Packets and DC Protection

[tommy14]

So I got a few packets working using phConnector and edxLoader. Actually, just the sit packet is all I've tested. I got positive results with that.

I came across some packets like running I had:

Code:

[C -> S][7021]
01

Then depending on where I was running to, I would have something similar below it like so:

Code:

6C 6A                                             
35 00                                             
B4 00                                             
F5 02

I figured those were the x and y coordinates I was running too. My problem is, how could I convert those into a string? If not that, then how could I set them with custom values? By the looks of it, it's hex, correct?

Second problem, whenever I connect to phConnector with my program, then login, I get disconnected after a few seconds. How could I resolve this?

Thanks,
TsterT

edit: opcodes >.>

[ZeraPain]

6C x_sec
6A y_sec
35 00 x_pos
B4 00 z_pos
F5 02 y_pos

Yes, these are hexvalues so you'll have to to convert them first.
(sectors are bytes, positions are uint16)

I don't really understand what you mean with "converting them to a string"
If you want to get the real position you will have to calculate them first.

int X = (int)((x_sec - 135) * 192 + (x_pos / 10));
int Y = (int)((y_sec - 92) * 192 + (y_pos / 10));

about the dc problem:
try to use an other proxy e.g. srproxy.

[kevin_owner]

Well too send your own packets you don't EVER use a string a lot of people in vb use a string for their packet but I recommend you to not use it. If you're using a .net language like vb.net or C# you can use a binarywriter too write the packet for example:

Code:

MemoryStream MemStream = new MemoryStream();
BinaryWriter writer = new BinaryWriter(MemStream);
writer.write((ushort)9); // Size
writer.write((ushort)0x7021); // Opcode
writer.write((ushort)0); // Security bytes

// Add data

and if you want to send it you use the .GetBytes method or whatever it was too get the packet and you send it with your socket.

I can give you examples in other languages but I assume you're using .net

About the disconnect. The server will disconnect you when you send a wrong packet. But you get disconnected after the login so I assume it's a gameserver thing mabye it can't connect to it. But I don't know what that problem could be. I don't know which sro client you're using so mabye the packet structure is a bit different cause the proxy sends a packet too the client. You could always try to use "srproxy".

[tommy14]

[quote=ZeraPain;12707575]
I don't really understand what you mean with "converting them to a string"
If you want to get the real position you will have to calculate them first.

int X = (int)((x_sec - 135) * 192 + (x_pos / 10));
int Y = (int)((y_sec - 92) * 192 + (y_pos / 10));
[quote]
By string I mean the values, as in the x, y, and z position. And where did you get those numbers to figure out the position?

Quote:

Originally Posted by ZeraPain

about the dc problem:
try to use an other proxy e.g. srproxy.

The method I use to send packets only works for phConnector.

I know you can get DC'd while sending an incorrect packet. I'm positive this is the case because I can run around 24/7

So how would I send a packet with values like that? And the moment, I'm using

Code:

SendPacket("704C", "10", False)

I'm guessing it has something to do with changing False to True.

And it turns out the DC was just from an incorrect packet.

Send Packet function:

Code:

    Public Sub SendPacket(ByVal OpCode As String, ByVal sData As String, ByVal Enc As Boolean)
        Using buffer As New IO.MemoryStream
            Using w As New IO.BinaryWriter(buffer)
                w.Write(CUShort(0))
                w.Write(CUShort("&H" + OpCode))
                If Enc = True Then
                    w.Write(CUShort(3))
                Else
                    w.Write(CUShort(2))
                End If
                For n = 0 To sData.Length / 2 - 1
                    w.Write(CByte("&H" & sData.Substring(n * 2, 2)))
                Next

                w.BaseStream.Position = 0
                w.Write(CUShort(w.BaseStream.Length - 6))
                w.Flush()
                Client.Send(buffer.ToArray)
            End Using
        End Using
    End Sub
'Thanks to sarkoplata

Thanks,
TsterT

[ZeraPain]

why do you want to convert it to a string.. this doesn't make any sense. they are integers.

of course you can use an other proxy, you will just have to change the port and the security bytes.

False / True in your example means if the packet should be encrypted or not (you will only have to use False) but this method isn't really good if you have to call it with strings. packets are byte arrays; better try to get a packet handler.

