Jump to content

Protocol


Guest hasokeric
 Share

Recommended Posts

Dear Developers,

This is a hot question that many would like to know and it is also a question that is asked many times and quite often.

When sniffing Packets

- How do you determine the Encryption

- How do you decrypt (figure out) the key

For example while googling one MMORPGs Blowfish key was [1;$1[jk0; now how does one figure that out leaves me clueless i have searched and looked at Java and C++ Source Codes of other MMORPG Emulation still i am clueless.

I hope someone can take some time and answer this question with a little bit more detail than found on other forums.

Perhaps someone could list the tools recommended, the steps required.

Link to comment
Share on other sites

The most efficient way is to read it from the wow process itself - simply memory reading as it's done there:

http://hg.sharesource.org/sniffitzt/file/04b874f8d78d/tools/SniffitztClient.cpp

If you don't plan to write the decryption part on your own, you also might want to have a look at the whole project http://sharesource.org/project/sniffitzt/

What is the difference now between Encryption Key and 'Session Key'

can you define Session Key - as in what is it; what is it used for ?

sessionKey contains only of zeros - unlikely..
reading sessionkey failed - will try again in 1 second
Got pointer: 0X86DDDF8
Got sessionkey: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
checking plausibility
sessionKey contains only of zeros - unlikely..
reading sessionkey failed - will try again in 1 second
Got pointer: 0X86DDDF8
Got sessionkey: 29 82 97 1F 7C 18 DA CF 8C 0C AE 5A 75 FC 54 BE E2 BF 9B C6 52 6
A C4 08 2D 15 18 09 64 EA 4E 4A 73 74 C4 3E B5 A4 CB 88
checking plausibility
trying to send it to sniffitzt

Link to comment
Share on other sites

Basically,

We are looking for a Guide/Tutorial or Screencast that will show us 'the beginners' example how to "Sniff" some packets and Sniff the Key and then manually decrypt or decrypt automatically.

If someone could make such tutorial would rock if not; What Guide or Where have you learned how to do - what you do (sniffing, decrypting, detecting encryption) you could also leave some references.

Link to comment
Share on other sites

Really no one ?

Anyways here is some more Research

As for packets analysis I found that the best way to learn is by studying existing code + "doing some practice man" :)

only after it you will be able to recognize packet (just for example) in wireshark

0000  00 50 22 e1 60 22 00 1c  42 fc ab 73 08 00 45 00   .P".`".. B..s..E.
0010  00 31 27 12 40 00 6e 06  41 65 60 ec 82 b6 c0 a8   .1'[email protected] Ae`.....
0020  00 05 1e 61 c0 e5 9f 2c  a7 20 74 ac 81 63 50 18   ...a..., . t..cP.
0030  fd 5c 64 9f 00 00 09 00  01 54 fe 37 1d 47 68      .\\d..... .T.7.Gh 

== SM_KEY

 09 00  01 54 fe 37 1d 47 68

where

09 00 - length

01 - crypted opcode 0x41

54 - static server packet code 0x54

fe - ~ of 0x01

rest bytes (37 1d 47 68 and it is integer generated randomly by server + some mod) - is the key for encryption of the other packets

probably, i should try to write an article after i'll be used to all this stuff

Link to comment
Share on other sites

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy Terms of Use