CO packet sniffer

Page 1 of 4

09/28/2005 21:30 t3hn00bz0r#1

This program allows you to see and easily log decrypted packets sent to and from the CO servers. This program does not attach to conquer or look at the memory conquer resides in. It only looks at packets coming over the network.

Current limitations:
Only one connection: The program can only keep track of one connection. This means that if you attempt to login again, the program will desync. If enough interest is shown in this program, it can be changed to allow multiple clients.
Only works on connections over ethernet: This may or may not be true. The way the packets are disassembled suggests that it will not work on dialup connections. You have broadband, right? Again, if there is enough interest, a more complete packet analyser can be written.

Note:
There are no viruses, keyloggers, or any of that crap in the program.
You must have the winpcap ([Only registered and activated users can see links. Click Here To Register...]) library installed for this program to work.
This program DOES NOT send packets (yet) and therefore cannot get you D/Ced (or caught).
The source is C++ and will be available shortly. If you would like it before I post it, PM me.
If you would like to help develop PM me.

To use this program, you must start it and select the adapter you wish to bind to (it will print a list). You must then log on to a CO server so that the program can capture the encryption bytes and sync with the game server.

useful keys:
o - outputs the contents of the buffer to a file. be careful here: the error checking is very limited; make sure you can write to that file. note: this effectively clears the buffer
d - deletes the contents of the buffer
c - adds a comment to the buffer
s - starts/stops printing to the buffer. this will NOT interrupt capturing and will NOT desync the program. the idea here is that you only want to see packets from certain times and this will allow you to see only what you want
q - quit the program

Let me know how it works for you and feel free to post an IP or two.

Update: added support for servers Honor and Turquiose
Update: support has been added for ALL servers
==========
Major update: several serious encryption and decryption bugs have been found and resolved. please download the latest version for valid results!
==========

09/28/2005 22:26 nTL3fTy#2

Turquiose - 216.93.171.44:5816
I'm pretty sure that's the IP for Turq...

09/28/2005 23:49 Saxasolt#3

Oops rofl :rolleyes:

09/28/2005 23:52 MrTeenie#4

Quote:

Originally posted by Saxasolt@Sep 28 2005, 23:49
[Nature]
Volcano
69.59.142.13:9958
Thunder
69.59.142.13:9958
[Dreams]
Eternity
69.59.142.13:9958
Dream
69.59.142.13:9958
Glory
69.59.142.13:9958
Faith
69.59.142.13:9958
Freedom
69.59.142.13:9958
Honor
69.59.142.13:9958
Justice
69.59.142.13:9958
Triumph
69.59.142.13:9958
[Gem World]
Turquoise
69.59.142.13:9958
Emerald
69.59.142.13:9958
Crystal
69.59.142.13:9958
Diamond
69.59.142.13:9958
Ruby
69.59.142.13:9958
Sapphire
69.59.142.13:9958
[Wild Kingdom]
Eagle
69.59.142.13:9958
Lion
69.59.142.13:9958
Tiger
69.59.142.13:9958
Phoenix
69.59.142.13:9958
Dragon
69.59.142.13:9958
Kylin
69.59.142.13:9958

hope this helps..ill try it once you add my server :D

That is the login server...

09/28/2005 23:53 Saxasolt#5

O and..files are clean

09/28/2005 23:59 MrTeenie#6

Here is one I made up awhile back.

Quote:

Dreams -
1. Eternity - 69.59.162.100
2. Dream - 64.151.72.148
3. Glory - 64.151.112.4
4. Faith - 64.151.107.12
5. Freedom - 69.59.172.4
6. Honor - 216.93.167.116
7. Justice - 64.151.82.236
8. Triumph - 69.59.141.236

Gem World -
1. Turquoise - 216.93.171.44
2. Emerald - 69.59.188.196
3. Crystal - 69.59.177.140
4. Diamond - Server Down!
5. Ruby - 69.59.188.100
6. Sapphire - 69.59.183.44

Wild Kingdom -
1. Eagle - 64.151.81.204
2. Lion - 64.151.81.28
3. Tirger - 69.59.188.124
4. Phoenix - 69.59.185.108
5. Dragon - 69.59.185.100
6. Kylin - 69.59.177.116

Login Server(s)
1. Conquer Online 1.0 Login Server - 69.59.142.13
2. Conquer Online 2.0 Alpha Login Server - 216.93.176.137

09/29/2005 05:28 t3hn00bz0r#7

Thank you to everyone who posted IPs. This is greatly appreciated and made my work go a lot faster.

