|
You last visited: Today at 23:49
Advertisement
Encrypted packets and sniffing
Discussion on Encrypted packets and sniffing within the General Coding forum part of the Coders Den category.
04/25/2018, 11:54
|
#1
|
elite*gold: 0 
Join Date: Apr 2018
Posts: 4
Received Thanks: 0
|
Encrypted packets and sniffing
Hello! I'm trying to replace encrypted packages with ollyDBG and change them. Exe file is compiled into C++ and not encrypted so I was able to see all the functions through the IDE.
I started the game, ollyDBG and started catching the event "send" and noticed that all packets are encrypted except messages in the chat. Began to look for the function that encrypts data packets but so far without success.
How to find this function? Should I go up the functions or is there another way?
P.S. Encryption of packets occurs using Microsoft Base Cryptographic Provider v1.0.
Encryption methods:
Sorry for my English 
|
|
|
|
04/25/2018, 22:26
|
#2
|
elite*gold: 0
Join Date: Nov 2009
Posts: 627
Received Thanks: 688
|
Quote:
Originally Posted by ZSavich
Hello! I'm trying to replace encrypted packages with ollyDBG and change them. Exe file is compiled into C++ and not encrypted so I was able to see all the functions through the IDE.
I started the game, ollyDBG and started catching the event "send" and noticed that all packets are encrypted except messages in the chat. Began to look for the function that encrypts data packets but so far without success.
How to find this function? Should I go up the functions or is there another way?
P.S. Encryption of packets occurs using Microsoft Base Cryptographic Provider v1.0.
Encryption methods:
Sorry for my English |
You can use this tut to get inspired 
How do you know packet are encrypted? Maybe you are just thinking they are.
In all the cases, try to watch the sent packets and guess how they are built by hooking the send function (could be WSASend(), Send(),..)
|
|
|
|
|
04/25/2018, 22:42
|
#3
|
elite*gold: 0
Join Date: Apr 2018
Posts: 4
Received Thanks: 0
|
Quote:
Originally Posted by cookie69
You can use this tut to get inspired
How do you know packet are encrypted? Maybe you are just thinking they are.
In all the cases, try to watch the sent packets and guess how they are built by hooking the send function (could be WSASend(), Send(),..) |
I tried to sniff traffic in WPE and saw that packets are different.
Only packets with a message in chat don't differ.
I will show you screenshots:
I sent two identical messages and received identical packages with my message.
I dropped 22 gold and get different packages without 22.
What is it can be and how to sniff the packets without disconnect from server?
P.S. Thank you very much for the Tutorial
|
|
|
|
|
04/26/2018, 02:10
|
#4
|
elite*gold: 0
Join Date: May 2015
Posts: 700
Received Thanks: 444
|
First row, second byte from the right is 16 hex = 22 dec. The messages hardly differ; if they were properly encrypted, they should look nothing alike. Thus I think that they aren't encrypted, they probably just include some more parameters that you don't know of yet.
|
|
|
|
|
04/26/2018, 02:52
|
#5
|
elite*gold: 0
Join Date: Apr 2018
Posts: 4
Received Thanks: 0
|
Quote:
Originally Posted by algernong
First row, second byte from the right is 16 hex = 22 dec. The messages hardly differ; if they were properly encrypted, they should look nothing alike. Thus I think that they aren't encrypted, they probably just include some more parameters that you don't know of yet.
|
Wow. You are right. Thank you!
Quote:
Originally Posted by algernong
First row, second byte from the right is 16 hex = 22 dec. The messages hardly differ; if they were properly encrypted, they should look nothing alike. Thus I think that they aren't encrypted, they probably just include some more parameters that you don't know of yet.
|
But when I get money, packets are already sent with different values.
I raise 12 gold.
I raise 22 gold.
|
|
|
|
|
04/26/2018, 11:07
|
#6
|
elite*gold: 26
Join Date: Jun 2009
Posts: 972
Received Thanks: 228
|
Try around a little bit and try to understand the parameters of the packets and restore the protocol.
It looks very likely to me that the packets are absolutely unencrypted. You have to find out what the chhanging values are. It could be a timestamp, a checksum or something like a nonce 
|
|
|
|
 |
Similar Threads
|
[Question]Sniffing and encrypting Packets?
08/28/2014 - CO2 Programming - 13 Replies
Hello,
I'm trying to sniff the packets between my client and the server (Official CO),
First of all i want to know, is using Wireshark is a good idea to sniff?
so one of the packets i sniffed is i guess the jump packet sent from my client:
http://i.epvpimg.com/3fuFb.png
as i understand that the 2 first bytes are for size,
but when converting the hex values, i get big integers, which im pretty sure is not the size of the packet(duhh cuz the packets are encrypted, but worth a try...
|
pack dateien im client encrypted/encrypted head
10/21/2012 - Metin2 Private Server - 2 Replies
hi, ich hab ein problem, seit 2 wochen sind meine pc.eix und epk dateien in dem format encrypted und encrypted head die heißen nichtmehr .epk, .eix.
diese kann ich nicht entpacken..
ich hab mir gestern modified client 4.5 von neonblue gezogen und da sind die dinger auch encrypted, encrypted head... das kann nicht, ich hab das früher immer mit epk und eix gemacht
hab ich da irgendwas bei meinem computer umgestellt, oder was is anders? kann jemand helfen?
danke sehr <3
|
Packets packets packets...
10/06/2012 - CO2 Private Server - 13 Replies
I have been struggling to understand what is a Packet how could i create one with the data i want then send it to my server
So please any one tell if as example i want to send some info from my client to my server, then handle them from the server
how could i do that
: i have my socket server, also i don't wanna copy and paste codes i want to UNDERSTAND.
My PacketReader.cs
|
all game net Packets are encrypted
06/27/2008 - Perfect World - 3 Replies
do you know how? or mb how to debug and turn encryption off?
|
Need help for encrypted packets ! PLSE
09/30/2005 - General Coding - 3 Replies
Hi alle!
Ich versuch die encryption fuer m@trix online zu cracken!
Es geht um die encryptions der pakete zum einloggen im server(password und login)(fuer einen MXOsimulator)
Mit dem KANAL plugin von PEiD fand ich eine ganze Liste von crypts : CRC32_-_CryptGenRandom_-_DES_-_List of primes_-_MD5
_SHA1_-_SHA-512/384_-_TWOFISH.
Ich hab schon Loginpakete eingefangen und brauch jetzt nur noch wissen wie ich sie decryptiere!
Ich danke fuer jede Hilfe :cool:
|
All times are GMT +1. The time now is 23:49.
|
|
