Register for your free account! | Forgot your password?

Go Back   elitepvpers > Popular Games > Silkroad Online > SRO Coding Corner
Vsro Sending Login Packet 0x6102 Vsro Sending Login Packet 0x6102
You last visited: Today at 22:15

  • Please register to post and access all features, it's quick, easy and FREE!

Advertisement


Advertise with us!

Vsro Sending Login Packet 0x6102

Discussion on Vsro Sending Login Packet 0x6102 within the SRO Coding Corner forum part of the Silkroad Online category.

Reply
 
Old   #1
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Jun 2010
Posts: 28
Received Thanks: 14
Vsro Sending Login Packet 0x6102

Hey everybody sorry in advance about my bad english

Im writing a bot for vsro for some fun some learn c# some need sometimes new future for my own need so Im writing 2 month now but Im studiying so ı dont have a lot of time but ı writing slow but solid

Thank you so much for the A lot of people in this forum they always give answer when ı stuck somewhere specialy DexterSoul

now yesterday ı start when sro get DC client when closed bot re-login
char and start bot I write a lot of part database for ıds pws charname etc.
when put ıd and pw with my hand

Code:
   Packet Login = new Packet(0x7001);
                                Login.WriteAscii(m_Name);
                                Proxy.SendPacket(Login);
                                break;
this code auto select the char and start this work perfectly ı get error when sending Id pw in the server

Code:
      Packet SendLogin = new Packet(0x6102,true);
                        SendLogin.WriteByte(22);//locale
                        SendLogin.WriteAscii("a");//ıd
                        SendLogin.WriteAscii("a");//pw
                        SendLogin.WriteUShort(SendID);//this is right always 64 0x0400 but ı parse when 0xA101 came its not wrong
                        Proxy.SendPacketGateway(SendLogin);
When ı use this Clienless mode it runnig perfectly send login and enter the char but when I open the client and use this ı get code geteway kick error
ı try a lot of things for 8 hours for this but no luck ı search all the net but no luck Im using dextersoul ClienlessSample client server proxy if some one gonna know the answer can you help me plesase thank for advance
oksn123 is offline  
Old 05/19/2019, 21:22   #2
 
homelesshobo's Avatar
 
elite*gold: 0
The Black Market: 8/0/0
Join Date: Jan 2010
Posts: 103
Received Thanks: 17
I suspect you are getting a C9 error, meaning you are unable to connect to the Agent/Client Server:

/tldr: The 0x6103 sent by the client sends empty username and password.
As a solution for the ClientlessSample, add this to the Proxy.cs file.
It creates a new 0x6103 packet, inserts the missing username and password, then replaces the old 0x6103 packet and sends it.

Code:
void ClientSocketPacketReceived(Packet p)
        {
            //For ClientlessSwitcher
            if (ShouldSwitchClient)
            {
                // Fake Client

                // 0x2001
                if (p.Opcode == 0x2001)
                {

                    //[S -> C][2001][16 bytes]
                    //0D 00 47 61 74 65 77 61 79 53 65 72 76 65 72 00   ..GatewayServer.
                    Packet response = new Packet(0x2001);
                    if (!ShouldConnectToAgent)
                    {
                        response.WriteAscii("GatewayServer");
                    }
                    else
                    {
                        response.WriteAscii("AgentServer");
                        ShouldConnectToAgent = false;
                    }
                    response.WriteUInt8(0); //Client-Connection
                    response.Lock();
                    ClientSocket.Send(response);

                    //S->P:2005 Data:01 00 01 BA 02 05 00 00 00 02
                    response = new Packet(0x2005, false, true);
                    response.WriteUInt8(0x01);
                    response.WriteUInt8(0x00);
                    response.WriteUInt8(0x01);
                    response.WriteUInt8(0xBA);
                    response.WriteUInt8(0x02);
                    response.WriteUInt8(0x05);
                    response.WriteUInt8(0x00);
                    response.WriteUInt8(0x00);
                    response.WriteUInt8(0x00);
                    response.WriteUInt8(0x02);
                    response.Lock();
                    ClientSocket.Send(response);

