[3.0.9] Offsets

[frikos]

Hi everyone,
I was wondering if anyone has the current address to extract the session-key used for packet de-/encryption and is willing to share it.

Normally I'm using kind of a brute force to get the session key by sniffing some packets, but as I have a client running anyways, it is more convenient to just read it from the memory :doh:

This is the one I had found some time ago, but it's not correct anymore for version 3.09.
(((0xD4332C) + 0x219 + 0x127)

Thanks and regards,
Frikos

[argh44z]

This is the one I had found some time ago, but it's not correct anymore for version 3.09.
(((0xD4332C) + 0x219 + 0x127)

Thanks and regards,
Frikos

try :
[[[0x011CB310] + 0x2824] + 0x11f]
(something like g_clientConnection->m_netClient->m_sessionKey)

0x118 is a byte that indicates the key is valid or not.

[frikos]

[[[0x011CB310] + 0x2824] + 0x11f]
(something like g_clientConnection->m_netClient->m_sessionKey)

Thanks, unfortunately it does not work for me, SessionKey results in 20x 0 :/

Can someone confirm that (also for the european client if that makes a difference)?
If it is correct, I certainly did something wrong :yuck:

[Cypher]

US and EU use the same binaries, the only difference is in the localized data (DBCs etc).

[argh44z]

Thanks, unfortunately it does not work for me, SessionKey results in 20x 0 :/

Can someone confirm that (also for the european client if that makes a difference)?
If it is correct, I certainly did something wrong :yuck:

Weird. Here's the read session key from wow function from my old command line packet logger, which I updated a few weeks ago for the new patch, so it should work. It's in python but that is pseudo-code-y enough for you to follow the logic.

Code:

def getKey():
    proc = openWoWProcess()
    if proc == 0:
        print 'proc  = 0 !'
        return None

    g_clientConnection = ReadLong(proc, 0x011CB310)

    if g_clientConnection == 0:
        print 'g_clientConnection = 0!'
        return None
    
    netClientPtr = ReadLong(proc, g_clientConnection + 0x2824)
    if netClientPtr == 0:
        print 'netClientPtr = 0!'
        return None

    inited =  ReadBytes(proc, netClientPtr + 0x118,  1)
    if not inited:
        print 'key not initd!'
        return None

    key =  ReadBytes(proc, netClientPtr + 0x11f,  20)
    for x in range(len(key)):
        if ord(key[x]) != 0:
            print 'key = ',  repr(key)
            return key
    print 'key was 0 trying again later.'
    return None

[Cypher]

Why bother updating ClientConnection AND NetClient pointers/offsets. NetClient has a global pointer.