-
Member
packet encryption
So I downloaded this game and I wanted to try to create an emulator for it. Found this thread about packet encryption (https://www.ownedcore.com/forums/mmo...4-packets.html (Packets)) but I can't remove the encryption to see at least the login packet. I was wondering if someone already has made any progress on this subject and could share with me.
I'm also trying to run PoE via OllyDbg but it always crash. (already using 32bit version). Can anyone give me some light?
I have experience with emulators (already emulated Priston Tale) so I think I know a little bit to get this going. I'm just not that good at reversing all the protocols and encryption. (priston tale has a very weak packet encryption system. not really encryption, its xor based only so it was easier.)
Last edited by lelejau; 01-29-2019 at 03:55 PM.
-
Member
I haven't looked into this at all yet but I am planning to take a crack at it. Will definitely keep my eye on this thread for any updates and share any progress I make.
-
Here are some tips for doing analysis of the game client and network traffic:
- The network traffic is encrypted with SALSA20.
- You should use WinDbg instead of Ollydbg and your life will be better.
- You should be analyzing the 64-bit version of the game because they will soon be dropping support for the 32-bit version. If they haven't already, actually.
You should check out some quick notes I made in my maphack thread (https://www.ownedcore.com/forums/mmo...ml#post3817135 (exmap: Maphack, Packet Logger, etc.)).
-
Post Thanks / Like - 1 Thanks
Sychotix (1 members gave Thanks to maper for this useful post)
-
Member
Originally Posted by
maper
Here are some tips for doing analysis of the game client and network traffic:
- The network traffic is encrypted with SALSA20.
- You should use WinDbg instead of Ollydbg and your life will be better.
- You should be analyzing the 64-bit version of the game because they will soon be dropping support for the 32-bit version. If they haven't already, actually.
You should check out some quick notes I made in my maphack thread (
https://www.ownedcore.com/forums/mmo...ml#post3817135 (exmap: Maphack, Packet Logger, etc.)).
Thank you for the reply as well as the PM!
At this point, I think we have the traffic and decryption sorted but I think GGG is blocking VirtualQueryEx from grabbing the keys from memory. Currently investigating either a way to make sure it works or use a different method for getting the server side key from memory.
I'm not 100% certain this is the case but I don't know of any quick way to test VirtualQueryEx since I'm still relatively new to this. Any thoughts are welcome!
-
Originally Posted by
leethobbit
Thank you for the reply as well as the PM!
At this point, I think we have the traffic and decryption sorted but I think GGG is blocking VirtualQueryEx from grabbing the keys from memory. Currently investigating either a way to make sure it works or use a different method for getting the server side key from memory.
I'm not 100% certain this is the case but I don't know of any quick way to test VirtualQueryEx since I'm still relatively new to this. Any thoughts are welcome!
VirtualQueryEx won't give you the memory contents, only information describing the properties of a particular memory region.
If you're looking to read the memory from an external process, you want ReadProcessMemory.
-
Member
Yeah I thought of that as soon as I posted, whoops lol. So, I'm guessing the packet IDs just aren't lining up right as they were updated in the last major update. I still need to investigate further as I'm not sure exactly where the breakdown is occurring.
I also started working on an older client. Does anyone here still have old wireshark capture files or logs of packets saved? I'd love to take a look at some legit server communications from older versions of the game to compare.
-
Active Member
tfw people try to reverse entire cryptos when you can manipulate the clients entire network stack with a 5 byte patch
-
Member
Originally Posted by
maper
Here are some tips for doing analysis of the game client and network traffic:
- The network traffic is encrypted with SALSA20.
- You should use WinDbg instead of Ollydbg and your life will be better.
- You should be analyzing the 64-bit version of the game because they will soon be dropping support for the 32-bit version. If they haven't already, actually.
You should check out some quick notes I made in my maphack thread (
https://www.ownedcore.com/forums/mmo...ml#post3817135 (exmap: Maphack, Packet Logger, etc.)).
How did you guys find out that Path of Exile was using Salsa20?