption counter. The counter does not start at zero for each packet, so that would only work if your packet there is the first packet sent/received.
It is possible to figure out what the counter was at when you got that packet. basically, you would loop 0-65536, and decrypt the first 2 bytes, then compare them to the length of the packet in bytes. The first 2 bytes of a decrypted packet contain the packet length.
There isn't really need for an ebook about packet capturing, its a simple topic, theres are tutorials on the internet, even on the MSDN site. Basically you just need to set up a few TCP connections, and receive data as a char[] array. Read the winsock examples on msdn, and also read Beej's guide (), which is a little more detailed, but its written for berkley sockets, not winsock (although winsock is berkley compliant). It covers all the basics you need.
Also PM me or tester your msn addy if you need help, alot easier to help over msn than the forum. [/b][/quote]
yes, the 9D and 62 were just an example.
"you would loop 0-65536, and decrypt the first 2 bytes"
lol it'd take a bit of time to do that :P
it's easyer to just do what you want to observe as soon as u enter the game and then logout. You can detect the login server -> game server change by the change in IP/port of the server and then count some bytes
thx for the tuts and links, i'll look into it.
PS: does any1 know how the hell did they get the keys??
Originally posted by HFMuRdOc@Aug 4 2006, 01:04 yes, the 9D and 62 were just an example.
"you would loop 0-65536, and decrypt the first 2 bytes"
lol it'd take a bit of time to do that :P
it's easyer to just do what you want to observe as soon as u enter the game and then logout. You can detect the login server -> game server change by the change in IP/port of the server and then count some bytes
thx for the tuts and links, i'll look into it.
PS: does any1 know how the hell did they get the keys??
He said loop 0-65536 because there are 65536 possible combinations of the 2 keys, really you wouldnt loop 65536 times. You have to have 2 variables for counters and as I stated before increment the first counter by 1 when the first counter reaches 256 (or 255 if your using an array as they start from 0) you increment the second counter by 1, then you continue this til the second counter reaches 256 and the first counter is 256 then you have used all 65536 combinations, so you reset the counters to 0.
You cant do what your suggesting "it's easyer to just do what you want to observe as soon as u enter the game and then logout" because theres alot of data sent and received befor the game even appears, example you get all your character stats and whats currently in your inventory. So the counters are already being incremented before you do your action.
If you know C, try doing it in C# I can help you a little then, theres also a C# libary that someone posted.
Originally posted by tester+Aug 4 2006, 09:53--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (tester @ Aug 4 2006, 09:53)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin--HFMuRdOc@Aug 4 2006, 01:04 yes, the 9D and 62 were just an example.
"you would loop 0-65536, and decrypt the first 2 bytes"
lol it'd take a bit of time to do that :P
it's easyer to just do what you want to observe as soon as u enter the game and then logout. You can detect the login server -> game server change by the change in IP/port of the server and then count some bytes
thx for the tuts and links, i'll look into it.
PS: does any1 know how the hell did they get the keys??
He said loop 0-65536 because there are 65536 possible combinations of the 2 keys, really you wouldnt loop 65536 times. You have to have 2 variables for counters and as I stated before increment the first counter by 1 when the first counter reaches 256 (or 255 if your using an array as they start from 0) you increment the second counter by 1, then you continue this til the second counter reaches 256 and the first counter is 256 then you have used all 65536 combinations, so you reset the counters to 0.
You cant do what your suggesting "it's easyer to just do what you want to observe as soon as u enter the game and then logout" because theres alot of data sent and received befor the game even appears, example you get all your character stats and whats currently in your inventory. So the counters are already being incremented before you do your action.
If you know C, try doing it in C# I can help you a little then, theres also a C# libary that someone posted. [/b][/quote]
"He said loop 0-65536 because there are 65536 possible combinations of the 2 keys"
yeah i kno and it takes a lot of time manually.
"So the counters are already being incremented before you do your action.
I also know that. I would count the bytes beginning from the packet that changes ip/port representing the change to the game server from the login server. if i do it fast there won't be too many bytes to count. Besides what i do want to observe is the packet sent to the client saying the inventory.
well, I managed to do a packet decrypter during my vacation. I also wanted to start learning WinPCap but I forgot to install the drivers...... maybe within a week I'll do a sniffer/decrypter, but I don't have much time right now...
BOI Packet Encryption 09/28/2011 - Battle of the Immortals - 13 Replies I've made some research about the packet encryption used in this game and I thought I'd share them.
BOI uses a simple XOR-Algorithm. Each byte of a packet is being XORed with the value of the previous byte. The first byte of every packet indicates its length. Furthermore the first byte of the very first packet sent after the connection was established is being XORed with the value 0xCD.
Example:
Let's say the client sends this packet right after connecting to the server.
0x06 0xA7 0x57...
Packet encryption. 06/22/2009 - Shaiya - 2 Replies Not sure if anyone has tried making a proxy yet, other than the one that is stickied (which is injected and I imagine directly hooks the games send function bypassing the need for encryption?).
Anyway, just curious if anyone knows what sort of encryption is being used on packets?
US server for the record.
Help with Packet Encryption? 04/16/2009 - General Coding - 9 Replies can someone help with these packets? im completely lost lol.i typed in A,B,ABC aand recorded the 3 packets
A
2C 35 52 66 BF 66 15 E1 2C 3A D6 AD E3 29 82 A9 BC C5 EE F5 90 A9 1A 71 0C CD 06 3D FC 3A F6 5C A7 A1 4C 30 63 CD 03 AE 12 A6 20 88 1E C0 E8 95 19 F3 3D A7 42 3A 09 22
B
A7 9E F9 6D D4 5D 9E 6A F7 81 0D D6 B8 22 D9 52 57 8E E5 9E 9B 92 31 9A 97 F6 DD 46 A7 11 ED A7 6C 8A E7 7B 08 F6 48 65 09 EE C8 80 76 78 00 1D 81 8B 85 BF 79 F2 D1 BA
Packet Encryption 02/22/2007 - General Coding - 4 Replies so heute mal nichts zu tun also hab ich mal nach einem opfer ausschau gehalten und stieß dabei auf steam
steam ist wie vermutlich jeder weiß eine online platform zum kaufen und spielen von spielen
einige dinge die ich mir ueberlegt hab:
steam bruter
no-recoil hack fuer cs
ein steam bruter gab es soweit ich weiß noch nicht und koennte sich als sehr nuetzlich erweisen natuerlich sollte er interface unabhaengig sein und rein auf packet basis arbeiten
keke wireshark angeschmissen...
Packet encryption 09/19/2005 - Lineage 2 - 1 Replies Hi,I'm trying to make a simple L2 bot, but i got stuck in begginning - in the packet encryption. I rewrote the l2j login thread sources (those about encryption) but it doesn't work. Has anyone any description of L2 packet encryption. And second question - what Init packet (server packet,nr. 0) means? I guess that it something related with encryption, but in l2j sources that packet content is hardcoded.
Thanks for replies (if any ;) )
), which is a little more detailed, but its written for berkley sockets, not winsock (although winsock is berkley compliant). It covers all the basics you need.
