idRO Not Working after 27-01-2010 | All Version

Forum closed. All further discussion to be discussed at https://github.com/OpenKore/

Moderators: Moderators, Developers

Message
Author
h4rry84
Moderators
Moderators
Posts: 234
Joined: 04 Apr 2008, 09:30
Noob?: Yes
Location: My House
Contact:

idRO Not Working after 27-01-2010 | All Version

#1 Post by h4rry84 »

Today idRO implementing new security system (what it so called Delphine Protection), and it caused the client to never can be logged in unless you have the required library (xyz.dll and xyz.cfg) , and it affect the Kore since, Kore didn't pass through the library so Kore can't connect at all and stuck in login (before send User and Password / simply acc server).

here's the corresponding Files and the pcap than been recorded :
http://www.mediafire.com/?tvydjulenh5

ToXCiL
Noob
Noob
Posts: 8
Joined: 20 May 2009, 13:10
Noob?: No

Re: idRO Not Working after 27-01-2010 | All Version

#2 Post by ToXCiL »

@h4rry84 you miss something important.
they already started connection to the 17000 udp port just after we start ragexe.exe

for example if I block that port on the firewall, I cannot login even with the original client.

Code: Select all

38 59 00 00 1c 14 d6 c9 5a 7b 66 43 1c 45 4a ed ae 2f 78 1a 01 00 00 00 28 00 00 00 40 83 44 67 01 00 00 00 00 00 00 00
and other try

Code: Select all

38 59 00 00 10 4e bc 5b 0d fc dc 79 63 fd a8 b6 6e 16 de 99 01 00 00 00 28 00 00 00 85 a3 c0 5a 01 00 00 00 00 00 00 00
38 59 00 00 cd e0 bb 9e 04 d2 89 2d cd f0 0c bc 6b 84 0d 3d 01 00 00 00 28 00 00 00 c8 69 7f 4a 01 00 00 00 00 00 00 00
38 59 00 00 97 0c 72 f6 d4 42 b6 30 7c dd ff cf 9c 7e 2a ff 01 00 00 00 28 00 00 00 28 5b 59 00 01 00 00 00 00 00 00 00
38 59 00 00 f5 69 bd e0 4d 39 50 3d b3 cc fc c0 99 2c 7a 32 01 00 00 00 28 00 00 00 b3 d1 9f 02 01 00 00 00 00 00 00 00
38 59 00 00 ca 77 48 37 cc 66 97 20 a9 ae e5 b4 5b a4 40 48 01 00 00 00 28 00 00 00 dc 77 3b 63 01 00 00 00 00 00 00 00
38 59 00 00 ff 1c 35 59 56 81 b6 62 06 60 83 25 1b be 70 f9 01 00 00 00 28 00 00 00 f7 dc 94 79 01 00 00 00 00 00 00 00
38 59 00 00 ca 8d c9 ee fc b4 98 23 cb 78 29 b7 1a fe 0a c5 01 00 00 00 28 00 00 00 69 1f d3 59 01 00 00 00 00 00 00 00


ToXCiL
Noob
Noob
Posts: 8
Joined: 20 May 2009, 13:10
Noob?: No

Re: idRO Not Working after 27-01-2010 | All Version

#3 Post by ToXCiL »

after analyzing your idro.pcap, there are something weird
number 8, your client send DB 01 (2byte)
and mine is (18byte + 2byte)

Code: Select all

04 02 b0 5c 1b 4b c2 73 ed 9c 39 26 f3 51 01 e4 a2 dc db 01
they are new code, not listed in secureLogin_type yet

Technology
Super Moderators
Super Moderators
Posts: 801
Joined: 06 May 2008, 12:47
Noob?: No

Re: idRO Not Working after 27-01-2010 | All Version

#4 Post by Technology »

good find on the UDP port ToXCiL, if that could have something to do with it ;)
ToXCiL wrote:after analyzing your idro.pcap, there are something weird
number 8, your client send DB 01 (2byte)
and mine is (18byte + 2byte)

Code: Select all

04 02 b0 5c 1b 4b c2 73 ed 9c 39 26 f3 51 01 e4 a2 dc db 01
they are new code, not listed in secureLogin_type yet
yea, we got that already:
packet 0204 (supposedly the client MD5 hash packet, but its a hardcoded key in the client so lol)
secureLogin_requestCode 04 02 B0 5C 1B 4B C2 73 ED 9C 39 26 F3 51 01 E4 A2 DC
secureLogin 1
packet 01DB (sent in the sendMasterCodeRequest together with the previous)
DB 01
its perfectly possible to concatenate 2 packets and send them as one, they will get tokenized later, thats not really a problem.
One ST0 to rule them all? One PE viewer to find them!
One ST_kRO to bring them all and in the darkness bind them...

