Openkore.com

OpenKore Forums
It is currently 20 Apr 2018, 10:39

All times are UTC - 5 hours [ DST ]





Post new topic Reply to topic  [ 14 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: Determining Version Without Wireshark or GRFTools
PostPosted: 26 Jun 2011, 08:46 
Offline
Plain Yogurt
Plain Yogurt
User avatar

Joined: 11 Jun 2011, 01:47
Posts: 68
I've come across a few servers that won't work with Wireshark and trying Grftools clientinfo.xml as a backup won't work either.
By guessing common versions, and master versions, I've had some of them work(though they always need recvpackets updated).
But it's annoying trying 40+ combinations blindly and never *really* knowing if you've exhausted your possibilities(obviously there are well over a thousand possible combos).
I've had the best luck with guessing version 16 and 24 with master 2,8 or 14. I think that works about 1/3 of the time.

I figure there's some third way, probably involving a hex editor. Which I'm comfortable with. I just have no idea what and where to look.

I'm not talking about custom packet encryption, either. Though the version and master version aren't in their normal locations in the login packets, everything works once I blindly discover the version numbers. I figure the answer is buried somewhere in the way JVC can make sense of the packet differences. I just have no idea how this correlates.
They also seem to have the grfs compressed with something custom(certainly nothing PEID can identify). It's just a few servers but it's irritating me because I know it's just outside the range of what I can figure out on my own <,<


Top
 Profile  
 
 Post subject: Re: Determining Version Without Wireshark or GRFTools
PostPosted: 28 Jun 2011, 03:41 
Offline
Developers
Developers

Joined: 05 Dec 2008, 05:42
Posts: 1811
VashTheStampede wrote:
I'm not talking about custom packet encryption, either. Though the version and master version aren't in their normal locations in the login packets, everything works once I blindly discover the version numbers.

Provide an example of these login packets (using random username and password)?


Top
 Profile  
 
 Post subject: Re: Determining Version Without Wireshark or GRFTools
PostPosted: 28 Jun 2011, 05:15 
Offline
Plain Yogurt
Plain Yogurt
User avatar

Joined: 11 Jun 2011, 01:47
Posts: 68
This looks like it leaves the master version, but the version is missing o_O
Bo-RO
Username: Hammer
Password: Time
Code:
00000000  04 02 c7 0a 94 c2 7a cc  38 9a 47 f5 54 39 7c a4 ......z. 8.G.T9|.
00000010  d0 39 64 00 4b 00 00 00  48 61 6d 6d 65 72 00 00 .9d.K... Hammer..
00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000030  54 69 6d 65 00 00 00 00  00 00 00 00 00 00 00 00 Time.... ........
00000040  00 00 00 00 00 00 00 00  0d

This one even has 64 00, but 4b is 75.. so not possible.


Last edited by VashTheStampede on 28 Aug 2011, 15:13, edited 1 time in total.

Top
 Profile  
 
 Post subject: Re: Determining Version Without Wireshark or GRFTools
PostPosted: 28 Aug 2011, 15:11 
Offline
Plain Yogurt
Plain Yogurt
User avatar

Joined: 11 Jun 2011, 01:47
Posts: 68
Here's another example. It's from HeavenRo.
Username:Heaven
Pass: HeavenPass
Code:
00000000  04 02 82 d1 2c 91 4f 5a  d4 8f d9 6f cf 7e f4 cc ....,.OZ ...o.~..
00000010  49 2d b0 02 14 00 00 00  48 65 61 76 65 6e 00 00 I-...... Heaven..
00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00 ........ ........
00000030  48 65 61 76 65 6e 50 61  73 73 00 00 00 00 00 00 HeavenPa ss......
00000040  00 00 00 00 00 00 00 00  02 31 39 32 2e 31 36 38 ........ .192.168
00000050  2e 30 2e 31 30 30 00 f6  14 34 30 36 31 38 36 66 .0.100.. .406186f
00000060  61 62 63 35 36 0a 00                             abc56..

I'm used to searching for 64 00 ->version
But it ain't here.


Top
 Profile  
 
 Post subject: Re: Determining Version Without Wireshark or GRFTools
PostPosted: 28 Aug 2011, 17:20 
Offline
Developers
Developers

Joined: 05 Dec 2008, 05:42
Posts: 1811
VashTheStampede wrote:
Here's another example. It's from HeavenRo.

Quote:
possible login packets may start with 64 00 or 02 B0


Top
 Profile  
 
 Post subject: Re: Determining Version Without Wireshark or GRFTools
PostPosted: 28 Aug 2011, 19:47 
Offline
Administrator
Administrator
User avatar

Joined: 24 Apr 2008, 12:02
Posts: 1299
Looks like the packet 0x2b0
Struct:
Code:
// packet: 0x2b0
// len: 85
struct PACKET_CA_LOGIN_HAN {
  /* this+0x0 */ short PacketType
  /* this+0x2 */ unsigned long Version
  /* this+0x6 */ unsigned char ID[24]
  /* this+0x1e */ unsigned char Passwd[24]
  /* this+0x36 */ unsigned char clienttype
  /* this+0x37 */ char m_szIP[16]
  /* this+0x47 */ unsigned char m_szMacAddr[13]
  /* this+0x54 */ unsigned char isHanGameUser
}


So...
Version -> 20
ClientType -> 2
isHanGameUser -> 0

_________________
Join our Team. Click here.
Image


Image


Top
 Profile  
 
 Post subject: Re: Determining Version Without Wireshark or GRFTools
PostPosted: 11 Oct 2011, 06:00 
Offline
Noob
Noob

Joined: 27 Aug 2010, 08:44
Posts: 3
hi.
I would like to know in this cases how to figure out the master version because I can find out the version after 64 00 but the master version seems to be 00 °_° not possible..

the code:
Code:
00000000  04 02 c7 0a 94 c2 7a cc  38 9a 47 f5 54 39 7c a4 ......z. 8.G.T9|.
00000010  d0 39 64 00 18 00 00 00  4a 65 66 66 53 68 61 64 .9d..... myusern
00000020  6f 77 39 30 00 1b 00 00  ca 1b 00 00 ca 1b 00 00 ame1.... ........
00000030  6d 65 74 61 6c 39 30 00  c2 1b 00 00 c2 1b 00 00 passwo. ........
00000040  c2 1b 00 00 c3 1b 00 00  0d                      ........ .


