Openkore.com

OpenKore Forums
It is currently 22 Oct 2018, 18:31

All times are UTC - 5 hours [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 38 posts ]  Go to page Previous  1, 2, 3, 4  Next
Author Message
 Post subject: Re: a few questions for Fr3DBr & kLabMouse
PostPosted: 20 Jan 2012, 10:36 
Offline
Developers
Developers

Joined: 05 Dec 2008, 05:42
Posts: 1811
kLabMouse wrote:
Deprecated packets cause DC

Such updates do happen on their own as well, even without any client updates.


Top
 Profile  
 
 Post subject: Re: a few questions for Fr3DBr & kLabMouse
PostPosted: 20 Jan 2012, 10:45 
Offline
Administrator
Administrator
User avatar

Joined: 24 Apr 2008, 12:02
Posts: 1301
EternalHarvest wrote:
kLabMouse wrote:
Deprecated packets cause DC

Such updates do happen on their own as well, even without any client updates.

It's because of The Server nature. Looks like from the last time, they started to add handlers for old and new packets.
Old Packets Mark user as "Bot". so they can ban him without any visual Reason.

bRO at this point is more aggressive! They just kick and ban!

_________________
Join our Team. Click here.
Image


Image


Top
 Profile  
 
 Post subject: Re: a few questions for Fr3DBr & kLabMouse
PostPosted: 20 Jan 2012, 11:15 
Offline
Developers
Developers

Joined: 05 Oct 2011, 09:21
Posts: 60
Location: Brazil
Yeah and they guarantee no possible old versions of client gonna work, by changing the encryption keys every update.

So if something, uses a 'deprecated' packet, it is detected.


Top
 Profile  
 
 Post subject: Re: a few questions for Fr3DBr & kLabMouse
PostPosted: 20 Jan 2012, 11:18 
Offline
Super Moderators
Super Moderators
User avatar

Joined: 06 May 2008, 12:47
Posts: 801
kLabMouse wrote:
OK. Well this was something like this:
1) Client.exe -> Dump memory
2) Locate Networking Functions
3) Locate Encryption
4) Reverse it, see where it innit's and how it works
5) Make a little .asm file that output's key's to check against perl implementation that FR3DbR made
6) Fail again Because of Numeric Int overload
7) Make a solution using BigInt
8) Fail Again because of Deprecated packets and Packet ID randomizations
9) Diff RecvPackets to get the Randomization, Like I did back in old times, when I was working with our old Developer: heero.
10) Bingo, now it's more stable
11) Find out, that Deprecated packets cause DC and possible Ban. Damn
12) FR3DbR Implements new functions and changed packet ID's. Good to go, wait for next version
13) Make some HEX patterns to locate functions more easy.
14) On new .exe -> Goto Step (1), Repeat only necessary steps.

Cool, tbh, I've always wanted to learn how to do such things but never really knew where to start.
Implementation itself is no problem, the hard part is finding out what the client does, so you can mimic it.
If only some kind of indepth walktrough explained this process (as an example) with every step in detail, used tools, rationale etc...
That would be awesome because it would provide some kind of "entry point" into the world of cracking the RO client's network handling.

_________________
One ST0 to rule them all? One PE viewer to find them!
One ST_kRO to bring them all and in the darkness bind them...

Mount Doom awaits us, fellowship of OpenKore!


Top
 Profile  
 
 Post subject: Re: a few questions for Fr3DBr & kLabMouse
PostPosted: 20 Jan 2012, 11:22 
Offline
Administrator
Administrator
User avatar

Joined: 24 Apr 2008, 12:02
Posts: 1301
Technology wrote:
Cool, tbh, I've always wanted to learn how to do such things but never really knew where to start.
Implementation itself is no problem, the hard part is finding out what the client does, so you can mimic it.
If only some kind of indepth walktrough explained this process (as an example) with every step explained in used tools etc...
That would be awesome because it would provide some kind of "entry point" into the world of cracking the RO client's network handling.

Oh. IC. Well I did this long time ago. Remember? thus Packets that we tried to gather their internal structures?
And used tools are simple: IDA + PE Editor (to just Dump the process) + MS Network Monitor

_________________
Join our Team. Click here.
Image


Image


Top
 Profile  
 
 Post subject: Re: a few questions for Fr3DBr & kLabMouse
PostPosted: 20 Jan 2012, 11:22 
Offline
Super Moderators
Super Moderators
User avatar

Joined: 06 May 2008, 12:47
Posts: 801
Fr3DBr wrote:
Yeah and they guarantee no possible old versions of client gonna work, by changing the encryption keys every update.

