swtor winsock2 Hook menu

User Tag List

Results 1 to 8 of 8
  1. #1
    the1domo's Avatar Active Member
    Reputation
    49
    Join Date
    Jan 2012
    Posts
    129
    Thanks G/R
    0/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    swtor winsock2 Hook

    hello I was curious if anyone has found out where in memory the packets are being encrypted and decrypted because I am working on a simple winsock2 Hook and here is my code it's rather crude I'm just using simple Detours

    Code:
    //==========================================================================
    // by The1domo swtor winsock2 hooking :)
    //==========================================================================
    #include <winsock2.h>
    #include <windows.h>
    #include <iostream>
    #include <vector>
    #include <string>
    #include <fstream>
    #include <io.h>
    #include <fcntl.h>
    #include <fcntl.h>
    #include "detours.h"
    //==========================================================================
    // to create a Console for write to
    //==========================================================================
    void createConsole( )
    {
        AllocConsole();
        int hConHandle;
        long lStdHandle;
        FILE *fp;
        lStdHandle = (long)GetStdHandle(STD_OUTPUT_HANDLE);
        hConHandle = _open_osfhandle(lStdHandle, _O_TEXT);
        fp = _fdopen( hConHandle, "w" );
        *stdout = *fp;
        setvbuf( stdout, NULL, _IONBF, 0 );
    }
    //==========================================================================
    // the original connect Function call
    //==========================================================================
    int (WINAPI* connect_t)(SOCKET,const struct sockaddr*,int,int);
    //==========================================================================
    // the original WSARecv Function call
    //==========================================================================
    DWORD (WINAPI* WSARecv_t)(SOCKET,LPWSABUF,DWORD,DWORD,int);
    //==========================================================================
    // write to the Console windows
    //==========================================================================
    void msg2(char* str)
    {
    	std::cout << " " << std::endl;
    	std::cout << "msg: " << str << std::endl;
    	std::cout << " " << std::endl;
    }
    //==========================================================================
    // the hooked Function to Detour
    //==========================================================================
    // a hook_connect Function call
    //==========================================================================
    int WINAPI hook_connect(SOCKET s, const struct sockaddr *name, int namelen, int a4)
    {
    	_asm pushad;
    		msg2("ATTEMPTED CONNECT !!!!!!!!!!!!!!!!");
    	_asm popad;
    
    	return connect_t(s, name, namelen, a4);
    }
    //==========================================================================
    // a hook_WSARecv Function call
    //==========================================================================
    DWORD WINAPI hook_WSARecv(SOCKET s, LPWSABUF lpBuffers, DWORD dwBufferCount, DWORD a4, int a5)
    {
    	_asm pushad;
    
    	if( lpBuffers && lpBuffers->buf && lpBuffers->len > 0 )
    	{
    		char szShit[24] = { 0 };
    		sprintf( szShit, "0x%X", (DWORD)lpBuffers->buf );
    		msg2(szShit);
    	}
    
    	_asm popad;
    
    	return WSARecv_t(s, lpBuffers, dwBufferCount, a4, a5);
    }
    //==========================================================================
    // Hooking Thread
    //==========================================================================
    DWORD WINAPI Thread(LPVOID)
    {
    		// exe base address
    		DWORD swtor = (DWORD)GetModuleHandle("swtor.exe");
    
    		// Detour for a hooked Function call
    		connect_t = (int(WINAPI*)(SOCKET,const struct sockaddr*,int,int))DetourFunction((PBYTE)swtor+0x603590, (PBYTE)hook_connect);
    		WSARecv_t = (DWORD(WINAPI*)(SOCKET,LPWSABUF,DWORD,DWORD,int))DetourFunction((PBYTE)swtor+0x62C7C0, (PBYTE)hook_WSARecv);
    
    		// create a Console for write to
    		createConsole( );
    
    		// test write to Console
    		std::cout << "Attached to Process" << std::endl;
    
    		return 0;
    }
    //==========================================================================
    // DllMain
    //==========================================================================
    BOOL WINAPI DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpvReserved)
    {
    	if(dwReason == DLL_PROCESS_ATTACH)
    	{
    		// Create a Thread to use by the hook
    		CreateThread(NULL,NULL,Thread,NULL,NULL,NULL);
    	}
    
    	return TRUE;
    }
    //==========================================================================
    now if anyone sees anything wrong with this or would like to help on my project to parse the packets and give them decrypted I be much appreciated if you can post in this thread all criticism is accepted thank you

    These ads disappear when you log in.

