Newbie Spellweaver
- Joined
- Apr 1, 2018
- Messages
- 9
- Reaction score
- 0
Hey guys, so basically I've been to a great success using the decrypt functions that this community so gladly gave me (us). I am talking about ENC1/DEC1, XOR tables, etc, and well, it works.
However, I am having problems while trying to manufacture the "select char" packet.
Couple notes here:
The "select char" packet is NOT encrypted, could be encoded, but it doesn't go through the regular C1/C3 encryption. It sorts of drive me crazy because the packet is composed by the following.
This is the "select char packet" for a characther named aaaaaaaaaa [10 letters]
[ C1 0E F3 79 A4 77 89 9B D9 10 8F 58 70 4C ]
C1 0E F3 79 A4 77 89 9B D9 10 8F 58 70 4C
C1 = Header
0E = Size [14]
F3 79 = [Select Char]
A4 77 89 9B D9 10 8F 58 70 4C = aaaaaaaaa
a in hex = [0x61]
a in "int" = 14
Now the "select char" packet for a characther named bbbbbbbbbb
[ C1 0E F3 79 A7 77 8A 9B DA 10 8C 58 73 4C ] - bbbbbbbbbb
[ C1 0E F3 79 A4 77 89 9B D9 10 8F 58 70 4C ] - aaaaaaaaaa
Let's see whats changed?
C1 0E F3 79 A7 77 8A 9B DA 10 8C 58 73 4C
Green = Same
Red = Different
Let's now grab the select char bbbbbbbbbb packet and change one byte only.
C1 0E F3 79 A7 77 8A 9B DA 10 8C 58 73 4Cto
C1 0E F3 79 A8 77 8A 9B DA 10 8C 58 73 4C
RESULT
It tried to select a char named mmbbbbbbbb
Proof:
I am using a 0.97D Gameserver by Darkteam, regular encrypt/decrypt keys.
Keypoints
If any of you have information on this, please go ahead and shed some light, I will be grateful.
Thank you all!
However, I am having problems while trying to manufacture the "select char" packet.
Couple notes here:
The "select char" packet is NOT encrypted, could be encoded, but it doesn't go through the regular C1/C3 encryption. It sorts of drive me crazy because the packet is composed by the following.
This is the "select char packet" for a characther named aaaaaaaaaa [10 letters]
[ C1 0E F3 79 A4 77 89 9B D9 10 8F 58 70 4C ]
C1 0E F3 79 A4 77 89 9B D9 10 8F 58 70 4C
C1 = Header
0E = Size [14]
F3 79 = [Select Char]
A4 77 89 9B D9 10 8F 58 70 4C = aaaaaaaaa
a in hex = [0x61]
a in "int" = 14
Now the "select char" packet for a characther named bbbbbbbbbb
[ C1 0E F3 79 A7 77 8A 9B DA 10 8C 58 73 4C ] - bbbbbbbbbb
[ C1 0E F3 79 A4 77 89 9B D9 10 8F 58 70 4C ] - aaaaaaaaaa
Let's see whats changed?
C1 0E F3 79 A7 77 8A 9B DA 10 8C 58 73 4C
Green = Same
Red = Different
Let's now grab the select char bbbbbbbbbb packet and change one byte only.
C1 0E F3 79 A7 77 8A 9B DA 10 8C 58 73 4Cto
C1 0E F3 79 A8 77 8A 9B DA 10 8C 58 73 4C
RESULT
It tried to select a char named mmbbbbbbbb
Proof:
I am using a 0.97D Gameserver by Darkteam, regular encrypt/decrypt keys.
Keypoints
- The packet is not encrypted, it does not count against the counter, it is indeed a C1 packet after all
- The previous packets have no influence on this packet, it is not grabbing information from the previous packet to encrypt
- The packet is 100% static, it won't change, if you can replay it, and you're the owner of the char, it will actually select the character without a problem
- There is probably a XOR operation going on but I cannot find it, I tried debugging with AIDA but I could only find regular keys
- Maybe it is using UTF-16 instead of UTF8? It is weird.
If any of you have information on this, please go ahead and shed some light, I will be grateful.
Thank you all!