[Release] MuOnline Packet Sniffer & Analizer

[Razzor]

Currently I working on packet sniffer(like wpe but only read)

Features:
Capturing Packets between Client <-> Server,CS
Showing All Info About Packet: Len, Direction, Decoded Data If Needed, Counter ....

Analyze Data Structure - (Now I Working On It)

Some screen:

You must be registered to see links

 

[laudaicat]

Re: MuOnline Packet Sniffer & Analizer

Why you do it, while gameserver with pdb released ?

 

[Razzor]

Re: MuOnline Packet Sniffer & Analizer

For fun. For learn some new function while coding it, get some skills. For get deeper in packet structure(learn too).


So now u know

 

[Phant0m]

Re: MuOnline Packet Sniffer & Analizer

Can you share a source? I'd like to see how it works.

 

[nitoygo]

Re: MuOnline Packet Sniffer & Analizer

Can you share a source? I'd like to see how it works.

Yes, please do share. I'd also like to make something like this

 

[Razzor]

Re: MuOnline Packet Sniffer & Analizer

When i finish i will release source

 

[Razzor]

Re: MuOnline Packet Sniffer & Analizer

I have small problem to read item packet F3 10 for main 0,97d. For example 22 BC 24 how to shift it to get double axe +7+s+l?

22 >> 4 & 0x0F =2
22 & 0x0F =2
But doubleaxe is 1 2

 

[[RCZ]ShadowKing]

Re: MuOnline Packet Sniffer & Analizer

I have small problem to read item packet F3 10 for main 0,97d. For example 22 BC 24 how to shift it to get double axe +7+s+l?

22 >> 4 & 0x0F =2
22 & 0x0F =2
But doubleaxe is 1 2

You may want to use structs to get info from item's hex code as it's much easier than shifting and shits.
Here it is for versions with 16 bytes length hex code of items:

#pragma pack(push, 1)

struct ItemInfo
{
    /* 00 */BYTE id;            // ok
    union
    {
        struct
        {
            BYTE bAdd    : 2;
            BYTE bLuck    : 1;
            BYTE bLevel    : 4;
            BYTE bSkill    : 1;
        };
    /* 01 */    BYTE OptionData;    // ok
    };

    /* 02 */BYTE Durrability;    // ok
    /* 03 */DWORD Serial;        // ok

    union
    {
        struct
        {
            BYTE bAddE        : 1;
            BYTE bExeOp1    : 1;
            BYTE bExeOp2    : 1;
            BYTE bExeOp3    : 1;
            BYTE bExeOp4    : 1;
            BYTE bExeOp5    : 1;
            BYTE bExeOp6    : 1;
        };
        /* 07 */BYTE ExeOp;        // ok
    };

    /* 08 */BYTE AncientOp;

    union
    {
        struct
        {
            BYTE bOp380    : 4;
            BYTE bType    : 4;
        };
    /* 09 */BYTE type;            // ok
    };

    union
    {
        struct
        {
            BYTE bOpId        : 4;
            BYTE bOpType    : 4;
        };
    /* 10 */BYTE JoHOp;            // ok
    };

    /* 11 */BYTE SocketOp1;        // ok
    /* 12 */BYTE SocketOp2;        // ok
    /* 13 */BYTE SocketOp3;        // ok
    /* 14 */BYTE SocketOp4;        // ok
    /* 15 */BYTE SocketOp5;        // ok
};

#pragma pack(pop)

I never worked on 0.97d but if you tell me the DB version I may take a look today and post the struct.

EDIT: in your code you lack parenthesis and "AND" operation is applied on 4, the correct code would be "(22 >> 4) & 0x0F".

 

[Phant0m]

Re: MuOnline Packet Sniffer & Analizer

but if you get the source... you can add the packet editor feature xD

Most kids don't have the required knowledge to program, so the release of this source, as is, is not a threat to any game server. It's sole purpose is to help further develop the game.

 

[Razzor]

Re: MuOnline Packet Sniffer & Analizer

Someone can help me how to read this right site packet?

