Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[Tutorial] Winsock Packet Editor Pro
Goto page 1, 2, 3 ... 14, 15, 16  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
Monkeys
I post too much
Reputation: 29

Joined: 20 Jul 2006
Posts: 2411

PostPosted: Sun Jul 08, 2007 8:05 am    Post subject: [Tutorial] Winsock Packet Editor Pro Reply with quote

I'll explain all the things you need to know to start with WPE.

First of all, your Anti-Virus will probably recognise WPE as a Trojan, but it isn't really one, it's a packet sniffer. Not something AV like.

Now, the main 6 aspects of WPE are:
Attaching WPE Pro
Packet Sniffing
Packet Sending
Packet Editing
Packet Filters
Saving/Loading Packetlists/filters

These are the 6 things I will be explaining in this tutorial

[u:7e5154295a]Attaching WPE Pro:[/u:7e5154295a]
To get started, you need to attach your WPE to the program you'd like to hack.
To attach WPE to a program you need to have both WPE and the program running ofcourse.
As an example I will be using Dark Eden, to use some old screenshots I already had.
Now, to attach WPE to the program press the "Target Program"-button (marked with 1). After clicking it a window will pop up, and in that window you search for the program you'd like to attach to and highlight it (as in 2). Now press "Open" (marked with 3) and you'll have attached WPE to the program!
[img:7e5154295a]http://i996.photobucket.com/albums/af87/MonkeysCEF/CEF/1vl2.png[/img:7e5154295a]

[u:7e5154295a]Packet Sniffing:[/u:7e5154295a]
To sniff for packets going in and out a program, you need to attach to the program and press the play button in the Trace Control (upper box with the meters in it). If you press the button WPE will start sniffing packets and will keep doing that untill either you press the red stop button or the buffer is maxed. (To adjust your max. buffer go to View>Option and change the number in the Buffer area to what you'd like to be the max. buffer)
When WPE stops recording a window will pop up containing all the sniffed packets. It will show the number of the packet, the first 50 double digits and the translation of those 50 digits and if it's either Send, Sendto, Received or ReceivedFrom.
Send means the packet started in your computer, Received means it came from somewhere else.
If you want your WPE pro to only snif for a certain type of packet go to View>Option and tag/untag the corresponding boxes in the Winsock Functions part. (In example, if you want to snif only for Send packets, untag Received, ReceivedFrom and SendTo)

[u:7e5154295a]Packet Sending:[/u:7e5154295a]
If you want to start sending packets, you need to know how to add packets to your sending list. There are 3 possible ways: Making a new packet(as marked with 2), Loading a saved packetlist or getting one out of your sniffed packets list.
I won't explain how to make completely new packets, because beginning hackers won't have any use with it, and Loading a saved packetlist will be explained later on.
To get one out of your sniffed packet list you need to double click it in the window that poped up after sniffing for packets. Note: Received packets are often not good for sending.
If you added one to your list you will see "[]New Packet" in your send list.
If you do not see it it could either be because you didn't add it well, or you're still on your filter list. To go to your send list just press the Send tab (marked with 1).
[img:7e5154295a]http://i996.photobucket.com/albums/af87/MonkeysCEF/CEF/2hi1.png[/img:7e5154295a]
To start sending the packets you need to tag the boxes ([ ] > [X]) of those you'd like to send, and then press the play button in the Actions Console (bottom part with the Send and Filter list in it). A new window will pop up. Here you can fill in how many times you'd like to send the packets, and at what speed. You can also chose between Open Socket and New Socket, I won't explain New socket so just stick to Open socket.
if you use open socket, you'll have to make sure the propper port is filled in. To make sure you've filled in the propper port, just right click on one of the packets in the Sniffed packets list and select "Set Send list with this socket id". You only have to do this only once per time you attach to a program.
When all is in order in the Send Settings Window, you press the play button and WPE will start sending packets. To stop sending packets, click the red stop button in the Actions Console.

[u:7e5154295a]Packet Editing:[/u:7e5154295a]
To edit a packet you need to have it in your send list.
Double click the packet and a new window will pop up with all the information about the packet. In there you can read all the information there is about the packet and not only the first 50 double digits.
Things there are to change:
a. double digits
b. translation of the digits
c. name
d. size

a. Just higlight one of the digits and press the key you want to change it with. Note: this will automaticly generate the new translation aswel.
b. Just highlight the part you want to change, and change it. Note: this will also change the digits accordingly, but they might change in the wrong ones.
c. The name your packet has in your send list, no biggy, only makes it easier to differ one packet from another.
d. Changes to this number will change the amount of double digits you have in your packet. Increasing it will add a couple of 00 digits, and decreasing will remove a couple of the last double digits.

