Register for your free account! | Forgot your password?

Go Back   elitepvpers Coders Den General Coding
Encrypted packets and sniffing Encrypted packets and sniffing
You last visited: Today at 22:08

  • Please register to post and access all features, it's quick, easy and FREE!

Advertisement


Advertise with us!

Encrypted packets and sniffing

Discussion on Encrypted packets and sniffing within the General Coding forum part of the Coders Den category.

Reply
 
Old   #1
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Apr 2018
Posts: 4
Received Thanks: 0
Question Encrypted packets and sniffing

Hello! I'm trying to replace encrypted packages with ollyDBG and change them. Exe file is compiled into C++ and not encrypted so I was able to see all the functions through the IDE.

I started the game, ollyDBG and started catching the event "send" and noticed that all packets are encrypted except messages in the chat. Began to look for the function that encrypts data packets but so far without success.

How to find this function? Should I go up the functions or is there another way?

P.S. Encryption of packets occurs using Microsoft Base Cryptographic Provider v1.0.
Encryption methods:


Sorry for my English
ZSavich is offline  
Old   #2
 
cookie69's Avatar
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Nov 2009
Posts: 627
Received Thanks: 689
Quote:
Originally Posted by ZSavich View Post
Hello! I'm trying to replace encrypted packages with ollyDBG and change them. Exe file is compiled into C++ and not encrypted so I was able to see all the functions through the IDE.

I started the game, ollyDBG and started catching the event "send" and noticed that all packets are encrypted except messages in the chat. Began to look for the function that encrypts data packets but so far without success.

How to find this function? Should I go up the functions or is there another way?

P.S. Encryption of packets occurs using Microsoft Base Cryptographic Provider v1.0.
Encryption methods:


Sorry for my English
You can use this tut to get inspired

How do you know packet are encrypted? Maybe you are just thinking they are.
In all the cases, try to watch the sent packets and guess how they are built by hooking the send function (could be WSASend(), Send(),..)
cookie69 is offline  
Old   #3
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Apr 2018
Posts: 4
Received Thanks: 0
Quote:
Originally Posted by cookie69 View Post
You can use this tut to get inspired

How do you know packet are encrypted? Maybe you are just thinking they are.
In all the cases, try to watch the sent packets and guess how they are built by hooking the send function (could be WSASend(), Send(),..)
I tried to sniff traffic in WPE and saw that packets are different.
Only packets with a message in chat don't differ.
I will show you screenshots:
I sent two identical messages and received identical packages with my message.



I dropped 22 gold and get different packages without 22.



What is it can be and how to sniff the packets without disconnect from server?
P.S. Thank you very much for the Tutorial
ZSavich is offline  
Old   #4
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: May 2015
Posts: 700
Received Thanks: 444
First row, second byte from the right is 16 hex = 22 dec. The messages hardly differ; if they were properly encrypted, they should look nothing alike. Thus I think that they aren't encrypted, they probably just include some more parameters that you don't know of yet.
algernong is offline  
Old   #5
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Apr 2018
Posts: 4
Received Thanks: 0
Quote:
Originally Posted by algernong View Post
First row, second byte from the right is 16 hex = 22 dec. The messages hardly differ; if they were properly encrypted, they should look nothing alike. Thus I think that they aren't encrypted, they probably just include some more parameters that you don't know of yet.
Wow. You are right. Thank you!

Quote:
Originally Posted by algernong View Post
First row, second byte from the right is 16 hex = 22 dec. The messages hardly differ; if they were properly encrypted, they should look nothing alike. Thus I think that they aren't encrypted, they probably just include some more parameters that you don't know of yet.
But when I get money, packets are already sent with different values.
I raise 12 gold.

I raise 22 gold.
ZSavich is offline  
Old   #6
 
SCORNI's Avatar
 
elite*gold: 26
The Black Market: 3/0/0
Join Date: Jun 2009
Posts: 972
Received Thanks: 228
Try around a little bit and try to understand the parameters of the packets and restore the protocol.
It looks very likely to me that the packets are absolutely unencrypted. You have to find out what the chhanging values are. It could be a timestamp, a checksum or something like a nonce
SCORNI is offline  
Reply

« EN/DE: Cheat Engine beginner questions | group study for those who new to game hacking »

Similar Threads Similar Threads
[Question]Sniffing and encrypting Packets?
08/28/2014 - CO2 Programming - 13 Replies
Hello, I'm trying to sniff the packets between my client and the server (Official CO), First of all i want to know, is using Wireshark is a good idea to sniff? so one of the packets i sniffed is i guess the jump packet sent from my client: http://i.epvpimg.com/3fuFb.png as i understand that the 2 first bytes are for size, but when converting the hex values, i get big integers, which im pretty sure is not the size of the packet(duhh cuz the packets are encrypted, but worth a try...
pack dateien im client encrypted/encrypted head
10/21/2012 - Metin2 Private Server - 2 Replies
hi, ich hab ein problem, seit 2 wochen sind meine pc.eix und epk dateien in dem format encrypted und encrypted head die heißen nichtmehr .epk, .eix. diese kann ich nicht entpacken.. ich hab mir gestern modified client 4.5 von neonblue gezogen und da sind die dinger auch encrypted, encrypted head... das kann nicht, ich hab das früher immer mit epk und eix gemacht hab ich da irgendwas bei meinem computer umgestellt, oder was is anders? kann jemand helfen? danke sehr <3
Packets packets packets...
10/06/2012 - CO2 Private Server - 13 Replies
I have been struggling to understand what is a Packet how could i create one with the data i want then send it to my server So please any one tell if as example i want to send some info from my client to my server, then handle them from the server how could i do that : i have my socket server, also i don't wanna copy and paste codes i want to UNDERSTAND. My PacketReader.cs
all game net Packets are encrypted
06/27/2008 - Perfect World - 3 Replies
do you know how? or mb how to debug and turn encryption off?
Need help for encrypted packets ! PLSE
09/30/2005 - General Coding - 3 Replies
Hi alle! Ich versuch die encryption fuer m@trix online zu cracken! Es geht um die encryptions der pakete zum einloggen im server(password und login)(fuer einen MXOsimulator) Mit dem KANAL plugin von PEiD fand ich eine ganze Liste von crypts : CRC32_-_CryptGenRandom_-_DES_-_List of primes_-_MD5 _SHA1_-_SHA-512/384_-_TWOFISH. Ich hab schon Loginpakete eingefangen und brauch jetzt nur noch wissen wie ich sie decryptiere! Ich danke fuer jede Hilfe :cool:



All times are GMT +2. The time now is 22:09.

elitepvpers - play less, get more - Top

Powered by vBulletin®
Copyright ©2000 - 2026, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2026 elitepvpers All Rights Reserved.