|
You last visited: Today at 12:36
Advertisement
Encrypt/Decrypt Function
Discussion on Encrypt/Decrypt Function within the CO2 Programming forum part of the Conquer Online 2 category.
09/26/2009, 20:44
|
#1
|
elite*gold: 0 
Join Date: Dec 2007
Posts: 108
Received Thanks: 42
|
Encrypt/Decrypt Function
I think I've found the wrapper for send() at 00536FDB but I cannot find any calls just before the actual winsock send that would encrypt data. Am I looking in the wrong place?
|
|
|
|
09/26/2009, 21:50
|
#2
|
elite*gold: 20
Join Date: Aug 2007
Posts: 1,749
Received Thanks: 2,199
|
You're looking at the right place. You just need to trace further back. The encrypt functions are a couple of calls before the WS2_32.send call
|
|
|
|
|
09/27/2009, 01:50
|
#3
|
elite*gold: 0
Join Date: Dec 2007
Posts: 108
Received Thanks: 42
|
It doesn't seem to be a simple CALL ***. I traced back until I found a case switch for packet IDs so I'm assuming that's way too far. I'm just gonna outright ask if anyone can give me the address. My guess is 00534F78.
|
|
|
|
|
09/29/2009, 16:34
|
#4
|
elite*gold: 20
Join Date: Aug 2005
Posts: 1,734
Received Thanks: 1,001
|
Find a packet with type 0x43E, (Login request, first packet client > server), trace it back until you get out of the building of the packet, couple lines below there is call to location ***, it'll call a function that calls the encrypting + sending
|
|
|
|
|
09/30/2009, 04:28
|
#5
|
elite*gold: 0
Join Date: Dec 2007
Posts: 108
Received Thanks: 42
|
Quote:
Originally Posted by tanelipe
Find a packet with type 0x43E, (Login request, first packet client > server), trace it back until you get out of the building of the packet, couple lines below there is call to location ***, it'll call a function that calls the encrypting + sending
|
Okay, I'll try to do that but something puzzles me: if I found what looks to me like Conquer.Send(), i.e. the wrapper for ws2_32.Send(), then why isn't encrypt() inside? And if it's not inside then I would think I could simply trace back to where Conquer.Send() is called and a CALL encrypt() would be right there. Am I wrong for thinking it should be this simple?
|
|
|
|
|
09/30/2009, 07:07
|
#6
|
elite*gold: 0
Join Date: Apr 2007
Posts: 950
Received Thanks: 2,410
|
I did alot of tracing for this when I was making a dll proxy for injection/interception, are you trying something similar?
|
|
|
|
|
09/30/2009, 07:23
|
#7
|
elite*gold: 0
Join Date: Dec 2007
Posts: 108
Received Thanks: 42
|
Quote:
Originally Posted by *M*
I did alot of tracing for this when I was making a dll proxy for injection/interception, are you trying something similar?
|
Yes, I'm doing this ultimately to make a proxy. I had tried doing this strictly with C# but then I found I couldn't decrypt server packets. I asked here and was lead to hooking, which after reading around I found could not be done in C#. So then I looked up what I would need to do this in C++, got the basic idea, then tried to find the winsock funtions in Conquer.exe. Found them now and (as the title hints) I'm looking for the encrypt() functions.
I had no experience with disassembling/reversing until a few days so I'm still learning the basics.
|
|
|
|
|
09/30/2009, 10:20
|
#8
|
elite*gold: 20
Join Date: Aug 2007
Posts: 1,749
Received Thanks: 2,199
|
Why not just hook/intercept/whatever the functions that handles the outgoing/incoming packets before they're encrypted (outgoing) / after they're decrypted (incoming). Those functions can be used for sending packets or receiving packets too
|
|
|
|
|
09/30/2009, 12:14
|
#9
|
elite*gold: 20
Join Date: Jun 2005
Posts: 1,013
Received Thanks: 381
|
In latest client
Code:
Conquer.[.text+0x001361BB] = void CEncryptClient::Encrypt(uint8_t* bufMsg, int nLen, bool bMove=true);
Conquer.[.text+0x00135B41] | Call to void Conquer.CEncryptClient::Encrypt(uint8_t* bufMsg, int nLen, bool bMove=true);
Conquer.[.text+0x00136006] | Call to int WS2_32.send(int sockfd, const void* msg, int len, int flags);
|
|
|
|
|
10/01/2009, 04:39
|
#10
|
elite*gold: 0
Join Date: Dec 2007
Posts: 108
Received Thanks: 42
|
Quote:
Originally Posted by IAmHawtness
Why not just hook/intercept/whatever the functions that handles the outgoing/incoming packets before they're encrypted (outgoing) / after they're decrypted (incoming). Those functions can be used for sending packets or receiving packets too
|
Ah, because I'm not sure how to find them. I figured the send function would be easiest because I could just trace back from any ws2_32.send call.
