Latest cRO packets is using DES encrypt? Or else?

[Maple]

I was shocked when the protected ragexe patched last week.
And this week comes with DES encrypt for Send function.
There's no previous code about how to sync out the packet and make it work.
Also the cRO is now using Reassembly Packets to check if you are actually client-using.

Any pro can deal with that?


Move packet



Map login

https://docs.google.com/file/d/0B-Ht3ey ... sp=sharing
This is the latest ragexe file.

Still confusing now.

Code: Select all

#########################################################################
#  OpenKore - Network subsystem
#  Copyright (c) 2006 OpenKore Team
#
#  This software is open source, licensed under the GNU General Public
#  License, version 2.
#  Basically, this means that you're allowed to modify and distribute
#  this software. However, if you distribute modified versions, you MUST
#  also distribute the source code.
#  See http://www.gnu.org/licenses/gpl.html for the full license.
#########################################################################
package Network::Receive::cRO;

use strict;
use Log qw(message warning error debug);
use base 'Network::Receive::ServerType0';
use Globals;
use Translation;
use Misc;
my %reassembly_table = (
	'023B' => '866',
	'0281' => '958',
	'0360' => '8A1',
	'0368' => '95D',
	'0362' => '919',
	'0367' => '802',
	'0436' => '956',
	'0369' => '952',
	'0366' => '85D',
	'0437' => '924',
	'089F' => '872',
	'0865' => '947',
	'087E' => '864',
	'0959' => '8A5',
	'091E' => '895',
	'0917' => '88D',
	'095E' => '8A8',
	'089D' => '962',
	'0945' => '89C',
	'0930' => '363',
	'08A6' => '966',
	'092D' => '88B',
	'094B' => '888',
	'0871' => '86D',
	'0957' => '438',
	'0889' => '862',
	'08A4' => '955',
	'092A' => '835',
	'0943' => '964',
	'08A7' => '86E',
	'0949' => '8A2',
	'0939' => '929',
	'0960' => '925',
	'085E' => '934',
	'0950' => '923',
	'0935' => '953',
	'0918' => '869',
	'08A0' => '365',
	'0894' => '85F',
	'088C' => '877',
	'0920' => '8AC',
	'091F' => '8A9',
	'0922' => '838',
	'085A' => '951',
	'095F' => '202',
	'0892' => '817',
	'085B' => '88A',
	'08AA' => '8AB',
	'087A' => '95A',
	'0942' => '93F',
	'0940' => '86B',
	'0868' => '948',
	'095B' => '954',
	'0882' => '94A',
	'0965' => '815',
	'091A' => '22D',
	'0927' => '88F',
	'0819' => '926',
	'0879' => '87B',
	'0887' => '921',
	'0941' => '811',
	'07EC' => '91B',
	'0899' => '890',
	'0883' => '933',
	'093B' => '86C',
	'0885' => '881',
	'0860' => '873',
	'088E' => '963',
	'0946' => '870',
	'0876' => '35F',
	'094F' => '897',
	'0932' => '92E',
	'096A' => '861',
	'092F' => '898',
	'0891' => '92B',
	'0896' => '944',
	'0968' => '361',
	'094C' => '936',
	'087D' => '92C',
	'0928' => '961',
	'093C' => '93E',
	'0874' => '86F',
	'0893' => '867',
	'0937' => '83C',
	);
sub new {
	my ($class) = @_;
	my $self = $class->SUPER::new(@_);
	
