We need help with recvpackets extraction @bRO

Wrote new code? Fixed a bug? Want to discuss technical stuff? Feel free to post it here.

Moderator: Moderators

Post Reply
Message
Author
ever_boy_
Developers
Developers
Posts: 309
Joined: 06 Jul 2012, 13:44
Noob?: No

We need help with recvpackets extraction @bRO

#1 Post by ever_boy_ »

First of all, for those who are not aware, our situation is a bit different from other RO's community.
LUG (brazil's RO distributor) have been relentlessly fighting openkore. They change packet's ID every week, so we need to extract recvpackets from a new exe after every maintenance, figure out which packets have changed, and so on. On top of that, kLabMouse's extractors don't work very well due to LUG's anti-botting policy, which is very strict.

We have always relayed on the skills of quite a few people who held the knowledge of how to do the entire packets extraction process, send/receive.pm coding, etc.
Now we no longer can count on them for that, and we have to learn how to do these things on our own.

But we're not just waiting for it to happen. We're already joining forces, and thus we have figured out how the whole thing works. The only thing that is troubling us the most, is how to extract the recvpackets.txt, properly order.

kLabMouse has provided us with a correct recvpackets, but we believe it's sorted in such a way that we can't figure out the sync_request's list. And even though we might use this recvpackets (which has been of great use. thatnk you kLabMouse, for all your support), we need to learn how to build this on our own.

We're not asking for a ready-to-go extractor from you. We just wanted to be pointed out in the right direction, in an comprehensible way. We're not dumbs, but we're not pro's either. I', myself, have been messing with kore's coding for just a couple of weeks, and so have many of us.

We already know that we need to disassemble ragexe by using a tool such as OllyDBG, but we're having trouble into operating it, finding and identifying the values which really matters, comparing it with the previous exe, and coding a script which apropriately extracts our precious recvpackets.

For anyone who can offer any kind of help, our sicerely thanks.

ParanoidBR
Noob
Noob
Posts: 3
Joined: 24 Jan 2012, 08:35
Noob?: No

Re: We need help with recvpackets extraction @bRO

#2 Post by ParanoidBR »

I only need that you help me to get on this point:

http://pastebin.com/avvZawUw
http://pastebin.com/GNxrfv48

I can do the rest.

kLabMouse
Administrator
Administrator
Posts: 1301
Joined: 24 Apr 2008, 12:02

Re: We need help with recvpackets extraction @bRO

#3 Post by kLabMouse »

OK. First one is "InitPacketLenWithClient" this one is main.
at it's start it call "InitPacketLenWithClientSecure", so this one is first.
now.
first entry in revpackets.txt should be:

Code: Select all

  packet.Length = 7;
  packet.MinLength = 7;
  packet.PacketID = 0x369u;
  packet.ReplayFactor = 0;
  sub_58B360(this, &v2, &packet);

converted to ->
0396 7 7 0
EG. PacketID Length MinLength ReplayFactor

the other Example:

Code: Select all

sub_58B510(this_, 0x17Au, 4, 4, 0);

converted to ->
017A 4 4 0
Same order.

ever_boy_
Developers
Developers
Posts: 309
Joined: 06 Jul 2012, 13:44
Noob?: No

Re: We need help with recvpackets extraction @bRO

#4 Post by ever_boy_ »

kLabMouse, we already knew how to convert your pastebin's into a usefull recvpackets.

What Paranoid means is that we need help to use the debugger in order to get the packets, just the way you did.

We are running unpecked exe in Olly,w32asm, but we don't know how to find the packets.
What command should we use? What should we look for?

kLabMouse
Administrator
Administrator
Posts: 1301
Joined: 24 Apr 2008, 12:02

Re: We need help with recvpackets extraction @bRO

#5 Post by kLabMouse »

ever_boy_ wrote:kLabMouse, we already knew how to convert your pastebin's into a usefull recvpackets.

