Couldn't you just...

[csin]

If you know where the Warden is loaded in memory, couldn't you just use a man in the middle attack to return the data calls with info saying nothing is wrong?

I don't know if this has been attempted, but it should be relatively simple to rip the decryption routine for the data packets it creates.

[tymezz]

"Couldn't you just.."

Yes. But its not that trivial.

Are you asking how to do it? or if it's just possible?

[XTZGZoReX]

I won't say I'm an expert on Warden, but theoretically it should be possible to forge your own packets (albeit with quite some effort required). I'm sure someone (looks at kynox) could shed some more light on the possibility of this.

[namreeb]

Yes, it is possible.

[Xarg0]

you'll have to understand how the warden packets are encrypted and decrypted,
once you've done that you'll have to create a list of 'fine' responses, because warden will do scans according to the packets it recives from the server and it'll send pack a respons with some kind of result, it's not just a bool switch so facturing your own warden packets isn't a trivial task at all.
And if you're encountring a warden packet you don't how to respond to you'd better be terminating the connection.

[csin]

I am going to have to get an XP machine set back up in VM so I can play with this idea... It shouldnt be too hard to use Olly or IDA to watch the whole process (procedure, not process as in application process).... That is once I figure out where in the hell the warden actually loads...

From there it should only be a matter of capturing what it returns when nothing is wrong and re-creating that response.

I realize there is more to this then it sounds, but it would be a kewl project to work on none the less.

[pred.is.god]

you'll have to understand how the warden packets are encrypted and decrypted,
once you've done that you'll have to create a list of 'fine' responses, because warden will do scans according to the packets it recives from the server and it'll send pack a respons with some kind of result, it's not just a bool switch so facturing your own warden packets isn't a trivial task at all.
And if you're encountring a warden packet you don't how to respond to you'd better be terminating the connection.

My understanding was that in addition to this the warden packets are numbered and their encryption changes every set number of packets, so if you are changing packets you have to keep track of their number, and how they are encrypted, in addition to all the above.

[Viano]

Instant 80 leveling hacks incoming.

[BoogieManTM]

My understanding was that in addition to this the warden packets are numbered and their encryption changes every set number of packets, so if you are changing packets you have to keep track of their number, and how they are encrypted, in addition to all the above.

That is incorrect. the encryption algo never changes. the keys can be shuffled, however.

This is possible, and has been done before.