                    //S->P:6005 Data:03 00 02 00 02
                    response = new Packet(0x6005, false, true);
                    response.WriteUInt8(0x03);
                    response.WriteUInt8(0x00);
                    response.WriteUInt8(0x02);
                    response.WriteUInt8(0x00);
                    response.WriteUInt8(0x02);
                    response.Lock();
                    ClientSocket.Send(response);
                }

                if (p.Opcode == 0x6100)
                {
                    byte local = p.ReadUInt8();
                    string client = p.ReadAscii();
                    uint version = p.ReadUInt32();

                    //S->P:A100 Data:01
                    Packet response = new Packet(0xA100, false, true);

                    if (local != clientLocal)
                    {
                        response.WriteUInt8(0x02); //Faild
                        response.WriteUInt8(0x01); //Faild to connect to server.(C4)                   
                    }
                    else if (client != "SR_Client")
                    {
                        response.WriteUInt8(0x02); //Faild
                        response.WriteUInt8(0x03); //Faild to connect to server.(C4)                 
                    }
                    else if (version != LoginSettings.Version)
                    {
                        response.WriteUInt8(0x02); //Faild
                        response.WriteUInt8(0x02); //Update - Missing bytes but still trigger update message on Client, launcher will crash :/
                    }
                    else
                    {
                        response.WriteUInt8(0x01); //Sucess
                    }

                    response.Lock();
                    ClientSocket.Send(response);
                }

                if (p.Opcode == 0x6101 && ShouldConnectToAgent == false)
                {
                    Packet response = new Packet(0xA102);
                    response.WriteUInt8(0x01); //Sucess
                    response.WriteUInt32(uint.MaxValue); //SessionID
                    response.WriteAscii("127.0.0.1"); //NetworkGlobal.Server_Address
                    response.WriteUInt16(localGWPort);
                    response.Lock();

                    ShouldConnectToAgent = true;
                    ClientSocket.Send(response);
                }

                if (p.Opcode == 0x6103)
                {
                    //FF FF FF FF 00 00 00 00 16 00 00 9D 53 84 00
                    uint sessionID = p.ReadUInt32();
                    string username = p.ReadAscii();
                    string password = p.ReadAscii();
                    byte local = p.ReadUInt8();
                    //byte[] mac = p.ReadUInt8Array(6); //No need

                    Packet response = new Packet(0xA103);
                    if (sessionID != uint.MaxValue)
                    {
                        response.WriteUInt8(0x02);
                        response.WriteUInt8(0x02);
                    }
                    else if (username != "")
                    {
                        response.WriteUInt8(0x02);
                        response.WriteUInt8(0x02);
                    }
                    else if (password != "")
                    {
                        response.WriteUInt8(0x02);
                        response.WriteUInt8(0x02);
                    }
                    else if (local != clientLocal)
                    {
                        response.WriteUInt8(0x02);
                        response.WriteUInt8(0x02);
                    }
                    else
                    {
                        response.WriteUInt8(0x01); //Sucess
                    }
                    response.Lock();
                    ClientSocket.Send(response);
                }

                if (p.Opcode == 0x7007)
                {
                    byte type = p.ReadUInt8();
                    if (type == 0x02)
                    {
                        Packet responseEndCS = new Packet(0xB001);
                        responseEndCS.WriteUInt8(0x01);

                        Packet responseInitLoad = new Packet(0x34A5);

                        ClientSocket.Send(responseEndCS);
                        ClientSocket.Send(responseInitLoad);
                        IsClientWaitingForData = true;
                    }
                }

            }
            else
            {
                //Not sure why but after clientless->client the clients preferes to send 0x6103 twice.
                if (p.Opcode == 0x6103)
                {
                    if (agentLoginFixCounter > 0)
                    {
                        return;
                    }
                    agentLoginFixCounter++;

                    ////Encrypted
                    //4   uint Token //from LOGIN_RESPONSE
                    //2   ushort Username.Length
                    //* string  Username
                    //2   ushort Password.Length
                    //* string  Password
                    //1   byte Content.ID
                    //6   byte[] MAC-Address
                    uint token = p.ReadUInt32();
                    string username = p.ReadAscii();
                    string password = p.ReadAscii();
                    byte locale = p.ReadUInt8();
                    byte[] macAddress = p.ReadUInt8Array(6);

