|
I did get far. I managed to figure out how to aquire vehicles, armor, and weapons without going to a terminal. Although, you can't use it unless you are certed. It is fun, but extremely obvious. It's wierd, you can't just detour WinSock and expect to see traffic. They use a custom function (encryption) to send/recv, but all you have to do is hook that function and change the plain-text before it gets encrypted. Much easier than trying to break the encryption (SHA, blowfish, and MD5).
I didn't toy around with it too much, but I had fun making a chat log. I now know why PS is so freakin laggy. So much traffic passes in major battles. Stuff like XYZ co-ords of players, vehicles, items, door states, player states, etc. Normally this isn't an issue, but I think their encryption is what makes things really "choppy" since small packets (like door states) get garbled randomly.
Unfortunately, WPE can't see traffic passing, but X-Ray can and I was able to find the send/recv functions via ProcessExplorer and OllyDbg.
Hell, I even figured out how the "cheat-detection" works. The server sends a CRC request packet (64-1000 bytes), which then does an MD5 checksum of random chunks of RAM within planetside.exe and its exports. I didn't delve into the actual CRC functions, but I just made a hook to disable and injections when the packet is recv'd and enable them when the CRC is sent. Kinda like how people bypass PunkBuster.
In any event, I'm sure alot could be done via packet-editing, but I couldn't find a real use for it since alot of things are handled server-side. Only good things you can do is aquire things anywhere, teleport, and do commands without using the chat window.
|