So if something, uses a 'deprecated' packet, it is detected.

Maybe a program can be made that extracts the encryption keys?
And also a plugin for kore that detects that there is a new client available? (warning kore that it is unsafe to log in)

_________________
One ST0 to rule them all? One PE viewer to find them!
One ST_kRO to bring them all and in the darkness bind them...

Mount Doom awaits us, fellowship of OpenKore!


Top
 Profile  
 
 Post subject: Re: a few questions for Fr3DBr & kLabMouse
PostPosted: 20 Jan 2012, 11:24 
Offline
Super Moderators
Super Moderators
User avatar

Joined: 06 May 2008, 12:47
Posts: 801
kLabMouse wrote:
Technology wrote:
Cool, tbh, I've always wanted to learn how to do such things but never really knew where to start.
Implementation itself is no problem, the hard part is finding out what the client does, so you can mimic it.
If only some kind of indepth walktrough explained this process (as an example) with every step explained in used tools etc...
That would be awesome because it would provide some kind of "entry point" into the world of cracking the RO client's network handling.

Oh. IC. Well I did this long time ago. Remember? thus Packets that we tried to gather their internal structures?
And used tools are simple: IDA + PE Editor (to just Dump the process) + MS Network Monitor

Hmm, yes I remember you were doing that.
However, I've never used any RE technique, was just reading the eA code and using wireshark when trying to understand a packet's structure.

_________________
One ST0 to rule them all? One PE viewer to find them!
One ST_kRO to bring them all and in the darkness bind them...

Mount Doom awaits us, fellowship of OpenKore!


Top
 Profile  
 
 Post subject: Re: a few questions for Fr3DBr & kLabMouse
PostPosted: 20 Jan 2012, 11:55 
Offline
Developers
Developers

Joined: 05 Oct 2011, 09:21
Posts: 60
Location: Brazil
Technology wrote:
Fr3DBr wrote:
Yeah and they guarantee no possible old versions of client gonna work, by changing the encryption keys every update.

So if something, uses a 'deprecated' packet, it is detected.

Maybe a program can be made that extracts the encryption keys?
And also a plugin for kore that detects that there is a new client available? (warning kore that it is unsafe to log in)


This is not too hard =P, but i do work like kLab, so my time is the main problem :D.

I know i am not doing 1% of all what you did here, but i try to do what i can in my spare time =).


Top
 Profile  
 
 Post subject: Re: a few questions for Fr3DBr & kLabMouse
PostPosted: 20 Jan 2012, 12:00 
Offline
Super Moderators
Super Moderators
User avatar

Joined: 06 May 2008, 12:47
Posts: 801
Fr3DBr wrote:
Technology wrote:
Fr3DBr wrote:
Yeah and they guarantee no possible old versions of client gonna work, by changing the encryption keys every update.

So if something, uses a 'deprecated' packet, it is detected.

Maybe a program can be made that extracts the encryption keys?
And also a plugin for kore that detects that there is a new client available? (warning kore that it is unsafe to log in)


This is not too hard =P, but i do work like kLab, so my time is the main problem :D.

I know i am not doing 1% of all what you did here, but i try to do what i can in my spare time =).

Hey, every contribution kore can get is awesome.
Btw, I haven't done much around here as of lately, guess what, same problem.

I think that if anything were to draw my attention back to kore during the little free time i enjoy, it would be the challenge of learning how to do RE.

_________________
One ST0 to rule them all? One PE viewer to find them!
One ST_kRO to bring them all and in the darkness bind them...

Mount Doom awaits us, fellowship of OpenKore!


Top
 Profile  
 
 Post subject: Re: a few questions for Fr3DBr & kLabMouse
PostPosted: 20 Jan 2012, 12:03 
Offline
Developers
Developers

Joined: 05 Oct 2011, 09:21
Posts: 60
Location: Brazil
By today in the afternoon or evening, i must have one more update/protect attempt of bRO solved :P.


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 38 posts ]  Go to page Previous  1, 2, 3, 4  Next

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group