  2. #2
    the1domo's Avatar Active Member
    Reputation
    49
    Join Date
    Jan 2012
    Posts
    129
    Thanks G/R
    0/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    A working hook to log all packets it is a DLL that you inject you need the Microsoft DetourFunction library to compile if anyone has figured out the method for decrypted packets please reply or add to this code

    Code:
    //==========================================================================
    // by The1domo swtor winsock2 hooking :)
    //==========================================================================
    #include <winsock2.h>
    #include <windows.h>
    #include <iostream>
    #include <vector>
    #include <string>
    #include <fstream>
    #include <io.h>
    #include <fcntl.h>
    #include <fcntl.h>
    #include "detours.h"
    //==========================================================================
    // to create a Console for write to
    //==========================================================================
    void createConsole( )
    {
        AllocConsole();
        int hConHandle;
        long lStdHandle;
        FILE *fp;
        lStdHandle = (long)GetStdHandle(STD_OUTPUT_HANDLE);
        hConHandle = _open_osfhandle(lStdHandle, _O_TEXT);
        fp = _fdopen( hConHandle, "w" );
        *stdout = *fp;
        setvbuf( stdout, NULL, _IONBF, 0 );
    }
    //==========================================================================
    // write to the Console windows
    //==========================================================================
    void msg2(char* str)
    {
    	std::cout << " " << std::endl;
    	std::cout << "msg: " << str << std::endl;
    	std::cout << " " << std::endl;
    }
    //==========================================================================
    // a hook_WSARecv Function call
    //==========================================================================
    void (WINAPI* WSARecv_t)(DWORD,LPWSABUF,DWORD,DWORD,DWORD,struct _OVERLAPPED*);
    
    void WINAPI hook_WSARecv(DWORD Flags, LPWSABUF lpBuffers, DWORD dwBufferCount, DWORD a5, DWORD NumberOfBytesRecvd, struct _OVERLAPPED *lpOverlapped)
    {
    	_asm pushad;
    
    	static int Counter = 0;
    	char name[MAX_PATH];
    	sprintf(name, "C:\\packets\\packet_%d.bin", Counter++);
    
    	FILE *f = fopen(name, "wb");
    
    	if (f )
    	{
    		if( lpBuffers && lpBuffers->buf && lpBuffers->len > 0 )
    			fwrite(lpBuffers->buf, 1, lpBuffers->len, f);
    
    		fflush(f);
    		fclose(f);
    	}
    
    	_asm popad;
    
    	return WSARecv_t(Flags, lpBuffers, dwBufferCount, a5, NumberOfBytesRecvd, lpOverlapped);
    }
    //==========================================================================
    // Hooking Thread
    //==========================================================================
    DWORD WINAPI Thread(LPVOID)
    {
    		// exe base address
    		DWORD swtor = (DWORD)GetModuleHandle("swtor.exe");
    
    		// Detour for a hooked Function call
    		WSARecv_t = (void(WINAPI*)(DWORD,LPWSABUF,DWORD,DWORD,DWORD,struct _OVERLAPPED*))DetourFunction((PBYTE)swtor+0x6049E0, (PBYTE)hook_WSARecv);
    
    		// create a Console for write to
    		createConsole( );
    
    		// test write to Console
    		std::cout << "Attached to Process" << std::endl;
    
    		return 0;
    }
    //==========================================================================
    // DllMain
    //==========================================================================
    BOOL WINAPI DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpvReserved)
    {
    	if(dwReason == DLL_PROCESS_ATTACH)
    	{
    		// Create a Thread to use by the hook
    		CreateThread(NULL,NULL,Thread,NULL,NULL,NULL);
    	}
    
    	return TRUE;
    }
    //==========================================================================

  3. #3
    polimorfic's Avatar Corporal
    Reputation
    6
    Join Date
    Nov 2011
    Posts
    31
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Don't forget about hook detection system and packet 0x2195CC8A(MODULES_LIST)

  4. #4
    the1domo's Avatar Active Member
    Reputation
    49
    Join Date
    Jan 2012
    Posts
    129
    Thanks G/R
    0/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What module is that located in ?

