|
You last visited: Today at 21:51
Advertisement
Packets, Rebuilding a Botcheck packet
Discussion on Packets, Rebuilding a Botcheck packet within the Conquer Online 2 forum part of the MMORPGs category.
01/13/2008, 03:02
|
#1
|
elite*gold: 0 
Join Date: Jan 2008
Posts: 303
Received Thanks: 156
|
Packets, Rebuilding a Botcheck packet
hello im ive made a dll file for all botcheck replies and was in the process of making the code to re-construct packet before sending it, Im sure its placing the Answers at bytes 13 to 16 in the F3 02 and F2 03 packets, I used 3 sample packets to give me this result:
Code:
'18 00 F2 03 89 A3 83 00 F4 5B 14 00 F2 30 34 00 AA 00 6D 00 02 00 80 00 = botcheck F2 30 34 00
'19 01 F3 02 41 3C FA 05 A0 D9 14 01 6D FE FE FE C5 00 53 00 03 01 81 01
' = Botcheck answer 6D FF FF FF = (11,3)
'19 01 F3 02 A9 37 B4 01 A0 D9 14 01 01 01 01 01 01 01 01 01 01 01 4B 01 21
' = Botcheck answer bc(11, 0) = "99 BD 18 00"
So basically if say I wanted to send the reply E4 FF FF FF I would build the packet around that placing it at the 13th to 16th byte... would that be correct?
Would anyone be able to confirm or advise me where Ive gone wrong if possible, thanks.
Ok here I answer my own question I think,,,
Quote:
|
pack = Mid(strx, 1, 12) & MakeHex2(getbcid(bc_byte, bc_sector)) & Mid(strx, 17, 8)
|
Ok where it starts with (strx, 1, 12) that means its building 12 bytes of a packet from byte 1, the (strx, 17, 8) is building 8 bytes from the 17th byte,,, meaning the MakeHex2 command in the middle builds a packet to fill Bytes 13 to 16... hope this helps others 
haha silly me, I just notice at byte 21 of all the botcheck packets its always either 1,2 or 3, anyone know the importance of this?
haha silly me again, byte 21 as 0 is the question  1,2 and 3 are the responce types How do i make use of this ???
|
|
|
|
01/13/2008, 16:42
|
#2
|
elite*gold: 0
Join Date: Jan 2008
Posts: 303
Received Thanks: 156
|
 no replies???
|
|
|
|
|
01/14/2008, 04:43
|
#3
|
elite*gold: 0
Join Date: Aug 2005
Posts: 359
Received Thanks: 14
|
Quote:
Ok here I answer my own question I think,,,
Quote:
pack = Mid(strx, 1, 12) & MakeHex2(getbcid(bc_byte, bc_sector)) & Mid(strx, 17, 8)
Ok where it starts with (strx, 1, 12) that means its building 12 bytes of a packet from byte 1, the (strx, 17, 8) is building 8 bytes from the 17th byte,,, meaning the MakeHex2 command in the middle builds a packet to fill Bytes 13 to 16... hope this helps others
|
The mid function is similar to left and right function, except you can take any part of a string. In this case it's actually taking only 6 bytes, or 12 characters, to clarify. And actually since its only taking the first 12 characters of the packet it should Left(strx,12), this is because the Left function would be the optimal function to use in this case.
Similar to below:
PacketData = Left(temp, 12) & Hex2Ascii(GetBotCheckID(bc_byte, bc_Sector)) & Mid(temp, 17, 8)
You will need to use Mid on the second half as your taking from the Middle of the packet. Otherwise I would suggest Right if it was the last few characters.
As for MakeHex2 building a packet this is incorrect as it is just a function to convert. getbcid is the function that decides what to fill it with.
Quote:
|
haha silly me, I just notice at byte 21 of all the botcheck packets its always either 1,2 or 3, anyone know the importance of this?
|
You partly answered your own question. It should already be made use of. If you check the BotCheck module your answer is there.
Now before I part, have you taking any type of programming classes or done tutorials? A lot of your questions are basic and self answering, also you incorrectly identify object/functions/variables. If not then may I suggest trying some more easier topics as a lot of this is over most peoples heads. Sorry if that sounds demeaning but its meant as a FYI.
Hope that helps.
~Chris
|
|
|
|
|
04/13/2009, 01:53
|
#4
|
elite*gold: 0
Join Date: Jan 2008
Posts: 303
Received Thanks: 156
|
Quote:
Originally Posted by ChrisR872
Now before I part, have you taking any type of programming classes or done tutorials? A lot of your questions are basic and self answering, also you incorrectly identify object/functions/variables. If not then may I suggest trying some more easier topics as a lot of this is over most peoples heads. Sorry if that sounds demeaning but its meant as a FYI.
Hope that helps.
~Chris
|
Code:
Activate - Threadmonger!
