|
You last visited: Today at 19:31
Advertisement
packet logger
Discussion on packet logger within the Perfect World forum part of the MMORPGs category.
08/24/2008, 18:02
|
#1
|
elite*gold: 0 
Join Date: Jun 2008
Posts: 142
Received Thanks: 13
|
packet logger
Here's a tiny pw packet dumper that gets the packet data out of the client (before it encrypted and after it decrypted) and dumps to the console and to text file.
It has some little limitations however, not all login traffic dumped I believe, also there's no 'control messages' ('zero' bytes between packets).
How to use: start program | start client; login and have fun.
If you're interested in future packed investigations. feel free to icq me (the answer to antispam is 0).
Hope this will do a big step in packet works 
|
|
|
|
08/24/2008, 18:04
|
#2
|
elite*gold: 0
Join Date: Jun 2008
Posts: 142
Received Thanks: 13
|
attachment was there ... here it is 
|
|
|
|
|
08/25/2008, 00:15
|
#3
|
elite*gold: 0
Join Date: Jun 2008
Posts: 247
Received Thanks: 19
|
so... it only logs and decryps packets?
|
|
|
|
|
08/25/2008, 00:21
|
#4
|
elite*gold: 0
Join Date: Jun 2008
Posts: 142
Received Thanks: 13
|
yep. and what it looks like?
|
|
|
|
|
08/25/2008, 06:23
|
#5
|
elite*gold: 0
Join Date: Jan 2008
Posts: 75
Received Thanks: 63
|
your wrong! yep you wrote a program that listen to the client but it lack the packet algorithm, the encryption and decryption. i doubt you already figured out the algorithm written on the client it took 1 month for the other team to figure the login encryption & decrypt and even 2 months just figuring out the encrypt and decrypt of chat sent to the server.. before they coded a real emulator. look at the screenies.. they just dont share their work! Im currently studying packets now. i was wrong at posting a wrong code at my other thread.. you can study packets algorithm without the help of clients real assembly.. im focusing on studying reverse engineering now. even it take time. cause it help alot..
take a look at these screenshots of the other team's real emu:
i just have an idea.. write a proxy that directly listen to the servers like ip:202.57.118.135 and port:29000 before it cummunicate to the client. instead of listening to the client. just like others game emulator.. im not sure whether the client encrypts the recieve packet. as for the sent packet you realy must know the algorithm.
|
|
|
|
|
08/25/2008, 06:47
|
#6
|
elite*gold: 0
Join Date: Jan 2008
Posts: 75
Received Thanks: 63
|
heres an example of proxy packet encrypt and decrypt source: its just for attack packets:
its a games my friend and i play before:
he wrote this when he is sitll on online game:
the Client2Server packet:
Code:
using System;
using System.Drawing;
using System.Collections;
using System.ComponentModel;
using System.Windows.Forms;
using System.Data;
using System.Threading;
using System.Net;
using System.Net.Sockets;
using System.Text;
using System.IO;
namespace Lipsum
{
public class Packet_Client2Server
{
public static byte[] logpck1= new byte[68];
public static int user1id=0;
public static byte[] logpck2= new byte[68];
public static int nblog=0;
public static bool DoSendPacket(byte[] Buffer,int Length, int id)
{
bool SendPacket=true;
#region Multi hit
if((Buffer[2]==21 && Buffer[1]==7 && Form1.frm.ServerVersion<98) || (Buffer[2]==17 && Buffer[1]==7 && Form1.frm.ServerVersion>=98))
{
if(Form1.frm.trackBarHitInterval.Value>0)
{
SendAttack sdat=new SendAttack(Buffer,id);
new Thread(new ThreadStart(sdat.DoSendAttack)).Start();
}
else
{
for(int i = 0;i<=(int)Form1.frm.nbhit.Value;i++)
{
