[Need A Suggestion] Harmony Encryption Function in Ollydbg

[phuriphat]

I have been debugging .exe file of some private servers which have harmony protected.
I used OllyDbg as a debugging tool.

For the time being, I think I just found a function that harmony uses to encrypt all packets before sending to the server.

I discover this function by tracing back "send" function from WinSock.

I found a CALL that call for JMP commnad that jump far far away and this JMP command replaces PUSH ESI
of this function after harmony is loaded. Besides, after I change this JMP back to the normal (PUSH ESI)
I can sniff a decrypted Login packet using Wireshark.

I am quite sure that this is the function I am looking for but I have no idea what to do next.
How can I use the advantage of this function?
How can I encrypt my packet from openkore using this function?

So I need a suggestion from you guys.

Thanks and sorry for my very bad English so if you don't understand my question just ask I will try my best to explain it.

[Raider]

Awesome work man, maybe you can use the files of BlackoutRO crack_head made for reference? He found a way to get around the custom packet encryption.
http://forums.openkore.com/viewtopic.php?f=9&t=29304

[phuriphat]

Thanks Raider.
I will look around it

[phuriphat]

It seems like I can't download a file from this link: http://shareplace.com/?E946EDA837
Could you upload this file for me at other hosts? (ex. mediafire)

Thanks

[Kaspy]

If you really can find the packages, try to rely on bRO.pm because the server all Brazilian packet type are changed, and it's made ​​the adjustment.