Potion packets at ZSZC

sarkoplata · 03/29/2011, 14:08

I am trying to create a packetbased autopot for zszc retro ,
but the hell phanalyzer doesn't capture them.
When I try to capture them via WPE PRO it turns back as

Code:

03 80 FA FC D6 0B 1F 3A 02 AB

but my project at vb can send which ph analyzer gives me.
"opcode" + "data"
so can anyone teach me how to get this packets as that way or what's the problem?

sarkoplata · 03/29/2011, 15:45

*bump*

sarkoplata · 03/29/2011, 19:08

*bumpp*

kevin_owner · 03/29/2011, 22:27

Wauw 2 bumps at the same day....

Oke well could you explain a little bit more about what you are doing right now and how you think you would be able to create that auto pot.

Cause the packet is obviously encrypted so you need the blowfish key to encrypt it which you can get from the first 4 packets which is the handshake process (read drew's articles also the one on scridb)

After you got this key you can build all the packets you want and send it to the server.

sarkoplata · 03/30/2011, 09:01

Quote:

Originally Posted by kevin_owner

Wauw 2 bumps at the same day....

Oke well could you explain a little bit more about what you are doing right now and how you think you would be able to create that auto pot.

Cause the packet is obviously encrypted so you need the blowfish key to encrypt it which you can get from the first 4 packets which is the handshake process (read drew's articles also the one on scridb)

After you got this key you can build all the packets you want and send it to the server.

First , is it forbidden to do 2bumps in same day?

My program just reads the values of hp and mp from the memory
(ReadProcessMemory)
And when (e.g. If ReadProcessMemory(readHandle, pointer + &H3BC, bytes, 24, rw) < textbox.text / 100 * maxHP Then
SendPacket("opcode" , "data")
End If
that was my idea
#or i thought something another
I guess you know lolkop's bot with source , he presses button from ram
(WriteProcessMemory)
So that can be possible too it doesn't have problems with chat
But new APIs , new commands are needed for them
And I am not qualified yet :P

lolkop · 03/30/2011, 09:06

items can't be used that easily...
you need to know the position in ur inventory, to be able to use it.

sarkoplata · 03/30/2011, 09:13

Quote:

Originally Posted by lolkop

items can't be used that easily...
you need to know the position in ur inventory, to be able to use it.

yes actually that's why I was trying to do same in your autoit project

Can anyone make little translate for this auto-it code? ( I am working on vb)

Code:

"Func UseUnderbar($key)
	If $key>40 Or $key<0 Then Return False
	Local $underbar1 = 0x5D2070, $underbar2 = 0x4F92E0
	Local $functionPointer, $remoteThread
	$functionPointer = VirtualAllocEx($mid, 29)
	WriteProcessMemory($mid, $functionPointer, '608B35'&_Hex($actionBase)&'B8'&_Hex($key)&'508BCEE8'&_Hex($underbar1-$functionPointer-20)&'8BC8E8'&_Hex($underbar2-$functionPointer-27)&'61C3')
	$remoteThread = CreateRemoteThread($mid, $functionPointer)
	WaitForSingleObject($remoteThread)
	VirtualFreeEx($mid, $functionPointer)
	CloseHandle($remoteThread)
EndFunc"

InvincibleNoOB · 03/30/2011, 11:16

Quote:

Originally Posted by sarkoplata

03 80 FA FC D6 0B 1F 3A 02 AB

That's the UseItem packet, it's encrypted. Either proxy the connection or hook sro_client to get your packet properly blowfished. Keeping track of inventory's content is also necessary.

Isn't there an auto-potion for zszc?

kevin_owner · 03/30/2011, 11:23

Agreed with InvincibleNoOB, You have to think about way more than just a packet which you have to send. It seems like a little program but you got to deal with the security, and what lolkop and InvincibleNoOB said the inventory's content.

I suggest you to read some articles of drew benton to understand the silkroad security and how to parse packets ect. before you touch things like this.

sarkoplata · 03/30/2011, 11:39

Quote:

Originally Posted by InvincibleNoOB

That's the UseItem packet, it's encrypted. Either proxy the connection or hook sro_client to get your packet properly blowfished. Keeping track of inventory's content is also necessary.

Isn't there an auto-potion for zszc?

Yes , there is an auto-potion for zszc , but i don't care it actually , I wanna make my own tool. ( Im already working on it for 3weeks , some of thigs are OK)

Now , I have made my autopot with pressing keys , of course , It interrups chatting very badly.
And you are saying me that first I have to read whats in the inventory , so I guess it will be done when I have more knowledge about packets.
So I thought lolkop's way is easier and safer, I did WriteProcessMemory api's, and coded it. I don't know why it doesn't press the button , ( like silkmods. ) lolkop shared the source of that bot but I can't understand anything from Autoit so, I need help about this.
Because this when I press for chat my window becomes "999999999999999999999"

Because Im not happy with this

kevin_owner · 03/30/2011, 11:47

Well my opinion is that packet based tool are safer and faster.

cause if you write something to your sro client you interact with the client. If you have some proxy bewteen the client and the server you can send whatever you want once you have the blowfish key.
and it's faster because it connects directly with the server and you can read the packets from the server and handle them.

so packet based you have some tool running in the background just like a bot which can respond as fast as possible if it's needed.

and that way you can easily expand your tool cause you can handle every packet and send your own stuff. So you could actually think about something like a bot.

lolkop · 03/30/2011, 11:51

i've written a basic tutorial of

...

sarkoplata · 03/30/2011, 12:40

Quote:

Originally Posted by lolkop

i've written a basic tutorial of ...

Thanks lolkop , I will check it.

sarkoplata · 03/30/2011, 13:24

Quote:

Originally Posted by sarkoplata

Thanks lolkop , I will check it.

well , as I read the whole text , I didn't understand so many things.

I've never used ollydbg before , used ollyIce for few times

Btw , all of your codes are for autoit , and my autoit is 0 too

I set the apis , VirtualAllocEx , Write processmemory etc but I didn't understand anything about that underbar offsets.
Can anyone who understand it explain me in a simple way

lolkop · 03/30/2011, 13:29

Quote:

Originally Posted by sarkoplata

well , as I read the whole text , I didn't understand so many things.
I've never used ollydbg before , used ollyIce for few times
Btw , all of your codes are for autoit , and my autoit is 0 too
I set the apis , VirtualAllocEx , Write processmemory etc but I didn't understand anything about that underbar offsets.
Can anyone who understand it explain me in a simple way

nah my tutorials are mainly written, to show, that all of it can be done in asm.
the asm code can be used in almost every language.

if u're not able to understand the reversing part, you should start learning about it, with some easy tutorials, or at least start learning asm.

since u're able to build dlls in vb, those things could be used way better, since you can directly step into the client functions.