Help with decrypt. menu

User Tag List

Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 31
  1. #16
    WOST's Avatar Member
    Reputation
    1
    Join Date
    Oct 2012
    Posts
    33
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What about the linearity of the key? I think he is not linear.
    And a few words about XORed key. I didn't find desired algorithm. My debugger is resisting - prevents int3 BP.
    So there is 2 ways:
    1) Create a copy swtor.exe and run in sleep mode.
    2) Search for working debugger with original swtor.exe.
    I'm trying the first way, let's see what happens.

    What is with your progress?

    Help with decrypt.
  2. #17
    WOST's Avatar Member
    Reputation
    1
    Join Date
    Oct 2012
    Posts
    33
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Update:

    1) I solved the problem with XOR'ed key. It's easy.
    We need to create proxy_exe for swtor.exe (to run it in the sleep mode), then write our own debugger (because swtor.exe has anti-debbug and it crushed at the moment of connection to suspend process). So, when you'll finished this steps you can find XOR algorithm and XOR key without any problems.

    2) I noticed that client sends 2 RSA packets with info (login, password in hash and salsa20 keys), so we need to repeat hook to gameserver.

    It's format of loginserver RSA packet:

    DWORD loginLength;
    CHAR login[loginLength];
    DWORD passwordHashLength;
    CHAR passwordHash[passwordHashLength];
    BYTE key1[32];
    BYTE key2[32];
    BYTE iv1[8];
    BYTE iv2[8];

    Gameserver packet is similar to loginserver.

  3. #18
    WOST's Avatar Member
    Reputation
    1
    Join Date
    Oct 2012
    Posts
    33
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    key size:

    public key = 292 byte; // located at data1 section
    private key = 1216 byte.

  4. #19
    yamashi12's Avatar Master Sergeant
    Reputation
    60
    Join Date
    Jan 2011
    Posts
    126
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You are only there...

  5. #20
    WOST's Avatar Member
    Reputation
    1
    Join Date
    Oct 2012
    Posts
    33
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    yes and I've done my base for the decryption
    Have you more in 1.5. version?

  6. #21
    yamashi12's Avatar Master Sergeant
    Reputation
    60
    Join Date
    Jan 2011
    Posts
    126
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Have you figured out how to remove certificate verification ?

  7. #22
    WOST's Avatar Member
    Reputation
    1
    Join Date
    Oct 2012
    Posts
    33
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ssl for server list?

  8. #23
    WOST's Avatar Member
    Reputation
    1
    Join Date
    Oct 2012
    Posts
    33
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yeah, I've decrypted rsa pasket (loginserver).
    In the packet are 41 byte of some data(idk what is it) SKFWUZDKWMNYJKSBUFOYDBDEDHKIQHUKRZHOZMYX and after that salsa20 keys.
    I'm working on my sniffer, soon it'll done.

  9. #24
    yamashi12's Avatar Master Sergeant
    Reputation
    60
    Join Date
    Jan 2011
    Posts
    126
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It's a session hash, no need to keep it.

  10. #25
    yamashi12's Avatar Master Sergeant
    Reputation
    60
    Join Date
    Jan 2011
    Posts
    126
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Oh and you do realize that you cannot decrypt the packet without changing the key with yours ?
    It's a lot harder to dump the packets... Took me a while out a solution for that...

    If you want I can give you a binary version of my packet dumper so that you can start working on the core servers instead of tools.

  11. #26
    WOST's Avatar Member
    Reputation
    1
    Join Date
    Oct 2012
    Posts
    33
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by yamashi12 View Post
    If you want I can give you a binary version of my packet dumper so that you can start working on the core servers instead of tools.
    I would be very grateful! In principle, the implementation of the sniffer will take a week or two, the experience I have. But if you share your tools, then I can proceed to the analysis of packets, instead of developing a sniffer.

    Originally Posted by yamashi12 View Post
    Oh and you do realize that you cannot decrypt the packet without changing the key with yours ?
    I found public Key in memory process .exe, made .dll that replaces the original key to mine, I catch RSA packet and decrypted it, got salsa20 keys.
    I see that there are zlib and bonding packets (needs pul). Think it's possible but need time.
    Last edited by WOST; 11-20-2012 at 09:00 AM.

  12. #27
    yamashi12's Avatar Master Sergeant
    Reputation
    60
    Join Date
    Jan 2011
    Posts
    126
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Unzip this : Filebeam - Beam up that File Scottie!

    In your swtor/retailclient folder and it will produce two files server_*.bin and client_*.bin they contain the raw data received and sent by the client.

  13. #28
    yamashi12's Avatar Master Sergeant
    Reputation
    60
    Join Date
    Jan 2011
    Posts
    126
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Unzip this : Filebeam - Beam up that File Scottie!

    In your swtor/retailclient folder and it will produce two files server_*.bin and client_*.bin they contain the raw data received and sent by the client.

    Works with 1.6, protocol remains unchanged from 1.5 to 1.6, how do I know ? Logged in the 1.5 servers with the 1.6 exe
    Last edited by yamashi12; 11-21-2012 at 06:34 PM.

  14. #29
    WOST's Avatar Member
    Reputation
    1
    Join Date
    Oct 2012
    Posts
    33
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Wow! Thx very much! I think it's better to remove the archive from the public access.
    I'm writting emu on C#, a little later, I will talk about the progress. Yamashi, have you skype?

  15. #30
    yamashi12's Avatar Master Sergeant
    Reputation
    60
    Join Date
    Jan 2011
    Posts
    126
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes, maitrelame2 is my skype id.

    Other people might find it usefull so I will leave it publicly available.
    Last edited by yamashi12; 11-21-2012 at 06:38 PM.

Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. need help with shammy talents
    By jason in forum World of Warcraft General
    Replies: 5
    Last Post: 07-19-2006, 02:02 AM
  2. help with emu server
    By Chsz in forum World of Warcraft General
    Replies: 1
    Last Post: 07-04-2006, 10:01 PM
  3. Help with wowglider
    By Voldaroi in forum World of Warcraft General
    Replies: 6
    Last Post: 06-17-2006, 08:54 PM
  4. Help with Ranks!!
    By Krazzee in forum Community Chat
    Replies: 7
    Last Post: 06-16-2006, 06:58 PM
  5. Help with Auto-it!!
    By Krazzee in forum World of Warcraft General
    Replies: 7
    Last Post: 06-12-2006, 09:22 PM
All times are GMT -5. The time now is 07:51 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search