Form1.frm.gSockDst2[id].SendData(Buffer,7);
}
}
}
#endregion
#region WalkTeleport
if(Buffer[1]>=7 && Buffer[2]==212)
{
int i1,i2,i3,i4,x1,y1;
i1=Buffer[3];
i2=Buffer[4];
i3=Buffer[5];
i4=Buffer[6];
x1=i1^93;
y1=i1^i2^188;
CTeleport.TeleportMap(x1,y1);
}
if(Buffer[1]==7 && Buffer[2]==212)
{
int i1,i2,i3,i4,x1,y1,x2=0,y2=0,ti;
int depxy=1;
i1=Buffer[3];
i2=Buffer[4];
i3=Buffer[5];
i4=Buffer[6];
x1=i1^93;
y1=i1^i2^188;
ti=i2^i3;
ti=ti&112;
ti=ti|131;
switch(ti)
{
case 131:
x2=x1+depxy;
y2=y1;
break;
case 243:
x2=x1+depxy;
y2=y1+depxy;
break;
case 227:
x2=x1+0;
y2=y1+depxy;
break;
case 195:
x2=x1-depxy;
y2=y1+0;
break;
case 179:
x2=x1-depxy;
y2=y1-depxy;
break;
case 163:
x2=x1+0;
y2=y1-depxy;
break;
case 147:
x2=x1+depxy;
y2=y1-depxy;
break;
case 211:
x2=x1-depxy;
y2=y1+depxy;
break;
}
if(x2!=0 && y2!=0)
{
CTeleport.TeleportMap(x2,y2);
if(Form1.frm.checkBoxWalkTeleport.Checked)
{
CTeleport.Teleport(x2,y2,id);
CTeleport.Teleport2(x2,y2,id);
}
}
}
#endregion
/*if(Buffer[0]==195 && Buffer[1]==68)
{
if(nblog==0)
{
logpck1=Buffer;
user1id=id;
}
if(nblog==1)
{
Form1.frm.gSockDst2[user1id].SendData(logpck1,68);
Form1.frm.gSockDst2[id].SendData(Buffer,68);
}
nblog++;
Form1.frm.label28.Text=nblog.ToString();
if(nblog==2)
nblog=0;
SendPacket=false;
}
else
{
nblog=0;
Form1.frm.label28.Text=nblog.ToString();
}*/
return SendPacket;
}
public Packet_Client2Server()
{
//
// TODO*: ajoutez ici la logique du constructeur
//
}
}
}
SERVER 2 client:
Code:
using System;
using System.Drawing;
using System.Collections;
using System.ComponentModel;
using System.Windows.Forms;
using System.Data;
using System.Threading;
using System.Net;
using System.Net.Sockets;
using System.Text;
using System.IO;
namespace Lipsum
{
/// <summary>
/// Description résumée de Packet_Server2Client.
/// </summary>
public class Packet_Server2Client
{
public static bool DoReceivePacket(byte[] Buffer,int Length, int id)
{
byte i1,ii1;
byte i2,ii2;
int PosiMV,aPosiMV;
bool SendPacket=true;
bool pk=false;
byte[] AttakPacket={193,7,17,0,0,0,0};
int CurrentUser=1;
for(int i =0;i<Form1.frm.NbUsers;i++)
{
if(Form1.frm.Users[i].IDSock3==id)
CurrentUser=i;
}
if(Form1.frm.ServerVersion<98)
AttakPacket[2]=21;
#region Vault Hack
if(Buffer[1]==4 && Buffer[2]==131 && Buffer[3]==1 && Form1.frm.chkVaultHack.Checked)
{
Buffer[3]=0;
Cons.Print("Vault Hack applied",id);
}
#endregion
#region Player ID
if(Buffer[1]==12 && Buffer[2]==241)
{
Form1.frm.Users[CurrentUser].IDPlayer1=Buffer[5];
Form1.frm.Users[CurrentUser].IDPlayer2=Buffer[6];
}
#endregion
#region GM chars
if(Buffer[1]==243)
{
/* Buffer[19]=8;
Buffer[45]=8;*/
}
#endregion
#region Attack Packet Key
int Code1=0,Code2=0,Code3=0,Code4=0;
Code1=152;Code2=36; Code3=242;Code4=104;
if(Form1.frm.ServerVersion<98)
{
Code1=156;Code2=32;Code3=246;Code4=108;
}
#endregion
#region AK V4 - kill mobs when they reappear
if(Form1.frm.chkAKV4.Checked && (Buffer[2]==20))
{
for(int nbak4=0;nbak4<Buffer[3];nbak4++){
i1=Buffer[4+nbak4*2];
i2=Buffer[5+nbak4*2];
if(!(i1==Form1.frm.Users[CurrentUser].IDPlayer1 && i2==Form1.frm.Users[CurrentUser].IDPlayer2))
{
AttakPacket[3]=(byte)(i1 ^ Code1);
AttakPacket[4]=(byte)(i1 ^ i2 ^ Code2);
AttakPacket[5]=(byte)(i1 ^ i2 ^ Code3);
AttakPacket[6]=(byte)(i2 ^ (Code4));
Cons.Print("AK v4 : "+i1.ToString() + " "+i2.ToString(),id);
if(Form1.frm.trackBarHitInterval.Value>0)
{
SendAttack sdat=new SendAttack(AttakPacket,id);
new Thread(new ThreadStart(sdat.DoSendAttack)).Start();
}
else
{
for(int i = 0;i<=(int)Form1.frm.nbhit.Value;i++)
{
Form1.frm.gSockDst2[id].SendData(AttakPacket,7);
}
}
}
}
}
#endregion
#region AK V3 - movement detection