Actually at the time I was referring to the actual information in the Packet... i.e. Botcheck responce to question 0,1,2,3 and considering it was a non public method... and the bytes referred to!... being a mmorpgs botcheck routine... it was a simple question
Also, the botcheck dll had to be usable with the other Proxies at the time... The functions it called where in other dlls that had also been custom made, in various lanquages that I wasnt familiar with thus was checking the Syn would be able to be used 
|
|
|
|
|
04/13/2009, 04:11
|
#5
|
elite*gold: 20
Join Date: Jun 2005
Posts: 1,013
Received Thanks: 381
|
The 1, 2 or 3 refers to the x, y, z for a vertex in a c3 file. The actual botcheck request is for a value from a given c3 file (looked up in 3dmotion.ini). Finding the correct vertex to read is tricky, I won't explain how it's done, but yeah. Once read, the value is rounded to a signed integer and sent in the reply. This is uneccesary if you're basing your replies on a database of previously logged answers though.
The answer, the signed int, should be placed in the packet where the original 3dmotion ID was in the request. Leave the 1, 2 or 3 in the reply too.
Your way of building packets looks horrendous.
Also, it's 0x3f2, not 0x2f3.
|
|
|
|
|
04/13/2009, 07:45
|
#6
|
elite*gold: 20
Join Date: Mar 2005
Posts: 1,248
Received Thanks: 2,252
|
It's 0x271a now btw
|
|
|
|
|
04/13/2009, 11:28
|
#7
|
elite*gold: 0
Join Date: Jan 2008
Posts: 303
Received Thanks: 156
|
Quote:
Originally Posted by unknownone
The 1, 2 or 3 refers to the x, y, z for a vertex in a c3 file. The actual botcheck request is for a value from a given c3 file (looked up in 3dmotion.ini). Finding the correct vertex to read is tricky, I won't explain how it's done, but yeah. Once read, the value is rounded to a signed integer and sent in the reply. This is uneccesary if you're basing your replies on a database of previously logged answers though.
The answer, the signed int, should be placed in the packet where the original 3dmotion ID was in the request. Leave the 1, 2 or 3 in the reply too.
Your way of building packets looks horrendous.
Also, it's 0x3f2, not 0x2f3.
|
 Actually Sacob/Crack variants showed the Packet ID Inverted (* So in my case, 0x2F3, sure the other users of it will confirm that  *) I was to lazy to ever change it xD And as for Packets being horrendous... lol Packets as strings is a fail I get that now xD
Quote:
Originally Posted by XtremeX-CO
It's 0x271a now btw
|
^^ Thanks for telling me though im not playing CO anymore I'll be doing CabalOnline now... just had to shatter there entire subsections illusions (* The believed WPE-Pro could be used to edit Encrypted packets  Noobs Then some random mod was like "WTF you doing telling people it cant be used, your so wrong, WPE Cant be used!"... and I was like "Errr wtf? I just said that... stop copy/pasting my answers!" *)
But yeh it seems the Entire Epvper Cabal section is dead in the water xD The noobs are still trying to "Bypass" gameguard instead of just making Gameguard load the bot as part of Cabal (* additional dlls arnt checkd *)
And thats not even raping the fact that none of them seem to understand the diffrence between memory and packet based exploits and ya, Im on about there so called "Mods" aswell Ive been directing the nubs to the CO2 Programming section I just cant tolerate nubs trying to preach "Blocking" or "Sending" Of packets using CheatEngine... I mean not even I was ever that stupid! (* Caff dont you dare -.- xD *)
Quote:
Originally Posted by unknownone
This is uneccesary if you're basing your replies on a database of previously logged answers though.
|
Yup I figured itd be the most efficient way :0
|
|
|
|
|
04/14/2009, 15:14
|
#8
|
elite*gold: 20
Join Date: Aug 2007
Posts: 1,749
Received Thanks: 2,199
|
Quote:
Originally Posted by NovaCygni
I just cant tolerate nubs trying to preach "Blocking" or "Sending" Of packets using CheatEngine... I mean not even I was ever that stupid! (* Caff dont you dare -.- xD *)
|
So.. you're saying that Cheat Engine can not be used for manipulating/sending/blocking packets?
|
|
|
|
|
04/16/2009, 21:23
|
#9
|
elite*gold: 0
Join Date: Jan 2008
Posts: 303
Received Thanks: 156
|
Quote:
Originally Posted by IAmHawtness
So.. you're saying that Cheat Engine can not be used for manipulating/sending/blocking packets? |
On its "Own" then no it cannot be used How you doing trouble havnt seen you since I was "Banned" for leaking something that was already public *Spits*
(* Obviouslly I know you can inject a packet into the memory before its passed onto the Encrypt/Send functions in the exe, but CE on its own will be no help in this and I have neither the "Talent" nor the desire to give a indepth guide into how to use ollydbg and Tracebacks to do this... not to mention you must STILL have knowledge of the Correct structs and Variables to go into this injected packet = CE Cannot be used on its own for this purpose... and nubs in Cabal will not have the patience to learn to use Ollydbg -.- But im working on it xD *)
|
|
|
|
All times are GMT +1. The time now is 21:52.
|
|
