Is it worth posting & explaining packet structures & encryption?

I am just thinking if it is worth posting packet structures with explanations and corresponding packet flow and crypto functions from login, gameserver and chat. Can maybe even talk about sniffing packets manually and implementing/updating within the emulator.

It seems so many want to take, but no one wants to give back. I want to give something beneficial to this community such that we can continue developing for Aion.

What do you think?

I think so, personally. But I just gave to the community because I enjoyed seeing what people could do, and giving them the chance to have some fun. You're right that a lot of people take and don't share, but that doesn't mean we need to be like them. Share if you want to because it would be appreciated by even a few learning packets and such. But ultimately it is up to you.

It would be totally cool if you were to explain how everything works.
I'd share every packet I find ,not that I know what I am talking about at this moment ,
but I want to contribute.

I did find some values by using cheat engine ,played around ,but when I looked at the opcodes
in the gameserver source ,nopes.. ,nothing to do with the packet I am looking at.

What happens,how are they encrypted ,100% confussion.

I get packet from gamesever but I understand it。
if you share that is very useful。
pls。

Quote:

---

Originally Posted by quasaralpha

It would be totally cool if you were to explain how everything works.
I'd share every packet I find ,not that I know what I am talking about at this moment ,
but I want to contribute.

I did find some values by using cheat engine ,played around ,but when I looked at the opcodes
in the gameserver source ,nopes.. ,nothing to do with the packet I am looking at.

What happens,how are they encrypted ,100% confussion.

---

what are you not sure about? which packet you try to decrypt? cheat engine just used for memory edit, not server/client packet :)

Explain what you want to do and i will help.

If more people are interested, I can explain everything.

Well,after what you just wrote ,it seems I wasn't even doing what I thought I was doing.

I did find which bytes are for HP update ,MP update and so on.
But did I ? I mean you said it's for memory editing.
But then how does one find packets ,if there is such thing?

I am trying to understand how the key is encrypting the packets ?
The packets are split into d,c,h and so on ,how does that work ?

What is the relation between all the things in this photo ,if there is relation at all?

https://imgur.com/g4H0udp

Can't help but wonder.
I am having fun with this kind of stuff ,totally not a waste of time ,
but the confusion it causes me is quite annoying.


Thank you for responding.

Quote:

---

Originally Posted by quasaralpha

Well,after what you just wrote ,it seems I wasn't even doing what I thought I was doing.

I did find which bytes are for HP update ,MP update and so on.
But did I ? I mean you said it's for memory editing.
But then how does one find packets ,if there is such thing?

I am trying to understand how the key is encrypting the packets ?
The packets are split into d,c,h and so on ,how does that work ?

What is the relation between all the things in this photo ,if there is relation at all?

https://imgur.com/g4H0udp

Can't help but wonder.
I am having fun with this kind of stuff ,totally not a waste of time ,
but the confusion it causes me is quite annoying.


Thank you for responding.

---

it tells you in the comment above, first game server packet is unencrypted, the crypt engine is enabled and the rest are encrypted. SM_KEY is for sending key to client.

it has this structure:

<packet id="0x48" name="SM_KEY">
<part name="key" type="d"/>
</packet>

SM_KEY is a server packet, not a client packet, the server send this one.
The key is XOR with the hex value and added together.
PacketSamurai gives an idea of the packets. Download and check in this.
Does this help/answer your question? :) What are you trying to achieve with HP/MP? are you wanting to sniff new packets to implement? or maybe something else, your answer is vague sorry.

0000: 39 2c b0 65 5d ce 88 6d 3a 1c 62 9,.e]..m:.b

0000: fd e9 c1 3c 08 c7 cc 62 5a de 40 82 0d 1d 87 22 ...<...bZ @...."
0010: 65 3f 3c fe df 42 d9 60 51 92 ad 2d da 7f 79 53 e?<..B.`Q..-..yS
0020: f0 86 ec cc 1e 96 33 2a 82 75 91 25 e2 9f 8c 8a ......3*.u.%....
0030: be 9d 43 51 ba 26 58 e0 2c 6a 29 5b 2f 2c 11 75 ..CQ.&X.,j)[/,.u
0040: f8 4b 26 e4 e3 c4 94 8e .K&.....