                    // Spoof packet if it is invalid
                    if (string.IsNullOrEmpty(username))
                    {
                        Packet spoof = new Packet(0x6103, true);
                        spoof.WriteUInt32(token);
                        spoof.WriteAscii(LoginSettings.Username);
                        spoof.WriteAscii(LoginSettings.Password);
                        spoof.WriteUInt8(locale);
                        // write random 6 octet mac address
                        //Random mac = new Random();
                        spoof.WriteUInt16(0x0000); // 2 empty
                        spoof.WriteUInt8Array(macAddress);

                        p = spoof;
                    }
                }

                if (p.Opcode == 0x6102)
                {
                    agentLoginFixCounter = 0;
                }

                if (agentConnected)
                {
                    AgentSocket.Send(p);
                }
                else
                {
                    GatewaySocket.Send(p);
                }
            }
        }


Long explanation for solution:

Check login packet and spoof it with valid data if necessary before sending to Agent server.
- After injecting a packet using a proxy program, the gateway connection is closed and a connection is established with the Agent server.
- The Client does not have the username or password however, as these were not entered manually in the client but sent through the proxy instead.
This causes the client to send an invalid 0x6103 login packet with an empty username (and password) to the agent server after 0xA102.

Code:
19:31[NET]* Waiting for a connection... 
19:32[NET]Sending 6101 - True - False - 
19:32[NET]Sending 6102 - True - False - 16 07 00 68 75 6e 74 65 72 32 04 00 31 32 33 34 40 00
19:32[NET]gw_remote_recv_packets a102 - True - False - 01 D6 00 00 00 0C 00 39 34 2E 31 36 2E 31 31 35 2E 32 39 0C 3E
19:32[NET]* A connection has been made!
19:32[NET]* The connection has been made!
19:32[HANDLER]ag_remote_send_buffers 2001 - True - False - 09 00 53 52 5F 43 6C 69 65 6E 74 00
19:32[HANDLER]ag_remote_recv_packets s->p2005 - False - True - 01 00 01 C3 02 05 00 00 00 02
19:32[HANDLER]ag_local_recv_buffers c->p->s 6103 - True - False - D6 00 00 00 00 00 00 00 16 00 00 00 00 00 00
19:32[HANDLER]ag_remote_recv_packets s->p6005 - False - True - 03 00 02 00 02
19:32[NET]LoginClient Error a103 - True - False - 02 01
19:32[HANDLER]ag_local_recv_buffers c->p->s 2002 - False - False -
The resulting agent authentication packet has no username or password

Code:
19:32[HANDLER]ag_local_recv_buffers c->p->s 6103 - True - False - D6 00 00 00 00 00 00 00 16 00 00 00 00 00 00

Code:
//Encrypted
4   uint Token from LOGIN_RESPONSE  D6 00 00 00
2   ushort Username.Length          00 00
* string  Username                  
2   ushort Password.Length          00 00
* string  Password                  
1   byte Content.ID                 16
6   byte[] MAC-Address              00 00 00 00

The username and password have to be inserted before being sent to the agent server, otherwise a C9 error occurs.
homelesshobo is offline  
Old 05/19/2019, 21:41   #3
 
JellyBitz's Avatar
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Sep 2018
Posts: 419
Received Thanks: 943
Like answer above.

I never sent that packet from bot + using client BUT looking to client protocol, seems like the client is sending an empty data anyways..

Just ignoring that client packet, seems the easy way, after all you are sending one correct isn't it?
Yep. I'm using
JellyBitz is offline  
Old 05/20/2019, 08:09   #4
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Jun 2010
Posts: 28
Received Thanks: 14
Quote:
Originally Posted by homelesshobo View Post
I suspect you are getting a C9 error, meaning you are unable to connect to the Agent/Client Server:

/tldr: The 0x6103 sent by the client sends empty username and password.
As a solution for the ClientlessSample, add this to the Proxy.cs file.
It creates a new 0x6103 packet, inserts the missing username and password, then replaces the old 0x6103 packet and sends it.

