Full Attack Decode

AhmedZero · 01/21/2015, 14:03

Hello,
That's Full Attack Decode

PHP Code:


			
public class AttackDecode

    {

        public static void PacketArray(byte[] Packet)

        {

            ushort Length = BitConverter.ToUInt16(Packet, 0);

            ushort Type = BitConverter.ToUInt16(Packet, 2);

            int Time1 = BitConverter.ToInt32(Packet, 4);

            int Time2 = BitConverter.ToInt32(Packet, 8);

            ushort SpellID = BitConverter.ToUInt16(Packet, 28);

            ushort ResponeDamage = BitConverter.ToUInt16(Packet, 30);

            uint Attacker = BitConverter.ToUInt32(Packet, 12);

            uint Attacked = BitConverter.ToUInt32(Packet, 16);

            ushort X = BitConverter.ToUInt16(Packet, 20);

            ushort Y = BitConverter.ToUInt16(Packet, 22);

            ushort AttackType = BitConverter.ToUInt16(Packet, 24);            

            //X,Y Decryption

            Y = (ushort)(Y ^ Attacker ^ 0xB99B);

            Y = (ushort)(RotateLeftushort(Y, 5) + 0x76DE);

            X = (ushort)(X ^ Attacker ^ 0x2ED6);

            X = (ushort)(RotateLeftushort(X, 1) - 0x22EE);

            //SpellID

            SpellID = (ushort)(X ^ Attacker ^ 0x915D);

            SpellID = (ushort)(RotateLeftushort(SpellID, 3) + 0x14BE);

            //TargetUID

            Attacked = (RotateRightuint(Attacked, 13) ^ 0x5F2D2463 ^ Attacker) - 0x746F4AE6;

            //ResponeDamage

            if ((int)SpellID >= 1000

      && ((int)SpellID <= 1002 || SpellID == 1030 || SpellID == 1125 || SpellID == 1150 || SpellID == 1160 || SpellID == 1165))

                ResponeDamage ^= (ushort)0x6279u;

           ResponeDamage  = (ResponeDamage ^ 0x3721) - (ushort)((Time2 & 0xFF) << 8);



        }

        public static uint RotateLeftuint(this uint value, int count)

        {

            return (value << count) | (value >> (32 - count));

        }



        public static uint RotateRightuint(this uint value, int count)

        {

            return (value >> count) | (value << (32 - count));

        }

        public static ushort RotateLeftushort(this ushort value, short count)

        {

            return (ushort)(((value << count) | (value >> (16 - count))) & 0xFFFF);

        }



        public static ushort RotateRightushort(this ushort value, short count)

        {

            return (ushort)(((value >> count) | (value << (16 - count))) & 0xFFFF);

        }

    }

im dont test it yet thanks

.

~~Best Coder 2014~~ · 01/21/2015, 14:07

This has been public knowledge for like 5 years, maybe more, I believe ...

AhmedZero · 01/21/2015, 14:14

the decrypt of Response Damage not available in old Attack Decode.

~~Thorev~~ · 01/21/2015, 14:17

Well his other thread MsgTick (1012) had me going '10 years ago..' so now it's only 5 years ago. Progress sir, progress.

AhmedZero · 01/21/2015, 14:20

Give me old thread of Packet MSGTick 1012 have the same encryption system.

~~Thorev~~ · 01/21/2015, 14:28

Pretty sure there is no old thread since nobody felt it was necessary to post it LOL

AhmedZero · 01/21/2015, 14:36

i know it's lol but i post it if anyone need it and when i search information about that packet, i found that information.
the packet it's not too bad.

Quote:

Originally Posted by CptSky

The MsgTick (1012) packet is used by TQ to disconnect people with bad connection. It is probably the best solution to ping the client.

i release that thread for learning i get Decode by using Debugger.
and i want know if the Code is work or not?

