Dear all,
I have some problem about perfect login packet of CM_KEY.
bellow is the list for login packets:
Login Packets
0x01 SM_LOGIN_CHALLANGE server->client
0x03 CM_LOGIN_ANNOUNCE client->server
0x02 SM_KEY server->client
0x02 CM_KEY client->server [encrypted]
My problem is that for CM_KEY, i really don't know how it is encrypted.
i have captured some packets from elementclient.exe. Would somebody help me ?
Dears,
would you please tell me that why client wants to give a random data which was encrypted by server key ? also, would you please tell me which type of encrypto the client use ? md5 ? rc4 , thank you.
Dears,
would you please tell me that why client wants to give a random data which was encrypted by server key ? also, would you please tell me which type of encrypto the client use ? md5 ? rc4 , thank you.
Dears ,
thanks for your kindly reply. But i still don't know why client wants to give the server a random bytes which was encrypted ? Is this usefull for the server if the bytes are random ?
Dears,
Thank you. I got it. In fact, I am from China, all the game include Perfect World , Jade Dynasty Bot are developed by a company named Perfect World in Beijing. If you have any problem about china game forum or any other thing, please send me Message then i can help you.
Good luck.
1.E1E5821D47A2555DADCDFC7EEA1E82513F5B036F is encrypted by
RC4
{
(
HAMC_MD5
(
user,
HAMC_MD5
(
md5(user+pass) ,key1
)
+ key2
)
)
,
random 16 byte ( this should be real RC4 C2S key)
}
Would you please check whether is right ?
2. If we guess, when we use the encrypted CM_KEY (20 bytes) as data to get RC4 with the key which we caculate,
I think the dencrypt data must have the format 021210XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX00, because this should be the format of CM_KEY.
AM i right ?
3.In fact, when I use the above soluaton to caculate the captured packets, I really get the dencrypt data with format 021210XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX00,
so i guss the middle data XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX should be RC4 c2s key.
But yesterday when i use another people's dll plugin which is for cheat engine 5.5 to capture elementclient.exe's login data and decrypte the data,
and it shows that the RC4 c2s key is another array byte.
I am really confused about my result.
Would you please help me answer my question ? thanks very much.