I can't tell you in what you should change the digits when changing them, because every game uses his own coding his packets.

[u:7e5154295a]Packet Filters:[/u:7e5154295a]
First of all go to the Filter list by pressing the Filter tab in the Actions Console.
There you'll see a list of empty filters. To add new filters you have 2 possible ways: making one yourself or loading a saved one(I'll explain this in the next chapter).
Making your own filter is easy. Double click one of the filters in the list and a Filter Edit window will pop up.
[img:7e5154295a]http://i996.photobucket.com/albums/af87/MonkeysCEF/CEF/wpeaz8.png[/img:7e5154295a]

1. The name your filter will have in the filter list.
2. To which type of packets the filter will be aplied to.
3. What type of filter you want. I'll explain the normal filter first.
4. Tag this box ([ ] > [X]) if you only want the filter to stop these packets from coming in, and not edit them.
5. Search: The double digits the filter will search for. Modify: Into what the filter will change the found packet's double digits.
6. Number of times it will apply the modification.
7.Advanced Filter option, will be explained later on.

To make a normal filter, just fill in after SEARCH the double digits it needs to look for manually or copy paste it from the packet window in the send list. Then fill in after MODIFY what those digits need to change in.
You can also make the filter only change Send or Received packets by tagging/untagging the coresponding boxes.

Advanced filters are for the little bit more advanced hackers, but aren't that hard really.
[img:7e5154295a]http://i996.photobucket.com/albums/af87/MonkeysCEF/CEF/wpenn5.png[/img:7e5154295a]
This will be the window when you select "the beginning of the packet". Modifications will now start from the point in the packet where the matching double digits were found.
Now you can also adjust the max. length in the packet the filter will search in. Just tag the box and fill in the number, no biggy.
You can also make the filter change one or 2 double digits in the found packet instead of the whole found packet.

[img:7e5154295a]http://i996.photobucket.com/albums/af87/MonkeysCEF/CEF/wperu5.png[/img:7e5154295a]
This is the window you get when "from the position of the chain found" is selected.
Here you can modify digits that came before the chain you were looking for, and not only after or in. Nothing else changes really.


Ok, now you know how to make filters. To run filters, just select them and press the little "On" button. The filter list will turn gray, and you won't be able to edit the filters anymore, but they will be active. To stop using the filters just hit the little "On" button again.


[u:7e5154295a]Saving/Loading Packetlists/Filters:[/u:7e5154295a]
[i:7e5154295a]Packetlists:[/i:7e5154295a]

To save a packetlist just press the little floppy disk (marked with 1), fill in the name for your list (marked with 2) and press the "Save" button(marked with 3).
If saved properly you will see a file in the directory with the name of your list and a .spt ending (like the one marked with 4).
[img:7e5154295a]http://i996.photobucket.com/albums/af87/MonkeysCEF/CEF/wpexe9.png[/img:7e5154295a]

To load a packetlist press the folder button(marked with 1), chose the propper file(as for example the file marked with 2) and press "Open"(marked with 3). The list will show up under the current list in your Send list.
[img:7e5154295a]http://i996.photobucket.com/albums/af87/MonkeysCEF/CEF/wpegi5.png[/img:7e5154295a]

[i:7e5154295a]Filters:[/i:7e5154295a]
Same as in packetlists, but then when you're looking at the Filters Tab.
Note: you can also create a password protected save with filters.




That's all for the tutorial kids, if you enjoyed reading it, or/and found errors in it, feel free to post Smile.
Owh and, ofcourse, reputation is always welcome Smile (a positive one that is XD)



[i:7e5154295a]Links that come in handy:[/i:7e5154295a]
WPE Pro:
https://mega.co.nz/#!QEFX2Z5a!Gsv3jYQAwQLROsrWs3mo2kMXSERKrG-XcUFGclleoWM

Translation Site, translates Text into HEX and HEX into Text, incase you want to make your own packets etc...
http://www.paulschou.com/tools/xlate/
ASCII table:
http://www.robelle.com/library/smugbook/ascii.html

_________________
Get a lid on that zombie,
he's never gonna be alri-i-ight.
Oooh get a lid on that zombie,
or he's gonna feed all night.