Mount Doom awaits us, fellowship of OpenKore!

h4rry84
Moderators
Moderators
Posts: 234
Joined: 04 Apr 2008, 09:30
Noob?: Yes
Location: My House
Contact:

Re: idRO Not Working after 27-01-2010 | All Version

#5 Post by h4rry84 »

i get 3 client that indicated the file from being tested from date 21 , 26 ,and 27. http://www.mediafire.com/?o4jo2u22zil

for identifying purpose :
- client 21 (maybe this is the first client for testing since the client being named with appending xyz)
have different size from client date 26 and 27
have different cfg
same dll with 26 and 27
server ip : 202.43.167.66

- client 26
have same size and identical with client 27
have similiar cfg with 27 (probably the change of server ip with 27)
same dll with 21 and 27
server ip : 202.43.167.66

- client 27
have same size and identical with client 26
have similiar cfg with 26 (probably the change of server ip with 27)
same dll with 21 and 26
server ip : 202.43.167.67

arta_santoso
Noob
Noob
Posts: 2
Joined: 29 Jan 2010, 00:19
Noob?: Yes

Re: idRO Not Working after 27-01-2010 | All Version

#6 Post by arta_santoso »

I've found some interesting here.

I'm running both WPE and Ethereal at same time, and I found some differences.
WPE detects packet DC 01 for secure login, and that packet used for the next packet DD 01 for sending username and encoded password (md5).
but in Ethereal packet DC 01 is NOT detected at all, but ragexe still can send DD 01 for username and encoded password, it's weird ?

please check it out :
www.vendingan.com/ether3.zip

arta_santoso
Noob
Noob
Posts: 2
Joined: 29 Jan 2010, 00:19
Noob?: Yes

Re: idRO Not Working after 27-01-2010 | All Version

#7 Post by arta_santoso »

I've also found that DC 01 packet received when using xkore.
So, I think we miss something important here.

1. ragexe send xxx packet UDP 17000
2. server send xxx packet reply
3. when login, ragexe send new request secureLogin_requestCode
4. server acc it and send 75 8e packet NOT through ragexe, but from other application ??
5. we must send reply for 75 8e, it's not detected using ethereal ??? or I'm wrong here ??
6. server send dc 01 securelogin, it's also not detected using ethereal ??)
7. we use dc 01 securelogin to send username and encoded password.

or it is very possible to hide packet from wpe ? please correct me.... :roll:

ToXCiL
Noob
Noob
Posts: 8
Joined: 20 May 2009, 13:10
Noob?: No

Re: idRO Not Working after 27-01-2010 | All Version

#8 Post by ToXCiL »

they update xyz.dll and xyz.cfg
now NetRedirect.dll has been recognized as illegal program after we running ragexe.exe

and encrytion change too

h4rry84
Moderators
Moderators
Posts: 234
Joined: 04 Apr 2008, 09:30
Noob?: Yes
Location: My House
Contact:

Re: idRO Not Working after 27-01-2010 | All Version

#9 Post by h4rry84 »

ToXCiL wrote:they update xyz.dll and xyz.cfg
now NetRedirect.dll has been recognized as illegal program after we running ragexe.exe

and encrytion change too
confirmed, unless maybe trying to change the library signature

hmm, by renaming the netredirect.dll into something you could easily bypass the error thing (with other src editing about load netredirect). but still it can't login maybe it adding the encryption ?

toxcil maybe you could provide new packet capture ?

ToXCiL
Noob
Noob
Posts: 8
Joined: 20 May 2009, 13:10
Noob?: No

Re: idRO Not Working after 27-01-2010 | All Version

#10 Post by ToXCiL »

Code: Select all

encypted   7E 3B 7B E4 78 0A 91 53 BB DE 42 B7 1B F5 2F 21 B0 C3 B6 E8
should be  DC 01 14 00 D5 8F 3C 95 9C C4 41 DB 0D E5 C8 CA F3 5D 1E CD

encypted   7E 3B 7B E4 DC 5B DF 22 5B 5F 18 A0 18 55 D7 38 88 AF D9 B5
should be  DC 01 14 00 87 4A 9E BA 4A 62 72 2C 72 B5 5A 0F 30 7C 39 10 

Locked