Openkore.com

OpenKore Forums
It is currently 22 Oct 2019, 02:20

All times are UTC - 5 hours [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 78 posts ]  Go to page 1, 2, 3, 4, 5 ... 8  Next
Author Message
 Post subject: idRO Not Working after 27-01-2010 | All Version
PostPosted: 27 Jan 2010, 09:52 
Offline
Moderators
Moderators
User avatar

Joined: 04 Apr 2008, 09:30
Posts: 235
Location: My House
Today idRO implementing new security system (what it so called Delphine Protection), and it caused the client to never can be logged in unless you have the required library (xyz.dll and xyz.cfg) , and it affect the Kore since, Kore didn't pass through the library so Kore can't connect at all and stuck in login (before send User and Password / simply acc server).

here's the corresponding Files and the pcap than been recorded :
http://www.mediafire.com/?tvydjulenh5

_________________
Image
Follow The template in Asking Question or Be Trashed


Top
 Profile  
 
 Post subject: Re: idRO Not Working after 27-01-2010 | All Version
PostPosted: 27 Jan 2010, 14:08 
Offline
Noob
Noob

Joined: 20 May 2009, 13:10
Posts: 8
@h4rry84 you miss something important.
they already started connection to the 17000 udp port just after we start ragexe.exe

for example if I block that port on the firewall, I cannot login even with the original client.


Code:
38 59 00 00 1c 14 d6 c9 5a 7b 66 43 1c 45 4a ed ae 2f 78 1a 01 00 00 00 28 00 00 00 40 83 44 67 01 00 00 00 00 00 00 00

and other try
Code:
38 59 00 00 10 4e bc 5b 0d fc dc 79 63 fd a8 b6 6e 16 de 99 01 00 00 00 28 00 00 00 85 a3 c0 5a 01 00 00 00 00 00 00 00
38 59 00 00 cd e0 bb 9e 04 d2 89 2d cd f0 0c bc 6b 84 0d 3d 01 00 00 00 28 00 00 00 c8 69 7f 4a 01 00 00 00 00 00 00 00
38 59 00 00 97 0c 72 f6 d4 42 b6 30 7c dd ff cf 9c 7e 2a ff 01 00 00 00 28 00 00 00 28 5b 59 00 01 00 00 00 00 00 00 00
38 59 00 00 f5 69 bd e0 4d 39 50 3d b3 cc fc c0 99 2c 7a 32 01 00 00 00 28 00 00 00 b3 d1 9f 02 01 00 00 00 00 00 00 00
38 59 00 00 ca 77 48 37 cc 66 97 20 a9 ae e5 b4 5b a4 40 48 01 00 00 00 28 00 00 00 dc 77 3b 63 01 00 00 00 00 00 00 00
38 59 00 00 ff 1c 35 59 56 81 b6 62 06 60 83 25 1b be 70 f9 01 00 00 00 28 00 00 00 f7 dc 94 79 01 00 00 00 00 00 00 00
38 59 00 00 ca 8d c9 ee fc b4 98 23 cb 78 29 b7 1a fe 0a c5 01 00 00 00 28 00 00 00 69 1f d3 59 01 00 00 00 00 00 00 00



Top
 Profile  
 
 Post subject: Re: idRO Not Working after 27-01-2010 | All Version
PostPosted: 27 Jan 2010, 14:52 
Offline
Noob
Noob

Joined: 20 May 2009, 13:10
Posts: 8
after analyzing your idro.pcap, there are something weird
number 8, your client send DB 01 (2byte)
and mine is (18byte + 2byte)
Code:
04 02 b0 5c 1b 4b c2 73 ed 9c 39 26 f3 51 01 e4 a2 dc db 01

they are new code, not listed in secureLogin_type yet


Top
 Profile  
 
 Post subject: Re: idRO Not Working after 27-01-2010 | All Version
PostPosted: 27 Jan 2010, 15:22 
Offline
Super Moderators
Super Moderators
User avatar

Joined: 06 May 2008, 12:47
Posts: 801
good find on the UDP port ToXCiL, if that could have something to do with it ;)

ToXCiL wrote:
after analyzing your idro.pcap, there are something weird
number 8, your client send DB 01 (2byte)
and mine is (18byte + 2byte)
Code:
04 02 b0 5c 1b 4b c2 73 ed 9c 39 26 f3 51 01 e4 a2 dc db 01

they are new code, not listed in secureLogin_type yet


yea, we got that already:
packet 0204 (supposedly the client MD5 hash packet, but its a hardcoded key in the client so lol)
Quote:
secureLogin_requestCode 04 02 B0 5C 1B 4B C2 73 ED 9C 39 26 F3 51 01 E4 A2 DC
secureLogin 1

packet 01DB (sent in the sendMasterCodeRequest together with the previous)
Quote:
DB 01

its perfectly possible to concatenate 2 packets and send them as one, they will get tokenized later, thats not really a problem.

_________________
One ST0 to rule them all? One PE viewer to find them!
One ST_kRO to bring them all and in the darkness bind them...

Mount Doom awaits us, fellowship of OpenKore!


Top
 Profile  
 
 Post subject: Re: idRO Not Working after 27-01-2010 | All Version
PostPosted: 28 Jan 2010, 10:39 
Offline
Moderators
Moderators
User avatar

Joined: 04 Apr 2008, 09:30
Posts: 235
Location: My House
i get 3 client that indicated the file from being tested from date 21 , 26 ,and 27. http://www.mediafire.com/?o4jo2u22zil

for identifying purpose :
- client 21 (maybe this is the first client for testing since the client being named with appending xyz)
have different size from client date 26 and 27
have different cfg
same dll with 26 and 27
server ip : 202.43.167.66

- client 26
have same size and identical with client 27
have similiar cfg with 27 (probably the change of server ip with 27)
same dll with 21 and 27
server ip : 202.43.167.66

- client 27
have same size and identical with client 26
have similiar cfg with 26 (probably the change of server ip with 27)
same dll with 21 and 26
server ip : 202.43.167.67

_________________
Image
Follow The template in Asking Question or Be Trashed


Top
 Profile  
 
 Post subject: Re: idRO Not Working after 27-01-2010 | All Version
PostPosted: 29 Jan 2010, 00:29 
Offline
Noob
Noob

Joined: 29 Jan 2010, 00:19
Posts: 2
I've found some interesting here.

I'm running both WPE and Ethereal at same time, and I found some differences.
WPE detects packet DC 01 for secure login, and that packet used for the next packet DD 01 for sending username and encoded password (md5).
but in Ethereal packet DC 01 is NOT detected at all, but ragexe still can send DD 01 for username and encoded password, it's weird ?

please check it out :
www.vendingan.com/ether3.zip


Top
 Profile  
 
 Post subject: Re: idRO Not Working after 27-01-2010 | All Version
PostPosted: 29 Jan 2010, 01:30 
Offline
Noob
Noob

Joined: 29 Jan 2010, 00:19
Posts: 2
I've also found that DC 01 packet received when using xkore.
So, I think we miss something important here.

1. ragexe send xxx packet UDP 17000
2. server send xxx packet reply
3. when login, ragexe send new request secureLogin_requestCode
4. server acc it and send 75 8e packet NOT through ragexe, but from other application ??
5. we must send reply for 75 8e, it's not detected using ethereal ??? or I'm wrong here ??
6. server send dc 01 securelogin, it's also not detected using ethereal ??)
7. we use dc 01 securelogin to send username and encoded password.

or it is very possible to hide packet from wpe ? please correct me.... :roll:


Top
 Profile  
 
 Post subject: Re: idRO Not Working after 27-01-2010 | All Version
PostPosted: 29 Jan 2010, 04:44 
Offline
Noob
Noob

Joined: 20 May 2009, 13:10
Posts: 8
they update xyz.dll and xyz.cfg
now NetRedirect.dll has been recognized as illegal program after we running ragexe.exe

and encrytion change too


Top
 Profile  
 
 Post subject: Re: idRO Not Working after 27-01-2010 | All Version
PostPosted: 29 Jan 2010, 04:52 
Offline
Moderators
Moderators
User avatar

Joined: 04 Apr 2008, 09:30
Posts: 235
Location: My House
ToXCiL wrote:
they update xyz.dll and xyz.cfg
now NetRedirect.dll has been recognized as illegal program after we running ragexe.exe

and encrytion change too

confirmed, unless maybe trying to change the library signature

hmm, by renaming the netredirect.dll into something you could easily bypass the error thing (with other src editing about load netredirect). but still it can't login maybe it adding the encryption ?

toxcil maybe you could provide new packet capture ?

_________________
Image
Follow The template in Asking Question or Be Trashed


Top
 Profile  
 
 Post subject: Re: idRO Not Working after 27-01-2010 | All Version
PostPosted: 29 Jan 2010, 05:29 
Offline
Noob
Noob

Joined: 20 May 2009, 13:10
Posts: 8
Code:
encypted   7E 3B 7B E4 78 0A 91 53 BB DE 42 B7 1B F5 2F 21 B0 C3 B6 E8
should be  DC 01 14 00 D5 8F 3C 95 9C C4 41 DB 0D E5 C8 CA F3 5D 1E CD

encypted   7E 3B 7B E4 DC 5B DF 22 5B 5F 18 A0 18 55 D7 38 88 AF D9 B5
should be  DC 01 14 00 87 4A 9E BA 4A 62 72 2C 72 B5 5A 0F 30 7C 39 10


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 78 posts ]  Go to page 1, 2, 3, 4, 5 ... 8  Next

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group