Register for your free account! | Forgot your password?

You last visited: Today at 18:38

  • Please register to post and access all features, it's quick, easy and FREE!

 

New Login Packet for Client 5089+

Reply
 
Old   #1
 
elite*gold: 0
Join Date: Apr 2006
Posts: 64
Received Thanks: 31
New Login Packet for Client 5089+

Does anybody have the new login packet structure for client 5089+? For example, if I use an older client and send the following login information using the CO client:

username : test
password : test

I receive the following encrypted packet (packet length is 52 bytes):

0x17 0x84 0x04 0x65 0xD7 0x13 0xC4 0xA5
0xDF 0x0F 0x33 0xA5 0x14 0xCB 0x75 0x6F
0x5F 0x89 0xB0 0x22 0xD5 0x64 0x7A 0x36
0x5E 0x77 0x1B 0xA7 0xC7 0xAE 0xF8 0xB8
0x69 0xF4 0x01 0x1C 0xA6 0x55 0xF2 0xC7
0x4F 0x33 0xC3 0x8C 0xF0 0xC1 0x7F 0x6D
0x59 0x87 0xBA 0x20

I can decrypt the packet and then get the username of "test" just fine.

However, when doing the same thing with the new CO client (i'm using 5089) I receive the following packet (packet length is 276 bytes):

0x15 0x94 0x56 0x65 0xD7 0x13 0xC4 0xA5
0xDF 0x0F 0x33 0xA5 0x14 0xCB 0x75 0x6F
0x5F 0x89 0xB0 0x22 0x93 0x46 0xF6 0xE3
0xD6 0x00 0x3E 0xA2 0x17 0xC4 0x78 0x6C
0x56 0x82 0xBF 0x2B 0x92 0x43 0xF5 0xE0
0xD9 0x05 0x35 0xAB 0x16 0xC1 0x7F 0x6D
0x59 0x87 0xBA 0x20 0x9D 0x4C 0xF8 0xE1
0xD0 0x0E 0x30 0xA0 0x11 0xC2 0x72 0x62
0x50 0x88 0xB1 0x29 0x9C 0x49 0xFF 0xE6
0xDB 0x03 0x3F 0xA9 0x10 0xCF 0x71 0x63
0x5B 0x8D 0xBC 0x26 0x9F 0x4A 0xF2 0xE7
0xD2 0x04 0x3A 0xA6 0x13 0xC8 0x74 0x60
0x52 0x86 0xBB 0x2F 0x9E 0x47 0xF1 0xE4
0xD5 0x09 0x31 0xAF 0x12 0xC5 0x7B 0x61
0x55 0x8B 0xB6 0x24 0x99 0x40 0xF4 0xE5
0xDC 0x02 0x3C 0xA4 0x1D 0xC6 0x7E 0x66
0x5C 0x8C 0xBD 0x2D 0xDE 0x6F 0x77 0x3F
0x5F 0x70 0x1E 0xA8 0xCC 0xA9 0xFD 0xB3
0x68 0xF7 0x06 0x1D 0x9B 0x4E 0xFE 0xEB
0xDE 0x08 0x36 0xAA 0x1F 0xCC 0x70 0x64
0x5E 0x8A 0xB7 0x23 0x9A 0x4B 0xFD 0xE8
0xD1 0x0D 0x3D 0xA3 0x1E 0xC9 0x77 0x65
0x51 0x8F 0xB2 0x28 0x95 0x44 0xF0 0xE9
0xD8 0x06 0x38 0xA8 0x19 0xCA 0x7A 0x6A
0x58 0x80 0xB9 0x21 0x94 0x41 0xF7 0xEE
0xD3 0x0B 0x37 0xA1 0x18 0xC7 0x79 0x6B
0x53 0x85 0xB4 0x2E 0x97 0x42 0xFA 0xEF
0xDA 0x0C 0x32 0xAE 0x1B 0xC0 0x7C 0x68
0x5A 0x8E 0xB3 0x27 0x96 0x4F 0xF9 0xEC
0xDD 0x01 0x39 0xA7 0x1A 0xCD 0x73 0x69
0x5D 0x83 0xBE 0x2C 0x91 0x48 0xFC 0xED
0xD4 0x0A 0x34 0xAC 0x15 0xCE 0x76 0x6E
0x86 0x56 0x67 0xF7 0x76 0x81 0x26 0x17
0x9B 0xEB 0x17 0x50 0x20 0x19 0xA7 0xBD
0x8D 0x5B 0x62 0xF0

The problem I see is that when trying to decrypt past the 256 byte, it blows up because both keys are only 256 bytes in length.

