Help with login packets

[darkgeneral]

Hi, I'm trying to bot in one server that have a shield for openkore.
The problem is that the server has one custom packet login.
I think openkore use:

Code: Select all

64 00 18 00 00 00 6e 69 6b 65 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 37
38 39 31 30 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 16  

The server use:

Code: Select all

69 00 4F 00 0F 61 88 46  E9 D3 1E 00 3C 1A 09 7E
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 48   
2C 5B 51 E9 17 54 72 61  6B 69 6E 61 73 00 00 00   
00 00 00 00 00 00 00 00  00 B7 00 00 00 00 00

How can I change the packets? I think I have to modify ServerType0.pm in src\Netw\Send but I don't know how to modify this file. Can someone explain me please?
Thanks

[Technology]

The first packet is the masterLogin packet (sent by you) contains your login data in raw format.

The second packet seems to be the account_server_info packet (sent by server), but could have been forged.
Post enough info, or your post will be ignored.

(btw, i suggest you use false login info, and provide the false info that you used here aswell)

[darkgeneral]

What more info do u need?
I think the just changed the packet login, and put some trash in the end. Am I right?
If I connect with byte 64, I just get ban.
The hexed have anti wpe\rpe.
Thanks for your help

[Technology]

Info like this can be usefull:
- wich server you play on
- sent packets by the client and info that you have put in (like the fake username & password) (during login phase)

The more relevant info the better ofcourse.
Btw, you don't need wpe to record the packets,
you can use wireshark (see guide to find server information)

[darkgeneral]

The server that I play is TrakinasRO,
Login: mimis2
Pass:231191ba

Server Information:

Code: Select all

[Trakinas RO]
ip 72.44.91.81
port 6900
master_version 22
version 24
private 1
serverType 8_4
charBlockSize 108  
recvpackets recvpackets_trakinasro.txt

Download Patch: http://download.trakinasro.com/TrakinasRO.exe

To record the packet I just used smsniff , cause wireshark didn't find my modem driver, is one USB Modem.
Before one big maintance in the server, I was using a custom ServerType0.pm file (download: http://w13.easy-share.com/1701590702.html )
When I was using this the packets to connect was:

Code: Select all

e7 03 18 00 00 00 6e 69 6b 65 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 37
38 39 31 30 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 16 31 38 39 2e 35 32 2e 32 31
36 2e 35 33 00 fb 12 31 31 31 31 31 31 31 31 31
31 31 31 00 00

Every maintance of the server they change the login packets, so I want to know to modify ServerType0.pm , I saw so much servers that are using custom packets to login, so I want to help others people that don't know how to modify, I didn't find any guide about this, so I'm trying to know how can I change this.
Thanks

[Technology]

Is your server using aegis or eathena?

Before you are able to write your own masterLogin packet, you must be able to read one.
So, here is how to get data from your masterLogin packet easily
1) google for: hex to string and go to the first entry
2) paste in your masterLogin packet and press convert
3) you can now easily see wich parts represent string data
4) the other data could be version, master version, ...
5) when you determined variable from constant data, you should already be able to forge your own masterLogin packet
(as you can see, both username & password data have a maximal reserved lenght of 24 characters and are a null padded string, so in perl's pack function we use a24) For more information, check this out

To get you started try these in the hex to string:
e703
18000000
6e696b650000000000000000000000000000000000000000
303738393130000000000000000000000000000000000000
16
3138392e35322e3231362e3533
00fb123131313131313131313131310000
(might need some further splitting)

[darkgeneral]

The server uses a very customize eAthena
I tried to do what u say and get this:
e703 -> ç (login packets)
18000000 -> (I don't know what is this)
6e696b650000000000000000000000000000000000000000 -> nike (is the username?)
303738393130000000000000000000000000000000000000 -> 078910 (the password?)
16 -> (master version?)
3138392e35322e3231362e3533 -> 189.52.216.53
00fb123131313131313131313131310000 -> û111111111111? (I think its just some trash to confuse)

