Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Any packet reversing Pro around?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
souleaper
Newbie cheater
Reputation: 0

Joined: 08 Jul 2012
Posts: 24

PostPosted: Thu Jan 03, 2019 4:02 am    Post subject: Any packet reversing Pro around? Reply with quote

These packets are just eating a medicine and healing mana.

These packets are already been XOR to Basically
F4-44-0F-0B-90-6D-00-00-C8-01 This part will not change even after restarting the game.

What i am struggling is. What type of encryption do they use to what's after that part of the packet. I looked into the time date.. and no clue.
I was looking at the receive packet, but it is so vast. I do not know what to look for. It does seem to increment by about 1or 2..

from 0A to 0C. but what about from 07 to 5D?

4:57:20 F4-44-0F-0B-90-6D-00-00-C8-01-0A-00-00-00-07
------------------------------------------
4:57:20 F4-44-0F-0B-90-6D-00-00-C8-01-0C-00-00-00-5D
------------------------------------------
4:57:20 F4-44-0F-0B-90-6D-00-00-C8-01-0D-00-00-00-4F
------------------------------------------
4:57:21 F4-44-0F-0B-90-6D-00-00-C8-01-11-00-00-00-26
------------------------------------------
4:57:21 F4-44-0F-0B-90-6D-00-00-C8-01-12-00-00-00-07
------------------------------------------
4:57:21 F4-44-0F-0B-90-6D-00-00-C8-01-13-00-00-00-67
------------------------------------------
4:57:22 F4-44-0F-0B-90-6D-00-00-C8-01-14-00-00-00-5D
------------------------------------------
4:57:22 F4-44-0F-0B-90-6D-00-00-C8-01-19-00-00-00-26
------------------------------------------
4:57:22 F4-44-0F-0B-90-6D-00-00-C8-01-1E-00-00-00-0F
------------------------------------------
4:57:22 F4-44-0F-0B-90-6D-00-00-C8-01-20-00-00-00-54
------------------------------------------
4:57:23 F4-44-0F-0B-90-6D-00-00-C8-01-21-00-00-00-26
------------------------------------------

Any guess on what type of encryption that maybe. payload size? for send?

I really appreciate any help..

Thanks.
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Thu Jan 03, 2019 4:39 am    Post subject: Reply with quote

So looking at these two:

F4-44-0F-0B-90-6D-00-00-C8-01-0A-00-00-00-07
F4-44-0F-0B-90-6D-00-00-C8-01-0C-00-00-00-5D

C8 01 0A
C8 01 0C

That part is incrementing, looking to be like a timestamp or a sync count to monitor the flow of packets to ensure things are in order. I'd assume packets from the other direction will have the other values to fill in the holes such as:

C8 01 0B
C8 01 0D

The last part 07 and 5D could be an item index or something since you said you are using something to cause these. So it could be the index in your inventory or something where the item was to be used.

Based on the data you gave, looks too small to have any real encryption applied and given the incrementing data in the middle of the packet its less likely that it's encrypted. The XOR'ing you mentioned is probably all that's being done.

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
souleaper
Newbie cheater
Reputation: 0

Joined: 08 Jul 2012
Posts: 24

PostPosted: Thu Jan 03, 2019 5:28 am    Post subject: Reply with quote

The last byte doesn't seem to be the position.. even if i put the medicine in the same position and use it.. It doesn't seem to display the same byte. It still randoms. I wonder if it has something to do with the time

Any thoughts?

Chelvan.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Thu Jan 03, 2019 6:38 am    Post subject: Reply with quote

usually the last byte is a crc check value
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
souleaper
Newbie cheater
Reputation: 0

Joined: 08 Jul 2012
Posts: 24

PostPosted: Thu Jan 03, 2019 1:00 pm    Post subject: Reply with quote

some reading shows crc checksum for bytes is

adding up all the bytes then dividing by 256
then times that by 256

the added up bytes minus that

F4-44-0F-0B-90-6D-00-00-C8-01-0A-00-00-00-07

Total without the last crc checksum is 322 in hex.. making it 802

802 / 256 = 3

256 * 3 = 768

802 - 768 = 34 which should be the crc checksum?

07 in dec is the same as in hex.. not 34..

am I doing the math wrong? or do i have to include the entire packet header? or just the payload?

or should I use the pre-xor form to calculate the checksum.. still doesn't match.

Thanks Chelvan
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Thu Jan 03, 2019 1:20 pm    Post subject: Reply with quote

There is no requirements that they should follow that calculation

Perhaps they subtract instead of add
Perhaps they add followed by xor
Perhaps there are 10 different crc calculations and the one picked is the one based on the current timer % 10

In short: It may be easier to put your hooks before encoding/decoding happens

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
souleaper
Newbie cheater
Reputation: 0

Joined: 08 Jul 2012
Posts: 24

PostPosted: Thu Jan 03, 2019 1:47 pm    Post subject: Reply with quote

my ASM is the worst of the worst..

I wrote a hello world in C#..

dump it in Cheat engine and still don't understand any of the ASM.

Sad

That's why i hope to take a different path. Looks like no luck.

Thanks anyways Chelvan
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites