Usage: Packet Extraction Evaluation Kit (PEEK)

Do you have a question or problem? Read this forum first! Someone has probably already asked the same thing in the past. Do not ASK questions here!

Moderators: Moderators, Documentation Writers

Message
Author
BotFly
Noob
Noob
Posts: 3
Joined: 06 Feb 2016, 06:49
Noob?: Yes

Re: Usage: Packet Extraction Evaluation Kit (PEEK)

#61 Post by BotFly »

Guys ->
You don't need to sniff packets.

You succeeded in getting PEEK to run on your exe.
You don't need to login, etc etc etc. When your client opened with PEEK, and hooked properly with that .dll, I dont think you need to go any further than that.

Go into the OUTPUT folder where PEEK is after you got your client to open through PEEK. (dont forget to move / rename DLL's as instructed to get your client to start)

There should be a file called PacketlengthsXXXX_XX_XX.ini where the XXXX_XX_XX are your client's version date numbers/letters after you did the above.

That ini is your answer. Open it and LOOK! It is not processed yet, but it has all of the packet lengths!

change the format from:

0xXXXX = # (what the ini looks like)
to
XXXX # (what a recvpackets.txt looks like)

Sort them alphanumerically in ascending order.... see? its what you were looking for I believe?

tintinabar
Noob
Noob
Posts: 1
Joined: 10 Feb 2016, 00:14
Noob?: Yes

Re: Usage: Packet Extraction Evaluation Kit (PEEK)

#62 Post by tintinabar »

hello

used PEEK a lot of times now, but i got a new error

http://imgur.com/rQgYO6H

and after i hit close, i checked the output folder with the ini file. it has nothing on it.
and im pretty sure that it was the product of 'start analyze'.

any ideas?

thx

edit:
the file name of the ini file in output folder is: recvpackets_20140205.ini
is this a new server type?

projectalexa
Noob
Noob
Posts: 9
Joined: 29 Jan 2016, 14:19
Noob?: Yes

Re: Usage: Packet Extraction Evaluation Kit (PEEK)

#63 Post by projectalexa »

hahahihi wrote:Hi, i am new here.

and i want to learn how to fix Packet Tokenizer: Unknown Switch.

I've read:
http://www.openkore.com/index.php/Packets
http://www.openkore.com/index.php/Recvpackets.txt

and i tried
1. RO Tools
Result:

Code: Select all

==================[ ERROR ]==================
Sorry I cant find the offset of the packet length function.
The executable file might be compressed/protected.
=============================================
Maybe because the file is over 6MB

2. PEEK.
Result: "ExtractPacketLen: Failed to find PACKET_CZ_ENTER"

from the thread i've read, 4epT said "likely that your file is packed by external program"

so, i don't know how to unpacked. so i googling it and i found Universal Extractor

and when i unpacked the MyRagnarokexe.exe, the result is:
\.rsrc (folder)
.data (Type: DATA File, 133KB)
.rdata (Type: RDATA File, 754KB)
.text (Type: TEXT File, 5,278KB)
.CERTIFICATE (Type: File, 6KB)

So, what's next step i must do?
Thank you

What's your status on this?

xyongx
Noob
Noob
Posts: 1
Joined: 02 Apr 2016, 07:04
Noob?: Yes

Re: Usage: Packet Extraction Evaluation Kit (PEEK)

#64 Post by xyongx »

Hi Im Newbie here

i already follow the guide

but still cant get it
i got error message "DIIGen:Reference Location Not Found"

can help me?

deca2708
Noob
Noob
Posts: 17
Joined: 19 Apr 2016, 05:16
Noob?: Yes

Re: Usage: Packet Extraction Evaluation Kit (PEEK)

#65 Post by deca2708 »

hey guys, I Did this and other several extractors found in this forum. But this is the only one for >6MB file size.
Why is it not working? this is my rage.exe https://www.dropbox.com/s/z5i9uxfb8b9u8 ... e.exe?dl=0

The warning said: "DllGen: Packet Key Patterns not Found"

I'm from idRO. I have tried JVC'S, Packet extractor v3, and 1 more I forgot with an only exe file. I have follow precisedly as instructed.
Please help, Thank you

User avatar
SkylorD
Moderators
Moderators
Posts: 1166
Joined: 16 Dec 2011, 02:53
Noob?: No
Location: Brazil
Contact:

Re: Usage: Packet Extraction Evaluation Kit (PEEK)

#66 Post by SkylorD »

deca2708 wrote:hey guys, I Did this and other several extractors found in this forum. But this is the only one for >6MB file size.
Why is it not working? this is my rage.exe https://www.dropbox.com/s/z5i9uxfb8b9u8 ... e.exe?dl=0

The warning said: "DllGen: Packet Key Patterns not Found"

I'm from idRO. I have tried JVC'S, Packet extractor v3, and 1 more I forgot with an only exe file. I have follow precisedly as instructed.
Please help, Thank you
It looks like the recvpackets is fine, but the packetKeys should be found manually.
Learn rules

deca2708
Noob
Noob
Posts: 17
Joined: 19 Apr 2016, 05:16
Noob?: Yes

Re: Usage: Packet Extraction Evaluation Kit (PEEK)

#67 Post by deca2708 »

SkylorD wrote:
deca2708 wrote:hey guys, I Did this and other several extractors found in this forum. But this is the only one for >6MB file size.
Why is it not working? this is my rage.exe https://www.dropbox.com/s/z5i9uxfb8b9u8 ... e.exe?dl=0

The warning said: "DllGen: Packet Key Patterns not Found"

I'm from idRO. I have tried JVC'S, Packet extractor v3, and 1 more I forgot with an only exe file. I have follow precisedly as instructed.
Please help, Thank you
It looks like the recvpackets is fine, but the packetKeys should be found manually.
Hi skylord, thanks for the reply. i tried searching and there seems to be no guide about this?
I found that it is searched using ro toolkit. Or memory dumping. But still have no idea about it.
I will continue searching, Im not asking for you to spoonfeed me,
but please, can you point me to a direction? Iam willing to learn and try.