0000: fd e9 c1 3c 08 c7 cc 62 5a de 40 82 0d 1d 87 22 ...<...bZ @...."
0010: 65 3f 3c fe df 42 d9 60 51 92 ad 2d da 7f 79 53 e?<..B.`Q..-..yS
0020: f0 86 ec cc 1e 96 33 2a 82 75 91 25 e2 9f 8c 8a ......3*.u.%....
0030: be 9d 43 51 ba 26 58 e0 2c 6a 29 5b 2f 2c 11 75 ..CQ.&X.,j)[/,.u
0040: f8 4b 26 e4 e3 c4 94 8e .K&.....

0000: 05 11 b1 e4 52 53 40 4e 03 08 01 a1 3d 7f 97 ....RS@N....=..
the packet is true server packet？ I cannot decrypt it。
Can you help me ?

Quote:

---

Originally Posted by Zegita

it tells you in the comment above, first game server packet is unencrypted, the crypt engine is enabled and the rest are encrypted. SM_KEY is for sending key to client.

it has this structure:

<packet id="0x48" name="SM_KEY">
<part name="key" type="d"/>
</packet>

SM_KEY is a server packet, not a client packet, the server send this one.
The key is XOR with the hex value and added together.
PacketSamurai gives an idea of the packets. Download and check in this.
Does this help/answer your question? :) What are you trying to achieve with HP/MP? are you wanting to sniff new packets to implement? or maybe something else, your answer is vague sorry.

---

That seems a lot to take in.
But yes,I want to find new packets.I did try out PacketSamurai ,I've got the one from AionGermany,
it has various protocols ,I did install WinCap ,but when I launch P.Samurai ,the left window doesn't show any packets,absolutely nothing.One time it did show me ,but what happened how it worked,no clue. I am wondering if it's not showing me anything because I am on my own server and the packets
are not passing through the network adapter.

The moment I find out how it's done ,I will post a video of it ,so that everyone knows how to do it :D.

I wonder if I even know the basics at this point though.

nKO/WctQ0AVLbpzfBkS6NevDYT8ourG5CRlmdjyJ72aswx4EPq1UgZhFMXH?3iI9

That static XOR key,how is it added and to what is it added.

Can't wrap my head around ,why packets need to be encrypted/decrypted. Is it because the client is
doing something that requires the server to use thes function ?

Yes,many unclear things. But my goal is to make a good connection between the server and client ,
so that ,not all,but as many functions as possible are available. So ,pretty much sniffing new packets and implementing them to the server.

Cheers.

Quote:

---

Originally Posted by quasaralpha

That seems a lot to take in.
But yes,I want to find new packets.I did try out PacketSamurai ,I've got the one from AionGermany,
it has various protocols ,I did install WinCap ,but when I launch P.Samurai ,the left window doesn't show any packets,absolutely nothing.One time it did show me ,but what happened how it worked,no clue. I am wondering if it's not showing me anything because I am on my own server and the packets
are not passing through the network adapter.

The moment I find out how it's done ,I will post a video of it ,so that everyone knows how to do it :D.

I wonder if I even know the basics at this point though.

nKO/WctQ0AVLbpzfBkS6NevDYT8ourG5CRlmdjyJ72aswx4EPq1UgZhFMXH?3iI9

That static XOR key,how is it added and to what is it added.

Can't wrap my head around ,why packets need to be encrypted/decrypted. Is it because the client is
doing something that requires the server to use thes function ?

Yes,many unclear things. But my goal is to make a good connection between the server and client ,
so that ,not all,but as many functions as possible are available. So ,pretty much sniffing new packets and implementing them to the server.

Cheers.

---

to me, it looks like you are trying to sniff local server packets which is not needed. if you want to sniff new packets to implement, download KR version and sniff there. KR gets newer update before NA or EU.

i think learn from the src how it flows together, then attempt this what you want to do.

encryption is for packet security/integrity. hence why once the key is received.. all data it encrypt/decrypt back and forth.

hope this helps :)

I want to learn packet sniffing so I can have a hope of working on some emulator code that needs packets digested so I know how to code the functionality the client expects. I'm learning C++ to try and develop, but I want to work in a way that's practical. As in, looking at a game error, capturing the packet and seeing what it's doing/sending/receiving, and then poke and try to send what it needs.

