a few questions for Fr3DBr & kLabMouse

Forum closed. All further discussion to be discussed at https://github.com/OpenKore/

Moderator: Moderators

Message
Author
EternalHarvest
Developers
Developers
Posts: 1798
Joined: 05 Dec 2008, 05:42
Noob?: Yes

Re: a few questions for Fr3DBr & kLabMouse

#11 Post by EternalHarvest »

kLabMouse wrote:Deprecated packets cause DC
Such updates do happen on their own as well, even without any client updates.

User avatar
kLabMouse
Administrator
Administrator
Posts: 1301
Joined: 24 Apr 2008, 12:02

Re: a few questions for Fr3DBr & kLabMouse

#12 Post by kLabMouse »

EternalHarvest wrote:
kLabMouse wrote:Deprecated packets cause DC
Such updates do happen on their own as well, even without any client updates.
It's because of The Server nature. Looks like from the last time, they started to add handlers for old and new packets.
Old Packets Mark user as "Bot". so they can ban him without any visual Reason.

bRO at this point is more aggressive! They just kick and ban!

Fr3DBr
Developers
Developers
Posts: 60
Joined: 05 Oct 2011, 09:21
Noob?: No
Location: Brazil

Re: a few questions for Fr3DBr & kLabMouse

#13 Post by Fr3DBr »

Yeah and they guarantee no possible old versions of client gonna work, by changing the encryption keys every update.

So if something, uses a 'deprecated' packet, it is detected.

Technology
Super Moderators
Super Moderators
Posts: 801
Joined: 06 May 2008, 12:47
Noob?: No

Re: a few questions for Fr3DBr & kLabMouse

#14 Post by Technology »

kLabMouse wrote:OK. Well this was something like this:
1) Client.exe -> Dump memory
2) Locate Networking Functions
3) Locate Encryption
4) Reverse it, see where it innit's and how it works
5) Make a little .asm file that output's key's to check against perl implementation that FR3DbR made
6) Fail again Because of Numeric Int overload
7) Make a solution using BigInt
8) Fail Again because of Deprecated packets and Packet ID randomizations
9) Diff RecvPackets to get the Randomization, Like I did back in old times, when I was working with our old Developer: heero.
10) Bingo, now it's more stable
11) Find out, that Deprecated packets cause DC and possible Ban. Damn
12) FR3DbR Implements new functions and changed packet ID's. Good to go, wait for next version
13) Make some HEX patterns to locate functions more easy.
14) On new .exe -> Goto Step (1), Repeat only necessary steps.
Cool, tbh, I've always wanted to learn how to do such things but never really knew where to start.
Implementation itself is no problem, the hard part is finding out what the client does, so you can mimic it.
If only some kind of indepth walktrough explained this process (as an example) with every step in detail, used tools, rationale etc...
That would be awesome because it would provide some kind of "entry point" into the world of cracking the RO client's network handling.
One ST0 to rule them all? One PE viewer to find them!
One ST_kRO to bring them all and in the darkness bind them...

Mount Doom awaits us, fellowship of OpenKore!

User avatar
kLabMouse
Administrator
Administrator
Posts: 1301
Joined: 24 Apr 2008, 12:02

Re: a few questions for Fr3DBr & kLabMouse

#15 Post by kLabMouse »

Technology wrote: Cool, tbh, I've always wanted to learn how to do such things but never really knew where to start.
Implementation itself is no problem, the hard part is finding out what the client does, so you can mimic it.
If only some kind of indepth walktrough explained this process (as an example) with every step explained in used tools etc...
That would be awesome because it would provide some kind of "entry point" into the world of cracking the RO client's network handling.
Oh. IC. Well I did this long time ago. Remember? thus Packets that we tried to gather their internal structures?
And used tools are simple: IDA + PE Editor (to just Dump the process) + MS Network Monitor

Technology
Super Moderators
Super Moderators
Posts: 801
Joined: 06 May 2008, 12:47
Noob?: No

Re: a few questions for Fr3DBr & kLabMouse

#16 Post by Technology »

Fr3DBr wrote:Yeah and they guarantee no possible old versions of client gonna work, by changing the encryption keys every update.

