Register for your free account! | Forgot your password?

You last visited: Today at 11:18

  • Please register to post and access all features, it's quick, easy and FREE!

 

Encrypt/Decrypt Function

Reply
 
Old   #1
 
elite*gold: 0
Join Date: Dec 2007
Posts: 108
Received Thanks: 42
Encrypt/Decrypt Function

I think I've found the wrapper for send() at 00536FDB but I cannot find any calls just before the actual winsock send that would encrypt data. Am I looking in the wrong place?



Belth is offline  
Old   #2
 
elite*gold: 20
Join Date: Aug 2007
Posts: 1,749
Received Thanks: 2,197
You're looking at the right place. You just need to trace further back. The encrypt functions are a couple of calls before the WS2_32.send call


IAmHawtness is offline  
Old   #3
 
elite*gold: 0
Join Date: Dec 2007
Posts: 108
Received Thanks: 42
It doesn't seem to be a simple CALL ***. I traced back until I found a case switch for packet IDs so I'm assuming that's way too far. I'm just gonna outright ask if anyone can give me the address. My guess is 00534F78.
Belth is offline  
Old   #4
 
elite*gold: 20
Join Date: Aug 2005
Posts: 1,734
Received Thanks: 993
Find a packet with type 0x43E, (Login request, first packet client > server), trace it back until you get out of the building of the packet, couple lines below there is call to location ***, it'll call a function that calls the encrypting + sending


tanelipe is offline  
Thanks
2 Users
Old   #5
 
elite*gold: 0
Join Date: Dec 2007
Posts: 108
Received Thanks: 42
Quote:
Originally Posted by tanelipe View Post
Find a packet with type 0x43E, (Login request, first packet client > server), trace it back until you get out of the building of the packet, couple lines below there is call to location ***, it'll call a function that calls the encrypting + sending
Okay, I'll try to do that but something puzzles me: if I found what looks to me like Conquer.Send(), i.e. the wrapper for ws2_32.Send(), then why isn't encrypt() inside? And if it's not inside then I would think I could simply trace back to where Conquer.Send() is called and a CALL encrypt() would be right there. Am I wrong for thinking it should be this simple?
Belth is offline  
Old   #6
 
elite*gold: 0
Join Date: Apr 2007
Posts: 950
Received Thanks: 2,407
I did alot of tracing for this when I was making a dll proxy for injection/interception, are you trying something similar?
*M* is offline  
Old   #7
 
elite*gold: 0
Join Date: Dec 2007
Posts: 108
Received Thanks: 42
Quote:
Originally Posted by *M* View Post
I did alot of tracing for this when I was making a dll proxy for injection/interception, are you trying something similar?
Yes, I'm doing this ultimately to make a proxy. I had tried doing this strictly with C# but then I found I couldn't decrypt server packets. I asked here and was lead to hooking, which after reading around I found could not be done in C#. So then I looked up what I would need to do this in C++, got the basic idea, then tried to find the winsock funtions in Conquer.exe. Found them now and (as the title hints) I'm looking for the encrypt() functions.

I had no experience with disassembling/reversing until a few days so I'm still learning the basics.
Belth is offline  
Old   #8
 
elite*gold: 20
Join Date: Aug 2007
Posts: 1,749
Received Thanks: 2,197
Why not just hook/intercept/whatever the functions that handles the outgoing/incoming packets before they're encrypted (outgoing) / after they're decrypted (incoming). Those functions can be used for sending packets or receiving packets too
IAmHawtness is offline  
Old   #9
 
elite*gold: 20
Join Date: Jun 2005
Posts: 1,013
Received Thanks: 379
In latest client
Code:
Conquer.[.text+0x001361BB] = void CEncryptClient::Encrypt(uint8_t* bufMsg, int nLen, bool bMove=true);

Conquer.[.text+0x00135B41] | Call to void Conquer.CEncryptClient::Encrypt(uint8_t* bufMsg, int nLen, bool bMove=true);

Conquer.[.text+0x00136006] | Call to int WS2_32.send(int sockfd, const void* msg, int len, int flags);
unknownone is offline  
Thanks
1 User
Old   #10
 
elite*gold: 0
Join Date: Dec 2007
Posts: 108
Received Thanks: 42
Quote:
Originally Posted by IAmHawtness View Post
Why not just hook/intercept/whatever the functions that handles the outgoing/incoming packets before they're encrypted (outgoing) / after they're decrypted (incoming). Those functions can be used for sending packets or receiving packets too
Ah, because I'm not sure how to find them. I figured the send function would be easiest because I could just trace back from any ws2_32.send call.

Quote:
Originally Posted by unknownone View Post
In latest client
Code:
Conquer.[.text+0x001361BB] = void CEncryptClient::Encrypt(uint8_t* bufMsg, int nLen, bool bMove=true);

Conquer.[.text+0x00135B41] | Call to void Conquer.CEncryptClient::Encrypt(uint8_t* bufMsg, int nLen, bool bMove=true);

Conquer.[.text+0x00136006] | Call to int WS2_32.send(int sockfd, const void* msg, int len, int flags);
I don't know what address ".text" is at...
Belth is offline  
Old   #11
 
elite*gold: 20
Join Date: Aug 2007
Posts: 1,749
Received Thanks: 2,197
Quote:
Originally Posted by Belth View Post
Ah, because I'm not sure how to find them. I figured the send function would be easiest because I could just trace back from any ws2_32.send call.



I don't know what address ".text" is at...
".text" is just the entry point of the Conquer.exe, 0x401000 I think it is. As for the send packet function, check your PM inbox. You can try tracing forward from the sendpacket function to WS2_32.send, then you'll also know how to trace it back from WS2_32.send
IAmHawtness is offline  
Thanks
1 User
Old   #12
 
elite*gold: 0
Join Date: Dec 2007
Posts: 108
Received Thanks: 42
Thank you very much for the spoon-feeding.
Belth is offline  
Old   #13
 
elite*gold: 0
Join Date: Jun 2009
Posts: 787
Received Thanks: 312
Search for "catch error in send msg." and "catch error in process msg" in memory.


_tao4229_ is offline  
Thanks
1 User
Reply



« Previous Thread | Next Thread »

Similar Threads
Encrypt/Decrypt
Who can tell me how can i decrypt a password mage by the register page?:D
9 Replies - EO PServer Hosting
Need Someone who can Read/Decrypt/Encrypt Sdata Files
Hello i am helping a good friend on her server, it is working and up in Beta we are looking for someone who can Read/Decrypt/Encrypt Sdata Files. ...
3 Replies - Shaiya
(Request) DeCrypt / Encrypt
Do you have any DeCrypt/Encrypt program what works for Item.edf in RFOph ? Thanks. :D
6 Replies - RF Online
encrypt/decrypt guide .INI
I put this little guide together to make it more understandable and easier to read, this is in regards to the other guys post (menasculio) who posted...
4 Replies - Archlord
Itemtype.DAT Encrypt/Decrypt
I don't know who made this tool i found it in my C:\ folder named Project1.exe it has no company name nor does it have an about section. So i...
1 Replies - CO2 Exploits, Hacks & Tools



All times are GMT +1. The time now is 11:18.


Powered by vBulletin®
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Abuse
Copyright ©2018 elitepvpers All Rights Reserved.