[Question] Sending data

[bloodx]

Code:

//Account
Type: 0x00 Format: Ud - Restore Char
Type: 0x01 Format: ? - HS
Type: 0x02 Format: Uss - Login
Type: 0x03 Format: ? - HS
Type: 0x04 Format: Usbwwwwwbb - CharGen
Type: 0x05 Format: Ud - Ping
Type: 0x07 Format: Ud - Delete Char
Type: 0x08 Format: dddddbb - Connect
Type: 0x09 Format: Ubd - Check Version
Type: 0x0a Format: Uddd - LoadPlayer
Type: 0x75 Format: Ubs - 2nd Pass

//Char
Type: 0x0a Format: Uddd - GameStart
Type: 0x0c Format: Ubdd - Attack
Type: 0x0d Format: Ubbd - Attack with Skill
Type: 0x0e Format: Us - Chat

Type: 0x10 Format: Ub - Relog
Type: 0x11 Format: Ubbb - Move
Type: 0x12 Format: Ubbb - MoveStop
Type: 0x13 Format: Ud - Talk To NPC
Type: 0x14 Format: Ud - Merchant Get Tax
Type: 0x15 Format: Um - Merchant Buy
Type: 0x16 Format: Um - Merchant Sell
Type: 0x17 Format: Udd - DropItem
Type: 0x18 Format: U - Quit Game
Type: 0x19 Format: Um - Trade insert item

Type: 0x1b Format: Ub - Stat Up
Type: 0x1c Format: Ub - Rest
Type: 0x1d Format: Uddd - Pick Item
Type: 0x1e Format: Ud - Use Item
Type: 0x1f Format: Ud - Request Trade

Type: 0x20 Format: Ubd - OnAskTrade
Type: 0x21 Format: U - Cancel Trade
Type: 0x22 Format: U - Revive

Type: 0x27 Format: Ub - SkillUp
Type: 0x28 Format: Ubd - Skill (Prep Ani)
Type: 0x29 Format: Ud - Request Party
Type: 0x2a Format: Ubd - Party Onask
Type: 0x2b Format: ... - guild {...}
Type: 0x2c Format: U - Party Leave
Type: 0x2d Format: d - Party kick
Type: 0x2e Format: Um - StorageKeeper CheckIn
Type: 0x2f Format: Um - StorageKeeper CheckOut

Type: 0x30 Format: Ud - NPC-Reply
Type: 0x31 Format: U - Storage Keeper Show Invent

Type: 0x33 Format: Ubd - Statue Save
Type: 0x34 Format: Udd - Pimp
Type: 0x35 Format: bddd - Player Shop AddItem

Type: 0x38 Format: Udb - Ani (Dance)
Type: 0x39 Format: U - Trade confirm

Type: 0x3a Format: Ud - Destroy Item
Type: 0x3b Format: Ub - Friendlist
Type: 0x3c Format: Ud - PutOn Item
Type: 0x3d Format: Ud - PutOff Item
Type: 0x3e Format: Ub - Cancel PlayerShop
Type: 0x3f Format: U - CancelFishing



Type: 0x40 Format: bd - Check Playershop Shop
Type: 0x41 Format: Um - Buy Playershop

Type: 0x47 Format: U - Request AssaList
Type: 0x48 Format: Ud - Request Duel
Type: 0x49 Format: Ubd - Duel OnAsk

Type: 0x4d Format: Ub - Student (open Window)

Type: 0x4f Format: Ub - ? beim login

Type: 0x51 Format: Ubd - Blacksmith
Type: 0x52 Format: Um - FL Parcel

Type: 0x54 Format: Ud - Treasure Box

Type: 0x57 Format: Udbb - Teleport (fisher?)

Type: 0x9d Format: Ub - Triangular Battle

[iszoPL]

Thanks. I love you xDD I'd try to check it myself after decrypting send packets but it's huge help for me I guess encrypt table can be also used to decrypt packets. I know it's a stupid question but it's better to ask if i'm not sure xD heh I just started cryptography at this semester so i will know more when it ends ^^

[bloodx]

DecryptTable != EncryptTable :P

in some Games / Applications sure, but here are 2 different used.

[iszoPL]

hmm so i have to find decrypt table in order to decrypt packets right and decrypt function. Or just use encrypt function in reversed order?

[bloodx]

u also can use the engine crypt function like I did with SendPacket hehe

or u just use BakaBugs released stuff hehe I think his Decrypt and Encrypt Table is still the same like now.

[iszoPL]

But this function u gave is encrypt. I didn't yet tried to reverse it. I guess it takes buffer and some other stuff to do it. I guess it would be easier to find their decrypt function and just use it. hmm but when it will be used ;p Somewhere before receiving? or in send also?

[bloodx]

u can see Decrypt Function @ recv :P

[iszoPL]

I'm guessing that

00484E80 is Decrypt func and at 007412E0 is DecryptTable right? Now i have to guess what parameters they are taking ^^

[bloodx]

same like bakabugs function I think

[meak1]

use bakabugs source, update crypt/decrypt table(changed 1 time long time ago), use pointer for AESkey or dumb it.

[iszoPL]

There is alot to reverse ;p I guess it's not a job for today. It seems like alot of work for me since I am new at reversing ^^ and baka source's are complicated for me. Specially that I've never had to deal with cryptography I don't even really know what for is this DecryptTable function xD I'm guessing it decrypts header and size seperately and rest of packet is decrypted by AESPacketDecrypt but who knows xD

[meak1]

u didnt need to know, just copy it ;d

thought sooner too, dat bakabug is a boss on coding but later i found all in IDA, he just copied all out from IDA ;\

Edit: Gogo, if ur fast enough we can handle the HS d;
i just look sometimes into it, got the first HS packet i guess

[iszoPL]

heh most of his stuff is generated by IDA as i see Now i'm tracing call of decrypt func so i can find this stupid eas key xD I already have decrypttable. xor key also changed? Oh, and HS is too difficult for me xDD Maybe someday. For now it is not a problem since i'm able to work even with hs on.

[meak1]

y u have time E;
Xor not changed.

[iszoPL]

I'm trying to reverse this **** and it's so annoying ;p I can't find anywhere in near calls any trace of AES key. I thought that recv packet are not crypted and as it turns out they are ;p

There are some func i was able to find. Any hints where to look next?



Encrypt is used both by send and recvEngine but there is this this func that is using it and i have no idea what is it for. 5A0000