	my %packets = (
		'023B' => ['reassembly_packet'],
		'0281' => ['reassembly_packet'],
		'0360' => ['reassembly_packet'],
		'0368' => ['reassembly_packet'],
		'0362' => ['reassembly_packet'],
		'0367' => ['reassembly_packet'],
		'0436' => ['reassembly_packet'],
		'0369' => ['reassembly_packet'],
		'0366' => ['reassembly_packet'],
		'0437' => ['reassembly_packet'],
		'089F' => ['reassembly_packet'],
		'0865' => ['reassembly_packet'],
		'087E' => ['reassembly_packet'],
		'0959' => ['reassembly_packet'],
		'091E' => ['reassembly_packet'],
		'0917' => ['reassembly_packet'],
		'095E' => ['reassembly_packet'],
		'089D' => ['reassembly_packet'],
		'0945' => ['reassembly_packet'],
		'0930' => ['reassembly_packet'],
		'08A6' => ['reassembly_packet'],
		'092D' => ['reassembly_packet'],
		'094B' => ['reassembly_packet'],
		'0871' => ['reassembly_packet'],
		'0957' => ['reassembly_packet'],
		'0889' => ['reassembly_packet'],
		'08A4' => ['reassembly_packet'],
		'092A' => ['reassembly_packet'],
		'0943' => ['reassembly_packet'],
		'08A7' => ['reassembly_packet'],
		'0949' => ['reassembly_packet'],
		'0939' => ['reassembly_packet'],
		'0960' => ['reassembly_packet'],
		'085E' => ['reassembly_packet'],
		'0950' => ['reassembly_packet'],
		'0935' => ['reassembly_packet'],
		'0918' => ['reassembly_packet'],
		'08A0' => ['reassembly_packet'],
		'0894' => ['reassembly_packet'],
		'088C' => ['reassembly_packet'],
		'0920' => ['reassembly_packet'],
		'091F' => ['reassembly_packet'],
		'0922' => ['reassembly_packet'],
		'085A' => ['reassembly_packet'],
		'095F' => ['reassembly_packet'],
		'0892' => ['reassembly_packet'],
		'085B' => ['reassembly_packet'],
		'08AA' => ['reassembly_packet'],
		'087A' => ['reassembly_packet'],
		'0942' => ['reassembly_packet'],
		'0940' => ['reassembly_packet'],
		'0868' => ['reassembly_packet'],
		'095B' => ['reassembly_packet'],
		'0882' => ['reassembly_packet'],
		'0965' => ['reassembly_packet'],
		'091A' => ['reassembly_packet'],
		'0927' => ['reassembly_packet'],
		'0819' => ['reassembly_packet'],
		'0879' => ['reassembly_packet'],
		'0887' => ['reassembly_packet'],
		'0941' => ['reassembly_packet'],
		'07EC' => ['reassembly_packet'],
		'0899' => ['reassembly_packet'],
		'0883' => ['reassembly_packet'],
		'093B' => ['reassembly_packet'],
		'0885' => ['reassembly_packet'],
		'0860' => ['reassembly_packet'],
		'088E' => ['reassembly_packet'],
		'0946' => ['reassembly_packet'],
		'0876' => ['reassembly_packet'],
		'094F' => ['reassembly_packet'],
		'0932' => ['reassembly_packet'],
		'096A' => ['reassembly_packet'],
		'092F' => ['reassembly_packet'],
		'0891' => ['reassembly_packet'],
		'0896' => ['reassembly_packet'],
		'0968' => ['reassembly_packet'],
		'094C' => ['reassembly_packet'],
		'087D' => ['reassembly_packet'],
		'0928' => ['reassembly_packet'],
		'093C' => ['reassembly_packet'],
		'0874' => ['reassembly_packet'],
		'0893' => ['reassembly_packet'],
		'0937' => ['reassembly_packet'],
	);

	foreach my $switch (keys %packets) {
		$self->{packet_list}{$switch} = $packets{$switch};
	}

	return $self;
}

sub reassembly_packet {
	my ($self, $args) = @_;
	
	# Debug Log
	# message "Received Reassembly Packet : 0x" . $args->{switch} . "\n";
	
	my $PacketID = $args->{switch};
	
	
	# Getting Sync Ex Reply ID from Table
	my $SyncID = $reassembly_table{$PacketID};
	
	# Cleaning Leading Zeros
	$PacketID =~ s/^0+//;	
	
	# Cleaning Leading Zeros	
	$SyncID =~ s/^0+//;
	
	# Converting ID to Hex Number
	$SyncID = hex($SyncID);

	# Dispatching Sync Ex Reply
	$messageSender->sendReplySyncRequestEx($SyncID);
}

1;

Receive/cRO.pm for the last week

Code: Select all

#########################################################################
#  OpenKore - Network subsystem
#  This module contains functions for sending messages to the server.
#
#  This software is open source, licensed under the GNU General Public
#  License, version 2.
#  Basically, this means that you're allowed to modify and distribute
#  this software. However, if you distribute modified versions, you MUST
#  also distribute the source code.
#  See http://www.gnu.org/licenses/gpl.html for the full license.
#########################################################################
package Network::Send::cRO;

use strict;
use Globals;
use Log qw(message warning error debug);
use Utils qw(existsInList getHex getTickCount getCoordString);
use base qw(Network::Send::ServerType0);
use Math::BigInt;
use Digest::MD5;

sub new {
	my ($class) = @_;
	my $self = $class->SUPER::new(@_);

	my %packets = (
		'0886' => ['actor_action', 'a4 C', [qw(targetID type)]],
		'093A' => ['character_move','a3', [qw(coords)]],		
		'091D' => ['sync', 'V', [qw(time)]],
		'0878' => ['actor_look_at', 'v C', [qw(head body)]],
		'085C' => ['item_take', 'a4', [qw(ID)]],
		'093D' => ['item_drop', 'v2', [qw(index amount)]],		
		'094D' => ['storage_item_add', 'v V', [qw(index amount)]],
		'089E' => ['storage_item_remove', 'v V', [qw(index amount)]],
		'089A' => ['skill_use', 'a2 a2 a4', [qw(ID lv targetID)]],
		'094E' => ['skill_use_location', 'v4', [qw(lv skillID x y)]],
		'0969' => ['actor_info_request', 'a4', [qw(ID)]],
		'085F' => ['map_login', 'a4 a4 a4 V C', [qw(accountID charID sessionID tick sex)]],	
	);
	$self->{packet_list}{$_} = $packets{$_} for keys %packets;
	
