Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

Reversing packets for making emulator server from scratch

Junior Spellweaver
Joined
Nov 30, 2013
Messages
144
Reaction score
14
Hello everyone,

I'm new in reverse engineering mmorpg , but I make some progress for now I can run the game and edit ip to connect with client, I work on client that don't have any protect guard (I think) because it's old game and I make a Login server emu in C# , now I want to know how I can get packets and reverse it, I mean I tried to get some packets using wpe pro on 127.0.0.1 and I got this
PHP:
1  Hide  Hide  33  WSASend  
0000  FB 21 00 42 71 C5 57 DD 3E C5 96 E5 AE 1B 59 E7    .!.Bq.W.>.....Y.
0010  91 80 55 9C A4 76 52 62 9F 15 CD 00 00 00 00 00    ..U..vRb........
0020  FE                                                 .

2  Hide  Hide  44  WSASend  
0000  FB 2C 00 42 71 C5 57 DD 3E C5 96 E5 AE 1B 59 E7    .,.Bq.W.>.....Y.
0010  91 80 55 9C A4 76 52 62 9F 15 CD 50 AA E8 04 40    ..U..vRb...P...@
0020  87 96 B4 42 71 C5 57 35 3D 11 8B FE                ...Bq.W5=...

3  Hide  Hide  35  WSASend  
0000  FB 23 00 42 71 C5 57 DD 3E C5 96 E5 AE 1B 59 E7    .#.Bq.W.>.....Y.
0010  91 80 55 9C A4 76 52 62 9F 15 CD 00 00 00 00 00    ..U..vRb........
0020  00 00 FE                                           ...
now what I suppose to do next ? some people told me I need to trace functions or something like that because it's old mmorpg and the official servers is dead, so I want to ensure I'm not in the wrong way and want some people to help me

Thanks, any help will be appreciated
Sorry for my bad English
 
Junior Spellweaver
Joined
Jul 23, 2013
Messages
108
Reaction score
86
[flag][len][body]

FB - flag
2C 00 - total packet len
42 71 C5 57 DD 3E C5 96 E5 AE 1B 59 E7 91 80 55 9C A4 76 52 62 9F 15 CD - static part
50 AA E8 04 40 87 96 B4 42 71 C5 57 35 3D 11 8B - 16 bytes, maybe some key for encryption
FE - tail, exists on all u examples
 
Joined
Sep 27, 2006
Messages
557
Reaction score
88
Post the .exe s0 we can decomplie it. Try and find the "CASE" "PACKET->OP" function.

But to craack encryption/decryption...

Decryption side:
1. Find the recv function (WSARECV) then the packet buffer
2. Break point on the buffer and trace backwards till you find where in memory the unecrypted buffer is.
3. break point on the unencrypted buffer find where it writes too.. (function with arguments) aka (call)
4. trace that function and export it to your c# language


Encryption side:
1. Find the send function (WSASEND) then the packet buffer
2. do 2-4
3. profit!!!

Since there is no Server to sniff packets your gonna have to look inside the client.exe and find what the clients want recv for a OPCODE. Then you build fake packets and data base on this.
 
Last edited:
Junior Spellweaver
Joined
Nov 30, 2013
Messages
144
Reaction score
14

Thanks, I'm started with document that you posted in your link and I'll follow your advices.

[flag][len][body]

FB - flag
2C 00 - total packet len
42 71 C5 57 DD 3E C5 96 E5 AE 1B 59 E7 91 80 55 9C A4 76 52 62 9F 15 CD - static part
50 AA E8 04 40 87 96 B4 42 71 C5 57 35 3D 11 8B - 16 bytes, maybe some key for encryption
FE - tail, exists on all u examples
Thank you this will help me a lot.

Post the .exe s0 we can decomplie it. Try and find the "CASE" "PACKET->OP" function.

But to craack encryption/decryption...

Decryption side:
1. Find the recv function (WSARECV) then the packet buffer
2. Break point on the buffer and trace backwards till you find where in memory the unecrypted buffer is.
3. break point on the unencrypted buffer find where it writes too.. (function with arguments) aka (call)
4. trace that function and export it to your c# language


Encryption side:
1. Find the send function (WSASEND) then the packet buffer
2. do 2-4
3. profit!!!

Since there is no Server to sniff packets your gonna have to look inside the client.exe and find what the clients want recv for a OPCODE. Then you build fake packets and data base on this.

This is as you requested, If you want full client I'll give it to you :), Thanks.
I'll try to crack encryption/decryption.
 
Last edited:
Joined
Sep 27, 2006
Messages
557
Reaction score
88
Have you tried looking at?


or other links to ASDA story? is this the newest client did they change things?

Any more info be helpfull less having to reinvent the wheel

All your client side packets are located here
sub_413C00 and sub_B6B247

They've also do some hooking as well im404Control.dll

decomplied into C to look around at functions and stuff
Code:
https://ufile.io/nnbqp
 
Last edited:
Back
Top