if(Form1.frm.checkBox1.Checked && ((Buffer[1]==8 && Buffer[2]==16 && Form1.frm.ServerVersion<98) || (Buffer[1]==8 && Buffer[2]==212 && Form1.frm.ServerVersion>=98)))
{
PosiMV=0;
i1=Buffer[PosiMV+3];
i2=Buffer[PosiMV+4];
PosiMV+=6;
if(!(i1==Form1.frm.Users[CurrentUser].IDPlayer1 && i2==Form1.frm.Users[CurrentUser].IDPlayer2))
{
AttakPacket[3]=(byte)(i1 ^ Code1);
AttakPacket[4]=(byte)(i1 ^ i2 ^ Code2);
AttakPacket[5]=(byte)(i1 ^ i2 ^ Code3);
AttakPacket[6]=(byte)(i2 ^ (Code4));
Cons.Print("AK v3 : "+i1.ToString() + " "+i2.ToString(),id);
if(Form1.frm.trackBarHitInterval.Value>0)
{
SendAttack sdat=new SendAttack(AttakPacket,id);
new Thread(new ThreadStart(sdat.DoSendAttack)).Start();
}
else
{
for(int i = 0;i<=(int)Form1.frm.nbhit.Value;i++)
{
Form1.frm.gSockDst2[id].SendData(AttakPacket,7);
}
}
}
}
#endregion
#region ServerSide Movement - Corrects teleport bug
if((Form1.frm.ServerVersion<98 && Buffer[1]==8 && Buffer[2]==16 && Buffer[3]==Form1.frm.Users[CurrentUser].IDPlayer1 && Buffer[4]==Form1.frm.Users[CurrentUser].IDPlayer2) ||
(Form1.frm.ServerVersion>=98 && Buffer[1]==8 && Buffer[2]==212 && Buffer[3]==Form1.frm.Users[CurrentUser].IDPlayer1 && Buffer[4]==Form1.frm.Users[CurrentUser].IDPlayer2))
{
//CTeleport.TeleportMap(Buffer[5],Buffer[6]);
SendPacket=false;
}
#endregion
#region AK V1
PosiMV=0;
if(Form1.frm.ChkAK.Checked && Buffer[0]==194)
{
pk=Form1.frm.chkPK.Checked && Buffer[PosiMV+3]==18;
if( Buffer[PosiMV+3]==19 || pk )
{
aPosiMV=PosiMV+5;
for(int j=0;j<(int)Buffer[aPosiMV-1];j++)
{
if(pk)
PosiMV=aPosiMV+j*21;
else
PosiMV=aPosiMV+j*12;
if ((((int)Buffer[PosiMV+2])<150) || (pk))
{
i1=Buffer[PosiMV];
i2=Buffer[PosiMV+1];
ii1=Buffer[PosiMV+8];
ii2=Buffer[PosiMV+9];
AttakPacket[3]=(byte)(i1 ^ Code1);
AttakPacket[4]=(byte)(i1 ^ i2 ^ Code2);
AttakPacket[5]=(byte)(i1 ^ i2 ^ Code3);
AttakPacket[6]=(byte)(i2 ^ (Code4));
if(CTeleport.IsAreaFree(ii1,ii2) || !(Form1.frm.AK2.Checked))
{
Cons.Print("AK v1 : "+i1.ToString() + " "+i2.ToString(),id);
if(Form1.frm.chktelmonster.Checked)
{
CTeleport.Teleport(ii1,ii2,id);
CTeleport.Teleport2(ii1,ii2,id);
}
if(Form1.frm.trackBarHitInterval.Value>0)
{
SendAttack sdat=new SendAttack(AttakPacket,id);
new Thread(new ThreadStart(sdat.DoSendAttack)).Start();
}
else
{
for(int i = 0;i<=(int)Form1.frm.nbhit.Value;i++)
{
Form1.frm.gSockDst2[id].SendData(AttakPacket,7);
}
}
}
}
}
}
}
#endregion
#region Ignored Packets
if(Buffer[0]==194 && Buffer[PosiMV+3]==19 && Form1.frm.checkBoxIgnore3.Checked)
SendPacket=false;
if(Buffer[0]==194 && Buffer[PosiMV+3]==18 && Form1.frm.checkBoxIgnore3.Checked)
SendPacket=false;
if(Buffer[1]==8 && Buffer[2]==16 && Form1.frm.ServerVersion<98 && Form1.frm.checkBoxIgnore2.Checked)
SendPacket=false;
if(Buffer[1]==8 && Buffer[2]==212 && Form1.frm.ServerVersion>=98 && Form1.frm.checkBoxIgnore2.Checked)
SendPacket=false;
if(Buffer[1]==7 && Buffer[2]==24 && Form1.frm.checkBoxIgnore1.Checked)
SendPacket=false;
#endregion
return SendPacket;
}
public Packet_Server2Client()
{
//
// TODO*: ajoutez ici la logique du constructeur
//
}
}
}
|
|
|
|
|
08/25/2008, 08:02
|
#7
|
elite*gold: 0
Join Date: Jun 2008
Posts: 142
Received Thanks: 13
|
Quote:
Originally Posted by ericjohn
your wrong! yep you wrote a program that listen to the client but it lack the packet algorithm, the encryption and decryption. i doubt you already figured out the algorithm written on the client
|
No sir! dumped packets has no encryption (at least as i see it.). And I'm sure they dont, because I made something more than just simple traffic listener Want chat? no problem, here's the example:
Code:
80 85 64 01 00 00 14 D4 62 08 11 04 30 04 3A 04 Ђ…d....Фb...0.:.