Code:
void ClientSocketPacketReceived(Packet p)
        {
            //For ClientlessSwitcher
            if (ShouldSwitchClient)
            {
                // Fake Client

                // 0x2001
                if (p.Opcode == 0x2001)
                {

                    //[S -> C][2001][16 bytes]
                    //0D 00 47 61 74 65 77 61 79 53 65 72 76 65 72 00   ..GatewayServer.
                    Packet response = new Packet(0x2001);
                    if (!ShouldConnectToAgent)
                    {
                        response.WriteAscii("GatewayServer");
                    }
                    else
                    {
                        response.WriteAscii("AgentServer");
                        ShouldConnectToAgent = false;
                    }
                    response.WriteUInt8(0); //Client-Connection
                    response.Lock();
                    ClientSocket.Send(response);

                    //S->P:2005 Data:01 00 01 BA 02 05 00 00 00 02
                    response = new Packet(0x2005, false, true);
                    response.WriteUInt8(0x01);
                    response.WriteUInt8(0x00);
                    response.WriteUInt8(0x01);
                    response.WriteUInt8(0xBA);
                    response.WriteUInt8(0x02);
                    response.WriteUInt8(0x05);
                    response.WriteUInt8(0x00);
                    response.WriteUInt8(0x00);
                    response.WriteUInt8(0x00);
                    response.WriteUInt8(0x02);
                    response.Lock();
                    ClientSocket.Send(response);

                    //S->P:6005 Data:03 00 02 00 02
                    response = new Packet(0x6005, false, true);
                    response.WriteUInt8(0x03);
                    response.WriteUInt8(0x00);
                    response.WriteUInt8(0x02);
                    response.WriteUInt8(0x00);
                    response.WriteUInt8(0x02);
                    response.Lock();
                    ClientSocket.Send(response);
                }

                if (p.Opcode == 0x6100)
                {
                    byte local = p.ReadUInt8();
                    string client = p.ReadAscii();
                    uint version = p.ReadUInt32();

                    //S->P:A100 Data:01
                    Packet response = new Packet(0xA100, false, true);

                    if (local != clientLocal)
                    {
                        response.WriteUInt8(0x02); //Faild
                        response.WriteUInt8(0x01); //Faild to connect to server.(C4)                   
                    }
                    else if (client != "SR_Client")
                    {
                        response.WriteUInt8(0x02); //Faild
                        response.WriteUInt8(0x03); //Faild to connect to server.(C4)                 
                    }
                    else if (version != LoginSettings.Version)
                    {
                        response.WriteUInt8(0x02); //Faild
                        response.WriteUInt8(0x02); //Update - Missing bytes but still trigger update message on Client, launcher will crash :/
                    }
                    else
                    {
                        response.WriteUInt8(0x01); //Sucess
                    }

                    response.Lock();
                    ClientSocket.Send(response);
                }

                if (p.Opcode == 0x6101 && ShouldConnectToAgent == false)
                {
                    Packet response = new Packet(0xA102);
                    response.WriteUInt8(0x01); //Sucess
                    response.WriteUInt32(uint.MaxValue); //SessionID
                    response.WriteAscii("127.0.0.1"); //NetworkGlobal.Server_Address
                    response.WriteUInt16(localGWPort);
                    response.Lock();

                    ShouldConnectToAgent = true;
                    ClientSocket.Send(response);
                }

                if (p.Opcode == 0x6103)
                {
                    //FF FF FF FF 00 00 00 00 16 00 00 9D 53 84 00
                    uint sessionID = p.ReadUInt32();
                    string username = p.ReadAscii();
                    string password = p.ReadAscii();
                    byte local = p.ReadUInt8();
                    //byte[] mac = p.ReadUInt8Array(6); //No need

