Developer's Corner

[harman101]

Quote:

Originally Posted by KrypticDestro

With Apache's library is easy as **** . You only need to send right headers and act like a web browser.

-Kryptic Destro

Apaches library is for Java? Also, I use Dr.Java program, which is better program to use?

[Healianth]

Quote:

Originally Posted by »jD«

Its trivial at best to bypass.

Eh. I'm not seeing it. I have no clue what I'm doing with the bytecode that the server sends to the client. I've poked around a tons of sites, but it's as if all references to an AVM have been nuked out of existence.

I keep reading "netty" everywhere. From what I've seen, it's a Java-native component. Do you know if there are any C# implementations? I can't find any.

With the recent client refactoring, I'm really wanting to update my private server to one of the latest builds. The versions I'd got my hands on (compared to the latest client) are all ****. My plan was to gather all the resources for several latest builds and keep hold of them until I work out the encryption... Which at this rate, is never going to happen.

More of a rant than a question, lol. Any advice would be appreciated.

[cryz35]

Quote:

Originally Posted by ActualFate

Eh. I'm not seeing it. I have no clue what I'm doing with the bytecode that the server sends to the client. I've poked around a tons of sites, but it's as if all references to an AVM have been nuked out of existence.

I keep reading "netty" everywhere. From what I've seen, it's a Java-native component. Do you know if there are any C# implementations? I can't find any.

With the recent client refactoring, I'm really wanting to update my private server to one of the latest builds. The versions I'd got my hands on (compared to the latest client) are all ****. My plan was to gather all the resources for several latest builds and keep hold of them until I work out the encryption... Which at this rate, is never going to happen.

More of a rant than a question, lol. Any advice would be appreciated.

Just implement that netty thing yourself. It's just bytearrays. Theres already some but they don't fit with your usage.

[KrypticDestro]

Quote:

Originally Posted by ActualFate

Eh. I'm not seeing it. I have no clue what I'm doing with the bytecode that the server sends to the client. I've poked around a tons of sites, but it's as if all references to an AVM have been nuked out of existence.

I keep reading "netty" everywhere. From what I've seen, it's a Java-native component. Do you know if there are any C# implementations? I can't find any.

With the recent client refactoring, I'm really wanting to update my private server to one of the latest builds. The versions I'd got my hands on (compared to the latest client) are all ****. My plan was to gather all the resources for several latest builds and keep hold of them until I work out the encryption... Which at this rate, is never going to happen.

More of a rant than a question, lol. Any advice would be appreciated.

Netty is a way to handle bytearrays, take a look at Java's DataOutputStream/DataInputStream documentation.
The bytecode sent from server is the InjectedObfuscation that is instantiated with the AVM to encrypt the packets.

-Kryptic Destro

[PNTX]

kinda sad this thread died.
here you have the newest dumped main.swf and pandorasbox.

[Yaso55]

oneultimate server link ???

[PNTX]

Quote:

Originally Posted by Yaso55

oneultimate server link ???

please leave this community.
can you even read?
this has nothing to do in this thread. if you cant find it yourself then forget it.

[delemojo]

Anybody got an idea how to reverse the HandshakeRequest code you received?
F.e: you receive the HandShakeRequest, read the code it send, and than use this code to get the BigInteger that is used to injectObfuscation the second time.

TLDR;

[var _loc3_:BigInteger = class_160.const_1900.modPow(this.var_1235,class_16 0.const_1549);]
[How to get var_1235]

[PNTX]

Quote:

Originally Posted by delemojo

Anybody got an idea how to reverse the HandshakeRequest code you received?
F.e: you receive the HandShakeRequest, read the code it send, and than use this code to get the BigInteger that is used to injectObfuscation the second time.