I've tried changing the offset to 0 when it exceeds 255, but I still get junk when trying to display the username.

I just need someone to point me in the right direction.

Any help is appreciated. Thank you.



BoboDundo is offline  
Old   #2
 
elite*gold: 20
Join Date: Jun 2005
Posts: 1,013
Received Thanks: 379
Code:
    public class AuthProtocolCryptographer
    {
        internal class CryptCounter
        {
            UInt16 m_Counter = 0;

            public byte Key2
            {
                get { return (byte)(m_Counter >> 8); }
            }

            public byte Key1
            {
                get { return (byte)(m_Counter & 0xFF); }
            }

            public void Increment()
            {
                m_Counter++;
            }
        }

        private CryptCounter _decryptCounter;
        private CryptCounter _encryptCounter;
        private byte[] _cryptKey1;
        private byte[] _cryptKey2;

        public AuthProtocolCryptographer()
        {
            _decryptCounter = new CryptCounter();
            _encryptCounter = new CryptCounter();
            _cryptKey1 = new byte[0x100];
            _cryptKey2 = new byte[0x100];
            byte i_key1 = 0x9D;
            byte i_key2 = 0x62;
            for (int i = 0; i < 0x100; i++)
            {
                _cryptKey1[i] = i_key1;
                _cryptKey2[i] = i_key2;
                i_key1 = (byte)((0x0F + (byte)(i_key1 * 0xFA)) * i_key1 + 0x13);
                i_key2 = (byte)((0x79 - (byte)(i_key2 * 0x5C)) * i_key2 + 0x6D);
            }
        }

        public void Encrypt(byte[] buffer)
        {
            for (int i = 0; i < buffer.Length; i++)
            {
                buffer[i] ^= (byte)(_cryptKey1[_encryptCounter.Key1] ^ _cryptKey2[_encryptCounter.Key2]);
                buffer[i] = (byte)(buffer[i] >> 4 | buffer[i] << 4);
                buffer[i] ^= (byte)0xAB;
                _encryptCounter.Increment();
            }
        }

        public void Decrypt(byte[] buffer)
        {
            for (int i = 0; i < buffer.Length; i++)
            {
                buffer[i] ^= (byte)0xAB;
                buffer[i] = (byte)(buffer[i] >> 4 | buffer[i] << 4);
                buffer[i] ^= (byte)(_cryptKey2[_decryptCounter.Key2] ^ _cryptKey1[_decryptCounter.Key1]);
                _decryptCounter.Increment();
            }
        }
    }


unknownone is offline  
Thanks
9 Users
Old   #3
 
elite*gold: 0
Join Date: Apr 2006
Posts: 64
Received Thanks: 31
Thank you, I'll give it a whirl!!

Quote:
Originally Posted by unknownone View Post
Code:
    public class AuthProtocolCryptographer
    {
        internal class CryptCounter
        {
            UInt16 m_Counter = 0;

            public byte Key2
            {
                get { return (byte)(m_Counter >> 8); }
            }

            public byte Key1
            {
                get { return (byte)(m_Counter & 0xFF); }
            }

            public void Increment()
            {
                m_Counter++;
            }
        }

        private CryptCounter _decryptCounter;
        private CryptCounter _encryptCounter;
        private byte[] _cryptKey1;
        private byte[] _cryptKey2;

        public AuthProtocolCryptographer()
        {
            _decryptCounter = new CryptCounter();
            _encryptCounter = new CryptCounter();
            _cryptKey1 = new byte[0x100];
            _cryptKey2 = new byte[0x100];
            byte i_key1 = 0x9D;
            byte i_key2 = 0x62;
            for (int i = 0; i < 0x100; i++)
            {
                _cryptKey1[i] = i_key1;
                _cryptKey2[i] = i_key2;
                i_key1 = (byte)((0x0F + (byte)(i_key1 * 0xFA)) * i_key1 + 0x13);
                i_key2 = (byte)((0x79 - (byte)(i_key2 * 0x5C)) * i_key2 + 0x6D);
            }
        }

        public void Encrypt(byte[] buffer)
        {
            for (int i = 0; i < buffer.Length; i++)
            {
                buffer[i] ^= (byte)(_cryptKey1[_encryptCounter.Key1] ^ _cryptKey2[_encryptCounter.Key2]);
                buffer[i] = (byte)(buffer[i] >> 4 | buffer[i] << 4);
                buffer[i] ^= (byte)0xAB;
                _encryptCounter.Increment();
            }
        }

        public void Decrypt(byte[] buffer)
        {
            for (int i = 0; i < buffer.Length; i++)
            {
                buffer[i] ^= (byte)0xAB;
                buffer[i] = (byte)(buffer[i] >> 4 | buffer[i] << 4);
                buffer[i] ^= (byte)(_cryptKey2[_decryptCounter.Key2] ^ _cryptKey1[_decryptCounter.Key1]);
                _decryptCounter.Increment();
            }
        }
    }
BoboDundo is offline  
Old   #4
 
elite*gold: 0
Join Date: Apr 2006
Posts: 64
Received Thanks: 31
You're a genius. Worked perfectly. Here is my decrypted packet now and you can clearly see the login name:

Packet Decrypted:
0x14 0x01 0x3E 0x04 0x74 0x65 0x73 0x74 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x64 0x22 0xC8 0x5D 0x88 0x77 0x52 0x50 0x0D 0xA6 0x08 0x4D 0xF3 0x67 0xEB 0x73 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x43 0x61 0x70 0x72 0x69 0x63 0x6F 0x72 0x6E 0x00 0x00 0x00 0x00 0x00 0x00 0x00

Does anyone what the last 16 bytes are for? These would appear to be new (although, I'm sure all of the 0x00 before that are also new up until where the password is encoded).

Again, thank you for your help on this issue.

Quote:
Originally Posted by unknownone View Post
Code:
    public class ...


BoboDundo is offline  
Old   #5
 
elite*gold: 0
Join Date: Jun 2006
Posts: 457
Received Thanks: 67
Quote:
Originally Posted by unknownone View Post
Code:
    public class AuthProtocolCryptographer
    {
        internal class CryptCounter
        {
            UInt16 m_Counter = 0;

            public byte Key2
            {
                get { return (byte)(m_Counter >> 8); }
            }

            public byte Key1
            {
                get { return (byte)(m_Counter & 0xFF); }
            }

            public void Increment()
            {
                m_Counter++;
            }
        }

        private CryptCounter _decryptCounter;
        private CryptCounter _encryptCounter;
        private byte[] _cryptKey1;
        private byte[] _cryptKey2;

        public AuthProtocolCryptographer()
        {
            _decryptCounter = new CryptCounter();
            _encryptCounter = new CryptCounter();
            _cryptKey1 = new byte[0x100];
            _cryptKey2 = new byte[0x100];
            byte i_key1 = 0x9D;
            byte i_key2 = 0x62;
            for (int i = 0; i < 0x100; i++)
            {
                _cryptKey1[i] = i_key1;
                _cryptKey2[i] = i_key2;
                i_key1 = (byte)((0x0F + (byte)(i_key1 * 0xFA)) * i_key1 + 0x13);
                i_key2 = (byte)((0x79 - (byte)(i_key2 * 0x5C)) * i_key2 + 0x6D);
            }
        }

        public void Encrypt(byte[] buffer)
        {
            for (int i = 0; i < buffer.Length; i++)
            {
                buffer[i] ^= (byte)(_cryptKey1[_encryptCounter.Key1] ^ _cryptKey2[_encryptCounter.Key2]);
                buffer[i] = (byte)(buffer[i] >> 4 | buffer[i] << 4);
                buffer[i] ^= (byte)0xAB;
                _encryptCounter.Increment();
            }
        }

        public void Decrypt(byte[] buffer)
        {
            for (int i = 0; i < buffer.Length; i++)
            {
                buffer[i] ^= (byte)0xAB;
                buffer[i] = (byte)(buffer[i] >> 4 | buffer[i] << 4);
                buffer[i] ^= (byte)(_cryptKey2[_decryptCounter.Key2] ^ _cryptKey1[_decryptCounter.Key1]);
                _decryptCounter.Increment();
            }
        }
    }
Am i not using the codes right or have i misunderstood its usage?
After obtaining the packet of Authorization Response, i Encrypt() packet to obtain the raw packet. Before i pass on the information to Client i also Decrypted it. Essentially the 2 cipher functions are reflections of each other, so i managed to replay for client to game server. But the decrypted msg's from Encrypt() didn't make any sense. May i know what did i do wrong ?
shitboi is offline  
Old   #6
 
elite*gold: 20
Join Date: Mar 2006
Posts: 6,222
Received Thanks: 2,474
....to decrypt a message you use the decrypt method, to encrypt a message you use the encrypt method...

Maybe you should google basic cryptography terms before you try anything to do with it.
Korvacs is offline  
Old   #7
 
elite*gold: 0
Join Date: Jun 2006
Posts: 457
Received Thanks: 67
Quote:
Originally Posted by Korvacs View Post
....to decrypt a message you use the decrypt method, to encrypt a message you use the encrypt method...

Maybe you should google basic cryptography terms before you try anything to do with it.