I found klabmouse's post on bRo, but I think i will die

_____________________________________

If I add it mannually, xxxx(switch) then there are some other numbers yyyy.
e.g. 00AA 9 9 1

where do I get the 9 9 1?

I'm still searching and learning, please help if you have time.
I was hoping to put it in and change it as "unhandled packet?"
for a temporary fix?

deca2708
Noob
Noob
Posts: 17
Joined: 19 Apr 2016, 05:16
Noob?: Yes

Re: Usage: Packet Extraction Evaluation Kit (PEEK)

#68 Post by deca2708 »

SkylorD wrote:
deca2708 wrote:hey guys, I Did this and other several extractors found in this forum. But this is the only one for >6MB file size.
Why is it not working? this is my rage.exe https://www.dropbox.com/s/z5i9uxfb8b9u8 ... e.exe?dl=0

The warning said: "DllGen: Packet Key Patterns not Found"

I'm from idRO. I have tried JVC'S, Packet extractor v3, and 1 more I forgot with an only exe file. I have follow precisedly as instructed.
Please help, Thank you
It looks like the recvpackets is fine, but the packetKeys should be found manually.
Hi SkylorD, really hoping you could help. with my packet parser unknown packet switch.
So, I did a lot of things.. a lot..
First it was the 0DDD, then after maintenance 0478, then I did a lot of things it became 09A0,
then I did another lot of things making the 09A0 unhandled packet. but still cannot connect.
then I did another lot of things making it gone and no more 0478 unknown packet switch.

I tried doing what you said, putting it mannually,
I managed to get that packet thing, but I dont know and cant really remember what I did,
but then it turns out to be like this.

help please

my bot is currently stuck and not receiving character id and map ip..
I will keep digging, please help if you have time.

How do I find packet length, minlength, and replyfactor without packet extractor? As in manually?
Attachments
Untitled.png

Kryptonite
Noob
Noob
Posts: 6
Joined: 16 Jun 2012, 01:40
Noob?: No

Re: Usage: Packet Extraction Evaluation Kit (PEEK)

#69 Post by Kryptonite »

Hi guys, I've got a lot of help and learnt a lot from these forums, so this is just me giving back to the community..

I found a workaround to a problem that many people on this topic have encountered, which is understanding Skylords first post in this topic (No offense)..
SkylorD wrote: #This script will do the conversion for you. Just put inside of PEEK's output folder after clicked in "Start Analyzer".
Save as filename.pl '-' Inside Output folder of PEEK. Now run it!
It will create a new file called recvpackets.txt! :/
1) Copy target exe to Peek folder. Run Peek, hook your exe and click "Start Analyzer".

2) This will generate a file called recvpackets_xxx.ini in your output folder. (The xxx will vary depending on the date of your exe) (eg. Mine was recvpackets_20160712.ini). You can close Peek after the .ini file is generated.

3) Copy the perl script given by SkyLord into a text file. Save and rename it to recvpackets_xxx.pl (xxx should be the number from your generated .ini file) (eg. Mine was recvpackets_20120716.pl). Place this .pl file in the output folder along with your generated .ini file.

4) Copy Start.exe from your Openkore folder and place it in the output folder.

5) Open a command prompt inside your output folder (Hold Shift+Right click and select from the menu) and run this command without the quotation marks "start.exe<space>!<space>recvpackets_xxx.pl<space>recvpackets_xxx.ini". Again, replace xxx by your respective numbers (eg. Mine was start.exe ! recvpackets_20120716.pl recvpackets_20120716.ini)

6) This will generate your required recvpackets.txt file in the output folder.

This method should be easy to understand if you have correctly used Packet Extractor v3 before. I'm not a professional or experienced developer so I had to find this method by trial and error. I just realized that SkyLords script was written in perl and remembered that Openkore's "start.exe" is an acceptable perl interpreter.

freeze30
Noob
Noob
Posts: 1
Joined: 07 Jun 2016, 08:30
Noob?: Yes

Re: Usage: Packet Extraction Evaluation Kit (PEEK)

#70 Post by freeze30 »

deca2708 wrote:hey guys, I Did this and other several extractors found in this forum. But this is the only one for >6MB file size.
Why is it not working? this is my rage.exe https://www.dropbox.com/s/z5i9uxfb8b9u8 ... e.exe?dl=0

The warning said: "DllGen: Packet Key Patterns not Found"

I'm from idRO. I have tried JVC'S, Packet extractor v3, and 1 more I forgot with an only exe file. I have follow precisedly as instructed.
Please help, Thank you
Hello deca2708, any news from "Packet Key Patterns"?

I'm from idRO too, still finding my way to extract the rag.exe :roll: :roll:

Locked