What Paranoid means is that we need help to use the debugger in order to get the packets, just the way you did.

We are running unpecked exe in Olly,w32asm, but we don't know how to find the packets.
What command should we use? What should we look for?


I Personally Prefer IDA.
What I do.
Try to Login and catch the Login packet ID. Or any other.
For Example. I got "022D" packet.

next, I search for it inside Analyzed Memory DUMP. Is Search for "22Dh" string.
This will give a few results. One of them is what we need.

ever_boy_
Developers
Developers
Posts: 309
Joined: 06 Jul 2012, 13:44
Noob?: No

Re: We need help with recvpackets extraction @bRO

#6 Post by ever_boy_ »

kLabMouse wrote:Try to Login and catch the Login packet ID. Or any other.
For Example. I got "022D" packet.


Ok, now things are getting clearer. But when i try to log in to the game, using the unpacked exe, it just won't connect. I put my username and password, but it doesn't connect to the server. Tried in both win7 and XP.

kLabMouse
Administrator
Administrator
Posts: 1301
Joined: 24 Apr 2008, 12:02

Re: We need help with recvpackets extraction @bRO

#7 Post by kLabMouse »

ever_boy_ wrote:
kLabMouse wrote:Try to Login and catch the Login packet ID. Or any other.
For Example. I got "022D" packet.


Ok, now things are getting clearer. But when i try to log in to the game, using the unpacked exe, it just won't connect. I put my username and password, but it doesn't connect to the server. Tried in both win7 and XP.

Why you Ever want to use "Unpacked" .exe ? Why not use some Debugger?
Anyhow. there is nothing to seek in "Working" client.
Why You people still look at the same mirror if there is a way around?

ever_boy_
Developers
Developers
Posts: 309
Joined: 06 Jul 2012, 13:44
Noob?: No

Re: We need help with recvpackets extraction @bRO

#8 Post by ever_boy_ »

I thought I had to run the game, and then use the debugger.

What should I do first then? What is the way around it?


edit: I started IDA, ran the ragexe, searched for the text "packet_cz", and then I found the 3 hexa keys, just as uPancho said.

But the text search is very slow. How can I search faster for keys and packets? Which windows, and which search option?

daggerblade
Plain Yogurt
Plain Yogurt
Posts: 60
Joined: 06 Jun 2010, 22:08
Noob?: No

Re: We need help with recvpackets extraction @bRO

#9 Post by daggerblade »

kLabMouse wrote:
ever_boy_ wrote:kLabMouse, we already knew how to convert your pastebin's into a usefull recvpackets.

What Paranoid means is that we need help to use the debugger in order to get the packets, just the way you did.

We are running unpecked exe in Olly,w32asm, but we don't know how to find the packets.
What command should we use? What should we look for?


I Personally Prefer IDA.
What I do.
Try to Login and catch the Login packet ID. Or any other.
For Example. I got "022D" packet.

next, I search for it inside Analyzed Memory DUMP. Is Search for "22Dh" string.
This will give a few results. One of them is what we need.


in 022d packet for example, why search for 22Dh instead of the 022d himself?

We are getting there few by few, we can login, walk, do a few actions, but we are strugling with the debuggers, since we dont know where and how to search for the packets or valuable information there to update the bRO.pm and get disconected.

It is good to let the process of obtain information clear for the community, so more people can add, also solve problems faster, instead of dependind solely on one person. Theres a lot of people with the same questions but they are afraid to ask because they dont wanna bug, but if you have any time to spare just waste a few minutes helping with the issues that come up as we advance in the search.

Thanks for the support.

kLabMouse
Administrator
Administrator
Posts: 1301
Joined: 24 Apr 2008, 12:02

Re: We need help with recvpackets extraction @bRO

#10 Post by kLabMouse »

daggerblade wrote:in 022d packet for example, why search for 22Dh instead of the 022d himself?


Simple. Because this is how an Integer looks like in ASM.

Post Reply