C4000B-F310-01- ##### 00 20 00 12 00 Small Axe +0 No skill,No Lack,No Op No Exe

Ok I Found it

 

[GM-Andromeda]

Re: MuOnline Packet Sniffer & Analizer

but if you get the source... you can add the packet editor feature xD

you cant, he said u can only "read" messages, not modify them.

i bet he is using some library like tcpdump to sniff all traffic, then filter all that data by ip/port and then getting ip src/dest mac info and layer 7 (data) and then show that info.

so, if this is the case (of course, no need to hook any dll, any function), you can only "watch" what u receive and send. if you want to send data, the easy way would be to hook WSASend or any other win32 api using the current socket. Otherwise, u will need to use Scapy or any other alternative to inject packets directly to the tcp stack. just kid stuff...

at least that's what i used to do.

 

[Razzor]

Re: MuOnline Packet Sniffer & Analizer

You are in wrong forum, this is development section not how to cheat. I dont write anywhere that is for only reversing login packet lol. This sniffer is for learn how all packet are build, how looks communication between server<-> client, to try in future write basic server

 

[GM-Andromeda]

Re: MuOnline Packet Sniffer & Analizer

this was a simple sniffer i coded a while ago, used to dump messages for another game, but it is the same idea.

for each message (or packet, whatever), u can create a class, and inherit a method from an interface, absrtact class etc, called, lets say, "AsText()" o just "Print()"

so for each message, you would see, the entire byte string and a description, like positions, ids, etc

for example

if u click one message, a description will appear in the grey textbox, showing the hex string and all the fields used in that message, like positions, names, ids, etc. I think that's the best way to do it, so u can see the actual flow, very quickly and if u want details, just "click" the message

pd: dont feed the trolls, they will eat you.

PD2: i think u already did what i've just said hahaha, one single message in listbox and then details in textbox. next time i'll spend more time reading instead of writing.

 

[[RCZ]ShadowKing]

Re: MuOnline Packet Sniffer & Analizer

Please stop posting things that don't contribute to this development!

 

[Zitinho]

Re: MuOnline Packet Sniffer & Analizer

Good job. Keep doing it.

 

[HahnTMPR]

Re: MuOnline Packet Sniffer & Analizer

It looks interesting, hopefully you can get to release

 

[karipidis]

Re: MuOnline Packet Sniffer & Analizer

looks good.. what happens if the packets are encrypted? client/server sided

 

[mircosn]

Re: MuOnline Packet Sniffer & Analizer

You can post here this programm?

 

[xavi321]

Re: MuOnline Packet Sniffer & Analizer

Hello.

I need your help to detect some packages that I capture, I am developing and I need to show the items in the list of characters and I have these packages:


C1 8F F3 00 04 00 04 00 42 6C 6F 6F 64 00 00 00 ........Blood...
00 00 00 90 01 20 30 16 16 DD DD DF 1B 6D B6 FB ..... 0......m..
00 00 04 00 00 00 00 00 20 01 61 73 64 73 61 64 ........ .asdsad
61 73 64 00 00 90 01 00 30 FF FF FF FF FF 00 00 asd.....0.......
00 F8 00 00 F0 FF FF FF 00 00 FF 02 42 6C 6F 6F ............Bloo
64 63 69 74 6F 00 00 0F 00 00 80 01 00 FF FF FF dcito...........
00 00 00 F8 00 00 00 CF FF FF 00 00 FF 03 42 6C ..............Bl
6F 6F 64 53 4D 00 00 00 00 90 01 00 10 FF FF FF oodSM...........
FF FF 00 00 00 F8 00 00 F0 FF FF FF 00 00 FF ...............

Can detect that the next packet belongs to the first character:

16 16 DD DD DF 1B 6D B6 FB 00 00 04 00 00 00 00 00

The items that the character has in the inventory are:
2 Bone Blade +13
Set Dragon Knight +13
Wings of Dragon +13
Red Fenrir

I need you to help me maybe with the logic of how to build that structure. Sorry for my bad english, I used the translator.

