Register for your free account! | Forgot your password?

Go Back   elitepvpers > MMORPGs > Kal Online
[Question] Packet Encryption [Question] Packet Encryption
You last visited: Today at 10:04

  • Please register to post and access all features, it's quick, easy and FREE!

Advertisement


Advertise with us!

[Question] Packet Encryption

Discussion on [Question] Packet Encryption within the Kal Online forum part of the MMORPGs category.

Reply
Page 4 of 4 « First 23 4
 
Old 02/09/2010, 01:04   #46
 
meak1's Avatar
 
elite*gold: 220
The Black Market: 0/0/0
Join Date: Jun 2007
Posts: 3,768
Received Thanks: 1,126
i sayed on top of the thread u dont need send for making a bot but its okay try it and say u did it^^ i go too sleeping i am poorly at home this week ;o
meak1 is offline  
Old 02/09/2010, 01:13   #47
 
Thiesius's Avatar
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Feb 2009
Posts: 256
Received Thanks: 474
It will help me understand CRC and HShield flow a little bit, so I would have some knowladge when I will try to switch to clientless . My goal isn't to create bot, but actually fix that expell when all HShield functions are bypassed and SendPacketMain is hooked . I know, I didn't chose exactly easiest goal, but let's say: It cannot hurt me if I learn some more.

#EDIT:
For the love of Jesus... how could I been so blind.
Packet order if driver isn't loaded is actually like this:
1. Packet with session keys
2. 0x09 packet (Version?)
3. 0x05 aka ping packet
4. Here - if jump isn't taken, then 0x5B "Ud" will be sent, disconnecting you, doesn't matter what's inside(I guess). If jmp is taken, then build 0x03 "m" packet (This packet will come out of "SendPacketMain"). This one will probably disconnect you too when debugging. I will have to check what's inside this one.
Two exports of HackShield are called just before these packets. Export 10 and Export 16 (called from export 10).

I hope that it will be helpful to someone
Thiesius is offline  
Old 02/11/2010, 16:39   #48
 
Thiesius's Avatar
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Feb 2009
Posts: 256
Received Thanks: 474
Some updates:
I thought I would not have to do it, but yes - it looks like I will have to emulate HackShield in order to make it work. Or atleast I will have to fix some stuff...

I read few articles on other forums and I researched for some time.
3 Broken bypasses ->
1) You cannot just prevent engine from loading EhSvc - c'mon, that would be too easy, who would generate AckMessages for you?
2) You cannot simply hook callback - Integrity check(this wouldn't matter) + AckMessage(this matter)
3) You cannot simply disable some exit functions or modify 3 opcodes - Integrity check + AckMessage

And I also read, that bypassing driver will lead to malfunction of AckMessage generator. That will pretty much suit my case.
Ack message is 0x03 "m" packet 0x199 long (if I remember correctly). Normally it should contain CRCs and 32 x 12byte hashes of functions given by server.

Fixing MakeAckMessage should be done by bypassing all "Has been HShield sucessfully initialized" checks inside this function (Same for GUIDAckMessage).

My current goal: ["Repairing" AckMessages functions so they work again]
That mean they will not send bull**** to server...
Thiesius is offline  
Old 02/12/2010, 11:32   #49
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Dec 2009
Posts: 81
Received Thanks: 31
gogogo Thiesius
ILikeItEasy is offline  
Old 02/12/2010, 11:45   #50
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Sep 2007
Posts: 61
Received Thanks: 7
exteco made client less, ask him how
BenKiu is offline  
Old 02/12/2010, 11:52   #51
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Dec 2009
Posts: 81
Received Thanks: 31
It is not just the goal, it is the road towards it that is the challenge
ILikeItEasy is offline  
Old 02/12/2010, 20:13   #52
 
Thiesius's Avatar
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Feb 2009
Posts: 256
Received Thanks: 474
Quote:
Originally Posted by BenKiu View Post
exteco made client less, ask him how
Well, I don't have any contacts for him.


