0x3f4 packet

MrGenious · 10/29/2007, 15:52

What is it? botcheck or something? I cant figure out what it is.

~~high6~~ · 10/29/2007, 18:56

Quote:

Originally Posted by MrGenious

What is it? botcheck or something? I cant figure out what it is.

Its a "Ping-Pong" packet.

Format is...

Short - size
Short - PacketID
Int - PlayerID
Int - PlayerID xor GetTime()
short - random(0x0,0xFFFF)
short - random(0x0,0xFFFF)
short - random(0x0,0xFFFF)
short - random(0x0,0xFFFF)
short - random(0x0,0xFFFF)
short - random(0x0,0xFFFF)
short - random(0x0,0xFFFF)
short - random(0x0,0xFFFF)
Int - Algorithm(InGameName) //OR 0x9D4B5703 //Wouldn't suggest 0x9D4B5703

Location in memory for creating the packet is 0x004AB0D1

MrGenious · 10/29/2007, 19:42

What is it used for?

~~high6~~ · 10/29/2007, 19:53

Quote:

Originally Posted by MrGenious

What is it used for?

The server sends you a 0x3F4 packet and you have to send one back or you get disconnected.

Queen-Of-Evil · 10/29/2007, 20:40

Quote:

Originally Posted by high6

The server sends you a 0x3F4 packet and you have to send one back or you get disconnected.

To check for accounts still "Logd On" when there not actually log'd on?

~~high6~~ · 10/29/2007, 20:46

Quote:

Originally Posted by Queen-Of-Evil

To check for accounts still "Logd On" when there not actually log'd on?

Yes, so an account wont stay connected if the client crashed or didn't send the disconnect packet.

MrGenious · 10/29/2007, 22:52

So basicly it's the botcheck like I said from the begining? this is what behelit used for his standalone bot right?

Edit: and hey queen do you have some sort of messenger to talk in? I want to ask something

XtremeX-CO · 10/29/2007, 23:53

Yes, a client check basically, not bot check.

MrGenious · 10/29/2007, 23:55

I thought bot check was the same thing, so there are 2 checks?

Queen-Of-Evil · 10/29/2007, 23:57

Quote:

Originally Posted by MrGenious

So basicly it's the botcheck like I said from the begining? this is what behelit used for his standalone bot right?

Edit: and hey queen do you have some sort of messenger to talk in? I want to ask something

I dont use MSN anymore :/ but ill be getting a new messenger soon so i'll let you know ^^

This packet is what lets the peaple using coproxy decendant proxies d/c after loggin out with the proxy (* As some peaple may know when you d/c with a proxy your still online for about 10 seconds after you d/c unless you use /break command *)

flowerpot! · 10/30/2007, 18:15

Fail to answer bot check properly, and you go to bot jail.
Fail to answer connection check properly, and you just dc.

XtremeX-CO · 10/30/2007, 21:24

Quote:

Originally Posted by Queen-Of-Evil

I dont use MSN anymore :/ but ill be getting a new messenger soon so i'll let you know ^^

This packet is what lets the peaple using coproxy decendant proxies d/c after loggin out with the proxy (* As some peaple may know when you d/c with a proxy your still online for about 10 seconds after you d/c unless you use /break command *)

Thats due to poorly programmed proxy. Ive fixed that LONG ago. Its a 1 line fix.

And yet again, like caff did (if he did), I have to point out your noobiness. MSN/Windows Messenger does NOT have an exploit (most recent update). The fact that your a noob, and cant make the difference between things, does not mean that something is as you say, and may be quite the reverse. The other option, that you cant tweak something correctly, and messed up your messenger, is a different fact. After all, all those scripts u dl, half are filled with rootkits and trojans, so I wouldnt wonder your messenger ******** up.

Queen-Of-Evil · 10/30/2007, 22:03

Quote:

Originally Posted by XtremeX-CO

Thats due to poorly programmed proxy. Ive fixed that LONG ago. Its a 1 line fix.

And yet again, like caff did (if he did), I have to point out your noobiness. MSN/Windows Messenger does NOT have an exploit (most recent update). The fact that your a noob, and cant make the difference between things, does not mean that something is as you say, and may be quite the reverse. The other option, that you cant tweak something correctly, and messed up your messenger, is a different fact. After all, all those scripts u dl, half are filled with rootkits and trojans, so I wouldnt wonder your messenger ******** up.

And like I pointed out to Caff PacketStorm have proven that when you go to share files with someone over MSN the two computers make a direct link meaning the other person can get your i.p. address, and from that perform simple TCP Fin scans and Vecna scans to determine how best to comprimise your computers security ^^

iliveoncaffiene · 10/30/2007, 23:56

No, coproxy just closes the socket from Client-Server and the socket from Server-Client.
It theoretically wont disconnect until the server doesn't get a reply for the 3f4.

MrGenious · 10/31/2007, 00:43

Quote:

Originally Posted by XtremeX-CO

Thats due to poorly programmed proxy. Ive fixed that LONG ago. Its a 1 line fix.

And yet again, like caff did (if he did), I have to point out your noobiness. MSN/Windows Messenger does NOT have an exploit (most recent update). The fact that your a noob, and cant make the difference between things, does not mean that something is as you say, and may be quite the reverse. The other option, that you cant tweak something correctly, and messed up your messenger, is a different fact. After all, all those scripts u dl, half are filled with rootkits and trojans, so I wouldnt wonder your messenger ******** up.

Cause of poor programming? lol it was probably made for testing, atleast that is what I would to while in testing phase, AND it's not a dumb thing to have it there :/