Anyone up for Domo

[GHOST107]

Here is what i have:

key (size =0F(from 0 to F))
  3F 12 56 44 9A BB 33 44 3F 12 56 44 9A BB 33 44  

MSG = msglength+header+PublicKey+z
length         =       message length(2 bytes)
header         =      still dont know(2 bytes)
Public key     =     comes from server(2 bytes)(you can make it 1 byte and rest is z)
z         =    1byte still dont know

Decrypt:
WORD x = Public key//THIS COMES FROM SERVER
for(int i = 0; i < msg.length; i++){
    x = x & 0x0F; 
    msg[i] =  msg[i] ^key[x];
    x=x+1;    
}

for example on connect it will send soomething like this:
Code:
The public key comes from the server:
05 00 FF FF 5C 2A B7
05 00 ->Packet length
FF FF ->Header
5C 2A ->Public Key(Big Endian(it is: 2A 5C))
B7 ->z

Client/Server will use the public key to Encrypt the messages that will be sent to the Server/Client.
Client/Server packet after:
Packet = Length + encrypted message

Every time Update your public key when receiving a message like this:
05 00 FF FF 5C 2A B7 (with FF FF header/opcode)

 

[cupster]

up for this

 

[jM2.me]

Wow, I am up if I can anyhow be a help.
Do you have unpacked antihackless client?

Edit:
Nevermind I take it back. Client has no gg or any of that stuff.
Writing fast packet sniffer

Still don't get the packet encryption function but working on it

 

[GHOST107]

Wow, I am up if I can anyhow be a help.
Do you have unpacked antihackless client?

Edit:
Nevermind I take it back. Client has no gg or any of that stuff.
Writing fast packet sniffer

Still don't get the packet encryption function but working on it

for example on connect it will send soomething like this:

05 00 FF FF 5C 2A B7 
05 00 ->Packet length
FF FF ->Header
5C 2A ->Public Key(Big Endian(it is:2A 5C))
B7    ->z

Client/Server will use the public key to Encrypt the messages that will be sent to the Server/Client.
Client/Server packet after:
Packet = Length + encrypted message

 

[jM2.me]

for example on connect it will send soomething like this:

05 00 FF FF 5C 2A B7 
05 00 ->Packet length
FF FF ->Header
5C 2A ->Public Key(Big Endian(it is:2A 5C))
B7    ->z

Client/Server will use the public key to Encrypt the messages that will be sent to the Server/Client.
Client/Server packet after:
Packet = Length + encrypted message

Oh I get it now. Gonna finish sniffer once im home.

 

[jM2.me]

        private byte[] cryptTable = new byte[15] { 0x12, 0x56, 0x44, 0x9A, 0xBB, 0x33, 0x44, 0x3F, 0x12, 0x56, 0x44, 0x9A, 0xBB, 0x33, 0x44 };

        private byte[] Crypto(byte[] data, ushort key)
        {
            byte[] decryptedData = new byte[data.Length];
            ushort keyIndex = key;

            for (int i = 0; i < data.Length - 1; i++)
            {
                keyIndex &= (ushort)(cryptTable.Length);
                decryptedData[i] = (byte)(data[i] ^ cryptTable[keyIndex]);
                keyIndex++;
            }
            return decryptedData;
        }

Having problem with crypt method cause of my stupidity.

First packet from server is 7 bytes, first 2 is data length, next 2 is header which is 0xFFFF, next 2 is public key, and last byte is z

To get uncrypted byte I need to xor original byte with key from table which index is cryptIndex.

If I undernstand right,

cryptIndex = (short)(cryptIndex & (short)(0x0F));

keeps the key index within the range of crypt table for obvious reasons.

What am missing then? Method runs but decrypted packet doesn't contain any strings that are used in login.

:?::?::?:

Full source: http://forum.ragezone.com/attachment.php?attachmentid=92859&stc=1&d=1317856935
Install winpcap and include two ddl files (they are in DomoSniff folder) to references.

 

[Tronic]

domo was good game gl with this

 

[GHOST107]

        private byte[] cryptTable = new byte[15] { 0x12, 0x56, 0x44, 0x9A, 0xBB, 0x33, 0x44, 0x3F, 0x12, 0x56, 0x44, 0x9A, 0xBB, 0x33, 0x44 };

        private byte[] Crypto(byte[] data, ushort key)
        {
            byte[] decryptedData = new byte[data.Length];
            ushort keyIndex = key;

            for (int i = 0; i < data.Length - 1; i++)
            {
                keyIndex &= (ushort)(cryptTable.Length);
                decryptedData[i] = (byte)(data[i] ^ cryptTable[keyIndex]);
                keyIndex++;
            }
            return decryptedData;
        }

Having problem with crypt method cause of my stupidity.

First packet from server is 7 bytes, first 2 is data length, next 2 is header which is 0xFFFF, next 2 is public key, and last byte is z

To get uncrypted byte I need to xor original byte with key from table which index is cryptIndex.

If I undernstand right,

cryptIndex = (short)(cryptIndex & (short)(0x0F));

keeps the key index within the range of crypt table for obvious reasons.

What am missing then? Method runs but decrypted packet doesn't contain any strings that are used in login.

:?::?::?:

Full source: http://forum.ragezone.com/attachment.php?attachmentid=92859&stc=1&d=1317856935
Install winpcap and include two ddl files (they are in DomoSniff folder) to references.

Sorry posted the wrong cryptTable
3F 12 56 44 9A BB 33 44 3F 12 56 44 9A BB 33 44

keyIndex for the example above(is in big endian 05 00 FF FF 5C 2A B7 )2A 5C where 5C will be needed the most.

 

[cupster]

you guys have my full support. i don't know much about this stuff but if i can help with anything, let me know :

 

[jM2.me]

Alright here is working encrypt method if anyone is interested

        private byte[] cryptTable = new byte[16] { 0x3F, 0x12, 0x56, 0x44, 0x9A, 0xBB, 0x33, 0x44, 0x3F, 0x12, 0x56, 0x44, 0x9A, 0xBB, 0x33, 0x44 };
        private byte[] Crypto(byte[] data, ushort key)
        {
            byte[] decryptedData = new byte[data.Length];
            ushort keyIndex = key;

            for (int i = 0; i < data.Length; i++)
            {
                keyIndex &= 0x0F;
                decryptedData[i] = (byte)(data[i] ^ cryptTable[keyIndex]);
                keyIndex++;
            }
            return decryptedData;
        }

Now i'm off to work.

 

[cupster]

bump \o/

come on guys you can do it

 

[GHOST107]

Had problems with my packet sniffer since winpcap, does not have filter support for PPPoE connections but fixed it now.