SRO Module Sniffer

Results 1 to 2 of 2
  1. 19-06-16 #1
    MeTaD
    Enthusiast MeTaD is offline
    MemberRank
    Jan 2012 Join Date
    Valencia, VenezLocation
    43Posts

    shout SRO Module Sniffer

    I am working with Mr. Florian0 trying to spoof packets from AgentServer to Gameserver. So far, we are able to make Gameserver start listening on a different port, so we can then bind the original port with an analyzer and redirect it to the new port.

    With it, we can tap into the communication between AgentServer and Gameserver, but this concept applies to any other module in Silkroad that receives its certification from another module (ehem, all of 'em).

    Now, there are two big issues to attend:

    1) The code is working, but messy, so, to organize it and make it easier we must refactorate it. But the "hard part" it's completed already, which was tricking the modules to bind another port

    2) The second issue it's the packet parsing which I don't know if it is either malfunctioning or the packets from AS to GS are somethimes huge and repetitives.

    It says VSRO, but it can be applied to any silkroad files
    Due the fact that it modifies cert packet A003 on the fly to change the desired ports



    https://github.com/DummkopfOfHachtenduden/ModuleFilter

    Please, your help is needed since this is a whole new approach, we don't know yet what can we accomplish with this, but based on logic, we can be able to make the Gameserver do desired work's without needing to do a lot of ASM.
    Last edited by MeTaD; 12-08-16 at 03:11 AM.
    Reply With Quote Reply With Quote
  2. Check out our sponsor
    SRO Module Sniffer
  3. 10-10-22 #2
    KimJongUn
    Enthusiast KimJongUn is offline
    MemberRank
    Oct 2021 Join Date
    42Posts
    from the client:

    Code:
    004B1AF1   .  56                            push esi
004B1AF2   .  8BE9                        mov ebp,ecx
004B1AF4   .  FF15 B801D800         call dword ptr ds:[<&KERNEL32.GetTickCount>]               ; [GetTickCount
004B1AFA   .  33F6                  xor esi,esi
004B1AFC   .  39B5 50010000         cmp dword ptr ss:[ebp+0x150],esi
004B1B02   .  8985 2C010000         mov dword ptr ss:[ebp+0x12C],eax
004B1B08   .  75 0A                       jnz short sro_clie.004B1B14
004B1B0A   .  5E                            pop esi
004B1B0B   .  B8 07800000            mov eax,0x8007
004B1BE7   .  53                            push ebx
004B1BE8   .  03CA                        add ecx,edx
004B1BEA   .  51                            push ecx
004B1BEB   .  50                            push eax
004B1BEC   .  E8 1F206900             call sro_clie.00B43C10                                     ;  <<<<<<<<<<<< JMP Patch
    Reply With Quote Reply With Quote


« Previous Thread | Next Thread »

Advertisement