Junior Spellweaver
- Joined
- Nov 30, 2013
- Messages
- 144
- Reaction score
- 14
1 Hide Hide 33 WSASend
0000 FB 21 00 42 71 C5 57 DD 3E C5 96 E5 AE 1B 59 E7 .!.Bq.W.>.....Y.
0010 91 80 55 9C A4 76 52 62 9F 15 CD 00 00 00 00 00 ..U..vRb........
0020 FE .
2 Hide Hide 44 WSASend
0000 FB 2C 00 42 71 C5 57 DD 3E C5 96 E5 AE 1B 59 E7 .,.Bq.W.>.....Y.
0010 91 80 55 9C A4 76 52 62 9F 15 CD 50 AA E8 04 40 ..U..vRb...P...@
0020 87 96 B4 42 71 C5 57 35 3D 11 8B FE ...Bq.W5=...
3 Hide Hide 35 WSASend
0000 FB 23 00 42 71 C5 57 DD 3E C5 96 E5 AE 1B 59 E7 .#.Bq.W.>.....Y.
0010 91 80 55 9C A4 76 52 62 9F 15 CD 00 00 00 00 00 ..U..vRb........
0020 00 00 FE ...
Start by checking this post: http://forum.ragezone.com/f859/star...ver-emulator-1135003-post8805306/#post8805306
Thank you this will help me a lot.[flag][len][body]
FB - flag
2C 00 - total packet len
42 71 C5 57 DD 3E C5 96 E5 AE 1B 59 E7 91 80 55 9C A4 76 52 62 9F 15 CD - static part
50 AA E8 04 40 87 96 B4 42 71 C5 57 35 3D 11 8B - 16 bytes, maybe some key for encryption
FE - tail, exists on all u examples
Post the .exe s0 we can decomplie it. Try and find the "CASE" "PACKET->OP" function.
But to craack encryption/decryption...
Decryption side:
1. Find the recv function (WSARECV) then the packet buffer
2. Break point on the buffer and trace backwards till you find where in memory the unecrypted buffer is.
3. break point on the unencrypted buffer find where it writes too.. (function with arguments) aka (call)
4. trace that function and export it to your c# language
Encryption side:
1. Find the send function (WSASEND) then the packet buffer
2. do 2-4
3. profit!!!
Since there is no Server to sniff packets your gonna have to look inside the client.exe and find what the clients want recv for a OPCODE. Then you build fake packets and data base on this.
sub_413C00 and sub_B6B247
https://ufile.io/nnbqp