Quote:
Originally Posted by unknownone
In latest client
Code:
Conquer.[.text+0x001361BB] = void CEncryptClient::Encrypt(uint8_t* bufMsg, int nLen, bool bMove=true);
Conquer.[.text+0x00135B41] | Call to void Conquer.CEncryptClient::Encrypt(uint8_t* bufMsg, int nLen, bool bMove=true);
Conquer.[.text+0x00136006] | Call to int WS2_32.send(int sockfd, const void* msg, int len, int flags);
|
I don't know what address ".text" is at...
|
|
|
|
|
10/01/2009, 06:17
|
#11
|
elite*gold: 20
Join Date: Aug 2007
Posts: 1,749
Received Thanks: 2,199
|
Quote:
Originally Posted by Belth
Ah, because I'm not sure how to find them. I figured the send function would be easiest because I could just trace back from any ws2_32.send call.
I don't know what address ".text" is at...
|
".text" is just the entry point of the Conquer.exe, 0x401000 I think it is. As for the send packet function, check your PM inbox. You can try tracing forward from the sendpacket function to WS2_32.send, then you'll also know how to trace it back from WS2_32.send 
|
|
|
|
|
10/02/2009, 05:56
|
#12
|
elite*gold: 0
Join Date: Dec 2007
Posts: 108
Received Thanks: 42
|
Thank you very much for the spoon-feeding.
|
|
|
|
|
10/03/2009, 04:37
|
#13
|
elite*gold: 0
Join Date: Jun 2009
Posts: 787
Received Thanks: 314
|
Search for "catch error in send msg." and "catch error in process msg" in memory.
|
|
|
|
 |
Similar Threads
|
Encrypt/Decrypt
09/01/2010 - EO PServer Hosting - 9 Replies
Who can tell me how can i decrypt a password mage by the register page?:D
|
Need Someone who can Read/Decrypt/Encrypt Sdata Files
04/21/2010 - Shaiya - 3 Replies
Hello i am helping a good friend on her server, it is working and up in Beta
we are looking for someone who can Read/Decrypt/Encrypt Sdata Files.
if you know how and good please contact me at:
[email protected]
|
(Request) DeCrypt / Encrypt
05/04/2009 - RF Online - 6 Replies
Do you have any DeCrypt/Encrypt program what works for Item.edf in RFOph ?
Thanks. :D
|
encrypt/decrypt guide .INI
12/01/2007 - Archlord - 4 Replies
I put this little guide together to make it more understandable and easier to read, this is in regards to the other guys post (menasculio) who posted the source code/compiled
Put that file in the INI folder of archlord.
start>run>CMD type in CD C:\Program Files\Codemasters\Archlord\ini
once you have done that you can rename the .exe you downloaded to a shorter name, i named mine DEC.
|
Itemtype.DAT Encrypt/Decrypt
06/07/2007 - CO2 Exploits, Hacks & Tools - 1 Replies
I don't know who made this tool i found it in my C:\ folder named Project1.exe
it has no company name nor does it have an about section.
So i cannot take credit for this tool.
It Encrypts and Decrypts the itemtype.dat file with a few clicks of the mouse, without having to be in the Conquer 2.0\ini folder unlike the DeEn tool that was used for decrypting the Monster.dat. This tool should work for the Monster.dat file too.
Just found it on my comp and thought i'd share it since its a bit...
|
All times are GMT +1. The time now is 12:37.
|
|