So if something, uses a 'deprecated' packet, it is detected.
Maybe a program can be made that extracts the encryption keys?
And also a plugin for kore that detects that there is a new client available? (warning kore that it is unsafe to log in)
One ST0 to rule them all? One PE viewer to find them!
One ST_kRO to bring them all and in the darkness bind them...

Mount Doom awaits us, fellowship of OpenKore!

Technology
Super Moderators
Super Moderators
Posts: 801
Joined: 06 May 2008, 12:47
Noob?: No

Re: a few questions for Fr3DBr & kLabMouse

#17 Post by Technology »

kLabMouse wrote:
Technology wrote: Cool, tbh, I've always wanted to learn how to do such things but never really knew where to start.
Implementation itself is no problem, the hard part is finding out what the client does, so you can mimic it.
If only some kind of indepth walktrough explained this process (as an example) with every step explained in used tools etc...
That would be awesome because it would provide some kind of "entry point" into the world of cracking the RO client's network handling.
Oh. IC. Well I did this long time ago. Remember? thus Packets that we tried to gather their internal structures?
And used tools are simple: IDA + PE Editor (to just Dump the process) + MS Network Monitor
Hmm, yes I remember you were doing that.
However, I've never used any RE technique, was just reading the eA code and using wireshark when trying to understand a packet's structure.
One ST0 to rule them all? One PE viewer to find them!
One ST_kRO to bring them all and in the darkness bind them...

Mount Doom awaits us, fellowship of OpenKore!

Fr3DBr
Developers
Developers
Posts: 60
Joined: 05 Oct 2011, 09:21
Noob?: No
Location: Brazil

Re: a few questions for Fr3DBr & kLabMouse

#18 Post by Fr3DBr »

Technology wrote:
Fr3DBr wrote:Yeah and they guarantee no possible old versions of client gonna work, by changing the encryption keys every update.

So if something, uses a 'deprecated' packet, it is detected.
Maybe a program can be made that extracts the encryption keys?
And also a plugin for kore that detects that there is a new client available? (warning kore that it is unsafe to log in)
This is not too hard =P, but i do work like kLab, so my time is the main problem :D.

I know i am not doing 1% of all what you did here, but i try to do what i can in my spare time =).

Technology
Super Moderators
Super Moderators
Posts: 801
Joined: 06 May 2008, 12:47
Noob?: No

Re: a few questions for Fr3DBr & kLabMouse

#19 Post by Technology »

Fr3DBr wrote:
Technology wrote:
Fr3DBr wrote:Yeah and they guarantee no possible old versions of client gonna work, by changing the encryption keys every update.

So if something, uses a 'deprecated' packet, it is detected.
Maybe a program can be made that extracts the encryption keys?
And also a plugin for kore that detects that there is a new client available? (warning kore that it is unsafe to log in)
This is not too hard =P, but i do work like kLab, so my time is the main problem :D.

I know i am not doing 1% of all what you did here, but i try to do what i can in my spare time =).
Hey, every contribution kore can get is awesome.
Btw, I haven't done much around here as of lately, guess what, same problem.

I think that if anything were to draw my attention back to kore during the little free time i enjoy, it would be the challenge of learning how to do RE.
One ST0 to rule them all? One PE viewer to find them!
One ST_kRO to bring them all and in the darkness bind them...

Mount Doom awaits us, fellowship of OpenKore!

Fr3DBr
Developers
Developers
Posts: 60
Joined: 05 Oct 2011, 09:21
Noob?: No
Location: Brazil

Re: a few questions for Fr3DBr & kLabMouse

#20 Post by Fr3DBr »

By today in the afternoon or evening, i must have one more update/protect attempt of bRO solved :P.

Locked