 

[Razzor]

Re: MuOnline Packet Sniffer & Analizer

You going to have fun with big byte field

#define CHAR_SET_SIZE 18

#define CS_CLASS 0
#define CS_WEAPON1_TYPE 1
#define CS_WEAPON2_TYPE 2
#define CS_WEAPON1_DATA 12
#define CS_WEAPON2_DATA 13
#define CS_HELMET1 13
#define CS_HELMET2 9
#define CS_HELMET3 3
#define CS_ARMOR1 14
#define CS_ARMOR2 9
#define CS_ARMOR3 3
#define CS_PANTS1 14
#define CS_PANTS2 9
#define CS_PANTS3 4
#define CS_GLOVES1 15
#define CS_GLOVES2 9
#define CS_GLOVES3 4
#define CS_BOOTS1 15
#define CS_BOOTS2 9
#define CS_BOOTS3 5


#define CHECK_LIMIT(value, limit) ( ((value)<0)?false(value)>((limit)-1))?false:true )
#define CHECK_LIMIT2(value, base, limit) ( ((value)<base)?false(value)>((limit)-1))?false:true )
#define CHECK_CLASS(value, type) ( ((value)!=(type))?FALSE:TRUE )

#define CS_GET_CLASS(x) ( (((x)>>4)<<5)&(0xE0) )
#define CS_GET_CHANGEUP(x) ( ((x)&0x07) )
#define CS_GET_MASTERCLASS(x) ( (((x)>>1)<<3)&(0x08) )
#define CS_SET_CLASS(x) ( ((x)<<5)& 0xE0 )
#define CS_SET_CHANGEUP(x) ( ((x) << 4) & 0x10 )
#define CS_SET_CHANGEUP2(x) ( ((x) << 3) & 0x08 )

#define CS_SET_HELMET1(x) ( ((x) & 0x1E0) >> 5 )
#define CS_SET_HELMET2(x) ( ((x) & 0x10 ) << 3 )
#define CS_SET_HELMET3(x) ( ((x) & 0x0F ) << 4 )

#define CS_SET_ARMOR1(x) ( ((x) & 0x1E0) >> 1 )
#define CS_SET_ARMOR2(x) ( ((x) & 0x10 ) << 2 )
#define CS_SET_ARMOR3(x) ( ((x) & 0x0F ) )

#define CS_SET_PANTS1(x) ( ((x) & 0x1E0) >> 5 )
#define CS_SET_PANTS2(x) ( ((x) & 0x10 ) << 1 )
#define CS_SET_PANTS3(x) ( ((x) & 0x0F ) << 4 )

#define CS_SET_GLOVES1(x) ( ((x) & 0x1E0) >> 1 )
#define CS_SET_GLOVES2(x) ( ((x) & 0x10 ) )
#define CS_SET_GLOVES3(x) ( ((x) & 0x0F ) )

#define CS_SET_BOOTS1(x) ( ((x) & 0x1E0) >> 5 )
#define CS_SET_BOOTS2(x) ( ((x) & 0x10 ) >> 1 )
#define CS_SET_BOOTS3(x) ( ((x) & 0x0F ) << 4 )

#define CS_SET_WING1(x) ( ((x) & 0x03 ) << 2 )
#define CS_SET_HELPER(x) ( ((x) & 0x03 ) )

#define CS_SET_SMALLLEVEL_RH(x) ( (x) )
#define CS_SET_SMALLLEVEL_LH(x) ( (x) << 3 )
#define CS_SET_SMALLLEVEL_HELMET(x) ( (x) << 6 )
#define CS_SET_SMALLLEVEL_ARMOR(x) ( (x) << 9 )
#define CS_SET_SMALLLEVEL_PANTS(x) ( (x) << 12 )
#define CS_SET_SMALLLEVEL_GLOVES(x) ( (x) << 15 )
#define CS_SET_SMALLLEVEL_BOOTS(x) ( (x) << 18 )

#define CS_SET_SMALLLEVEL1(x) ( ((x) >> 16) & 0xFF )
#define CS_SET_SMALLLEVEL2(x) ( ((x) >> 8 ) & 0xFF )
#define CS_SET_SMALLLEVEL3(x) ((x) & 0xFF )