bRO's client asking for PIN Code on log in

Wrote new code? Fixed a bug? Want to discuss technical stuff? Feel free to post it here.

Moderator: Moderators

User avatar
kLabMouse
Administrator
Administrator
Posts: 1301
Joined: 24 Apr 2008, 12:02

Re: bRO's client asking for PIN Code on log in

#111 Post by kLabMouse »

ever_boy_ wrote: So, we have the fixed positions, which are sent within the packet (30 - 39). And we have the real digits (0 - 9). When we click on a digit, the clients send the position (34), instead of the digit itself (7).
kLabMouse wrote:Edit: You can just place a BP on the part of "case" that forms and sends the packet. that way you can check what functions transmutates the PIN code itself, and what is used as input.
What BP?
IC. Then the Generator of that table should in in Incoming packets parser function.

"BP" -- means BreakPoint.
There two Functions in each class "Login" and "Game", one is for Receiving network messages, the other for receiving user messages and send packets.
Top
ever_boy_
Developers
Developers
Posts: 308
Joined: 06 Jul 2012, 13:44
Noob?: No

Re: bRO's client asking for PIN Code on log in

#112 Post by ever_boy_ »

Well, this is where we need your help. Since I don't know much about assembly, we need a perl code which does the same as the asm function:

how to change:

Code: Select all

1B 7F C4 0B
into

Code: Select all

06 00 09 04 07 01 03 05 02
using perl instead of the asm function. edit: or maybe importing this value into perl somehow.
If we get this, I'll figure out the rest.
Top
User avatar
kLabMouse
Administrator
Administrator
Posts: 1301
Joined: 24 Apr 2008, 12:02

Re: bRO's client asking for PIN Code on log in

#113 Post by kLabMouse »

ever_boy_ wrote: using perl instead of the asm function. edit: or maybe importing this value into perl somehow.
If we get this, I'll figure out the rest.
Leave me the Client binary somewhere I will try to digg it a bit on Monday.
Top
ever_boy_
Developers
Developers
Posts: 308
Joined: 06 Jul 2012, 13:44
Noob?: No

Re: bRO's client asking for PIN Code on log in

#114 Post by ever_boy_ »

Thank you for your attention.
Here's the unpacked client:

http://www.2shared.com/file/buPYModP/bR ... 12_12.html
Top
Kaspy
Halfway to Eternity
Halfway to Eternity
Posts: 398
Joined: 08 Jun 2012, 15:42
Noob?: No
Location: Brazil

Re: bRO's client asking for PIN Code on log in

#115 Post by Kaspy »

kLabMouse wrote:

Code: Select all

// packet: 0x8b7
// len: 10
struct PACKET_HC_SECOND_PASSWD_REQ {
  /* this+0x0 */ short PacketType
  /* this+0x2 */ unsigned long AID
  /* this+0x6 */ unsigned long Seed
}

// packet: 0x8b8
// len: 12
struct PACKET_CH_SECOND_PASSWD_ACK {
  /* this+0x0 */ short PacketType
  /* this+0x2 */ unsigned long AID
  /* this+0x6 */ char SecondPWIdx[6]
}

// packet: 0x8b9
// len: 4
struct PACKET_HC_SECOND_PASSWD_LOGIN {
  /* this+0x0 */ short PacketType
  /* this+0x2 */ unsigned short Result
}

// packet: 0x8ba
// len: 16
struct PACKET_CH_MAKE_SECOND_PASSWD {
  /* this+0x0 */ short PacketType
  /* this+0x2 */ unsigned long AID
  /* this+0x6 */ unsigned long Seed
  /* this+0xa */ char SecondPWIdx[6]
}

// packet: 0x8bb
// len: 4
struct PACKET_HC_MAKE_SECOND_PASSWD {
  /* this+0x0 */ short PacketType
  /* this+0x2 */ unsigned short Result
}

// packet: 0x8bc
// len: 16
struct PACKET_CH_DELETE_SECOND_PASSWD {
  /* this+0x0 */ short PacketType
  /* this+0x2 */ unsigned long AID
  /* this+0x6 */ unsigned long Seed
  /* this+0xa */ char SecondPWIdx[6]
}

// packet: 0x8bd
// len: 4
struct PACKET_HC_DELETE_SECOND_PASSWD {
  /* this+0x0 */ short PacketType
  /* this+0x2 */ unsigned short Result
}

// packet: 0x8be
// len: 16
struct PACKET_CH_EDIT_SECOND_PASSWD {
  /* this+0x0 */ short PacketType
  /* this+0x2 */ unsigned long AID
  /* this+0x6 */ unsigned long Seed
  /* this+0xa */ char SecondPWIdx[6]
}

// packet: 0x8bf
// len: 4
struct PACKET_HC_EDIT_SECOND_PASSWD {
  /* this+0x0 */ short PacketType
  /* this+0x2 */ unsigned short Result
}
Thank you very much. I'm riding in the structure of packages OpenKore.

Should be added in bRO.pm, or looks better in ServerType0.pm?

