View previous topic :: View next topic |
Author |
Message |
souleaper Newbie cheater Reputation: 0
Joined: 08 Jul 2012 Posts: 24
|
Posted: Thu Jan 03, 2019 4:02 am Post subject: Any packet reversing Pro around? |
|
|
These packets are just eating a medicine and healing mana.
These packets are already been XOR to Basically
F4-44-0F-0B-90-6D-00-00-C8-01 This part will not change even after restarting the game.
What i am struggling is. What type of encryption do they use to what's after that part of the packet. I looked into the time date.. and no clue.
I was looking at the receive packet, but it is so vast. I do not know what to look for. It does seem to increment by about 1or 2..
from 0A to 0C. but what about from 07 to 5D?
4:57:20 F4-44-0F-0B-90-6D-00-00-C8-01-0A-00-00-00-07
------------------------------------------
4:57:20 F4-44-0F-0B-90-6D-00-00-C8-01-0C-00-00-00-5D
------------------------------------------
4:57:20 F4-44-0F-0B-90-6D-00-00-C8-01-0D-00-00-00-4F
------------------------------------------
4:57:21 F4-44-0F-0B-90-6D-00-00-C8-01-11-00-00-00-26
------------------------------------------
4:57:21 F4-44-0F-0B-90-6D-00-00-C8-01-12-00-00-00-07
------------------------------------------
4:57:21 F4-44-0F-0B-90-6D-00-00-C8-01-13-00-00-00-67
------------------------------------------
4:57:22 F4-44-0F-0B-90-6D-00-00-C8-01-14-00-00-00-5D
------------------------------------------
4:57:22 F4-44-0F-0B-90-6D-00-00-C8-01-19-00-00-00-26
------------------------------------------
4:57:22 F4-44-0F-0B-90-6D-00-00-C8-01-1E-00-00-00-0F
------------------------------------------
4:57:22 F4-44-0F-0B-90-6D-00-00-C8-01-20-00-00-00-54
------------------------------------------
4:57:23 F4-44-0F-0B-90-6D-00-00-C8-01-21-00-00-00-26
------------------------------------------
Any guess on what type of encryption that maybe. payload size? for send?
I really appreciate any help..
Thanks.
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8516 Location: 127.0.0.1
|
Posted: Thu Jan 03, 2019 4:39 am Post subject: |
|
|
So looking at these two:
F4-44-0F-0B-90-6D-00-00-C8-01-0A-00-00-00-07
F4-44-0F-0B-90-6D-00-00-C8-01-0C-00-00-00-5D
C8 01 0A
C8 01 0C
That part is incrementing, looking to be like a timestamp or a sync count to monitor the flow of packets to ensure things are in order. I'd assume packets from the other direction will have the other values to fill in the holes such as:
C8 01 0B
C8 01 0D
The last part 07 and 5D could be an item index or something since you said you are using something to cause these. So it could be the index in your inventory or something where the item was to be used.
Based on the data you gave, looks too small to have any real encryption applied and given the incrementing data in the middle of the packet its less likely that it's encrypted. The XOR'ing you mentioned is probably all that's being done.
_________________
- Retired. |
|
Back to top |
|
|
souleaper Newbie cheater Reputation: 0
Joined: 08 Jul 2012 Posts: 24
|
Posted: Thu Jan 03, 2019 5:28 am Post subject: |
|
|
The last byte doesn't seem to be the position.. even if i put the medicine in the same position and use it.. It doesn't seem to display the same byte. It still randoms. I wonder if it has something to do with the time
Any thoughts?
Chelvan.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Thu Jan 03, 2019 6:38 am Post subject: |
|
|
usually the last byte is a crc check value
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
souleaper Newbie cheater Reputation: 0
Joined: 08 Jul 2012 Posts: 24
|
Posted: Thu Jan 03, 2019 1:00 pm Post subject: |
|
|
some reading shows crc checksum for bytes is
adding up all the bytes then dividing by 256
then times that by 256
the added up bytes minus that
F4-44-0F-0B-90-6D-00-00-C8-01-0A-00-00-00-07
Total without the last crc checksum is 322 in hex.. making it 802
802 / 256 = 3
256 * 3 = 768
802 - 768 = 34 which should be the crc checksum?
07 in dec is the same as in hex.. not 34..
am I doing the math wrong? or do i have to include the entire packet header? or just the payload?
or should I use the pre-xor form to calculate the checksum.. still doesn't match.
Thanks Chelvan
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Thu Jan 03, 2019 1:20 pm Post subject: |
|
|
There is no requirements that they should follow that calculation
Perhaps they subtract instead of add
Perhaps they add followed by xor
Perhaps there are 10 different crc calculations and the one picked is the one based on the current timer % 10
In short: It may be easier to put your hooks before encoding/decoding happens
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
souleaper Newbie cheater Reputation: 0
Joined: 08 Jul 2012 Posts: 24
|
Posted: Thu Jan 03, 2019 1:47 pm Post subject: |
|
|
my ASM is the worst of the worst..
I wrote a hello world in C#..
dump it in Cheat engine and still don't understand any of the ASM.
That's why i hope to take a different path. Looks like no luck.
Thanks anyways Chelvan
|
|
Back to top |
|
|
|