Top
 Profile  
 
 Post subject: Re: Determining Version Without Wireshark or GRFTools
PostPosted: 15 Oct 2011, 04:09 
Offline
Super Moderators
Super Moderators
User avatar

Joined: 06 May 2008, 12:47
Posts: 801
JeffShadow90 wrote:
hi.
I would like to know in this cases how to figure out the master version because I can find out the version after 64 00 but the master version seems to be 00 °_° not possible..

the code:
Code:
00000000  04 02 c7 0a 94 c2 7a cc  38 9a 47 f5 54 39 7c a4 ......z. 8.G.T9|.
00000010  d0 39 64 00 18 00 00 00  4a 65 66 66 53 68 61 64 .9d..... myusern
00000020  6f 77 39 30 00 1b 00 00  ca 1b 00 00 ca 1b 00 00 ame1.... ........
00000030  6d 65 74 61 6c 39 30 00  c2 1b 00 00 c2 1b 00 00 passwo. ........
00000040  c2 1b 00 00 c3 1b 00 00  0d                      ........ .


Just like OP's problem, the chunk you posted contains 2 packets:
0x204:
Code:
04 02 c7 0a 94 c2 7a cc 38 9a 47 f5 54 39 7c a4 d0 39

0x64:
Code:
64 00 18 00 00 00  4a 65 66 66 53 68 61 64 6f 77 39 30 00 1b 00 00  ca 1b 00 00 ca 1b 00 00 6d 65 74 61 6c 39 30 00  c2 1b 00 00 c2 1b 00 00 c2 1b 00 00 c3 1b 00 00  0d

_________________
One ST0 to rule them all? One PE viewer to find them!
One ST_kRO to bring them all and in the darkness bind them...

Mount Doom awaits us, fellowship of OpenKore!


Top
 Profile  
 
 Post subject: Re: Determining Version Without Wireshark or GRFTools
PostPosted: 02 Jan 2012, 02:00 
Offline
Plain Yogurt
Plain Yogurt
User avatar

Joined: 11 Jun 2011, 01:47
Posts: 68
b0 02 I just forgot I suppose. I hadn't encountered b0 02 before recently. I admit that I didn't re-check the guide as I thought I had memorized it and it doesn't look much different than it did years ago.

Riddle me this one then
Quote:
00000000 b0 02 85 90 32 01 46 75 7a 7a 79 00 f1 bb e9 eb ....2.Fu zzy.....
00000010 b3 a6 db 3c 87 0c 3e 99 24 5e 0d 1c 06 b7 47 65 ...<..>. $^....Ge
00000020 74 42 65 6e 74 00 8b a6 1f 03 5a 7d 09 38 25 1f tBent... ..Z}.8%.
00000030 5d d4 cb fc 96 f5 01 6f 95 26 6e ce 2b 93 01 61 ]......o .&n.+..a
00000040 d7 c9 76 ee 40 78 36 fd 12 49 32 f6 9e 7d 49 dc ..v.@x6. .I2..}I.
00000050 ad 4f 14 f2 44

Now by looking at the grf, I can get it's on version 20, but I don't see hex 14 until the third byte from the end, which strikes me as a coincidental value.
The username and pass(Fuzzy:Getbent) can be read unencrypted, so I don't think it's encrypted.
I can't even wager a guess on what part the master version is either.

Looking at it for even possible ranges, master could be 20 or 22 I guess, as those are the only values low enough at the end of the packet. The problem is you don't see hex 14 until the very end, which makes me wonder what's going on here o_O


Top
 Profile  
 
 Post subject: Re: Determining Version Without Wireshark or GRFTools
PostPosted: 02 Jan 2012, 06:59 
Offline
Developers
Developers

Joined: 05 Dec 2008, 05:42
Posts: 1811
Network::Send::ServerType0 wrote:
'02B0' => ['master_login', 'V Z24 a24 C H32 H26 C', [qw(version username password_rijndael master_version ip mac isGravityID)]],

http://perldoc.perl.org/functions/pack.html

Code:
b0 02
85 90 32 01 # version
46 75 7a 7a 79 00 f1 bb e9 eb b3 a6 db 3c 87 0c 3e 99 24 5e 0d 1c 06 b7 # username
47 65 74 42 65 6e 74 00 8b a6 1f 03 5a 7d 09 38 25 1f 5d d4 cb fc 96 f5 # password_rijndael
01 # master_version
6f 95 26 6e ce 2b 93 01 61 d7 c9 76 ee 40 78 36 # ip
fd 12 49 32 f6 9e 7d 49 dc ad 4f 14 f2 # mac
44 # isGravityID

password_rijndael isn't encrypted for some reason, so should be changed to "password" in openkore's template for that server.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 14 posts ]  Go to page 1, 2  Next

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group