Last edited by Monkeys on Sat Jul 12, 2014 5:38 am; edited 18 times in total
Back to top
View user's profile Send private message
SturmxHawke
Expert Cheater
Reputation: 0

Joined: 14 Jun 2007
Posts: 115
Location: The Netherlands - Sliedrecht

PostPosted: Sun Jul 08, 2007 8:27 am    Post subject: Reply with quote

I got WPE Pro, but when I try to unpack it it won't unpack the dll that it needs to start, does anyone have that dll for me?

Thakns in advance and nice tut, when I got WPE I'll use this tut for it Wink
Back to top
View user's profile Send private message Visit poster's website
Monkeys
I post too much
Reputation: 29

Joined: 20 Jul 2006
Posts: 2411

PostPosted: Sun Jul 08, 2007 8:31 am    Post subject: Reply with quote

SturmxHawke wrote:
I got WPE Pro, but when I try to unpack it it won't unpack the dll that it needs to start, does anyone have that dll for me?

Thakns in advance and nice tut, when I got WPE I'll use this tut for it Wink

You can't unpack it because your AV thinks it's a virus.
You could either put the WPEspy.dll in you AV's safe list or turn off your AV while unpacking and looking at the file.
If you haven't already you could also try Callaw's AV friendly WPE. This works with a couple of AV's.

_________________
Get a lid on that zombie,
he's never gonna be alri-i-ight.
Oooh get a lid on that zombie,
or he's gonna feed all night.
Back to top
View user's profile Send private message
C0dereality.Frost
Advanced Cheater
Reputation: 0

Joined: 28 May 2007
Posts: 61

PostPosted: Sun Jul 08, 2007 9:12 am    Post subject: Reply with quote

I LOVE YOU! lol only problem is i get "cannot create event" thats a new one to me...anyone? i got the newest .net Very Happy fyi
Back to top
View user's profile Send private message Yahoo Messenger
Monkeys
I post too much
Reputation: 29

Joined: 20 Jul 2006
Posts: 2411

PostPosted: Sun Jul 08, 2007 9:17 am    Post subject: Reply with quote

When exactly do you get that error? :s
_________________
Get a lid on that zombie,
he's never gonna be alri-i-ight.
Oooh get a lid on that zombie,
or he's gonna feed all night.
Back to top
View user's profile Send private message
SturmxHawke
Expert Cheater
Reputation: 0

Joined: 14 Jun 2007
Posts: 115
Location: The Netherlands - Sliedrecht

PostPosted: Sun Jul 08, 2007 10:04 am    Post subject: Reply with quote

I've turned off my AV's but still it won't unpack, I'll try that Callaw's thing Razz Thanks Wink
Back to top
View user's profile Send private message Visit poster's website
Monkeys
I post too much
Reputation: 29

Joined: 20 Jul 2006
Posts: 2411

PostPosted: Sun Jul 08, 2007 10:26 am    Post subject: Reply with quote

Hmm, strange. Maybe a milliscious file?
I'm sure Callaw's isn't corrupted, so if that doesn't work I don't know what would :s

_________________
Get a lid on that zombie,
he's never gonna be alri-i-ight.
Oooh get a lid on that zombie,
or he's gonna feed all night.
Back to top
View user's profile Send private message
SturmxHawke
Expert Cheater
Reputation: 0

Joined: 14 Jun 2007
Posts: 115
Location: The Netherlands - Sliedrecht

PostPosted: Sun Jul 08, 2007 11:08 am    Post subject: Reply with quote

It just refuses to unpack the dll, I've shut down all my AV's redownloaded the thing 3 times and have unpacked it over 20 times, I've restarted my computer, shut down my AV's and tried again and again but nothing seems to work Sad I'll just have to live without it XD
Back to top
View user's profile Send private message Visit poster's website
Monkeys
I post too much
Reputation: 29

Joined: 20 Jul 2006
Posts: 2411

PostPosted: Sun Jul 08, 2007 11:18 am    Post subject: Reply with quote

That's strange indeed. Are you sure you disabled all of your Av's completely?
_________________
Get a lid on that zombie,
he's never gonna be alri-i-ight.
Oooh get a lid on that zombie,
or he's gonna feed all night.
Back to top
View user's profile Send private message
SturmxHawke
Expert Cheater
Reputation: 0