I saw that can't put spaces there.
When I put:

Code: Select all

69 00 4F 00 0F 61 88 46  E9 D3 1E 00 3C 1A 09 7E
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   
00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 48   
2C 5B 51 E9 17 54 72 61  6B 69 6E 61 73 00 00 00   
00 00 00 00 00 00 00 00  00 B7 00 00 00 00 00

I got

Code: Select all

 iOaˆFéÓ<	~H,[QéTrakinas·

How can I get the packet that I need to get the server information?
Thanks

[Mushroom]

Isn't it the same way DarkRO uses?
If so, you can add in your tables/servers.txt

Code: Select all

masterLogin_packet 0xE7

Don't know if it work, try it out.

[Technology]

Isn't it the same way DarkRO uses?
If so, you can add in your tables/servers.txt

Code: Select all

masterLogin_packet 0xE7

Don't know if it work, try it out.

There is more to it than just the packetswitch (masterLogin_packet parameter) Mushroom.
For instance, this loginpacket has an IP in it. Currently there is no login packet like that supported by kore.
I believe that the packet is build up like this:

e703 -> packet switch
18000000 -> version
6e696b650000000000000000000000000000000000000000 -> nike : username (not encrypted)
303738393130000000000000000000000000000000000000 -> 078910 : password (not encrypted)
16 -> master version
3138392e35322e3231362e3533 -> 189.52.216.53 : (local?) ip adress
00fb123131313131313131313131310000 -> I have no idea what this is actually, it could be either constant or dependant on other data.


On a sidenote:
The question remains, what is this "version" and "masterversion" exactly?
I remember someone asking this before, and in fact its important to know.
I believe that this is knowledge that has gone to waste because of a lack of documentation on the subject.
That is why we need more information/documentation on the following subjects (1-3):

1) What is masterversion and serverversion?
I've recently read this article, it discusses 2 types of login packets: http://doc.siriuswhite.de/index.php/Login

Version: Using the version flag of the clientinfo.xml

= (what we call) server version?

Region : Determinated by the combination of ServerType (Technology: "not ServerType as we know it") and ServiceType

= (what we call) master version?

2) How other bots handle this information
Hmm, seems like messykore handled: version, servertype and servicetype, this needs investigation.

#<AfterEpisode> - For next episode6; 5 = primary, 6 = sakray
# <version> - Server version; 24 = primary, 5 = sakray
# <servertype> - 0 = primary, 1 = sakray, 2 = local
# <servicetype> - 0 = korea, 1 = america, 2 = japan, 3 = china, 4 = taiwan, 5 = thai, 6 = indonesia, 7 = philippine, 8 = malaysia

3) How sclientinfo is built up, and how the client uses it
How the sclientinfo.xml is build up
How the sclientinfo.xml is build up (french, but contains info that isn't covered on the wiki)
Some clients don't use an sclientinfo.xml, the data is hardcoded in the client.
It should be possible to find out how the login packet is built up directly from dissasembly of the client.

What do we need to do?
I think that by documenting all this information out from our point of view (botting),
we will gain a better unsterstanding of how login packets are built up in general and preserve this information for the future.
Also we should get a better understanding how the sclientinfo.xml actually affects the client.


Some info about the newest login packet:

------------------------------------------------
// [Packet](11)_Enforce_Login_Packet_0x2b0
------------------------------------------------
- Makes the client connect using the 0x2b0 login packet, which includes MAC address and encrypts
the password (eAthena doesn't support that encryption, so I suggest you to use the patch to disable
it), for all langtypes. It's used by default only on langtype 0.

------------------------------------------------
// [Packet](11)_Disable_Login_Packet_0x2b0
------------------------------------------------
- Makes the client not use the login packet 0x2b0 (I think it'll use the 0x64 one instead) on any
langtypes (mainly it'll disable that packet on langtype 0, where it's used by default).

[sli]

Sweet! Free login details!