                    Packet response = new Packet(0xA103);
                    if (sessionID != uint.MaxValue)
                    {
                        response.WriteUInt8(0x02);
                        response.WriteUInt8(0x02);
                    }
                    else if (username != "")
                    {
                        response.WriteUInt8(0x02);
                        response.WriteUInt8(0x02);
                    }
                    else if (password != "")
                    {
                        response.WriteUInt8(0x02);
                        response.WriteUInt8(0x02);
                    }
                    else if (local != clientLocal)
                    {
                        response.WriteUInt8(0x02);
                        response.WriteUInt8(0x02);
                    }
                    else
                    {
                        response.WriteUInt8(0x01); //Sucess
                    }
                    response.Lock();
                    ClientSocket.Send(response);
                }

                if (p.Opcode == 0x7007)
                {
                    byte type = p.ReadUInt8();
                    if (type == 0x02)
                    {
                        Packet responseEndCS = new Packet(0xB001);
                        responseEndCS.WriteUInt8(0x01);

                        Packet responseInitLoad = new Packet(0x34A5);

                        ClientSocket.Send(responseEndCS);
                        ClientSocket.Send(responseInitLoad);
                        IsClientWaitingForData = true;
                    }
                }

            }
            else
            {
                //Not sure why but after clientless->client the clients preferes to send 0x6103 twice.
                if (p.Opcode == 0x6103)
                {
                    if (agentLoginFixCounter > 0)
                    {
                        return;
                    }
                    agentLoginFixCounter++;

                    ////Encrypted
                    //4   uint Token //from LOGIN_RESPONSE
                    //2   ushort Username.Length
                    //* string  Username
                    //2   ushort Password.Length
                    //* string  Password
                    //1   byte Content.ID
                    //6   byte[] MAC-Address
                    uint token = p.ReadUInt32();
                    string username = p.ReadAscii();
                    string password = p.ReadAscii();
                    byte locale = p.ReadUInt8();
                    byte[] macAddress = p.ReadUInt8Array(6);

                    // Spoof packet if it is invalid
                    if (string.IsNullOrEmpty(username))
                    {
                        Packet spoof = new Packet(0x6103, true);
                        spoof.WriteUInt32(token);
                        spoof.WriteAscii(LoginSettings.Username);
                        spoof.WriteAscii(LoginSettings.Password);
                        spoof.WriteUInt8(locale);
                        // write random 6 octet mac address
                        //Random mac = new Random();
                        spoof.WriteUInt16(0x0000); // 2 empty
                        spoof.WriteUInt8Array(macAddress);

                        p = spoof;
                    }
                }

                if (p.Opcode == 0x6102)
                {
                    agentLoginFixCounter = 0;
                }

                if (agentConnected)
                {
                    AgentSocket.Send(p);
                }
                else
                {
                    GatewaySocket.Send(p);
                }
            }
        }


Long explanation for solution:

Check login packet and spoof it with valid data if necessary before sending to Agent server.
- After injecting a packet using a proxy program, the gateway connection is closed and a connection is established with the Agent server.
- The Client does not have the username or password however, as these were not entered manually in the client but sent through the proxy instead.
This causes the client to send an invalid 0x6103 login packet with an empty username (and password) to the agent server after 0xA102.

Code:
19:31[NET]* Waiting for a connection... 
19:32[NET]Sending 6101 - True - False - 
19:32[NET]Sending 6102 - True - False - 16 07 00 68 75 6e 74 65 72 32 04 00 31 32 33 34 40 00
19:32[NET]gw_remote_recv_packets a102 - True - False - 01 D6 00 00 00 0C 00 39 34 2E 31 36 2E 31 31 35 2E 32 39 0C 3E
19:32[NET]* A connection has been made!
19:32[NET]* The connection has been made!
19:32[HANDLER]ag_remote_send_buffers 2001 - True - False - 09 00 53 52 5F 43 6C 69 65 6E 74 00
19:32[HANDLER]ag_remote_recv_packets s->p2005 - False - True - 01 00 01 C3 02 05 00 00 00 02
19:32[HANDLER]ag_local_recv_buffers c->p->s 6103 - True - False - D6 00 00 00 00 00 00 00 16 00 00 00 00 00 00
19:32[HANDLER]ag_remote_recv_packets s->p6005 - False - True - 03 00 02 00 02
19:32[NET]LoginClient Error a103 - True - False - 02 01
19:32[HANDLER]ag_local_recv_buffers c->p->s 2002 - False - False -
The resulting agent authentication packet has no username or password

