Need help with packet encoding

[Piratenaapje]

Could anyone explain to me how the TCP packets are encoded? I've been looking a bit in wireshark but can't figure it out. I'm trying to send and receive packets without using the actual client.

Code:

0000  00 23 69 28 17 4a 00 21  6a bf ed ac 08 00 45 00   
0010  00 37 27 1a 40 00 80 06  5e 13 c0 a8 01 65 de 6f
0020  d5 16 fd da 75 31 1f 24  bf 97 6e a2 76 91 50 18
0030  3e e8 bf f9 00 00 0f 00  6c 44 46 c6 f8 2b 68 b3 
0040  1f 74 92 ed 2f

0f 00 6c 44 46 c6 f8 2b 68 b3 1f 74 92 ed 2f was in the data field. This packet is what I got when sending the 2nd password. I'm assuming 0f 00 specifies this is a 2nd password packet. The 2nd password I used was 147147, but I'm not sure how that's encoded in there? Does anyone have more information on this?

[salsa71]

Cool story bro.

[bloodx]

AES Cryption here is a example all things what u need ->

******* = r..a..g..e..z..o..n..e..

[Piratenaapje]

Quote:

Originally Posted by bloodx

AES Cryption here is a example all things what u need ->

******* = r..a..g..e..z..o..n..e..

I think I love you

[Piratenaapje]

So, it's crashing when I try to decrypt a packet. What am I doing wrong?

Code:

#include <iostream>
#include "CryptKalOnline.h"
using namespace std;

int main()
{
    char* test = "0f006c4446c6f82b68b31f7492ed2f";
    DecryptPacket(test);
    cout << test;
}

It outputs:

Code:

Part1: end -1
Part2: end -9
Part3: end -17
Part4: end -25

After that it segfaults... Any ideas?

[aSynx]

Quote:

Originally Posted by Piratenaapje

Code:

#include <iostream>
#include "CryptKalOnline.h"
using namespace std;

int main()
{
    char* test = "0f006c4446c6f82b68b31f7492ed2f";
    DecryptPacket(test);
    cout << test;
}

Dunno how the DecryptPacket function looks like, but why to you handle the hex of the packet as string?

BYTE test[] = {0x0f, 0x00, 0x6c, 0x44 ...};

and you dont have to decrypt the size. (first 2 bytes)

[Piratenaapje]

Quote:

Originally Posted by aSynx

Dunno how the DecryptPacket function looks like, but why to you handle the hex of the packet as string?

BYTE test[] = {0x0f, 0x00, 0x6c, 0x44 ...};

and you dont have to decrypt the size. (first 2 bytes)

Got confused since the DecryptPacket function requires a char pointer . I changed the code to

Code:

int main()
{
    BYTE data[] = {0x0f, 0x00, 0x6c, 0x44, 0x46, 0xc6, 0xf8, 0x2b, 0x68, 0xb3, 0x1f, 0x74, 0x92, 0xed, 0x2f};

char* test = new char[sizeof(data)];

for(int i = 0; i < sizeof(data); i++)
        test[i] = (char)data[i];

    DecryptAES(test, 15);
    cout << test << endl;
}

It outputs ±▄Í▄0Æ╩;g¡2H┘ÀF=┌o╝[┘{
Removing the first 2 bytes doesn't give a readable string either. I'm guessing I need to change the XORKey in CryptVari.h to the correct one? If so, does anyone know what it is or how to get it?

[MoepMeep]

printf("%02x",test[i]);

[Piratenaapje]

Quote:

Originally Posted by MoepMeep

printf("%02x",test[i]);

Doing that prints a 6 char string... ab0fd8, the next run it prints 960fd8, etc. No 2 runs seem to provide the same output. The 2nd password (147147) should be in this somehow... but I don't see how?

[aSynx]

Quote:

Originally Posted by Piratenaapje

Doing that prints a 6 char string... ab0fd8, the next run it prints 960fd8, etc. No 2 runs seem to provide the same output.

printf("%02x",(BYTE)test[i]);

Quote:

Originally Posted by Piratenaapje

The 2nd password (147147) should be in this somehow... but I don't see how?

Well, whatever you did above, it won't work like this.

[Piratenaapje]

Quote:

Originally Posted by aSynx

printf("%02x",(BYTE)test[i]);



Well, whatever you did above, it won't work like this.

Guess not :s. Isn't there any example code of decoding or encoding packet data with bakabugs cryptkalonline? Or any other method of decoding this packet data?

[meak1]

i think if u search Noor sources u got a source where he decrypt packets and encrypt it but the xor key changed =D