question about packets

~~Mind Fuck~~ · 07/23/2012, 10:59

so now by logging the packets of my conquer client v5565 i found them complete meaningless , so i figured out they r already encrypted and in the source there is decrepter and warper which decryp and go to get useful info from the offset it needs which all pre-written by who code the source , right ?

so to trace what i send throw the client and try to figure it out with trail and error theory i need to use the handler in the source to do me that as to simply gimme a copy after decryping the packets(bytes) and i trace what the source do with them and with some enum and declaration/functions ill figure it out else i need to search for packet sniffer for v5565 , right ?

and to write my own source of the newest version i need to be able to get the blowfish with asm and learn from source i got how to write a chipper and handler and w/e it needs , right ?

im real sorry for my bad english , i know u nosebleed lmao

~~I don't have a username~~ · 07/27/2012, 18:34

Can you even program?

~~Mind Fuck~~ · 07/27/2012, 18:50

sigh , after 4 days the only reply is making fun of me
ur mom was such a great mom to born u as an awesome programmer

~~I don't have a username~~ · 07/27/2012, 19:11

I wasn't born to program. I taught it myself.

xmen01235 · 07/27/2012, 21:06

Still no worth to spend your time studying this stuff bro because you will be facing the headache of TQ anti-bot at the end. I already give up my own proxy because I dont want my main to end up in jail. Although infamous told me that he manage to crack the reply packet but it is him.

~~Mind Fuck~~ · 07/28/2012, 05:53

Quote:

I wasn't born to program. I taught it myself.

great , but u did ask way too many questions before and people did help u , so why do u treating me like **** instead of helping me ?

Quote:

Still no worth to spend your time studying this stuff bro because you will be facing the headache of TQ anti-bot at the end. I already give up my own proxy because I dont want my main to end up in jail. Although infamous told me that he manage to crack the reply packet but it is him.

im trying to learn for learning , not to just end up with a working proxy

InfamousNoone · 07/28/2012, 07:49

Quote:

Originally Posted by Mind ****

great , but u did ask way too many questions before and people did help u , so why do u treating me like **** instead of helping me ?

im trying to learn for learning , not to just end up with a working proxy

I realize you're not talking to me, but feel free to go through my thanks, or even my posts and see how many times I've asked for help (and the few times I did, try to find one it wasn't something I could easily figure out myself -- I just asked because I figured someone else had it done).

Everything you need to learn, and do x is publicly available, you just need to be willing to spend the time to learn it. Most people lack this commitment, and so do you.

~~Mind Fuck~~ · 07/28/2012, 11:59

Quote:

Originally Posted by InfamousNoone

I realize you're not talking to me, but feel free to go through my thanks, or even my posts and see how many times I've asked for help (and the few times I did, try to find one it wasn't something I could easily figure out myself -- I just asked because I figured someone else had it done).

Everything you need to learn, and do x is publicly available, you just need to be willing to spend the time to learn it. Most people lack this commitment, and so do you.

well it wasn't something i can figure out myself but yes i won't argument much , u r right , time is valuable , people who come here saying "i want to make a private server" know that he need to read books to get better then do it on his own , but they beg to save time , and then maybe wasting there time playing not to waste it studying programming then fails , life is short , people r afraid to lose effort and time with a chance to fail in the end
but unlike them , i don't ask for help at codes i can figure out by time and learning , all i want is someone to guide me of what to do and read , when u get more organised plan u can save real **** load of time and u wont feel insecure anymore cuz (for example) some real good programmer like infamousnone told u how to start and where to go with less chance of failure

but yes u got a point

~~I don't have a username~~ · 07/28/2012, 12:44

Learn the language before jumping into such things. Seriously, it's like learning to run before walking.

~~Mind Fuck~~ · 07/28/2012, 13:17

Quote:

Originally Posted by I don't have a username

Learn the language before jumping into such things. Seriously, it's like learning to run before walking.

thanks for the advice but i need more details
im able to do a chatting server/clients and downloading manger (with .net libraries)
im reading more at c# , also got slightly knowledge about encryption , asm
what do i need now , more c# ?
thanks for time u take for reply and for the advice u giving to me

xmen01235 · 07/28/2012, 17:56

Quote:

Originally Posted by Mind ****

thanks for the advice but i need more details
im able to do a chatting server/clients and downloading manger (with .net libraries)
im reading more at c# , also got slightly knowledge about encryption , asm
what do i need now , more c# ?
thanks for time u take for reply and for the advice u giving to me

If you are planning to build a proxy bot this is what you need to learn. I assumed that you have a non beginner level on C# and you can build a program based on your own algorithm to the specific problem given.

1.) Bypassing the client.

2.) Client/Server communication using TCP/IP.

3.) Encryption/Decryption at the game & login server.

4.) Packet structure.

5.) Get rid with the TQ anti bot.