Code:
19:32[HANDLER]ag_local_recv_buffers c->p->s 6103 - True - False - D6 00 00 00 00 00 00 00 16 00 00 00 00 00 00

Code:
//Encrypted
4   uint Token from LOGIN_RESPONSE  D6 00 00 00
2   ushort Username.Length          00 00
* string  Username                  
2   ushort Password.Length          00 00
* string  Password                  
1   byte Content.ID                 16
6   byte[] MAC-Address              00 00 00 00

The username and password have to be inserted before being sent to the agent server, otherwise a C9 error occurs.
Thank you so much for everything

I use like this

Code:
  if (packet.Opcode == 0x6103)
                {
                    if (m_AgentLoginFixCounter > 0)
                    {
                        return;
                    }
                    m_AgentLoginFixCounter++;

                    ////Encrypted
                    //4   uint Token //from LOGIN_RESPONSE
                    //2   ushort Username.Length
                    //* string  Username
                    //2   ushort Password.Length
                    //* string  Password
                    //1   byte Content.ID
                    //6   byte[] MAC-Address
                    uint token = packet.ReadUInt();
                    string username = packet.ReadAscii();
                    string password = packet.ReadAscii();
                    byte locale = packet.ReadByte();
                    byte[] macAddress = packet.ReadByteArray(6);

                    // Spoof packet if it is invalid
                    if (string.IsNullOrEmpty(username))
                    {
                        Packet spoof = new Packet(0x6103, true);
                        spoof.WriteUInt(token);
                        spoof.WriteAscii(m_Username);
                        spoof.WriteAscii(m_Password);
                        spoof.WriteByte(locale);
                        // write random 6 octet mac address
                        //Random mac = new Random();
                        spoof.WriteUShort(0x0000); // 2 empty
                        spoof.WriteByteArray(macAddress);
                        spoof.Lock();
                        packet = spoof;

                    }


                }

And I add proxy like this

Code:
  public static void SendLogin(byte Local, string UserName, string Password, ushort ServerID)
        {
            m_ServerID = ServerID;
            m_Username = UserName;
            m_Password = Password;
            Packet SendLogin = new Packet(0x6102, true);
            SendLogin.WriteByte(Local);
            SendLogin.WriteAscii(UserName);
            SendLogin.WriteAscii(Password);
            SendLogin.WriteUShort(m_ServerID);
            SendLogin.Lock();
            m_gatewaySocket.Send(SendLogin);
        }
when 0xA101 arrives packet I send Login information it works thanks again
oksn123 is offline  
Reply

« Colored Version | need pk2 editor support spaces in blowfishkey »

Similar Threads Similar Threads
packet sending
03/31/2008 - RF Online - 4 Replies
now i know how to bypass rf online and now i can run WPE PRO w/o getting detected by fireguard.any1 can help me w/ this packet sniffing?coz i get confused on what packet to capture and send to the server.thanks
sending a packet
11/26/2007 - Conquer Online 2 - 3 Replies
I've captured a packet that I'd like to re-send to do a specific function, but I don't know how to do that. I know it involves 4 encryption keys and a packet id number. My best guess is to send the packet to a proxy that hopefully will forward it to the server properly. Anyone want to offer some tips on what to use?
Packet Capturing, Editing and Sending
09/26/2007 - Conquer Online 2 - 9 Replies
Is it possible to capture, send and edit packets for Conquer through a packet sniffer (eg:Ethernet) or will I have to write my own proxy to do it? If you can use a packet sniffer, what would be the best one to use?
Packet Editing / Sending
06/26/2005 - Tutorials - 0 Replies
hier zu finden



All times are GMT +1. The time now is 22:15.

elitepvpers - play less, get more - Top

Powered by vBulletin®
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2025 elitepvpers All Rights Reserved.