Joined: 14 Jun 2007
Posts: 115
Location: The Netherlands - Sliedrecht

PostPosted: Sun Jul 08, 2007 2:05 pm    Post subject: Reply with quote

I shut down all my AV and the redownloaded, but it just wouldn't work, I checked ctrl-alt-del processes and the icons in the bottomleft but there were no AV's on, otherwise one of em would have alerted me when I opened WPE Pro .rar file, also that so called undetected WPE Pro is detected by both my AV's Razz
Back to top
View user's profile Send private message Visit poster's website
Monkeys
I post too much
Reputation: 29

Joined: 20 Jul 2006
Posts: 2411

PostPosted: Sun Jul 08, 2007 2:35 pm    Post subject: Reply with quote

Yeah, it used to be undetected, but AV's update fast Very Happy
And I'm sorry, I don't know anything else that could work... maybe try putting it in your AV's safe list? I'm all out of ideas :s

_________________
Get a lid on that zombie,
he's never gonna be alri-i-ight.
Oooh get a lid on that zombie,
or he's gonna feed all night.
Back to top
View user's profile Send private message
SturmxHawke
Expert Cheater
Reputation: 0

Joined: 14 Jun 2007
Posts: 115
Location: The Netherlands - Sliedrecht

PostPosted: Sun Jul 08, 2007 2:41 pm    Post subject: Reply with quote

I'll see if I can find the safe-list (if there is one and I can find it) Razz
Back to top
View user's profile Send private message Visit poster's website
C0dereality.Frost
Advanced Cheater
Reputation: 0

Joined: 28 May 2007
Posts: 61

PostPosted: Sun Jul 08, 2007 2:53 pm    Post subject: Reply with quote

The creation of Event error, was resolved. The error came from the file i got directly from the maker. The working version came from a popular download site. the working pack had only 2 files, the non working had 7 files. Go figure. Now that said. I've done some experimenting, however (no I'm no leech) I'd like to see an example of it, being used on ANY game. Dont need pics, just some documentation.

So far I've experimented with intercepting XP on planetside. Intercept, get 2 or 3 events of xp, and look over it hunting for the hex values of the XP i gained. I find it, but and done some pattern comparison. And never see the same packet used twice.

2nd q: does one normally NOT see ip of the server? or is it just me?
Back to top
View user's profile Send private message Yahoo Messenger
Monkeys
I post too much
Reputation: 29

Joined: 20 Jul 2006
Posts: 2411

PostPosted: Sun Jul 08, 2007 2:58 pm    Post subject: Reply with quote

C0dereality.Frost wrote:
The creation of Event error, was resolved. The error came from the file i got directly from the maker. The working version came from a popular download site. the working pack had only 2 files, the non working had 7 files. Go figure. Now that said. I've done some experimenting, however (no I'm no leech) I'd like to see an example of it, being used on ANY game. Dont need pics, just some documentation.

So far I've experimented with intercepting XP on planetside. Intercept, get 2 or 3 events of xp, and look over it hunting for the hex values of the XP i gained. I find it, but and done some pattern comparison. And never see the same packet used twice.

2nd q: does one normally NOT see ip of the server? or is it just me?


1. Some more advanced game developers use a sofisticated code for theyr packets, and add some sort of randomiser into it. It's not really random, it follows a certain patern, but to us (those who do not know the patern) it's random.

2. Never experienced that, or read anything about it, so yeah.

About the application to a game: Check the locked Dark Eden forum, I've got a tutorial on how to make the health hack for DE there, that might help you.
If that doesn't help, I'll try and find another game Smile

_________________
Get a lid on that zombie,
he's never gonna be alri-i-ight.
Oooh get a lid on that zombie,
or he's gonna feed all night.
Back to top
View user's profile Send private message
C0dereality.Frost
Advanced Cheater
Reputation: 0

Joined: 28 May 2007
Posts: 61

PostPosted: Sun Jul 08, 2007 3:08 pm    Post subject: Reply with quote

hmmmm I'm slightly concerned, two distinctly different packs, now i'm worried i got nailed. wpepro.net the official site or not?
Back to top
View user's profile Send private message Yahoo Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Goto page 1, 2, 3 ... 14, 15, 16  Next
Page 1 of 16

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites