Wrote new code? Fixed a bug? Want to discuss technical stuff? Feel free to post it here.
Moderator: Moderators
kLabMouse
Administrator
Posts: 1301 Joined: 24 Apr 2008, 12:02
#71
Post
by kLabMouse 10 Sep 2012, 18:05
uPantcho wrote: ever_boy_ wrote: I understood how you found the right key, using the script. But what's the best way to decrypt a given packet?
when you do the action that generates the target packet, just wait for the next sync (assuming that by that point you already have the sync packet) and compare
but some actions generates more than one packet at once so be careful with that
Well. I do this using Debugger or Statical Analysis (I like Static the most).
I like using 0ring Debugger. Because I have more then one PC and can debug Kernel level easily.
The most Easy Way to do this is to just search the function that parses Incoming packets and Find position that parses that REASSEMBLY (sync_ex) packet, and get the answer from there.
vansro
Noob
Posts: 2 Joined: 12 Sep 2012, 12:04Noob?: No
#72
Post
by vansro 12 Sep 2012, 12:12
Okay, the bRO maintenance is over and the packets changed again. x86-64 (from openkore.com.br) extracted the new recvpackets and posted it to the comunity (for everybody, not only for the VIPs). Here is the recvpackets he got:
Code: Select all
0136 -1 8 1
085E 2 2 0
0955 26 26 0
0809 50 50 1
0129 8 8 0
088D 2 2 0
00AE -1 4 1
01D0 8 8 1
0845 6 6 0
0198 8 8 0
0145 19 19 1
0443 8 8 0
08C8 34 34 1
08C5 6 6 0
0192 24 24 1
00EB 2 2 0
017D 7 7 1
0252 -1 12 1
07E3 6 6 1
01E9 81 81 1
0169 3 3 1
0168 14 14 0
086D 2 2 0
0149 9 9 0
0193 6 6 0
02F2 2 2 1
0079 53 53 1
083A 5 5 0
0937 2 2 0
00A9 6 6 0
025D 6 6 1
08B9 12 12 0
00D6 3 3 1
0176 106 106 0
082A 10 10 0
0275 37 37 0
0861 2 2 0
01D8 54 54 1
029E 11 11 1
02EE 60 60 1
02F0 10 10 1
0441 4 4 1
0105 31 31 1
02F3 -1 68 0
00B8 7 7 0
081C 10 10 1
0249 3 3 1
07D9 268 268 1
0815 2 2 0
08C0 -1 10 0
0944 2 2 0
080B 6 6 1
011C 68 68 1
0874 2 2 0
02BB 8 8 1
0085 5 5 0
0363 2 2 0
02A5 8 8 0
0115 35 35 1
010C 6 6 1
035D -1 16 0
023A 4 4 0
00ED 2 2 0
024A 70 70 1
025C 4 4 0
0271 40 40 0
0808 14 14 0
0254 3 3 0
0924 2 2 0
08CC 109 109 0
0802 2 2 0
0971 6 6 1
090B 30 30 0
0891 2 2 0
0826 4 4 0
0196 9 9 1
0814 86 86 1
009B 5 5 0
093A 2 2 0
00B6 6 6 1
094A 2 2 0
011A 15 15 1
043E -1 4 1
095B 2 2 0
0366 2 2 0
0824 6 6 1
01A5 26 26 0
0220 10 10 1
01E6 26 26 1
0251 34 34 0
01EB 10 10 1
01B1 7 7 1
0948 2 2 0
006A 23 23 0
098A -1 74 0
092F 2 2 0
0110 10 10 1
08B3 -1 8 0
00E0 30 30 0
01AB 12 12 1
08A7 -1 12 0
095D 2 2 0
02D3 4 4 1
01DC -1 4 0
02C2 -1 6 1
094E 2 2 0
08B0 17 17 0
00E5 26 26 1
00B2 3 3 0
091D 2 2 0
0201 -1 4 1
0848 -1 6 0
01F6 34 34 1
035F 2 2 0
01F9 6 6 0
00D5 -1 15 0
084E 5 5 0
091C 2 2 0
0117 18 18 1
080F 20 20 1
01B6 114 114 1
0207 34 34 1
0876 90 90 0
0285 6 6 1
0155 -1 4 0
0805 -1 5 1
08E2 27 27 0
043F 25 25 1
0871 2 2 0
02AB 36 36 0
0862 2 2 0
0902 -1 4 1
097C 4 4 0
0135 7 7 1
00A3 -1 4 1
087A 2 2 0
07F5 6 6 0
022A 58 58 1
008E -1 4 1
096F 7 7 1
0904 -1 4 1
082D -1 29 0
01FB 56 56 0
009C 9 9 1
0103 30 30 0
02E1 33 33 1
07D7 8 8 0
0961 6 6 0
07F2 8 8 1
043D 8 8 1
01AE 4 4 0
0078 55 55 1
019F 6 6 0
0223 8 8 1
0138 3 3 0
0245 3 3 1
0865 -1 89 0
0163 -1 4 1
08BA 10 10 0
08D5 -1 8 0
00C1 2 2 0
085B 2 2 0
00A6 -1 4 1
011E 3 3 1
08AD 2 2 0
0091 22 22 1
08B1 -1 4 0
092B 2 2 0
0232 9 9 0
0175 6 6 0
0088 10 10 1
018E 10 10 0
026C 4 4 0
017B -1 4 1
0856 -1 71 1
007F 6 6 1
0065 17 17 0
01B3 67 67 1
096A 2 2 0
01AC 6 6 1
0899 2 2 0
08DC 26 26 1
0915 -1 74 1
018A 4 4 0
0074 3 3 0
0243 6 6 0
01FC -1 4 1
019B 10 10 1
0140 22 22 0
081D 22 22 1
0365 2 2 0
00DB -1 8 1
02B0 85 85 0
013A 4 4 1
02E8 -1 4 1
0827 6 6 0
021F 66 66 1
0290 4 4 0
0181 3 3 1
0806 2 2 0
08B6 3 3 0
02C1 -1 12 1
0218 2 2 0
0101 6 6 1
016F 182 182 1
0928 5 5 0
07DD 54 54 1
0800 -1 12 1
018C 29 29 1
0840 -1 4 0
0087 12 12 1
00A8 7 7 1
092C 2 2 0
015F 42 42 1
0859 -1 45 1
015E 6 6 1
0965 2 2 0
0917 2 2 0
095F 2 2 0
00D8 6 6 1
0842 6 6 0
0157 6 6 0
07EE 6 6 0
07DB 8 8 1
0099 -1 4 0
090A 26 26 1
01D7 11 11 1
0361 2 2 0
07F9 -1 63 1
088B 5 5 0
08AC 10 10 0
010E 11 11 1
00CE 2 2 0
0184 10 10 1
0299 6 6 1
016E 186 186 0
0104 79 79 1
00BC 6 6 1
0900 -1 4 1
021D 6 6 0
0843 6 6 0
07E9 5 5 0
095A 8 8 0
0083 2 2 1
01E3 14 14 0
024B 4 4 0
0167 3 3 1
01ED 2 2 0
0289 8 8 1
0080 7 7 1
029F 3 3 0
00EF 2 2 0
01E2 34 34 1
02F6 7 7 0
096D -1 4 1
01B4 12 12 1
08EB 39 39 0
0255 5 5 1
01CD 30 30 1
01C0 2 2 0
007A 58 58 1
0278 2 2 0
08A5 6 6 0
012D 4 4 1
0825 -1 65 0
08F0 6 6 0
00D9 14 14 0
0801 -1 12 0
024C 8 8 0
013D 6 6 1
0810 3 3 1
0295 -1 4 1
00BB 5 5 0
0292 2 2 0
0258 2 2 0
0817 2 2 0
014C -1 4 1
01A2 37 37 1
01FF 10 10 1
01F4 32 32 1
0250 3 3 1
0204 18 18 0
0098 3 3 1
01B0 11 11 1
014B 27 27 1
0446 14 14 1
08F5 -1 4 1
016C 43 43 1
01F3 10 10 1
0929 2 2 0
0216 6 6 1
08B8 10 10 0
0919 2 2 0
01C9 97 97 1
0986 10 10 0
01C7 2 2 1
07E6 8 8 1
00D4 -1 4 1
022E 71 71 1
00BE 5 5 1
01DF 6 6 0
0114 31 31 1
035E 2 2 0
08A6 2 2 0
023F 2 2 0
0883 6 6 0
08A0 18 18 0
08D4 8 8 0
0096 -1 28 0
08E1 51 51 1
0116 10 10 0
01AD -1 4 1
00E6 3 3 0
02BA 11 11 0
02E6 6 6 0
00C9 -1 4 0
008C -1 4 0
0261 11 11 0
0067 37 37 0
07E4 2 2 0
098E -1 28 0
08D1 7 7 1
0075 -1 11 1
00FE 30 30 1
0877 2 2 0
0901 -1 4 1
0119 13 13 1
027A -1 4 1
02AA 4 4 0
00A5 -1 4 1
0134 -1 8 0
0821 2 2 0
0440 10 10 1
08EE 6 6 0
006D 118 118 0
085A 2 2 0
08CD 10 10 1
0154 -1 4 1
03DE 18 18 0
0162 -1 6 1
02EB 13 13 1
0925 2 2 0
089E 2 2 0
00D2 4 4 1
08AF 10 10 0
0846 4 4 0
0248 -1 68 0
00CA 3 3 1
0822 9 9 0
02ED 59 59 1
0972 -1 9 1
0896 2 2 0
0143 10 10 0
0139 16 16 1
00C2 6 6 1
00F0 3 3 1
091F 2 2 0
0100 2 2 0
098D -1 4 0
0287 -1 8 1
00F2 6 6 1
0182 106 106 1
020D -1 4 0
07EB -1 8 1
0260 6 6 1
008A 29 29 1
07FD -1 7 1
015D 42 42 0
00F6 8 8 1
024F 10 10 0
07FE 26 26 1
08DE 27 27 1
08BE 14 14 0
08BD 8 8 0
0152 -1 12 1
090F -1 73 1
07E5 4 4 0
0906 -1 45 1
0259 3 3 0
0197 4 4 0
015A 66 66 1
0969 2 2 0
0837 3 3 0
0909 6 6 1
00DA 3 3 1
0869 2 2 0
0147 39 39 1
0090 7 7 0
00AA 9 9 1
02C9 3 3 1
0202 2 2 0
0952 2 2 0
0166 -1 4 1
087B 2 2 0
0839 66 66 1
0203 10 10 0
0836 -1 7 0
0161 -1 4 0
0829 12 12 0
0222 6 6 0
0436 2 2 0
0094 6 6 0
0979 50 50 0
01F1 -1 4 0
0907 5 5 0
0835 2 2 0
012E 2 2 0
0213 26 26 0
007E 6 6 0
010D 2 2 1
02BC 6 6 0
0935 2 2 0
0241 6 6 0
02B9 191 191 1
0171 30 30 1
00A1 6 6 1
012B 2 2 1
0112 4 4 0
0095 30 30 1
0111 39 39 1
08CE 2 2 0
01DE 33 33 1
08B2 -1 6 0
07DE 30 30 0
0239 11 11 1
0247 8 8 0
01F0 -1 4 1
07E1 15 15 1
093F 2 2 0
08EA 4 4 0
0886 2 2 0
00B4 -1 8 1
0958 2 2 0
006E 3 3 0
00F3 8 8 0
0895 -1 12 0
0964 2 2 0
0265 20 20 0
0984 28 28 1
0280 12 12 1
084C 10 10 0
08A9 2 2 0
0918 6 6 0
0908 5 5 1
08A2 2 2 0
08C1 2 2 0
028A 18 18 1
0236 10 10 1
02E0 34 34 1
01D5 -1 8 0
02F5 7 7 0
01C4 22 22 1
0927 2 2 0
017E -1 4 0
013C 4 4 1
00C0 7 7 1
008B 23 23 1
0200 26 26 0
0227 18 18 0
016B 10 10 0
00CD 3 3 1
00F8 2 2 1
01A1 3 3 0
01D1 14 14 1
01BB 26 26 0
00D3 2 2 0
094B 2 2 0
0226 282 282 1
00B1 8 8 1
017F -1 4 1
01D4 6 6 1
08CF 10 10 0
0128 8 8 0
08C2 2 2 0
0288 6 6 0
02E7 -1 6 1
01E0 30 30 1
08E7 10 10 0
044B 2 2 0
02D1 -1 4 1
0364 2 2 0
097D 288 288 1
0893 2 2 0
027E -1 6 0
0954 2 2 0
01C5 22 22 1
0093 2 2 1
07E7 32 32 0
028F 6 6 0
07ED 10 10 1
01EC 26 26 1
02F4 3 3 0
0931 2 2 0
0283 6 6 1
0905 -1 4 1
0183 10 10 0
07E8 -1 4 0
02B4 6 6 1
022B 57 57 1
0443 8 8 0
084D 10 10 0
0870 2 2 0
087C 2 2 0
0219 282 282 1
092D 10 10 0
0980 7 7 1
0190 90 90 0
0953 2 2 0
0445 6 6 0
07F0 6 6 0
08D3 10 10 0
0122 -1 4 1
021E 6 6 0
08B5 6 6 0
00F7 2 2 0
00F1 2 2 1
00A4 -1 4 1
02AC 6 6 0
00E2 26 26 0
080A 18 18 1
07FC 10 10 1
00CF 27 27 0
02D9 10 10 1
027C 60 60 0
02E2 8 8 0
010B 6 6 1
0849 12 12 0
022F 5 5 1
08F7 3 3 1
01AF 4 4 0
096C 6 6 1
08B4 2 2 0
0165 30 30 0
0367 5 5 0
08BC 10 10 0
08ED 43 43 0
080E 14 14 1
023C 6 6 0
026D 4 4 0
0940 2 2 0
0102 6 6 0
017C 6 6 0
0360 2 2 0
08CB -1 10 0
08D6 6 6 0
093E 2 2 0
007C 44 44 1
022D 2 2 0
0206 11 11 1
00A0 23 23 1
08DF 50 50 1
08A4 2 2 0
009D 17 17 1
02F1 2 2 0
096B 4 4 1
0228 18 18 0
0208 14 14 0
00E9 19 19 1
0279 2 2 0
00E7 3 3 1
0898 2 2 0
0293 70 70 1
006B -1 4 0
019E 2 2 1
0816 6 6 1
091B 2 2 0
088C 2 2 0
0282 284 284 1
098C 4 4 0
014A 6 6 1
028B -1 4 0
081F -1 9 1
0362 2 2 0
0864 2 2 0
013E 24 24 1
010A 4 4 1
083C 2 2 0
084A 2 2 0
0448 -1 4 0
0298 8 8 1
0936 2 2 0
027F 8 8 0
01BF 3 3 0
00C7 -1 4 1
0284 14 14 1
08C7 -1 19 1
0214 42 42 1
019A 14 14 1
0930 2 2 0
0108 -1 4 0
02B5 -1 6 1
015B 54 54 0
0910 10 10 1
08AB 2 2 0
08F8 7 7 1
01E4 2 2 1
0963 2 2 0
02DC -1 32 1
094C 2 2 0
0857 -1 65 1
0853 -1 4 0
0884 19 19 0
089A 2 2 0
093D 2 2 0
0447 2 2 0
0947 2 2 0
0868 2 2 0
011D 2 2 0
00A7 8 8 0
00B3 3 3 0
00CB 3 3 1
0191 86 86 1
02C7 7 7 0
097E 12 12 1
021B 10 10 1
00B7 -1 8 1
00E1 30 30 1
02D7 -1 43 1
0976 -1 28 1
08FD 6 6 0
027D 62 62 0
0257 8 8 1
01CA 3 3 0
02D5 2 2 1
0813 -1 12 1
0169 3 3 1
08C6 4 4 0
08BF 8 8 0
00E3 2 2 0
0911 30 30 1
0215 6 6 1
01BA 26 26 0
07DF 54 54 0
08DD 27 27 1
080C 2 2 0
0887 2 2 0
00FB -1 28 1
0933 2 2 0
0297 -1 4 1
0150 110 110 1
0823 -1 6 0
0946 2 2 0
016A 30 30 1
01D9 53 53 1
07EA 2 2 0
0912 10 10 1
0235 -1 4 1
0977 14 14 1
02D2 -1 4 1
00B0 8 8 1
094D 2 2 0
0167 3 3 1
02EF 8 8 1
0882 2 2 0
00F9 26 26 0
00BA 2 2 0
0246 4 4 0
007B 60 60 1
00BF 3 3 0
0286 4 4 0
0081 3 3 0
0889 2 2 0
094F 6 6 0
0126 8 8 0
02C4 2 2 0
087E 2 2 0
02EC 67 67 1
07FA 8 8 1
085C 2 2 0
01A6 -1 4 1
0916 26 26 1
016C 43 43 1
089C 2 2 0
0267 4 4 0
0881 2 2 0
00B5 6 6 1
0146 6 6 0
07F6 14 14 1
08F4 6 6 0
0851 -1 4 0
02CD 71 71 1
08E0 51 51 1
0960 2 2 0
044A 6 6 0
082B 6 6 0
0951 2 2 0
0231 26 26 0
0274 8 8 1
025E 4 4 0
01B8 3 3 1
0217 2 2 0
0811 2 2 0
08D0 9 9 1
00FC 6 6 0
0866 2 2 0
0277 84 84 0
0892 2 2 0
0894 2 2 0
0177 -1 4 1
02B6 7 7 0
01BE 2 2 0
07F4 3 3 0
080D 3 3 1
01A7 4 4 0
02B1 -1 8 1
02DF 36 36 1
01D2 10 10 1
0957 2 2 0
086E 2 2 0
0803 4 4 1
0973 7 7 1
081B 10 10 1
0229 15 15 1
01AA 10 10 1
029A 27 27 1
0178 4 4 0
0949 2 2 0
00CC 6 6 0
021C 10 10 1
0913 30 30 1
00C6 -1 4 1
092A 2 2 0
08AA 2 2 0
01CC 9 9 1
0903 -1 4 1
08E3 118 118 0
00AC 7 7 1
0439 8 8 0
0121 14 14 1
0073 11 11 1
014F 6 6 0
0072 19 19 0
00F5 8 8 0
0082 2 2 0
0444 -1 8 1
08F6 22 22 1
0437 2 2 0
02E3 10 10 0
013F 26 26 0
0923 2 2 0
02EA -1 4 1
00FD 27 27 1
0269 4 4 0
0820 11 11 0
0237 2 2 0
01EA 6 6 1
0142 6 6 1
011F 16 16 1
018F 6 6 1
0847 -1 6 0
025F 6 6 1
08E9 2 2 0
0264 20 20 0
022C 65 65 1
00DE -1 15 0
0941 2 2 0
024D 12 12 0
00C5 7 7 0
020A 10 10 1
01F8 2 2 1
0195 102 102 1
0124 21 21 1
0230 12 12 1
01C8 13 13 1
00EC 3 3 1
02DB -1 4 0
025A -1 4 1
025B 6 6 0
02AD 8 8 0
03DD 18 18 0
0069 -1 47 0
0118 2 2 0
08FF 24 24 1
015C 90 90 1
0890 2 2 0
0981 -1 12 0
0221 -1 4 1
0168 14 14 0
0974 2 2 1
0173 3 3 1
0174 -1 4 1
090C 30 30 0
0068 46 46 0
0276 -1 51 0
07E2 8 8 1
01D3 35 35 1
0189 4 4 1
0272 44 44 0
0975 -1 28 1
0199 4 4 1
017A 4 4 0
082C 10 10 0
0164 -1 4 1
028E 4 4 0
07DC 6 6 0
009F 6 6 0
08C4 8 8 0
087D 2 2 0
0156 -1 4 1
0854 -1 4 0
0838 -1 15 0
00A2 6 6 0
07F8 -1 62 1
07E0 58 58 0
0266 30 30 0
01A0 3 3 1
097A -1 8 1
014D 2 2 0
01F7 14 14 0
01E8 28 28 0
026B 4 4 0
012F -1 84 0
011B 20 20 0
086C 2 2 0
0070 3 3 0
0180 6 6 0
01CE 6 6 0
08FC 30 30 0
07EF 8 8 1
093B 2 2 0
095E 2 2 0
08E6 4 4 0
0166 -1 4 1
0875 2 2 0
00D7 -1 17 1
0185 34 34 1
08F1 6 6 0
00E4 6 6 0
013B 4 4 1
08F9 6 6 1
085D 2 2 0
01A9 6 6 0
0872 6 6 0
0939 2 2 0
0172 10 10 0
0938 2 2 0
08A8 2 2 0
0092 28 28 1
091E 12 12 0
0086 16 16 1
009E 17 17 1
00AB 4 4 0
00E8 8 8 0
02A7 -1 10 0
08E8 -1 5 1
07EC 8 8 0
01D6 4 4 1
01B9 6 6 1
00C3 8 8 1
009A -1 4 1
090D -1 10 1
08EF 6 6 0
0130 6 6 0
02CA 3 3 0
029D -1 4 1
08A1 2 2 0
08DB 27 27 1
029C 66 66 0
016D 14 14 1
0151 6 6 0
00DC 28 28 1
02C5 30 30 1
07DA 6 6 0
0106 10 10 1
087F 2 2 0
019D 6 6 0
01FD 15 15 0
0281 2 2 0
02CC 4 4 1
0897 2 2 0
0970 31 31 0
08C3 10 10 0
08FB 6 6 1
01E5 6 6 0
0291 4 4 1
08FE -1 4 1
027B 14 14 0
0268 4 4 0
0064 55 55 0
00FA 3 3 1
07F7 -1 69 1
026A 4 4 0
083D 6 6 0
091A 2 2 0
0989 2 2 0
0438 2 2 0
0966 2 2 0
035C 2 2 0
0077 5 5 1
00B9 6 6 0
01C6 4 4 0
00EE 2 2 1
088F 2 2 0
02CB 65 65 1
0985 -1 4 1
02D0 -1 4 1
00F4 21 21 1
07F1 18 18 1
0133 -1 8 1
0242 -1 99 1
02CE 10 10 1
01B7 6 6 0
01DA 60 60 1
0160 -1 4 1
01DB 2 2 0
0860 2 2 0
098B 2 2 0
08D9 30 30 1
01C3 -1 16 1
02D8 10 10 0
00BD 44 44 1
012A 2 2 0
010F -1 4 1
0850 7 7 0
0131 86 86 1
0804 14 14 0
0858 -1 64 1
028C 46 46 0
0107 10 10 1
0942 8 8 0
01DD 47 47 0
0132 6 6 1
0442 -1 8 1
00DD 29 29 1
08EC 73 73 0
02E4 6 6 0
0449 4 4 0
0066 3 3 0
01CB 9 9 0
08F3 -1 8 0
00EA 5 5 1
0852 2 2 0
0873 2 2 0
01EF -1 4 1
02CF 6 6 0
0212 26 26 0
0956 2 2 0
0137 6 6 1
08D7 28 28 1
08E4 6 6 0
089F 2 2 0
0967 2 2 0
086F 2 2 0
0273 30 30 0
0807 4 4 1
08DA 26 26 1
0983 29 29 1
006F 2 2 0
0943 2 2 0
023B 2 2 0
0828 14 14 0
02E5 5 5 0
0153 -1 4 0
0123 -1 4 1
0209 36 36 1
0187 6 6 0
0233 11 11 0
0878 2 2 0
01C2 10 10 1
008D -1 8 1
01CF 28 28 1
02DD 32 32 1
0144 23 23 1
0244 6 6 0
00C8 -1 4 0
01EE -1 4 1
0934 2 2 0
097B -1 16 0
093C 2 2 0
0968 2 2 0
02B7 7 7 1
01A8 4 4 0
02E9 -1 4 1
0194 30 30 1
083E 26 26 0
0369 2 2 0
0165 30 30 0
0819 2 2 0
0270 2 2 0
08A3 7 7 0
07FB 25 25 1
0188 8 8 1
089B 36 36 0
0089 7 7 0
0879 2 2 0
02A2 8 8 1
0253 3 3 1
024E 6 6 0
0926 2 2 0
018B 4 4 0
0841 4 4 0
0987 63 63 0
0888 2 2 0
00C4 6 6 1
0256 5 5 1
0225 2 2 0
028D 34 34 0
01FE 5 5 1
021A 282 282 1
00D0 3 3 0
07F3 6 6 1
088A 2 2 0
0932 2 2 0
092E 2 2 0
00DF -1 17 1
012C 3 3 1
0920 2 2 0
02DE 6 6 1
02A6 -1 10 0
01BD 26 26 0
08F2 36 36 0
0125 8 8 1
0084 2 2 1
01C1 14 14 1
029B 80 80 1
0812 8 8 1
07D8 8 8 1
0159 54 54 0
01B5 18 18 0
0234 6 6 0
098F -1 8 0
0148 8 8 1
02D4 29 29 1
0238 282 282 1
0113 10 10 0
0818 -1 16 1
006C 3 3 0
014E 6 6 1
0914 -1 80 1
020E 32 32 1
01BC 26 26 0
02D6 6 6 0
02B8 22 22 1
0224 10 10 1
0071 28 28 0
02C8 3 3 0
01E7 2 2 0
08FA 6 6 1
081E 8 8 1
01F5 9 9 1
0294 10 10 1
0855 6 6 0
0978 6 6 0
084B 19 19 1
023E 8 8 0
00FF 10 10 0
0109 -1 8 1
02DA 3 3 1
0844 2 2 0
08D2 10 10 1
023D 6 6 0
0127 8 8 0
0885 4 4 0
08C9 2 2 0
0921 2 2 0
0950 2 2 0
016A 30 30 1
00D1 4 4 1
08BB 8 8 0
026F 2 2 0
0867 2 2 0
0263 11 11 0
083B 2 2 0
0959 2 2 0
0982 7 7 0
0863 2 2 0
081A 4 4 1
095C 26 26 0
0880 2 2 0
097F -1 8 1
01E1 8 8 1
084F 6 6 0
0097 -1 32 1
096E -1 4 1
08D8 27 27 1
0962 2 2 0
00AF 6 6 1
08E5 41 41 0
090E 2 2 0
08CA -1 8 0
088E 2 2 0
0170 14 14 0
01A4 11 11 1
086B 2 2 0
018D -1 4 1
0368 2 2 0
0141 14 14 1
0296 -1 4 1
0945 2 2 0
0988 6 6 0
01B2 -1 85 0
0262 11 11 0
086A 2 2 0
0922 2 2 0
019C -1 4 0
02C6 30 30 1
089D 2 2 0
0120 6 6 1
0240 -1 8 1
01A3 5 5 1
0205 26 26 1
01F2 20 20 1
0076 9 9 1
0179 5 5 1
016B 10 10 0
02B3 107 107 1
02B2 -1 8 1
085F 2 2 0
007D 2 2 0
01FA 48 48 0
I tried to fix the bRO.pm (send and receive) but I was not sucessful. I used wireshark and filtered the packets (to show only the ones from bRO). I did not understand how to get the packets. For example, in Send->bRO.pm there is a line: '07E4' => ['item_take', 'a4', [qw(ID)]], To "update" this packet (07E4) I have to use wireshark, drop an item in the game and see the new packet (looking at the line where SOURCE is my ip, because it is the SEND part right?)?
ever_boy_
Developers
Posts: 308 Joined: 06 Jul 2012, 13:44Noob?: No
#73
Post
by ever_boy_ 12 Sep 2012, 22:05
kLabMouse wrote: ever_boy_ wrote:
.text:0058EB8A call sub_58B360
I've changes a bit. so it show the Structure in stack:
Code: Select all
seg000:0058EB8F mov eax, 4 -> eax = 4
seg000:0058EB94 mov ecx, eax -> ecx = eax
seg000:0058EB96 xor edx, edx -> edx = 0
seg000:0058EB98 mov [esp+20h+packet.MinLength], ecx -> packet.MinLength = 4
seg000:0058EB9C lea ecx, [esp+20h+packet] -> ecx = &packet
seg000:0058EBA0 mov [esp+20h+packet.ReplayFactor], edx -> packet.ReplayFactor = 0
seg000:0058EBA4 push ecx
seg000:0058EBA5 lea edx, [esp+24h+var_18] -> edx = &var_18
seg000:0058EBA9 push edx
seg000:0058EBAA mov ecx, esi -> ecx = esi
seg000:0058EBAC mov [esp+28h+packet.PacketID], 178h -> packet.PacketID = 0x178
seg000:0058EBB4 mov [esp+28h+packet.Length], eax -> packet.Length = 4
seg000:0058EBB8 call sub_58B360 -> ecx->sub_58B360(edx, ecx)
Lew let me clean it up:
Code: Select all
eax = 4
ecx = eax
edx = 0
packet.MinLength = 4
ecx = &packet
packet.ReplayFactor = 0
push ecx
edx = &var_18
push edx
ecx = esi
packet.PacketID = 0x178;
packet.Length = 4;
ecx->sub_58B360(edx, ecx);
A Bit more cleanining:
Code: Select all
packet.MinLength = 4;
packet.ReplayFactor = 0;
packet.PacketID = 0x178;
packet.Length = 4;
esi->sub_58B360(&var_18, &packet);
If you use IDA, then you can define a structure in stack. That way you will get the output as I have.
I'm needing some help on how to create these structures in IDA 5.0
kLabMouse
Administrator
Posts: 1301 Joined: 24 Apr 2008, 12:02
#74
Post
by kLabMouse 12 Sep 2012, 22:08
ever_boy_ wrote:
I'm needing some help on how to create these structures in IDA 5.0
Go to Structures Tab.. And Create new Structure that matches.
Then go and Double click the var that is set to First packet ID.
After that, set the var in stack to be a Structure you just created.
ever_boy_
Developers
Posts: 308 Joined: 06 Jul 2012, 13:44Noob?: No
#75
Post
by ever_boy_ 12 Sep 2012, 23:27
vansro wrote: I tried to fix the bRO.pm (send and receive) but I was not sucessful. I used wireshark and filtered the packets (to show only the ones from bRO). I did not understand how to get the packets. For example, in Send->bRO.pm there is a line: '07E4' => ['item_take', 'a4', [qw(ID)]], To "update" this packet (07E4) I have to use wireshark, drop an item in the game and see the new packet (looking at the line where SOURCE is my ip, because it is the SEND part right?)?
This recvpacket is no good for visual compare. You should get a recvpacket which is in the same order as the disassembled exe.
If you don't know what order is that, you should take a look at the disassembled exe. The packets start at address '0058B579'.
daggerblade
Plain Yogurt
Posts: 59 Joined: 06 Jun 2010, 22:08Noob?: No
#76
Post
by daggerblade 15 Sep 2012, 10:11
why not compare them by memory area they occupy? Even tho they mix the packets, lets say for instance, map_login, it stills occupy the same memory adress.
ever_boy_
Developers
Posts: 308 Joined: 06 Jul 2012, 13:44Noob?: No
#77
Post
by ever_boy_ 16 Sep 2012, 19:38
right now I'm working on an extractor which works directly with the hexa dump, so it doesn't need any debugger.
Pawel
Noob
Posts: 5 Joined: 01 May 2012, 06:52Noob?: No
#78
Post
by Pawel 17 Sep 2012, 08:20
How was the newest recvpackets.txt extracted if the v3 Extractor doesn't work anymore??
kLabMouse
Administrator
Posts: 1301 Joined: 24 Apr 2008, 12:02
#79
Post
by kLabMouse 23 Sep 2012, 08:26
Pawel wrote: How was the newest recvpackets.txt extracted if the v3 Extractor doesn't work anymore??
By Hands!
ever_boy_
Developers
Posts: 308 Joined: 06 Jul 2012, 13:44Noob?: No
#80
Post
by ever_boy_ 23 Sep 2012, 13:53
Pawel wrote: How was the newest recvpackets.txt extracted if the v3 Extractor doesn't work anymore??
I made my own extractor, which analyzes the ragexe's hexa dump, and instantly gives me recvpackets list.
By the way, it's not the only one, since other people are able to do it.