I think this topic is worth diving into. Posting basic packet structures with packet ids, message ids, and any common patterns you may see. Explaining which encryption is used for which parts of the login or game server would be nice. I notice some source code having three classes for encryption, RSA, CryptEngine, and Blowfish for LoginServer.

Quote:

---

Originally Posted by Ashime

I think this topic is worth diving into. Posting basic packet structures with packet ids, message ids, and any common patterns you may see. Explaining which encryption is used for which parts of the login or game server would be nice. I notice some source code having three classes for encryption, RSA, CryptEngine, and Blowfish for LoginServer.

---

The RSA class just creates RSA keypair and encryptModulus just ciphers the RSA modulus.
CryptEngine stores instances of Blowfish class and RSA class. The Byte key is used to encrypt first packet. Inside there is also some functions to verify checksums and do an XOR pass.

Quote:

---

Originally Posted by Zegita

The RSA class just creates RSA keypair and encryptModulus just ciphers the RSA modulus.
CryptEngine stores instances of Blowfish class and RSA class. The Byte key is used to encrypt first packet. Inside there is also some functions to verify checksums and do an XOR pass.

---

Thank you for responding Zegita.

Explaining the XOR pass and the encryption for the first packet makes sense. Does any of the source code use appendChecksum method inside the CryptEngine? It's called on, but doesn't return anything since the method is set to void. There is no getters for the getting the checksum value. What exactly is used for verifying the checksum? I have the method to verify the checksum, but there is no comments on what it is. Is it custom or is something used as an industry standard?

- - - Updated - - -

On the encXorPass, can you further explain how it works? I am trying to rewrite the code into something easier to read. This function uses an offset, which I'm getting confused on. My server doesn't work the same as the original files found on here, therefore the data passed to encrypt using the encXorPass will not have any offset. The data will start at index 0 of the byte array.

Quote:

---

Originally Posted by Ashime

Thank you for responding Zegita.

Explaining the XOR pass and the encryption for the first packet makes sense. Does any of the source code use appendChecksum method inside the CryptEngine? It's called on, but doesn't return anything since the method is set to void. There is no getters for the getting the checksum value. What exactly is used for verifying the checksum? I have the method to verify the checksum, but there is no comments on what it is. Is it custom or is something used as an industry standard?

- - - Updated - - -

On the encXorPass, can you further explain how it works? I am trying to rewrite the code into something easier to read. This function uses an offset, which I'm getting confused on. My server doesn't work the same as the original files found on here, therefore the data passed to encrypt using the encXorPass will not have any offset. The data will start at index 0 of the byte array.

---

appendChecksum() you are correct, this function is void, but this is the case because the function is a mutator, not an accessor and so it doesn't return anything. It mutates the raw data passed in.

The encXORPass() doesn't "encrypt" it really just ciphers using some bit operations and jumbling of the data passed in.

verifyChecksum() take in packet data and verifies the checksum of the packet and returns a boolean, true if its verified or false if it's not verified. Hint: take a look at decrypt function to see how its used ;)

Comments regarding the code base, it's very very confusing and lots of functions are setup to simplify things but in reality it confuses people more as time goes on.

If you are building your own server core, the indexing is a design decision on your side :) As a developer, how do you want your code to work? This is a question only you the developer can answer.

Hope this helps you. Good luck :)

Quote:

---

Originally Posted by Ashime

Thank you for responding Zegita.

Explaining the XOR pass and the encryption for the first packet makes sense. Does any of the source code use appendChecksum method inside the CryptEngine? It's called on, but doesn't return anything since the method is set to void. There is no getters for the getting the checksum value. What exactly is used for verifying the checksum? I have the method to verify the checksum, but there is no comments on what it is. Is it custom or is something used as an industry standard?

- - - Updated - - -

On the encXorPass, can you further explain how it works? I am trying to rewrite the code into something easier to read. This function uses an offset, which I'm getting confused on. My server doesn't work the same as the original files found on here, therefore the data passed to encrypt using the encXorPass will not have any offset. The data will start at index 0 of the byte array.

---

Sorry, I misunderstood the last part. You will need an encryption function to start at a specific index because when encrypting packets the packet data is flipped and sent via little endian so we can specify where encryption starts and for how many blocks to encrypt.

offset is where to start, length is how many bytes to encrypt forward from the offset.

Hopefully this removes some confusion.