[Teaching Units] ProxyParadise! A step by step proxy tutorial!

[DeathByMoogles]

Oh P4N, how lost we would all be without you...
Haven't been active for a while, but just dropped by to say that you have my ongoing support.

Oh, and for the love of *** don't do this
#2: Working bot made with this framework that people could use. Just basic features but something people could use if they wished.

<3 you (no ****)

[pro4never]

So not a hugely useful one imo but just going through structuring some packets and showing some different methods of writing them.

[TomasLT]

Does TQ change something ? bcouse today i cant login to game server, but yesterday everything was fine

[Cyanogen]

Quote:

Originally Posted by TomasLT

Does TQ change something ? bcouse today i cant login to game server, but yesterday everything was fine

EDIT: I've cleared this post as I've been asked not to share the information yet.

[TomasLT]

Haha all proxys are down and i think it wount be fixed in few days

Everything what i noticed it that something is changed in DiffieHelman packet encryption/decryption

[Cyanogen]

DiffieHellman is not an encryption system it is a method of deriving a secret key FOR the encryption system. In the case of CO the encryption system is Cast128 and the key exchange is DiffieHellman.

[_DreadNought_]

Hybrid, Where are yhoo?

[TomasLT]

I think u dont understand me. After auth is done then client(proxy) is redicting to game server and when:

1. Server first generates a pair of DH parameters, P (a large prime number), G, (a generator base, usually is 3 or 5 or 7).

2. using this pair of DH parameters, server generates a DH key pair; this includes a public key of 128bytes long and a private key not longer than public key.

3. Up till this point, the server side DH information is complete. But TQ wants to be more efficient in sending packets. They decided to include some blowfish info as well. Blowfish cfb64 encryption requires a Initialization Vector (IV) of 8 bytes long. TQ decides to use a predefined IV for server->client encryption, and another for client->server encryption. These 2 IVs are included in the first packet as well. Note: these 2 IVs will be reserved for later use.

4. The first packet from server, and the first packet sent by client are considered DH packets. They are encrypted using Blowfish cfb64 with an initialization vector of 8 bytes of zeros.

And i think wanna say that this (4) encryption is changed !

[Cyanogen]

Blowfish hasnt been used for a long time, it switched to Cast128 months ago. The first 2 packets you are talking about are the DH key exchange, they are encrypted using Cast128 and a vanilla key (BC234xs45nme7HU9). They are used to exchange DH public keys so the client and server can derive a shared secret (using their private keys and a common prime and generator) which is then applied to the cast128 encryption.

I know exactly how it works, I've written my own proxy.

[TomasLT]

Quote:

Originally Posted by Cyanogen

Blowfish hasnt been used for a long time, it switched to Cast128 months ago. The first 2 packets you are talking about are the DH key exchange, they are encrypted using Cast128 and a vanilla key (BC234xs45nme7HU9). They are used to exchange DH public keys so the client and server can derive a shared secret (using their private keys and a common prime and generator) which is then applied to the cast128 encryption.

I know exactly how it works, I've written my own proxy.

Me too but i dont looked at it almost 4 months Thanks for clear explanation

[Cyanogen]

EDIT: Cleared this post. I've been asked not to share the information yet.

My proxy is working again, yayyyyyyy.
You're gonna have to do better than that TQ ROFL.....

[IAmHawtness]

Quote:

Originally Posted by Cyanogen

EDIT: Cleared this post. I've been asked not to share the information yet.

My proxy is working again, yayyyyyyy.
You're gonna have to do better than that TQ ROFL.....

Were you on Royalty testing your ****? Or was that someone else?

[Cyanogen]

No, I'm on Storm mostly.
My proxy isn't really a bot, it's just a proxy I use for packet sniffing and a few automatic functions. It's probably someone from CAI or COG getting theirs up again. I doubt it will/would take them long to suss it out either.

Isn't Trig' on Royalty?

[_DreadNought_]

Bang. Pop. Whallop. Crash. BOOM.

Post editied.

[Cyanogen]

I don't want to get anyone in trouble or anything so probs best not to say.

c#???? Urgh!!