Mhm I used Ghidra for a month before. I tried hooking to win recv and send. I researched on some of the dlls they are using but not much luck. I tried decompiling the code but there was not much to see like ghidra failed to decompile it or something (the .exe could be packed or w.e I'm not sure). Tried using x64dbg but no luck because of the anti-debug (XIGNCODE with Themida). I know a handful of programming languages so that's not an issue as I already have a base.Would need more info about the game?
Most tools that i use are:
1. Ida pro
2. Ghdra
3. Search win sock (recv for decrypting) (send for encrypting)
4. decomplie the code find the functions and addresses
5. using a debugger to trace and walk through the code to match what its doing
6. write it to the programming language you use (proxy)
Answer your question you can't look at the packets to decrypt them (maybe XOR). But your gonna need to learn asm and whatever programming language you know.
Hooking send/recv is honestly a pain. I had tons of issues when I tried this myself.
Try writing a TCP forwarder. That way you act as a proxy between the real server and you can dump/handle any incoming/outgoing data.
It's a much cleaner approach and it works beautifully.
For encryption, it really depends on how it's done. Sometimes clients derive their key from a public key that servers send at some point.
Take a look at my projectYou must be registered to see links. This might help!
What I know about the encryption being used is that they are using RSA and RC4. Is it possible to decrypt them by only looking at TCP packets?