Copyrights and copyright of this Guide are elitepvpers.com
You will not use any information obtained from this guide for malicious purposes.
All information from this guide is for intellectual purposes only, and you are responsible for how you use it.
This guide may only be posted on the elitepvpers network, so if you see it anywhere else, please let me know about it.
Posted on: Nov 8 2004
Contact me for copy and paste permission
PM DO NOT ME, if you want to know how to make hacks with these informations
Update:
<! -- Begin rate -- Ultima +--></ span> <table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'> <tr> <td> QUOTE (Ultima) </ td> </ tr> <tr> <td id='QUOTE'> <! -- QuoteEBegin --> one month after the guide came out they made litle change in the firs packet you recive its now 32 bytes long not 28 like in the guide and for the key you have to start taking the keys now at the 5th position not the 4th thats all they won `t patch anything cause its most likeley to complex and they don` t even make money with conquer only with the dbs so i dont think the ll make anything [/ quote]
Guide to Conquer Online packet encryption and decryption
Content:
1st The key
A. General
B. The first two keys
C. Creating the 3rd And 4 Key
2nd Decrypt packages
A. The Counter
B. The deciphered by Empfangenen packages
C. The decipher "packages sent by the client"
3rd The encryption and decryption as a server
The key
General
There are 4 key to Conquer encryption. Actually, there were only two. These two, however, after logging on the server login, 2, sent from the server key, Scramble and as new key for the outgoing packages. Thus, 4 key.
The first two keys:
1st Key
Code:
9 D 90 83 8A D1 8C E7 F6 25 28 EB 82 99 64 8F 2E
2 D 40 D3 FA E1 BC B7 E6 B5 D8 3B F2 A9 94 5F 1E
BD F0 23 6A F1 EC 87 D6 45 88 8B 62 B9 C4 2F 0E
4 D A0 73 DA 01 1C 57 C6 D5 38 DB D2 C9 F4 FF FE
DD 50 C3 4A 11 4C 27 B6 65 E8 2B 42 D9 24 CF EE
6 D 00 13 BA 21 7C F7 A6 F5 98 7B B2 E9 54 9F DE
FD B0 63 2A 31 AC C7 96 85 48 CB 22 F9 84 6F CE
8 D 60 B3 9A 41 DC 97 86 15 F8 1B 92 09 B4 3F BE
1 D 10 03 0A 51 0C 67 76 A5 A8 6B 02 19 E4 0F AE
AD C0 53 7A 61 3C 37 66 35 58 BB 72 29 14 DF 9E
3 D 70 A3 EA 71 6C 07 56 C5 08 0B E2 39 44 AF 8E
CD 20 F3 5A 81 9C D7 46 55 B8 5B 52 49 74 7F 7E
5 D D0 43 CA 91 CC A7 36 E5 68 AB C2 59 A4 4F 6E
ED 80 93 3A A1 FC 77 26 75 18 FB 32 69 D4 1F 5E
7 D 30 E3 AA B1 2C 47 16 05 C8 4B A2 79 04 EF 4E
0 D E0 33 1A C1 5C 17 06 95 78 9B 12 89 34 BF 3E
2nd Key
Code:
62 4F E8 15 DE EB 04 91 1A C7 E0 4D 16 E3 7C 49
D2 3F D8 85 4E DB F4 01 8A B7 D0 BD 86 D3 6C B9
42 2F C8 F5 BE CB E4 71 FA A7 C0 2D F6 C3 5C 29
B2 1F B8 65 2E BB D4 E1 6A 97 B0 9D 66 B3 4C 99
22 0F A8 D5 9E AB C4 51 DA 87 A0 0D D6 A3 3C 09
92 FF 98 45 0E 9B B4 C1 4A 77 90 7D 46 93 2C 79
02 EF 88 B5 7E 8B A4 31 BA 67 80 ED B6 83 1C E9
72 DF 78 25 EE 7B 94 A1 2A 57 70 5D 26 73 0C 59
E2 CF 68 95 5E 6B 84 11 9A 47 60 CD 96 63 FC C9
52 BF 58 05 CE 5B 74 81 0A 37 50 3D 06 53 EC 39
C2 GA 48 75 3E 4B 64 F1 7A 27 40 AD 76 43 DC A9
32 9F 38 E5 AE 3B 54 61 EA 17 30 1D E6 33 CC 19
A2 8F 28 55 1E 2B 44 D1 5A 07 20 8D 56 23 BC 89
12 7F 18 C5 8E 1B 34 41 CA F7 10 FD C6 13 AC F9
82 6F 08 35 FE 0B 24 B1 3A E7 00 6D 36 03 9C 69
F2 5F F8 A5 6E FB 14 21 AA D7 F0 DD A6 F3 8C D9
Creating the 3rd And 4 Key:
The third and fourth key is obtained by the first and second key, which sent from the server keys, Scramble.
The key for this is the first package to be after sending the package login. So exactly the 2nd Package ever.