[kevin_owner]

Code:

    Public Sub SendPacket(ByVal OpCode As String, ByVal sData As String, ByVal Enc As Boolean)
        Using buffer As New IO.MemoryStream
            Using w As New IO.BinaryWriter(buffer)
                w.Write(CUShort(0))
                w.Write(CUShort("&H" + OpCode))
                If Enc = True Then
                    w.Write(CUShort(3))
                Else
                    w.Write(CUShort(2))
                End If
                For n = 0 To sData.Length / 2 - 1
                    w.Write(CByte("&H" & sData.Substring(n * 2, 2)))
                Next

                w.BaseStream.Position = 0
                w.Write(CUShort(w.BaseStream.Length - 6))
                w.Flush()
                Client.Send(buffer.ToArray)
            End Using
        End Using
    End Sub
'Thanks to sarkoplata

This function is a bad one of sarkoplata because using a string is bad.

You should change the 2nd parameter too an array of bytes and add those with the binary writer with the list. There are also more things missing in that function but that would do it for now.

Owh and you might want too take a look at some emulators since there are many of them written in C# and some in vb. check out how they handle the packets and there is even a source of phbot available which is vb so you should check it out

[tommy14]

So I played with C#, and looked through Pushedx's guides, then found myself in C++.

This is a whole other topic, but I have a problem with the loader. It doesn't seem to work at all. It launches sro_client.exe, but doesn't, "make it seem like it was launched from silkroad.exe". I get the error, "Please execute Silkroad.exe" after the gameguard loads.

I appreciate you guys helping me with VB, but I now realize how much better C++ is ^^.

[kevin_owner]

but C++ is also alot harder with the pointers and ect.

about the error which sro version are you using because it doesn't work anymore for some versions

[tommy14]

I know a couple languages, and after the first, it's fairly easy to pick up on others.

v1.322. What additions would I need to make for it to work?

[Schickl]

Vb and C++ are two competely different stories
pointers are indeed quite hard to handle if you've never worked with them.
Vb doesn't really change it
it might take you some time to get used to it, but it should make the things you want to do, easier

[tommy14]

Yes, I realize this.

But could someone walk me through the process of fixing this loader?

[Schickl]

You need to create a Mutex. Some months ago i knew how it worked but i forgot many things related to sro^^(for some reason working with a mutex was/is quite hard for me; don't ask me why xD)
So take a look at that part and you might be able to solve the problem yourself, or just wait till someone else replies^^

[tommy14]

So, I found this

Code:

	CreateMutexA(0, 0, "Silkroad Online Launcher");
	CreateMutexA(0, 0, "Ready");

My guess is that

Code:

	CreateMutexA(0, 0, "Ready");

Needs to change.

I'll do some digging through OllyDgb, but if someone else has the answer, feel free to share.

Edit: It didn't take me long, but I found this in sro_client

Code:

Text strings referenced in sro_client, item 13733
  Address = 00876899
  Command = PUSH OFFSET 00EBA808
  Comments = ASCII "Silkroad Online Launcher"

And

Code:

Text strings referenced in sro_client, item 13734
  Address = 008768C3
  Command = PUSH OFFSET 00EBA800
  Comments = ASCII "Ready"

Right next to each other.

[kevin_owner]

for a simpel loader a mutex is enough but if you want too use the packet analyzer of edx you need too disable hackshield if i'm correct.

btw source for a simple loader

Code:

			Mutex Mutex1 = new Mutex(false, "Silkroad Online Launcher");
			Mutex1.WaitOne();
			Mutex Mutex2 = new Mutex(false, "Ready");
			Mutex2.WaitOne();
			Process p = new Process();
			p.StartInfo.FileName = ".\\sro_client.exe";
			
			p.StartInfo.Arguments = " 0 /38 " + Division + " 0";
			p.Start();

38 - Local
division is the division (duh) so 0 for isro
and the last 0 is the ip index. so for isro you have gwgt1 till gwgt4 and this number can be 0 till 3 in isro

but If you really want too fix edx you would probably need to know assembly. and I can't help you with that.

edit: you were faster

[tommy14]

Read up on the edit I made.