Reversing packets for making emulator server from scratch

Results 1 to 6 of 6
  1. #1
    Member GoldenHunter is offline
    MemberRank
    Nov 2013 Join Date
    RageZoneLocation
    86Posts

    Reversing packets for making emulator server from scratch


    RaGEZONE Recommends

    RaGEZONE Recommends

    Hello everyone,

    I'm new in reverse engineering mmorpg , but I make some progress for now I can run the game and edit ip to connect with client, I work on client that don't have any protect guard (I think) because it's old game and I make a Login server emu in C# , now I want to know how I can get packets and reverse it, I mean I tried to get some packets using wpe pro on 127.0.0.1 and I got this
    PHP Code:
    1  Hide  Hide  33  WSASend  
    0000  FB 21 00 42 71 C5 57 DD 3E C5 96 E5 AE 1B 59 E7    
    .!.Bq.W.>.....Y.
    0010  91 80 55 9C A4 76 52 62 9F 15 CD 00 00 00 00 00    ..U..vRb........
    0020  FE                                                 .

    2  Hide  Hide  44  WSASend  
    0000  FB 2C 00 42 71 C5 57 DD 3E C5 96 E5 AE 1B 59 E7    
    .,.Bq.W.>.....Y.
    0010  91 80 55 9C A4 76 52 62 9F 15 CD 50 AA E8 04 40    ..U..vRb...P...@
    0020  87 96 B4 42 71 C5 57 35 3D 11 8B FE                ...Bq.W5=...

    3  Hide  Hide  35  WSASend  
    0000  FB 23 00 42 71 C5 57 DD 3E C5 96 E5 AE 1B 59 E7    
    .#.Bq.W.>.....Y.
    0010  91 80 55 9C A4 76 52 62 9F 15 CD 00 00 00 00 00    ..U..vRb........
    0020  00 00 FE                                           ... 
    now what I suppose to do next ? some people told me I need to trace functions or something like that because it's old mmorpg and the official servers is dead, so I want to ensure I'm not in the wrong way and want some people to help me

    Thanks, any help will be appreciated
    Sorry for my bad English


  2. #2
    ◝(⁰▿⁰)◜Smile◝ (⁰▿⁰)◜ Taiga is offline
    ModeratorRank
    May 2007 Join Date
    InternetLocation
    2,469Posts

    Re: Reversing packets for making emulator server from scratch

    Moderator & Developer
    I CAN NOT HELP YOU WITH YOUR SERVER, USE THE CORRECT HELP SECTION INSTEAD.
    I AM ONLY TAIGA ON RAGEZONE!
    BE CAREFUL WITH IMPOSTORS!


    DO NOT PM ME FOR GAME RELATED QUESTIONS, THESE MESSAGES WILL BE IGNORED!

    The Rules | Discord | MMORPG Extra | Contact Me


  3. #3
    Member karyzir is offline
    MemberRank
    Jul 2013 Join Date
    RussiaLocation
    91Posts

    Re: Reversing packets for making emulator server from scratch

    [flag][len][body]

    FB - flag
    2C 00 - total packet len
    42 71 C5 57 DD 3E C5 96 E5 AE 1B 59 E7 91 80 55 9C A4 76 52 62 9F 15 CD - static part
    50 AA E8 04 40 87 96 B4 42 71 C5 57 35 3D 11 8B - 16 bytes, maybe some key for encryption
    FE - tail, exists on all u examples

  4. #4
    Account Upgraded | Title Enabled! jonnybravo is offline
    True MemberRank
    Sep 2006 Join Date
    723Posts

    Re: Reversing packets for making emulator server from scratch

    Post the .exe s0 we can decomplie it. Try and find the "CASE" "PACKET->OP" function.

    But to craack encryption/decryption...

    Decryption side:
    1. Find the recv function (WSARECV) then the packet buffer
    2. Break point on the buffer and trace backwards till you find where in memory the unecrypted buffer is.
    3. break point on the unencrypted buffer find where it writes too.. (function with arguments) aka (call)
    4. trace that function and export it to your c# language


    Encryption side:
    1. Find the send function (WSASEND) then the packet buffer
    2. do 2-4
    3. profit!!!

    Since there is no Server to sniff packets your gonna have to look inside the client.exe and find what the clients want recv for a OPCODE. Then you build fake packets and data base on this.
    Last edited by jonnybravo; 11-08-17 at 02:18 AM.

  5. #5
    Member GoldenHunter is offline
    MemberRank
    Nov 2013 Join Date
    RageZoneLocation
    86Posts

    Re: Reversing packets for making emulator server from scratch

    Quote Originally Posted by Taiga View Post
    Thanks, I'm started with document that you posted in your link and I'll follow your advices.

    Quote Originally Posted by karyzir View Post
    [flag][len][body]

    FB - flag
    2C 00 - total packet len
    42 71 C5 57 DD 3E C5 96 E5 AE 1B 59 E7 91 80 55 9C A4 76 52 62 9F 15 CD - static part
    50 AA E8 04 40 87 96 B4 42 71 C5 57 35 3D 11 8B - 16 bytes, maybe some key for encryption
    FE - tail, exists on all u examples
    Thank you this will help me a lot.

    Quote Originally Posted by jonnybravo View Post
    Post the .exe s0 we can decomplie it. Try and find the "CASE" "PACKET->OP" function.

    But to craack encryption/decryption...

    Decryption side:
    1. Find the recv function (WSARECV) then the packet buffer
    2. Break point on the buffer and trace backwards till you find where in memory the unecrypted buffer is.
    3. break point on the unencrypted buffer find where it writes too.. (function with arguments) aka (call)
    4. trace that function and export it to your c# language


    Encryption side:
    1. Find the send function (WSASEND) then the packet buffer
    2. do 2-4
    3. profit!!!

    Since there is no Server to sniff packets your gonna have to look inside the client.exe and find what the clients want recv for a OPCODE. Then you build fake packets and data base on this.
    This is exe as you requested, If you want full client I'll give it to you :), Thanks.
    I'll try to crack encryption/decryption.
    Last edited by GoldenHunter; 11-08-17 at 06:25 AM. Reason: Update

  6. #6
    Account Upgraded | Title Enabled! jonnybravo is offline
    True MemberRank
    Sep 2006 Join Date
    723Posts

    Re: Reversing packets for making emulator server from scratch

    Have you tried looking at?
    https://github.com/kazoha/AsdaStory/...daStory_Server

    or other links to ASDA story? is this the newest client did they change things?

    Any more info be helpfull less having to reinvent the wheel

    All your client side packets are located here
    sub_413C00 and sub_B6B247
    They've also do some hooking as well im404Control.dll

    decomplied into C to look around at functions and stuff
    Code:
    https://ufile.io/nnbqp
    Last edited by jonnybravo; 13-08-17 at 05:41 PM.




Advertisement