We need help with recvpackets extraction @bRO

[kLabMouse]

The procedure is Simple.
OpenKore uses only PacketID and Len.
There is also MinLen and ReplayFactor.
Thus are good, to determinate the difference more accurate. but OpenKore do not require them.

Once you Got old (working) recvpacket.txt and new (current) recvpacket.txt, you just need to compare them and change packet ID's according to that compare.

Next step, is to change Encryption key's.

we already got the keys, recvpackets i believe its no prob also now that we understand the procedure, but now we need to know which packet goes where in bro.pm. Thanks

You ask such a question, because you did not completed the Diff procedure yet.
If you do it, you will easily see the Light at the end of tunnel.

[daggerblade]

ok ill try, its true it hasnt been completed, but the procedure has been understand. ill finish and check if i can see the correct way to sort them. Thanks.

[kLabMouse]

ok ill try, its true it hasnt been completed, but the procedure has been understand. ill finish and check if i can see the correct way to sort them. Thanks.

WHY Sort Them? Sorting in not needed. Else you will loose the valuable information.

[daggerblade]

English translation. I meant put them at their right places in bro pm after i finish diff.

[kLabMouse]

English translation. I meant put them at their right places in bro pm after i finish diff.

Oh. it's As simple as make a Diff. Diff show what ID changed to what.
Now, just edit the bRO.pm files and change their ID's.
If packets changed a bit (len changed, inner len changed, etc.) Then I can help with thus.

[ever_boy_]

The procedure is Simple.
Once you Got old (working) recvpacket.txt and new (current) recvpacket.txt, you just need to compare them and change packet ID's according to that compare.

Can't we just replace the old for the new one?

Next step, is to change Encryption key's.

I think this was the first thing we did. We looked for "packet_cz", at address 008390CC, and we found the 3 encryption keys.

ok ill try, its true it hasnt been completed, but the procedure has been understand. ill finish and check if i can see the correct way to sort them. Thanks.

WHY Sort Them? Sorting in not needed. Else you will loose the valuable information.

So, I should just get the packet in the same order they appear in the debugger?

[kLabMouse]

The procedure is Simple.
Once you Got old (working) recvpacket.txt and new (current) recvpacket.txt, you just need to compare them and change packet ID's according to that compare.

Can't we just replace the old for the new one?

Next step, is to change Encryption key's.

I think this was the first thing we did. We looked for "packet_cz", at address 008390CC, and we found the 3 encryption keys.

ok ill try, its true it hasnt been completed, but the procedure has been understand. ill finish and check if i can see the correct way to sort them. Thanks.

WHY Sort Them? Sorting in not needed. Else you will loose the valuable information.

So, I should just get the packet in the same order they appear in the debugger?

Yes. Same order.

[daggerblade]

ok ill try, its true it hasnt been completed, but the procedure has been understand. ill finish and check if i can see the correct way to sort them. Thanks.

WHY Sort Them? Sorting in not needed. Else you will loose the valuable information.

So, I should just get the packet in the same order they appear in the debugger?[/quote]

He means we should finish the recvpackets and compare with the old recvpackets, and replace them in bRO.pm. i have to go back to work but sent u pm to finish the process later on.

[ever_boy_]

What is the best tool for this diff thing? I'm using IDA as debugger.

Also, can't we just replace the old recvpackets for the new one?

[daggerblade]

What is the best tool for this diff thing? I'm using IDA as debugger.

Also, can't we just replace the old recvpackets for the new one?

By diff he means compare both and see what has changed. Yes we will replace but only after we compare, otherwise it will be hard to fill correctly bro.pm. We build recvpackets, compare both, check which packets went where on bro.pm with the older recvpacket. After we just have to open bro.pm and adjust the changes that has been made in the new recv. I believe thats it, hope i put it right in proper english