~~Thorev~~ · 01/21/2015, 18:42

The people who know enough, know the stuff that you post.
The people who don't know anything aren't going to bother reading or trying to understand what code you posted. Those are the people that go; 'plssss i ned source downlaod link ok ty bb'.

That pretty much sums up this community.

~~pro4never~~ · 01/21/2015, 20:53

Yahhh... just re-stating.

This is in every public source and has been for YEARS. If anyone had any need to understand how to process interaction packets, the most logical first step would to be see how other sources do it.

Boom, 100+ examples of it already written in every style you could hope to see.

Redux for example which is years old and even when I wrote that... I just copied the code out of a source that was old even at that time.

Code:

        private static void EncodeMagicAttack(InteractPacket* packet)
        {
            if (packet->isEncoded)
                return;
            packet->isEncoded = true;
            packet->MagicType = (ushort)(Common.ExchangeShortBits(packet->MagicType - (uint)0x14be, 3) ^ packet->UID ^ 0x915d);
            packet->Target = Common.ExchangeLongBits(((packet->Target - 0x8b90b51a) ^ packet->UID ^ 0x5f2d2463), 32 - 13);
            packet->X = (ushort)(Common.ExchangeShortBits(packet->X - (uint)0xdd12, 1) ^ packet->UID ^ 0x2ed6);
            packet->Y = (ushort)(Common.ExchangeShortBits((packet->Y - (uint)0x76de), 5) ^ packet->UID ^ 0xb99b);
            packet->MagicLevel = (ushort)((packet->MagicLevel + 0x100 * (packet->Timestamp % 0x100)) ^ 0x3721);
        }

        private static void DecodeMagicAttack(InteractPacket* packet)
        {
            if (packet->isDecoded)
                return;
            packet->isDecoded = true;
            packet->MagicType = (ushort)(0xFFFF & (Common.ExchangeShortBits((packet->MagicType ^ packet->UID ^ 0x915d), 16 - 3) + 0x14be));
            packet->MagicLevel = (ushort)(((byte)packet->MagicLevel) ^ 0x21);
            packet->Target = (Common.ExchangeLongBits(packet->Target, 13) ^ packet->UID ^ 0x5f2d2463) + 0x8b90b51a;
            packet->X = (ushort)(0xFFFF & (Common.ExchangeShortBits((packet->X ^ packet->UID ^ 0x2ed6), 16 - 1) + 0xdd12));
            packet->Y = (ushort)(0xFFFF & (Common.ExchangeShortBits((packet->Y ^ packet->UID ^ 0xb99b), 16 - 5) + 0x76de));
        }

Code:

        public static uint ExchangeShortBits(uint data, int bits)
        {
            data &= 0xffff;
            return ((data >> bits) | (data << (16 - bits))) & 0xffff;
        }

        public static uint ExchangeLongBits(uint data, int bits)
        {
            return (data >> bits) | (data << (32 - bits));
        }

~~Best Coder 2014~~ · 01/21/2015, 21:03

Quote:

Originally Posted by pro4never

Yahhh... just re-stating.

This is in every public source and has been for YEARS. If anyone had any need to understand how to process interaction packets, the most logical first step would to be see how other sources do it.

Boom, 100+ examples of it already written in every style you could hope to see.

It's even in the leaked EO source as well, if I remember correctly.

AhmedZero · 01/21/2015, 22:12

pro4never,
im just training my self of using IDA Pro.
and i want to know if the code is Correct or not?
thanks for your replying.

ImmuneOne · 01/21/2015, 23:34

Could you break down the information for me? I'm a bit slow when it comes to understanding things like this.

lostsolder05 · 01/22/2015, 00:55

_DreadNought_ · 01/22/2015, 15:02

Quote:

Originally Posted by AhmedZero

pro4never,
im just training my self of using IDA Pro.
and i want to know if the code is Correct or not?
thanks for your replying.

why can't you just test it yourself?

AhmedZero · 01/22/2015, 15:21

because im not professional and i want to see the opinions about that.