  5. #5
    polimorfic's Avatar Corporal
    Reputation
    6
    Join Date
    Nov 2011
    Posts
    31
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    in swtor.exe

  6. #6
    the1domo's Avatar Active Member
    Reputation
    49
    Join Date
    Jan 2012
    Posts
    129
    Thanks G/R
    0/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    can i get the base address for the address

  7. #7
    polimorfic's Avatar Corporal
    Reputation
    6
    Join Date
    Nov 2011
    Posts
    31
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I can't understand you, what address do you need? For what?

    I work not with exe hooking, I get sniffer dumps and decrypt/decompress them with my tools(not swor). So I have no any base addresses...


    4 all: if anyone want get decrypted packets like these:

    0x00 0x5FE920D4
    D4 20 E9 5F 00 00 2C 02 0D 00 00 00 62 69 6F 6D | Ф й_..<.....biom
    6F 6E 73 65 72 76 65 72 00 07 00 00 00 62 69 6F | onserver.....bio
    6D 6F 6E 00 01 00 00 00 00 01 00 00 00 00 1C 00 | mon.............
    00 00 6F 6D 65 67 61 6D 65 74 72 69 63 73 70 75 | ..omegametricspu
    62 6C 69 73 68 65 72 6F 62 6A 65 63 74 00 01 00 | blisherobject...
    00 00 00 09 00 00 00 33 61 33 30 33 61 66 35 00 | .......3a303af5.


    PACKET 8:
    Decrypt packet 159.153.64.193:21606 => 192.168.0.100:56197
    0x00 0xA609E6A7
    A7 E6 09 A6 FF FF FF FF 1A 00 00 00 41 70 70 6C | ж.│яяяя....Appl
    69 63 61 74 69 6F 6E 5F 54 69 6D 65 52 65 71 75 | ication_TimeRequ
    65 73 74 65 72 00 21 A2 02 00 00 00 00 00 00 00 | ester.__........
    00 00 | ..

    ...

    PACKET 33:
    Decrypt packet 192.168.0.100:56197 => 159.153.64.193:21606
    0x00 0x2195CC8A (client modules list)
    8A CC 95 21 05 12 55 14 48 16 00 00 22 26 20 20 | _М!..f.H...D...
    37 3E 31 40 41 40 00 00 42 4D 50 50 50 50 6B 63 | WNб0....b}.*...c
    3A 5C 77 69 6E 64 6F 77 73 5C 73 79 73 77 6F 77 | :\windows\syswow
    36 34 5C 6C 72 63 2E 64 6C 6C 8F 90 83 92 00 00 | 64\pkl.dll.`3...

    0x00 0xD4BA5CFB
    FB 5C BA D4 3C 01 00 00 00 00 00 00 BD 0F 00 00 | √\║╘<.......╜...
    3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 22 31 | <?xml version="1
    2E 30 22 20 65 6E 63 6F 64 69 6E 67 3D 22 55 54 | .0" encoding="UT
    ...

    PM to me. I upload to you key dumper, you run sniffer(wireshark for example, or any with .pcap format support), run keydumper and swtor.exe. After that you send .pcap file + keys file to me and i send decrypted logs to you.
    Last edited by polimorfic; 01-26-2012 at 09:53 PM.

  8. #8
    the1domo's Avatar Active Member
    Reputation
    49
    Join Date
    Jan 2012
    Posts
    129
    Thanks G/R
    0/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ok i pm you

Similar Threads

  1. Hooking up unused instances
    By iindigo in forum World of Warcraft Emulator Servers
    Replies: 2
    Last Post: 09-22-2007, 08:13 PM
  2. Need Help....Hooking Signals
    By shindaustin in forum World of Warcraft Emulator Servers
    Replies: 19
    Last Post: 09-03-2007, 04:44 PM
  3. Hooking Signals
    By Banksey in forum World of Warcraft Emulator Servers
    Replies: 2
    Last Post: 08-31-2007, 01:26 AM
  4. Music ya dj hook ya up with some beats.
    By DJ Zodiac in forum Community Chat
    Replies: 1
    Last Post: 07-27-2007, 03:45 AM
  5. Hook a brother up..
    By HaSh in forum World of Warcraft General
    Replies: 0
    Last Post: 01-21-2007, 03:36 PM
All times are GMT -5. The time now is 04:51 PM. Powered by vBulletin® Version 4.2.3
Copyright © 2020 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search