TLDR;

[var _loc3_:BigInteger = class_160.const_1900.modPow(this.var_1235,class_16 0.const_1549);]
[How to get var_1235]

you mean the code in the class with the id 15230?
(i didnt removed the confused stuff. takes to long )
because im not really sure. but if i remember correctly from what i tried is that the "code" is a bytearray which is a .as script.

[delemojo]

Quote:

Originally Posted by PNTX

you mean the code in the class with the id 15230?
(i didnt removed the confused stuff. takes to long )
because im not really sure. but if i remember correctly from what i tried is that the "code" is a bytearray which is a .as script.

Nah I got everything. The Confused stuff is no problem, Im also way to lazy to get the latest main.swf and pandora cause it takes too long for my liking. But since you posted it I thought why not work with it. I basically need to reverse the given function. So math.
Im not quite sure how to reverse the modPow to get the var_1235 BigInteger. Its the last thing I need to have a working under-client bot (Well from the packet-side atleast :P)

[PNTX]

Quote:

Originally Posted by delemojo

Nah I got everything. The Confused stuff is no problem, Im also way to lazy to get the latest main.swf and pandora cause it takes too long for my liking. But since you posted it I thought why not work with it. I basically need to reverse the given function. So math.
Im not quite sure how to reverse the modPow to get the var_1235 BigInteger. Its the last thing I need to have a working under-client bot (Well from the packet-side atleast :P)

you mean this?

[delemojo]

Quote:

Originally Posted by PNTX

you mean this?

Code:

 private function method_2955() : void
      {
         var _loc5_:int = 0;
         var _loc6_:* = null;
         var _loc1_:String = new String();
         var _loc2_:int = 0;
         while(_loc2_ < 128)
         {
            _loc5_ = Math.random() * 256;
            _loc6_ = _loc5_.toString(16);
            if(_loc6_.length == 1)
            {
               _loc6_ = "0" + _loc6_;
            }
            _loc1_ = _loc1_ + _loc6_;
            _loc2_++;
         }
         this.var_1235 = new BigInteger(_loc1_,16);
         var _loc3_:BigInteger = class_160.const_1900.modPow(this.var_1235,class_160.const_1549);
         var _loc4_:HandshakeRequest = new HandshakeRequest();
         _loc4_.var_4381 = _loc3_.toByteArray();
         this.sendRequest(_loc4_);
      }

I receive the _loc4_.var_4381 from the game. And I need to find a way to use this var to get var_1235. (The code above it, the loop, is irrelevant to this question, its just there for the sake of understanding

[Freshek]

Quote:

Originally Posted by delemojo

Code:

 private function method_2955() : void
      {
         var _loc5_:int = 0;
         var _loc6_:* = null;
         var _loc1_:String = new String();
         var _loc2_:int = 0;
         while(_loc2_ < 128)
         {
            _loc5_ = Math.random() * 256;
            _loc6_ = _loc5_.toString(16);
            if(_loc6_.length == 1)
            {
               _loc6_ = "0" + _loc6_;
            }
            _loc1_ = _loc1_ + _loc6_;
            _loc2_++;
         }
         this.var_1235 = new BigInteger(_loc1_,16);
         var _loc3_:BigInteger = class_160.const_1900.modPow(this.var_1235,class_160.const_1549);
         var _loc4_:HandshakeRequest = new HandshakeRequest();
         _loc4_.var_4381 = _loc3_.toByteArray();
         this.sendRequest(_loc4_);
      }

I receive the _loc4_.var_4381 from the game. And I need to find a way to use this var to get var_1235. (The code above it, the loop, is irrelevant to this question, its just there for the sake of understanding

You can't decrypt DarkOrbit packets using the MITM method. Some math functions are impossible to reverse.

[delemojo]

Quote:

Originally Posted by Freshek

You can't decrypt DarkOrbit packets using the MITM method. Some math functions are impossible to reverse.

Thats what I thought, just was hoping that there was a way.

[PNTX]

newest memory dump. 10 minutes ago.



(pandorasbox.swf & main.swf)