	my %handlers = qw(
		actor_action 0886
		character_move 093A
		sync 091D
		actor_look_at 0878
		item_take 085C
		item_drop 093D
		storage_item_add 094D
		storage_item_remove 089E
		skill_use 089A
		skill_use_location 094E
		actor_info_request 0969
		map_login 085F
		party_setting 07D7
	);
	$self->{packet_lut}{$_} = $handlers{$_} for keys %handlers;

	$self;
}

# Local Servertype Globals
my $map_login = 0;
my $enc_val3 = 0;

sub encryptMessageID 
{
	my ($self, $r_message, $MID) = @_;
	
	# Checking In-Game State
	if ($self->{net}->getState() != Network::IN_GAME && !$map_login) { $enc_val1 = 0; $enc_val2 = 0; return; }
	
	# Turn Off Map Login Flag
	if ($map_login)	{ $map_login = 0; }

	# Calculating the Encryption Key
	$enc_val1 = $enc_val1->bmul($enc_val3)->badd($enc_val2) & 0xFFFFFFFF;

	# Xoring the Message ID
	$MID = ($MID ^ (($enc_val1 >> 8 >> 8) & 0x7FFF)) & 0xFFFF;
	$$r_message = pack("v", $MID) . substr($$r_message, 2);
}

sub PrepareKeys()
{
	# K
	$enc_val1 = Math::BigInt->new('0x5050607D');
	# M
	$enc_val3 = Math::BigInt->new('0x52C006D5');
	# A
	$enc_val2 = Math::BigInt->new('0x4AEC0620');
}

sub sendMasterLogin {
	my ($self, $username, $password, $master_version, $version) = @_;
	my $msg;
	my $password_hash;
	
	for (Digest::MD5->new) {
		$_->add($password);
		$password_hash = $_->hexdigest;
	}
	$msg = pack("v1 S1 V", hex("0987"), length($username) + 41, $version || $self->version) .
		pack("a*", $password_hash) .
		pack("C*", $master_version).
		pack("a*", $username);

	$self->sendToServer($msg);
	debug "Sent sendMasterLogin\n", "sendPacket", 2;
}

sub sendMapLogin 
{
	my ($self, $accountID, $charID, $sessionID, $sex) = @_;
	my $msg;

	$sex = 0 if ($sex > 1 || $sex < 0); # Sex can only be 0 (female) or 1 (male)
	
	if ( $map_login == 0 ) { PrepareKeys(); $map_login = 1; }

	# Reconstructing Packet 
	$msg = $self->reconstruct({
		switch => 'map_login',
		accountID => $accountID,
		charID => $charID,
		sessionID => $sessionID,
		tick => getTickCount,
		sex => $sex,
	});

	$self->sendToServer($msg);
	debug "Sent sendMapLogin\n", "sendPacket", 2;
}

1;

Send/cRO.pm for the last week.

[yaozhiwei]

我知道你能看懂，呵呵，国人嘛，找你也真不容易，www.openkore.cn这个邀请码能不能给一个，大家一起研究呢。我一个人其实有些累了。

[Kaspy]

Every week changes the packets client types in the game?
If yes, try to rely on the solution used in bRO server.

Maybe this helps: http://forums.openkore.com/viewtopic.php?f=36&t=17996

我知道你能看懂，呵呵，国人嘛，找你也真不容易，www.openkore.cn这个邀请码能不能给一个，大家一起研究呢。我一个人其实有些累了。

English, please. I'm not North American, but I send my messages in English.

[ROX_Leopardo]

Are you using last MID encryption keys?
I can't see DES encryption on you sniffs, I only see the MID encryption algorithm.
The most possible cause is what KeplerBR said, was changed the ID of the most important packets.

[kubble12]

Thanks god, finally somebody pay attention on China RO.

I don't really understand how encrption working on CRO client but I tried to follow wiki for gethering version and master-version from ro.exe, it's not working. And everytime the packet I caught are not even not same length.

========================

Chinese:
终于有人对CRO感兴趣了

我个人不是很理解CRO的客户端是如何加密的，我之前尝试根据WIKI上的文档去抓取Version和m-version得到的封包长度均不一样。所以我个人觉得CRO应该和其他地区的RO采用了不通方式的加密。