Well I know a lot of theory but I lack in practice.
I downloaded some reverse me's and learning tuts so I will practice.

But I'm not at home now and I won't be for some time. And I need my PC, I have all resources on it.
Thiesius is offline  
Old 02/12/2010, 20:31   #53




 
bloodx's Avatar
 
elite*gold: 55
The Black Market: 4/0/0
Join Date: Mar 2006
Posts: 4,582
Received Thanks: 1,539
Thiesius i can explain it u if u want.
bloodx is offline  
Old 02/13/2010, 00:23   #54
 
Thiesius's Avatar
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Feb 2009
Posts: 256
Received Thanks: 474
Quote:
Originally Posted by bloodx View Post
Thiesius i can explain it u if u want.
Well, that would kickass
Thiesius is offline  
Reply
Page 4 of 4 « First 23 4

« [INT] Decrypting config.pk | Fleetaks start your server :))) »

Similar Threads Similar Threads
BOI Packet Encryption
09/28/2011 - Battle of the Immortals - 13 Replies
I've made some research about the packet encryption used in this game and I thought I'd share them. BOI uses a simple XOR-Algorithm. Each byte of a packet is being XORed with the value of the previous byte. The first byte of every packet indicates its length. Furthermore the first byte of the very first packet sent after the connection was established is being XORed with the value 0xCD. Example: Let's say the client sends this packet right after connecting to the server. 0x06 0xA7 0x57...
Packet encryption.
06/22/2009 - Shaiya - 2 Replies
Not sure if anyone has tried making a proxy yet, other than the one that is stickied (which is injected and I imagine directly hooks the games send function bypassing the need for encryption?). Anyway, just curious if anyone knows what sort of encryption is being used on packets? US server for the record.
Help with Packet Encryption?
04/16/2009 - General Coding - 9 Replies
can someone help with these packets? im completely lost lol.i typed in A,B,ABC aand recorded the 3 packets A 2C 35 52 66 BF 66 15 E1 2C 3A D6 AD E3 29 82 A9 BC C5 EE F5 90 A9 1A 71 0C CD 06 3D FC 3A F6 5C A7 A1 4C 30 63 CD 03 AE 12 A6 20 88 1E C0 E8 95 19 F3 3D A7 42 3A 09 22 B A7 9E F9 6D D4 5D 9E 6A F7 81 0D D6 B8 22 D9 52 57 8E E5 9E 9B 92 31 9A 97 F6 DD 46 A7 11 ED A7 6C 8A E7 7B 08 F6 48 65 09 EE C8 80 76 78 00 1D 81 8B 85 BF 79 F2 D1 BA
Packet Encryption
02/22/2007 - General Coding - 4 Replies
so heute mal nichts zu tun also hab ich mal nach einem opfer ausschau gehalten und stieß dabei auf steam steam ist wie vermutlich jeder weiß eine online platform zum kaufen und spielen von spielen einige dinge die ich mir ueberlegt hab: steam bruter no-recoil hack fuer cs ein steam bruter gab es soweit ich weiß noch nicht und koennte sich als sehr nuetzlich erweisen natuerlich sollte er interface unabhaengig sein und rein auf packet basis arbeiten keke wireshark angeschmissen...
Packet encryption
09/19/2005 - Lineage 2 - 1 Replies
Hi,I'm trying to make a simple L2 bot, but i got stuck in begginning - in the packet encryption. I rewrote the l2j login thread sources (those about encryption) but it doesn't work. Has anyone any description of L2 packet encryption. And second question - what Init packet (server packet,nr. 0) means? I guess that it something related with encryption, but in l2j sources that packet content is hardcoded. Thanks for replies (if any ;) )



All times are GMT +1. The time now is 10:05.

elitepvpers - play less, get more - Top

Powered by vBulletin®
Copyright ©2000 - 2026, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2026 elitepvpers All Rights Reserved.