I have to get straight some info because it's chaos in my head right now xDD
This is captured packet 0x2a
Code:
57 0 2A [U][COLOR="Red"]73 2B DD 9 3E[/COLOR][/U] 32 6D 25 51 36 8A 25 51 61 F6 F7 27 0 4 0 0 0
22 0 0 2 12 2 18 3C A 1E 18 96 B9 80 AB AC B6 B4 A6 96 8A A2 8A B5
9D 9F 8A A7 A9 94 A2 86 F8 D7 EA EE C2 D8 FC DA F8 E4 E6 CC DB F3 D7 F1
C9 C7 CA FA E8 A8 8C BA F4 F2 D3 E8 8 0
This part is changing. I got the pointer to decryption table and i swapped it with baka's table.
Now what for is DecryptTable function of his because is says that is takes index buf and len. Ok buf and len i get but u are passing RecvKey as index. WTF xD Is it just for decrypting type of packet/first 3 bytes? And when u do it u just use decryptPacketAES? I don't get this cryptography stuff right now so a bit explanation would be great
Ps. And this pointer u gave SendEngine + 0xA5 it's pointing to some table(unknown) full of 0 bytes. Actually start of this table is at SendEngine + 0xA4 according to my dump and ida Well not start but push ;p
if 0x2A comes in, u can dumb at the address SendEngine + 0xA5. The AESkey is created in runtime, expanded into 2 parts 0x01 0x02
i got RecvKey cause clientless u need to decrypt Recv...
in Engine.exe the Recv is called twice. first for encrypt and secound is the Real Recv
but it goes over the same function, its to hard to explain, if u hook recv at engine u get the Real recv data.
Index is the Tablekey i guess, KalOnline routine ->
under 16 bytes u didnt need the 2 AESKey's, it gets only crypted by Tablekey(Xoring with the Tablekey) and XorKey at the End.
For what u need now the Decrypt part? i would say its to difficult to explain
U see at the SendFunc how its decrypted, there are 2 calls, one for Tablkey Xoring and one for AES crypt
And bakabug just copied those functions with IDA.
EDIT: Someone know about VEH hooking? its hooking over exceptions, its still undetected hook in all Games, cause it cant get detected i guess, its smth new
Well i want to have a look at encrypted send packets so i can learn more about them.
So AES key is this 540 bytes long unknown table in baka code?
Basically i have to dump this table, swap it with original. Swap decrypt/encryp tables. And everytime at the start when 0x2a comes i have to save sendKey so i can later use it to decrypt header + data of send packets? (Edit. Scratch that ;p As this table is static i can save the key and dump table at first use then at the start of app just compare first key and if it differs then make new dump and replace with old).
isnt a pointer, u dont have a client on clientless, u cant doing a pointer on memory, cause the game isnt opened. 0x2A is welcome packet, and buf[7] is the first sendkey.
so with Client u just use the Pointer from tablekey. *Tkey
best way to learn, is by doing. Now watching a movie and going to sleep after ;E
heh have a nice evening i'll try to code this now. I hope it'll work xD
Edit.
Ok thank you very much for help. I did all u told me to and it works like a charm xDD
captured chat send packet
[C 0] 0x0E F3 1B 0 0 41 42 43 44 0
41-44 ABCD in hex awesome! thank you again. Now i can try to do autologin ;p
So there is a weird thing xD I found ptr to maxHP,maxMP,curMP but in memory there is no curHP stored lol xD i was even searching for array of bytes and i did not found it. Stupid xD However i found that 0x45 state packet got the current mp when it's 0x07 - hp changed.
Well this is not my question Anyone has idea how can i find minichat address? I was looking somewhere near normal chat function address and trying to trace some calls but i found nothing. It would be useful feature.
[Question] Sending Money with onebip 05/17/2013 - DarkOrbit - 1 Replies Hi every body!
I need help, i have one bip acc and need to send money on my friends acc, but dont know how... i know, but it's write that can not be send because it is not supported in my country... i tried using proxy but its write again same...
What do to?
All Best
Question about sending packets with usigned variables 12/28/2010 - CO2 Programming - 6 Replies Ok so I started making a proxy in java and Have got up to receiving the password seed. But I've run into a problem java doesn't have unsigned variables so I had to edit the auth cryption to use short values. I can get the password seed perfectly its just forwarding it to the client I'm not sure how to do because the socket doesn't send a short array. I try sending the origional byte array but got no response from the client. If anyone can give me some pointers on how to do this I would...
[Question]Sending packets 10/28/2010 - RF Online - 3 Replies I'm working on a hack involving sending packets back to the server, but every time i try and set a packet back, it cuts me of. I get disconnected when I try to send a packet. Can someone enlighten me to why is this happening and how can I avoid it? Thanks.
P.S.
Don't go posting in my thread saying im a noob and shit. I ask cos I wanna learn. At least I do it on my own and not beg for hacks and cheats.
[Question] Sending job info to server. 08/18/2009 - CO2 Private Server - 2 Replies Hey,
Using hybrid's rev 3:
case "@job":
{
byte NewJob = byte.Parse(args);
Client.Job = NewJob;
Client.Send(PacketBuilder.CharacterInfo(Client));
break;
question packet sending 07/14/2008 - Dekaron - 22 Replies Where can I find tut about packet sending I wish to learn about it.