Edit: Just now I learned that the handles have been developed... Anyway, thank you
Last edited by Kaspy on 15 Dec 2012, 12:26, edited 1 time in total.
Image
Top
ever_boy_
Developers
Developers
Posts: 308
Joined: 06 Jul 2012, 13:44
Noob?: No

Re: bRO's client asking for PIN Code on log in

#116 Post by ever_boy_ »

I'm already on it.
Top
SkyDev
Noob
Noob
Posts: 10
Joined: 13 Nov 2012, 10:38
Noob?: No

Re: bRO's client asking for PIN Code on log in

#117 Post by SkyDev »

Kurama wrote:Image

this is the crypt function .-.
now write in perl because i dont know perl D:

AND PLEASE, SHARE!
PseudoCode - (sorry for only this little help, to many Heineken beer...). Many thanks for Finallf.

PseudoCódigo - (desculpe não poder ajudar mais, muitas Heineken na cabeça..). Obrigado ao Finallf.

Code: Select all

char __cdecl sub_4A7AC0(int a1, int a2, int a3)
{
  int v3; 
  unsigned int v4; 
  int v5; 
  int v6; 
  unsigned int v7; 
  unsigned int v8;

  v3 = a1 + 1;
  if ( a1 + 1 != a2 )
  {
	v4 = 2;
	do
	{
	 v7 = *(_DWORD *)(a3 + 12) + *(_DWORD *)(a3 + 4) * *(_DWORD *)(a3 + 8);
	 *(_DWORD *)(a3 + 4) = v7;
	  v8 = v7;
	  v5 = v7 / v4;
	  v6 = a1 + v8 % v4;
	  if ( v3 != v6 )
	  {
		LOBYTE(v5) = *(_BYTE *)v3;
		*(_BYTE *)v3 = *(_BYTE *)v6;
		*(_BYTE *)v6 = v5;
	  }
	  ++v3;
	  ++v4;
	}
	while ( v3 != a2 );
  }
  return v5;
}
Top
User avatar
kLabMouse
Administrator
Administrator
Posts: 1301
Joined: 24 Apr 2008, 12:02

Re: bRO's client asking for PIN Code on log in

#118 Post by kLabMouse »

OK. What I found out:

Code: Select all

class CSecondPwdRandom {
	public:
		CSecondPwdRandom(int dwSeed) {
			m_holdrand = dwSeed;
			m_mulfactor = 13464;
			m_addfactor = 8917556;
		};
		void Randomize(char *cStr, int dwStrLen) {
			if (dwStrLen >= 1) {
				int k = 2;
				for (int pos = 1; pos <= dwStrLen; pos++) {
					m_holdrand = m_addfactor + m_mulfactor * m_holdrand;
					int replace_pos = pRandom->m_holdrand % k;
					if (pos != replace_pos) {
						swap (cStr[pos], cStr[replace_pos]);
					};
					k++;
				};
			};
		};
  		int m_holdrand;
		int m_mulfactor;
		int m_addfactor;
};

bool CSecondPasswdMgr::RandNumSeq(char *out_szRet, int in_nOutStrSize, unsigned long in_dwSeed, char const *in_pbyKeyPadIdx, int in_nIdxSize) {
	if (! in_dwSeed)
		return false;

	if (! in_pbyKeyPadIdx)
		return false;

	char szKeyPad[10];
	memcpy_s(szKeyPad, 10, "0123456789", sizeof(szKeyPad));
	CSecondPwdRandom *cPwdRandom = new CSecondPwdRandom(in_dwSeed);
	cPwdRandom->Randomize(&szKeyPad, sizeof(szKeyPad));
	for (int i = 0; i < 4; i++) {
		  out_szRet[i] = szKeyPad[in_pbyKeyPadIdx[i]];
	};
	out_szRet[4] = 0;

	return true;
};
I could been not too accurate about CSecondPwdRandom::Randomize function. But you can get the general idea on how things work.

The original code is actually a std::random_shuffle with custom "my_random" function provided. But because Optimizer is enabled, it looks RLY ugly inside.

the "my_random" function should look like this:

Code: Select all

int my_random(CSecondPwdRandom *cSPwdRandom) {
	cSPwdRandom->m_holdrand = cSPwdRandom->m_addfactor + cSPwdRandom->m_mulfactor * cSPwdRandom->m_holdrand;
	return pRandom->m_holdrand;
}
Top
ever_boy_
Developers
Developers
Posts: 308
Joined: 06 Jul 2012, 13:44
Noob?: No

Re: bRO's client asking for PIN Code on log in

#119 Post by ever_boy_ »

We were able to make a DLL out of the asm function, but we're having trouble calling it from perl.
Can you help with that?

the DLL is meant to be temporary though, till we develop a built-in code.
Top
User avatar
kLabMouse
Administrator
Administrator
Posts: 1301
Joined: 24 Apr 2008, 12:02

Re: bRO's client asking for PIN Code on log in

#120 Post by kLabMouse »

ever_boy_ wrote:We were able to make a DLL out of the asm function, but we're having trouble calling it from perl.
Can you help with that?

the DLL is meant to be temporary though, till we develop a built-in code.
Try the I provided code with Actual data captured. that would be better.
Top

Return to “Developers Corner”