Packet decode and reverse engineering menu

User Tag List

Results 1 to 1 of 1
  1. #1
    MentalSpirit's Avatar Member
    Reputation
    1
    Join Date
    Aug 2020
    Posts
    1
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Packet decode and reverse engineering

    Basically i decide to make kind of radar witch post all seen Doods in one firebase and visualize them in the web (aka archebox )
    to do that had 2 approaches to inject my code into the process and hook internal function or to create a a packet sniffer. I decided to go for the second option.

    Client version is 6.x
    so far i manage to decrypt the packets.(S2C type 5 ) here is an example packet

    Code:
    59 1b 2e 03 01 96 3d 02 15 cb 08 b7 27 23 3d 00
    00 54 b8 01 00 00 00 00 7f bd 85 00 97 10 9a 00
    14 55 03 00 00 00 00 3d 83 00 00 80 3f cf e9 07
    00 00 00 00 00 00 00 00 00 00 00 00 00 15 09 b1
    0a d9 53 34 5f 00 00 00 00 00 00 00 00 ff ff ff
    ff fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00 00 00 00 00 00
    Actually that packets looks like SCDoodadsCreatedPacket what i mean
    0x59 - checksum
    0x1b - sequance
    2e 03 - OpCode (0x32E strange)
    0x01 number of doods in list

    96 3d 02 15 - probably object id
    cb 08 - doodad_almighty_id in doodad_func_groups table
    cb 08 - id in doodad_func_groups table
    ....
    15 09 b1 0a are probably kind of time stamp to next phase


    So basically i can identify the dood unfortunately have no idea how the get the position (X,Y,Z).

    Edit :
    Here is some additional information that i found today

    After the server maintenance my sniffer start to report difernet OpCodes here is an example


    Code:
    00000000  53 07 b1 00 01 be fe 00  15 e9 08 bd 11 40 3d 00
    00000010  00 00 00 00 00 00 00 00  e9 cf 85 00 60 07 9a 00
    00000020  55 55 03 00 00 00 00 6f  bd 00 00 80 3f cf e9 07
    00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 45 b4 00
    00000040  14 06 85 33 5f 00 00 00  00 00 00 00 00 ff ff ff
    00000050  ff fe 00 00 00 00 00 00  00 00 00 00 00 00 00 00
    00000060  00 00 00 00 00 00
            OpCode : B1
            CRC : 53

    So by guess is that OpCodes are obfuscated (probably with Xor again) but the key is transmitted in some of the initial packets
    Last edited by MentalSpirit; 08-13-2020 at 06:20 AM.

    These ads disappear when you log in.

Similar Threads

  1. Replies: 4
    Last Post: 12-17-2017, 12:47 AM
  2. Replies: 4
    Last Post: 09-20-2014, 02:49 PM
  3. [Help] My concept of botting and reverse engineering
    By reliasn in forum WoW Memory Editing
    Replies: 3
    Last Post: 06-07-2012, 04:44 PM
  4. [DLL] Reverse engineered Scan.dll
    By Seifer in forum World of Warcraft Bots and Programs
    Replies: 35
    Last Post: 04-15-2008, 08:06 PM
  5. Modified/Patched TSearch and Cheat Engine 5.0
    By FrodoTBaggins in forum World of Warcraft Bots and Programs
    Replies: 4
    Last Post: 07-16-2007, 03:35 AM
All times are GMT -5. The time now is 06:01 PM. Powered by vBulletin® Version 4.2.3
Copyright © 2021 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2021 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search