24 00 54 1F 04 20 04 1E 04 14 04 10 04 1C 04 20 $.T.............
00 31 04 40 04 3E 04 3D 04 37 04 3E 04 32 04 4B .1.@.>.=.7.>.2.K
04 35 04 20 00 37 04 3D 04 30 04 3A 04 38 04 20 .5...7.=.0.:.8..
00 34 04 40 04 30 04 3A 04 3E 04 3D 04 30 04 20 [email protected].:.>.=.0..
00 3F 04 3E 04 20 00
|
|
|
|
|
08/25/2008, 10:45
|
#8
|
elite*gold: 0
Join Date: Jun 2008
Posts: 247
Received Thanks: 19
|
it is packed, cuz chat decrypted packet example was publishe already
|
|
|
|
|
08/25/2008, 10:58
|
#9
|
elite*gold: 0
Join Date: Jun 2008
Posts: 142
Received Thanks: 13
|
what packed specifically?
|
|
|
|
|
08/25/2008, 13:11
|
#10
|
elite*gold: 0
Join Date: Jan 2008
Posts: 75
Received Thanks: 63
|
they are not dump. use WPE pro to analyze the packet from client and compare the packets you got in littlePaw22.24.rar its almost the same. if you saw you chat in game. you can easily understand a decrypted chat packet and you can easily edit it and encrypt it again before sending it to the server so the server wont dc you.. you can analyze my posted 1st screenies.. there are decypted chatpacket posted there.. second screenshot is login packets
you need a built in decryptor and encryptor inside your littlePaw22.24.rar to fully decrypt or encrypt packets. but i have some packets of GM sent to the server like invulnerability. you wont get dcied. but you need some GM privilage to make it work..
if you like to talk can i have your IM yahoo or icq
|
|
|
|
|
08/25/2008, 13:22
|
#11
|
elite*gold: 0
Join Date: Jun 2008
Posts: 142
Received Thanks: 13
|
examples please. It cannot be 'almost' the same. It is either the same or completely different.
Also your server might behave a bit different, only a suggestion.. At least packets I got with wpe has high enthropy while decrypted packets has clearly visible structure and data
icq 21398845
|
|
|
|
|
08/25/2008, 13:26
|
#12
|
elite*gold: 0
Join Date: Jun 2008
Posts: 142
Received Thanks: 13
|
if you mean decryptor in means of showing user data in human readable form then it's only a question of interpretation data we already got .. I'm not sure I'm going to implement it... Maybe a bridge to wp ppc to reuse its scripts..
|
|
|
|
|
08/25/2008, 13:31
|
#13
|
elite*gold: 0
Join Date: Jun 2008
Posts: 142
Received Thanks: 13
|
understanding the packet structure is a separate task. I know text dumps are not the best tool for it but we hasn't sniffing tools like this before isn't it? So it just a first step
|
|
|
|
|
08/25/2008, 16:28
|
#14
|
elite*gold: 0
Join Date: Jan 2008
Posts: 75
Received Thanks: 63
|
yes decrypted = easy to read and easy to edit then encrypt to resend back to the server without error, and yeah its the best thing to start without packet algorithm. anyway ill analyze it again later using your proggy.. ill icq after my work.. to update my findings.. maybe these dump packets, some of them its a best start of studying the algorithm for a working emu. just like wp ppc.
|
|
|
|
|
06/11/2009, 17:13
|
#15
|
elite*gold: 0
Join Date: Nov 2007
Posts: 160
Received Thanks: 28
|
Client found.... Failed to connect to client (5)
|
|
|
|
Similar Threads
|
Packet Logger/Proxy
11/24/2007 - CO2 Exploits, Hacks & Tools - 81 Replies
After seeing many "proxy" programs abuse trust and/or disappear I decided to make my own. I figured I might as well release it. Use it if you'd like. It runs off a similar system as my Emu I'm working on so you can get a general idea for it's power :o :P
The setup is simple. The config file is filled out as such:
proxy-address = yourip
server-address = 69.59.142.13
proxy-port = 9958
;ignore-id = 1010
;special-id = 1011
ignore-id ignores certain packets (both directions) from being...
|
All times are GMT +1. The time now is 19:31.
|
|