I got my guidlines (Links to [email protected] Xpl0sion). The author suggested encrypt and decrypt functions were designed to operate between client and proxy. "Encrypt() also decrypts encrypted packets from Server, while decrypt encrypts the decrypted packet".

I realized i made a mistake while coding and thus suspected that his guide is wrong or out dated. But yes he is right. The above codes unknownone supplied indeed works as described by the author of the guide. This is the proof

Codes are written in java

Code:
        //get AuthPasswordSeed
        System.out.print(place+ " Obtain password seed :");
        numRead = fromServer.read(packetBuf);
        packet = trimPacket(packetBuf, numRead);
        apc.[B]Encrypt[/B](packet);
        printPacket(packet,packet.length);
        apc.[B]Decrypt[/B](packet);
        toClient.write(packetBuf, 0, numRead);
        System.out.println("complete");
Code:
        //get AuthResponse
        System.out.print(place+" Authorization response :");
        numRead = fromServer.read(packetBuf);
        System.out.println("obtained, length = "+numRead);
        packet = trimPacket(packetBuf, numRead);//resize packet to real packet size (note: packetBuf is 512!!!)
        apc.[B]Encrypt[/B](packet);
        //System.out.println(place+" Decrypted Auth Response packet length :"+packet.length);
        printPacket(packet,packet.length);
        System.out.print(place+" Extracting game server info :");
        obtainGameServerInfo(packet);
        System.out.println(server_info_buffer.ip + ":"+ server_info_buffer.port);
        //editGameServerInfo(packet);
        displayAuthResponse(packet);
        apc.Decrypt(packet);
        toClient.write(packetBuf, 0, numRead);
This is the output: Logged into capricon with a noob account.
Code:
@Auth Proxy : Client connected
[GameProxy] : Thread started
[AuthProxy] Connecting to :208.96.34.46 on port 9959
[AuthProxy] Obtain password seed :8 0 35 4 118 82 120 10 
complete
[AuthProxy] Sending authorization request :complete
[AuthProxy] Authorization response :obtained, length = 52
52 0 31 4 -84 54 85 0 35 20 8 18 -72 22 0 0 -68 93 85 0 54 57 46 53 57 46 49 53 53 46 50 49 50 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 
[AuthProxy] Extracting game server info :69.59.155.212
However, i do have one question regarding forward packets to client.
In order to make my client connect to proxy instead of game server. I need to edit the IP blocks in the Auth Response packet. For example. I received this Auth Response Packet
Code:
52 0 31 4 -84 54 85 0 -28 126 -127 75 [COLOR="Blue"]-72 22 0 0[/COLOR] -68 93 85 0 [COLOR="Red"]54 57 46 53 57 46 49 53 53 46 50 49 50 0 0 0[/COLOR] 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Highlighted in blue is the port number, and Red is the IP = 69.59.155.212
So, I should edit the IP field of this packet to 127.0.0.1, as follows.

Code:
52 0 31 4 -84 54 85 0 -117 87 -78 104 [COLOR="Blue"]-72 22 0 0[/COLOR] -68 93 85 0 [COLOR="Red"]49 50 55 46 48 46 48 46 49 0 0 0 0 0 0 0[/COLOR] 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Even after so ... the client still logs into the actual game server rather than logging into my proxy. Did i get somewhere wrong?



[EDIT]: F&ck ... i realized my problem. I gave client the packet instead of giving it the edited packet. Thanks for bothering to reply korvac


shitboi is offline  
Reply



« Previous Thread | Next Thread »

Similar Threads
5089 Client
Can anyone help me, I need a 5089 Client! And how do I make it so it does not patch up to 5128? Please help me out.
2 Replies - CO2 PServer - Discussions / Questions
HELP PLS!!! Client 5089!!!
Heii guys.. I already used google and patched it,but still had problems... Can anyone post a offical 5017 client (without...
4 Replies - CO2 PServer - Discussions / Questions
Looking for a Working 5089 Client
Hey, currently got a server running and all but trying to upgrade to the Ninja patch, 5089. Anybody got a working Client? Cheers.
3 Replies - CO2 PServer - Discussions / Questions
I NEED A 5089 CLIENT!!!
Could sombody please leave me a link to a 5089 client? thanks
8 Replies - CO2 PServer - Discussions / Questions
Login Packets for 5089+ (New Client)
I know I might be a little crazy, but I'm going to work on a CO Client. I'm trying to do a proxy/packet logger and a very simple client that can do...
7 Replies - CO2 Programming



All times are GMT +2. The time now is 18:38.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Abuse
Copyright ©2017 elitepvpers All Rights Reserved.