~~Mind Fuck~~ · 07/28/2012, 19:54

Quote:

Bypassing the client.

as not using the client at all ? fine that easy once u get to know all the packet structure and can get the seal/encryption/authsequence but how u will get to those ?

Quote:

Client/Server communication using TCP/IP.

that's not a direct connection and built on the answer above

Quote:

Encryption/Decryption at the game & login server.

yeah im learning more asm to get the private dh key from client but it needs real skills at reverse engineering

Quote:

Packet structure.

well there is old packet structure at kov. fang pages and wikis , pretty much helpful but not up to date but still good enough as start

Quote:

Get rid with the TQ anti bot.

who can get blowfish with rev engineering can easily patch and nop that checks , cuz i dun think tq do save logs and add checks (like none archer kill 100 monster in 5 second get botjailed) but yes i know about click client checks and stuff like that

so lemme figure out the guides out of ur steps
learning more c# and more asm so i can use some asm lines at the c# proxy (in case i want to make proxy like client checks ?)
and what i need for packets and encryption , like what books
thanks anyway , sorry if i sound dumb but im here to learn , thank u guys

~~I don't have a username~~ · 07/29/2012, 00:28

Since you now how to do a chatting server/client you should already understand packets.

~~Mind Fuck~~ · 07/29/2012, 07:52

Quote:

Originally Posted by I don't have a username

Since you now how to do a chatting server/client you should already understand packets.

the only packets i used to send or receive is string converted to bytes and im sending this byte array and it's not real advanced , but at tq u need another stuff which i duno how to get into it
well i know that tq server and clients sending packets with first 2 bytes of size then next 2 bytes for type of packet then the next bytes is for what this packet says , then the last bytes is the client/server seal
i was tracing the source a step by step with break point but it was hard to figure out what he do with packets , well it start listening , it accept the connection , it take the auth packets , maybe decrypte it and check type , if it got the type of authing it get to the bytes of account and password , compare it with the tables of database , then permit the account to login or not
that what i know till now , well i am trying but i feel that i lake more information about encryptions maybe or about something else ? duno , anyway thanks guys and ill try over and over till i get it on my own

xmen01235 · 07/29/2012, 09:11

Quote:

Originally Posted by Mind Fuck

as not using the client at all ? fine that easy once u get to know all the packet structure and can get the seal/encryption/authsequence but how u will get to those ?

No.. Bypassing what I mean is you redirect your conquer client to your localhost so that in can connect to your proxy.

Quote:

Originally Posted by Mind Fuck

that's not a direct connection and built on the answer above

After you bypass your client means your proxy should be able to receive the request connection from conquer client. So you need to build a client/server application then you will need to study the authentication process and the keyexchange at gameserver. At this point, you should study the authentication en/de which you can find from this forum also. Once you can decrypt the login packet sent from server, you should be able to see the IP of the game server on which you will be replacing it with the IP of your localhost, encrypt the packet back and send to conquer client. At same time you should be able to start the gameserver on your proxy which will be listening to the gameserver port(This port also you can find from the packet sent by the server during authentication). Some people actually start there gameserver and loginserver at same time because they know already the port for the gameserver. But its your choice.

At the game server, the first packet that you receive from gameserver shall be decrypted by cast cipher.(You can also search from this forum or from private server). On that packet you will find the handshake data for your DH exchange. You will compute your new key and then replace the public key send from the server with your generated public key then send the packet going to conquer client. You will set your cast cipher again with the new key computed from your DH, plus you need to incorporate an md5 on that new key. The client process is same, the first packet that you will be receiving you will get also the handshake data from conquer client. Almost same process, then if you successfully setup the key exchange you should be able to see already the packet with TQServer or TQClient from your logs.

Quote:

Originally Posted by Mind Fuck

yeah im learning more asm to get the private dh key from client but it needs real skills at reverse engineering

I will tell you reverse engineering is tough my friend and you don't need to do that because most of the information needed for your proxy is available here unless TQ will change the encryption again.

Quote:

Originally Posted by Mind Fuck

well there is old packet structure at kov. fang pages and wikis , pretty much helpful but not up to date but still good enough as start

Yes, but the packet structure change a lot, so you will need to figure out by yourself on the latest packet.

Quote:

Originally Posted by Mind Fuck

who can get blowfish with rev engineering can easily patch and nop that checks , cuz i dun think tq do save logs and add checks (like none archer kill 100 monster in 5 second get botjailed) but yes i know about click client checks and stuff like that

Nah, it is not that simple. TQ anti bot can detect both memory based exploitation and proxy. As what Ihawtness said, there are thousand of ways to detect the debugger so memory based has no escape for this anti bot except that you will give your time studying how their anti bot work on the memory and nop all those execution(I am newbie on this stuff btw). What puzzled me is how they detect the proxy, I manage to bypass the conquer client without using any hooking but they still can detect my proxy after 35mins. And what make it worst, they will send it immediately to botjail. Well, you can study and crack the packet that they use to send in server and patch it with correct reply.