So I tried downgrading the Albetros source to 5017 and posted this issue in that thread but since I don't know how many people actually check that thread, I'll post it here as well. The problem is as follows:
The gameserver only handles the first packet properly, in other words packet 1052 is handled ok (correct sizes, type w/e) but then when it receives the next packet, it has these weird huge sizes and wacky IDs such as the charcreation packet becoming ID 34669 instead of 1001.
pro suggested to check the decryption counters and here's my reply:
Quote:
Originally Posted by Kiyono
Well I checked the encryption counters and it all works properly but just in case I overlooked something I decided to swap out the encryption with one from Hybrid's source since I know it works but it still failed, though, at least now every now and then I get the correct packet ID (actually showed 1001) but that was just once in...10+ times of trying and the size was 17k+.
That's how it looks like now and this is where the decryption kicks in:
Code:
public override void OnPacketReceive(IClientWrapper client, byte[] buffer) //Most of it is from Hybrid's source
{
try
{
Player user = client as Player;
if (user.Client.Connected && buffer.Length >= 4)
{
var Out = new byte[buffer.Length];
lock (user.Cryptographer)
{
user.Cryptographer.Decrypt(buffer, Out, Out.Length);
#if DUMP
Kernel.WritePacket(Out);
#endif
}
byte[] Recv = Out;
int Counter = 0;
while (Counter < Recv.Length)
{
ushort Size = BitConverter.ToUInt16(Recv, Counter);
ushort Type = BitConverter.ToUInt16(Recv, Counter + 2);
if (Size < Recv.Length)
{
byte[] InitialPacket = new byte[Size];
Buffer.BlockCopy(Recv, Counter, InitialPacket, 0, Size);
user.Handler.Handle(InitialPacket, Type);
}
else if (Size > Recv.Length)
{
OnError(client, new Exception("Packet ID: " + Type + " with size: " + Size + " is invalid"));
break;
}
else
{
user.Handler.Handle(Recv, Type);
}
Counter += Size;
}
}
else
{
OnError(client, new Exception("An error occured with the client or the buffersize is invalid"));
}
}
catch (Exception P)
{
Console.WriteLine(P.ToString());// throw new Exception(P.ToString());
}
}
So as said before, login works flawlessly and you can login several chars at once and it will work but after packet 1052 nothing gets decrypted properly.
Example of what happens when you try to create a char (logging in with an existing char gives the same type of issue)
Those were never referenced by anything in Hybrid's source so I assumed that those were unneeded, mind clarifying?
I will explain with the implementation I did of the algorithm.
When the MsgServer receive a new connection, it creates a new COSAC object. Also, it generates the IV with the public keys (P, G). These keys are suppose to be known by the server and the client. On a normal client/server, P: 0x13FA0F9D, G: 0x6D5C7962. After, this, the client should send the MsgConnect packet (1052) with the privates keys (A, B) that as been specified by the AccServer. The packet is crypted with the IV, so the server can decrypt it without any problem. With this packet, the MsgServer will check if the client use the right privates keys. If so, it will generate the Key with the private keys (A, B). In CO2, A = Token, B = AccountUID. When the server will generate the Key, it will also reset the encrypt counter as the encrypt routine will still use the IV to crypt the data. The decrypt counter will remain the same and the decrypt routine will use the Key to crypt the data. After generating the Key, the server will answer to the MsgConnect with some packets.
For the AccServer, the private keys are sent with the same packet than the IP of the MsgServer.
The MsgLoginReply of the AccServer
Code:
public struct MsgInfo
{
public MsgHeader Header;
public Int32 AccountUID;
public Int32 Token;
public fixed Byte IPAddress[0x10];
public Int32 Port;
};
The MsgConnect of the MsgServer
Code:
public struct MsgInfo
{
public MsgHeader Header;
public Int32 AccountUID;
public Int32 Token;
public Int16 Constant; //In the CO2 app...
public fixed Byte Language[_MAX_LANGUAGE_SIZE];
public Int32 ResValue;
};
By the way, the crypto you use is only valid for the AccServer as it does not handle the Key, but only the IV.
CO Packet decryption. 12/07/2008 - CO2 Programming - 11 Replies Hi, i recently made a Java proxy, I'm wondering if anyone would like to share with me the CO packet encryption/decryption packet structure.
I wouldn't mind it for testing purposes, thanks.
packet decryption? 08/21/2007 - World of Warcraft - 1 Replies soo, ich wuerde gerne bissl mit den wow-packets rumspielen.
allerdings hab ich keine ahnung, wie ich die decrypten soll. weiss da wer was?
Ping
Packet Decryption 07/10/2006 - Conquer Online 2 - 3 Replies My Other Thread Died (*sigh* And I Still Can't Decrypt The First Server -> Client Packet)
Heres What I Posted About It There:
http://www.elitepvpers.com/forum/index.php?...f=53 &t=25033&s=
But For Now, Becuase Im Not Tottally Selfish, Heres The Vb6 Solution To Decrypting The First Client -> Server Packet It Currently Has:
*Encrypt Packets
*Decrypt Packets
Packet decryption problem.. 06/02/2006 - Conquer Online 2 - 2 Replies In Lowfyr's packet decryption guide, first step to get key3/key4
1.) Add key 1 with key 2 205C48F4 + 0044A62E = 20A0EF22
What do I do when key1+key2 is more than 4 bytes? Discard the first byte?
Just as an example, I have gotten this from the server..
key1 363504E3 key2 D9007F2D
add them together = 10F358410
do I just discard the 1 and end up with 0F358410?
t4c packet decryption 09/29/2005 - General Coding - 0 Replies Hey I was wondering if anyone could help me with packet decrypting of a game. Its called The 4th Coming. its a 2d game, and speed hacks work on it, so you know the game is kinda crap. I have a server for it and the client, but now I need someone to try and figure out he packets.
Here is the Outpu of the Database, I was wondering if someone could use this info so they can either decrypt packets or change the data on another real server. The information is sotred on a Microsoft MDB. here the...
