I know that packets are encrypted. I found address of send in engine, not ws2 send but engineSend func that takes data before it's encrypted.
I am able to use it but i can't hook it because of memory manipulation detection. Mid function hook doesn't work also, so i guess there has to be somekind of checksum of memory part.
I hooked IAT send function, but sniffed sent data is encrypted. I know that I am sending packets to server because when I use engineSend then I see sniffed packets client->server, but they are always different so they has to be encrypted.
I changed calling convention to cdecl already. I've noticed it after posting ;p.
@meak
I am using their send function. I just got address and sendEngine is executing it as u can see. I can't hook it because of hs. I only hooked send function at IAT but it's send from ws2_32 so packets intercepted in there are encrypted already.
What about last parameter? I think I am blind cuz i don't see any error ;p
I attached my dumped engine.exe. Tell me if it's ok
I can hook IAT send. How can i answer to that if it needs socket,buf,len,flags.
It's easier to use engineSend than ws2 send. I'd have to crypt packet first in order to use IAT hooked send.
I didn't hook send in engine. I just have address and i'm trying to use it.
Btw. If i try to call
Code:
((Send_org)sendAdd)(Header,szFormat,...);
It gives me an error and I don't really know why because typedef is ok.
i didnt said any other method, its puplic how to send over engineFunc
PHP Code:
DWORD SendPacketMain_ = SearchPattern("55 8B EC 83 EC 18 83 3D x x x x 00 74 07 33 C0 E9 x x x x 8A 45 08",0x00400000,0x007FFFFF); DWORD SendPacketMain = SearchPattern("55 8B EC 83 EC 18 83 3D x x x x 00 74 07 33 C0 E9 x x x x 8A 45 08",SendPacketMain_+1,0x007FFFFF); DWORD SendPacketBack = SendPacketMain + 0x06;
int Naked PacketSend(DWORD type,LPCSTR format,...) {
Yes i know this example. But in order for this to work you need to place JMP over first 5 bytes of this func to ur function right? And if I try that hs detects memory corruption.
Edit.
@blood
I've changed it so it's passing va_list args but it is still not working
U DONT UNDERSTAND?
NOT HOOK IT JUST USE IT, THIS IS UR FUNCTION AND THIS JUMP BACK TO ENGINE, ENGINE DIDNT NEED TO JUMP TO UR FUNCTION -.-.................................................. .................................................
Said it now 5 times, if u dont get it, its ur problem.
U Just call the function, engine didnt need to jmp to ur function...
U use the function from Engine, u call ur function with ur Paramaters and then the Function jumps to the Engine Send, the engine Send crypt ur Packet and send it..
Ye so pretty much my engineSend did the same thing but it was calling directly their function and passing parameters. Anyway is this sit packet ok? I want to check if it works
DWORD SendPacketMain_ = SearchPattern("55 8B EC 83 EC 18 83 3D x x x x 00 74 07 33 C0 E9 x x x x 8A 45 08",0x00400000,0x007FFFFF); DWORD SendPacketMain = SearchPattern("55 8B EC 83 EC 18 83 3D x x x x 00 74 07 33 C0 E9 x x x x 8A 45 08",SendPacketMain_+1,0x007FFFFF); DWORD SendPacketBack = SendPacketMain + 0x06;
int Naked PacketSend(DWORD type,LPCSTR format,...) {
so you add 6 Bytes to SendPacketMain
so you can reconstruct those 6 Bytes and jump to SendPacketBack.
This is one big NOP
why dont you call SendPacketMain directly?
so it should now pass all data to func But ur way is also great. Good trick xD
Ye i found this encrypt func and ida pseudocode looks like bakabug's one so i guess it is it ;p Encrypt table is pretty big oO. Well i guess i can use pointer to it and use the one from engine directly.
And about that packet sending. I am hooked already to IAT send so i can sniff sent data. Now i have to decrypt them in order to learn more. Are some packets changed now because this sit packet
0x1f,"b",1 is not working I can see that it was sent, because sniffed functions shows it but nothing happens.
[Question] Sending Money with onebip 05/17/2013 - DarkOrbit - 1 Replies Hi every body!
I need help, i have one bip acc and need to send money on my friends acc, but dont know how... i know, but it's write that can not be send because it is not supported in my country... i tried using proxy but its write again same...
What do to?
All Best
Question about sending packets with usigned variables 12/28/2010 - CO2 Programming - 6 Replies Ok so I started making a proxy in java and Have got up to receiving the password seed. But I've run into a problem java doesn't have unsigned variables so I had to edit the auth cryption to use short values. I can get the password seed perfectly its just forwarding it to the client I'm not sure how to do because the socket doesn't send a short array. I try sending the origional byte array but got no response from the client. If anyone can give me some pointers on how to do this I would...
[Question]Sending packets 10/28/2010 - RF Online - 3 Replies I'm working on a hack involving sending packets back to the server, but every time i try and set a packet back, it cuts me of. I get disconnected when I try to send a packet. Can someone enlighten me to why is this happening and how can I avoid it? Thanks.
P.S.
Don't go posting in my thread saying im a noob and shit. I ask cos I wanna learn. At least I do it on my own and not beg for hacks and cheats.
[Question] Sending job info to server. 08/18/2009 - CO2 Private Server - 2 Replies Hey,
Using hybrid's rev 3:
case "@job":
{
byte NewJob = byte.Parse(args);
Client.Job = NewJob;
Client.Send(PacketBuilder.CharacterInfo(Client));
break;
question packet sending 07/14/2008 - Dekaron - 22 Replies Where can I find tut about packet sending I wish to learn about it.