Concept Ip sniffing now I have progress

[octech]

Well No thanks to forum moderators brilliant team, who were quiet quick to explain ith was not possible to track ips through wow and close my post. We have progress.BTW if you know anything about networking you would realize that it is IN-FACT possible. Myself and several friends are working on a way through rule filtering of tracking values.

The concept:
Tracking ips through ip filtering by sending specific values to our targets.

This is a SS of the Program

The results:
By using AnalogX PacketMon a free packet sniffer that has received a bunch of attention from digg and About.com. We go to work.
AnalogX PacketMon allows you to capture IP packets that pass through your network interface - whether they originated from the machine on which PacketMon is installed, or a completely different machine on your network

Well we now know that the chat portion of wow is not indepentantly held by the client. The server simply allows access to the chat console which is held seperatly.Meaning it is very difficult to track string values through chat. Seeing as the packets aren't sent to the ip through the server. They are sent to the server and then re distributed to the target client by an indepent chattting program. Why wow would do this i have no clue. Maybe to prevent communicated bewteen opposing factions. Or perhaps they have a tracking system that logs key phrases like Bomb or murder ect.. So this portion was a fail ip returns were in the hundreds of thousands.

So Next we work with values
With hunters "serpent sting" we return the lowest amount of results narrowing 34,955 ips to 32!.

Thoery:
Because with a hunter your serpant sting is directly linked with your + damage
it supplies a constant communication between 2 clients narrowing A BUNCH of network traffic. As vaules are exhanged the packets themselves hold the value of your "per tick" serpant sting damage. By filtering our search results to match the value of the damages we are able to greatly decrease the amount of results returned.

This is as far as we got last night at 2am.

I expect we will have confirmation withing a couple days with a full guide.
Thanks again. I'll continue to support the MMowned community and continue to fight the resistence on the way.

[sabe]

And what do you propose to do with the IPs?

[Flying Piggy]

Seems like you may be on to something there, never in all my time here on MMOwned have I seen such an advanced and ambitious project lead by members who actually know what they are doing.
This is way over my head, but I get the general idea and wish you and your friends the best of luck in your research.

BTW, your other thread was closed because it was a question (not allowed in this section).

[Unholyshaman]

O.o no clue what is going on here but gogog you onto something

[Rockr]

Ahh i know what your doing, I did a very similar thing with Diablo 2. Good Luck dude. WoW is alot more complex then D2 Though.

[galpha]

You won't find much by just simply packet sniffing. First, the packets received are encrypted, meaning it is very difficult to interpret their meanings. Second, some packets are compressed. Third, you want read directly from a register that contains a pointer to the decrypted received packet. Lot of work, not just some sniffing here.

[Marlo]

So according to you, the damage caused by serpent sting from player A to Player B is sent client to client and the server has no control over it?

*awaits response*

[wowpanda]

Well, here are my thoughts.

1. The chat is not sent from client to client for 2 reasons. First is firewall. It is much simpler to chat use one tcp stream (all client to 1 server) than to a port on another client (p2p). Second is security, so you can't identify where the other guy is from.

2. Based on the above, you will not be able to id where the other player's IPs are, unless WOW server send back packets that contain the other player's ip address.
That is also highly unlikely, because there is just no reason blizzard want to do that.

[Marlo]

Well, here are my thoughts.

1. The chat is not sent from client to client for 2 reasons. First is firewall. It is much simpler to chat use one tcp stream (all client to 1 server) than to a port on another client (p2p). Second is security, so you can't identify where the other guy is from.

2. Based on the above, you will not be able to id where the other player's IPs are, unless WOW server send back packets that contain the other player's ip address.
That is also highly unlikely, because there is just no reason blizzard want to do that.

At last someone with sense

[bloodlove]

i say he is onto something even if they dont contain the ip address directly that packet can be tagged and traced this would require much mor advanced software and i could see no viable way to justify the cost of the program i know it is possible because we did it in a certain goverment agency in iraq.
keep up the hard work man though i think you may hit a very difficult roadblock soon.

[octech]

No marlo, I'm saying that serpent sting creates a direct client to client communication through the server. And no the packets aren't encrypted. Chat packets are but not spells.

Legal Stuff
The glorious thing is blizzard cannot Ban you for the following uses. Because it's not against Tos to Ban someone on your personal firewall. The flip side is... It is against Tos to obtain those ip through packet sniffing.



Also for the other question what we will do with it.

Well.....

By getting someone's ip you can ban them on your firewall eliminated all communication between your client and another.

Ways this could be used. All non-Tos violations

1.) Arena:
Your healer could ban all ips during arena it would look like he just lagged out and left the server, but he would still be able to heal unbanned ips while the other team would not see him.(would only work if you knew them ahead of time) but if you play the same team 1-6 times it's a guranted win.


2.) Baning gankers

3.) Banning static ips from gold services

4.) grab the flag in WSG and ban all known ips(would only work if you knew them ahead of time) But would be good against premades

5.) If you built a large enough list you could ghost on the server.

6.) Possible access to allow raid leaders to have larger groups than 5 enter instances.

Below are Tos Violation concepts. That will get you banned.

Concepts that would land you behind bars.
I mean theres all sorts of stuff we could do with it. Launch Dos attacks during arena ( you would go to jail) possible exploitation of accounts if you could manipulate the packets. (again you would go to jail)
Any packet manipulation is considers a cyber crime if it passes through blizzards servers. And I'm sure you would get caught. But you could do it.

I think you are all thinking this is extremely hard to perform a network sniff.
All you do is start the program, Create a rule that searches for either
1.) number value
2.) string value-abcdefg ect..
3.)or binary values

What this could possibly lead to
1.) identifying specific packets narrowing our search for memory values on the server side; allowing us to enable those specific values. Stat hacks! But again that would fall under the catergory of manipulation.

Todays progress..

So what were going to try and do tonight is ban ips on our firewalls that we give each other and see if it works in-game. So i'm going to call the team tonight and mess around some more. And see if it is in-fact possible to ban communication from client to client through blizzard servers by giving each-other our ips. If it works I'll post a guide. But it could prove very useful. Thanks for the support.

[octech]

imagine if for a second you could locate a specfic packet that allowed you to buff some one with might.. Now image manipulating that packet to adjusts the values.Because up converted value is received from client to the server then to the target client. It may be possible to send edited values. MAY!

[Demonshade]

well this seems like an awesome project, good luck to you. Do u know if there is a way to send packets to trick the server for example sending a packet to trick server to think u got a heal etc.

[octech]

And To wowpanda YOUR CORRECT! the great thing is the packets are sent back during serpent sting. Thats how you register the damage on your end. (~_0) and they have to send server hosted ips to their console inorder for you to see the damage tick.

[MaiN]

I wish you good luck in this project!
Oh and rofl at your signature.