The Packet with the key is as follows:
Code:
*** RECV-size: 28
1 C 00 1C 04 2E A6 44 00 F4 48 5C 20 36 34 2E 31 * *. .. | D.ôH 64.1
35 31 2E 38 31 2E 32 30 34 00 00 00 * * * * * * * * * * 51.81.204 ...
Key in Empfangenen packet is the 11th + 10th + 9 + 8 Byte by the start.
Here also: 20 5C 48 F4
The 2nd Key are the 7th + 6 + 5 + 4 In byte packet.
Here also: 00 44 A6 2E
Now the third and fourth to get key must be done
1st You add Key 1 and 2205 C48F4 + 0044A62E = 20A0EF22
2nd XOR result from 1 With 4321 XOR 20A0EF22, 4321 = 20A0AC03
3rd XOR Key 1 with results from 2 XOR 205C48F4, 20A0AC03 = 00FCE4F7
4th IMUL result 3 with result 3 IMUL FCE4F7, FCE4F7 = F9D39310E651
(Logical multiplication / / Score only 4 byte long so 9310E651)
Now 3 And 4 Key to properly generate has yet to be done following
More and 4 byte of the 1st Key to the outcome of the 3rd By XOR produce also:
The first 4 bytes of the 1st Key (reversed Original: 9D 90 83 8A):
8 A 83 90 9D
With the outcome of the 3rd
00 FC E4 F7
The result
8 A 7F 74 6A
The outcome must also Falschrum scored. So the first 4 byte of the key loud now:
6 A 74 7F 8A
The man repeatedly until the first key is completely transformed.
The 2nd Key must be in accordance with the same pattern convert only with the key difference that as a result not from the 3rd But the use of the 4th
The first 4 bytes of the 2nd Key (original reversed: 62 4F E8 15):
15 E8 4F 62
With the outcome of the 4th
93 10 E6 51
The result
86 F8 A9 33
The outcome must also Falschrum scored. So the first 4 byte of the key loud now:
33 A9 F8 86
Now you 3 And 4 The key for the sending of packages needed.
Decrypt packages:
The meters
To Encrypted packages needed to decipher the four 256 byte key that I just presented.
To decode the packets to be sent from the server will need 1 And 2 Key. For packages to the client to the server sends you need 3 And 4 Key.
It must be between server login and games can be distinguished. But not because the art of decoding is different but because it Altogether 4 meters. 2 for the Sent packages and 2 for the Empfangenen packages. These 4 meters will begin at all on 00. The packages are always wise byte used to encrypt and decrypt. After each byte that will be decrypted or will be adjusted to the first counter to 1. If one of the first two FF and counter closed at 1 increases it will be at 00, and in accordance with the 2nd Counter to 1. Does this also FF and the value is increased as both counter on 00.
There are games for login and server each 4 meters.
What we really need the counters? Wait it from the now follows.
The decrypt Empfangenen packages
So now to encrypt itself. It runs in 4 steps.
As an example, we take the login package that the client to the server sends login.
Unverschlüsseltes package:
Code:
34 00 1B 04 54 65 73 74 54 65 73 74 00 00 00 00 00 00 00 00 51 15 EE 1B 19 45 2C 6E 5C 01 5C 41 56 25 F6 D7 45 61 67 6C 65 00 00 00 00 00 00 00 00 00 00 00
Encrypted package:
Code:
17 84 04 65 D5 13 C4 A5 9A 59 04 E2 14 CB 75 6F 5F 89 B0 22 86 17 18 52 47 54 FC 44 D2 D4 BD 78 33 D0 D0 56 C6 55 83 26 8F 05 35 AB 16 C1 7F 6D 59 87 BA 20
1st XOR from byte encryption and the X-ten byte of the key (x = 1 meter)
XOR 34, 9D ---> A9
2nd The result of newly adopted with the N-ten byte of the 2nd By XOR encryption key
(N = 2 points)
XOR A9, 62 ---> CB
3rd The result will now be reversed.
CB becomes BC (CB-> BC)
4th The result of 3 Now with XOR by AB secure and ready.
XOR ESI, 0AB ---> 17
It is now for the whole package again. After each byte that was scrambled, the first counter. After 256 byte is the 2 Counter to 1. After 65536 byte be both counter to zero and the fun starts from the front. After logging on Login Server starts counting at 00 when communicating with the server games begin.
The decrypt? Sent From Client packages?
To packages to the client to the server sends to decipher the same procedure may be used for decrypting Empfangenen packages only other way.
So:
1st Packet byte XOR, AB
2nd E1 reverse
3rd XOR E2, 62
4th XOR E3, 9D
(E1, E2, E3 = Result of 1st, 2nd and 3rd)
Encryption and decryption as a server
If we want a server, we have the same encryption and decryption procedures for use as the client but each other way. The key, all the same. Each player receives a server individual key with the client's packets are encrypted before it sends to the server.
Help on PlasticSniffer