Current build:
Added all servers capability
Fixed a sent packet synchronization issue
Reduced timeout on packet read

Now comes the task of figuring out exactly what the packets mean. The next release will hopefully have some of the packets decoded.
The executable is in the top post

09/29/2005 06:16 t3hn00bz0r#8

And the source...

09/29/2005 16:55 unknownone#9

Good work. +1 k

09/29/2005 22:30 anticlownn#10

Quote:

Originally posted by MrTeenie@Sep 28 2005, 23:59
Here is one I made up awhile back.

Quote:

Dreams -
1. Eternity - 69.59.162.100
2. Dream - 64.151.72.148
3. Glory - 64.151.112.4
4. Faith - 64.151.107.12
5. Freedom - 69.59.172.4
6. Honor - 216.93.167.116
7. Justice - 64.151.82.236
8. Triumph - 69.59.141.236

Gem World -
1. Turquoise - 216.93.171.44
2. Emerald - 69.59.188.196
3. Crystal - 69.59.177.140
4. Diamond - Server Down!
5. Ruby - 69.59.188.100
6. Sapphire - 69.59.183.44

Wild Kingdom -
1. Eagle - 64.151.81.204
2. Lion - 64.151.81.28
3. Tirger - 69.59.188.124
4. Phoenix - 69.59.185.108
5. Dragon - 69.59.185.100
6. Kylin - 69.59.177.116

Login Server(s)
1. Conquer Online 1.0 Login Server - 69.59.142.13
2. Conquer Online 2.0 Alpha Login Server - 216.93.176.137

lol Diamond is "Server Down!"? :P

09/29/2005 23:00 t3hn00bz0r#11

lol

Here is a snippet of my code that contains the IP addresses. I retrieved all of them using ethereal yesterday. This list *should* be accurate. If not, please let me know.

Code:

//Nature Group
#define LIGHTNINGGAMESERVER	0x4097744c //64.151.116.76
#define VOLCANOGAMESERVER	0x453bb72c //69.59.183.44
#define THUNDERGAMESERVER	0x40976c74 //64.151.108.116

//Dreams Group
#define ETERNITYGAMESERVER	0x453ba264 //69.59.162.100
#define DREAMGAMESERVER 0x400ca550 //64.12.165.80
#define GLORYGAMESERVER 0x40976c64 //64.151.108.100
#define FAITHGAMESERVER 0x40976b0c //64.151.107.12
#define FREEDOMGAMESERVER	0x453bac04 //69.59.172.4
#define HONORGAMESERVER 0xd85da774 //216.93.167.116
#define JUSTICEGAMESERVER	0x40977004 //64.151.112.4
#define TRIUMPHGAMESERVER	0x453b65ec //69.59.101.236

//Gem World Group
#define TURQUIOSEGAMESERVER	0xd85dab2c //216.93.171.44
#define EMERALDGAMESERVER	0x453bbcc4 //69.59.188.196
#define CRYSTALGAMESERVER	0x453bb18c //69.59.177.140
#define DIAMONDGAMESERVER	0x409768dc //64.151.104.220
#define RUBYGAMESERVER 0x453bbc64 //69.59.188.100
#define SAPPHIREGAMESERVER	0x40976c6c //64.151.108.108


//Wild Kingdom Group
#define EAGLEGAMESERVER 0x409751cc //64.151.81.204
#define LIONGAMESERVER 0x4097511c //64.151.81.28
#define TIGERGAMESERVER 0x453bbc7c //69.59.188.124
#define PHOENIXGAMESERVER	0x453bb96c //69.59.185.108
#define DRAGONGAMESERVER	0x453bb964 //69.59.185.100
#define KYLINGAMESERVER 0x453bb174 //69.59.177.116

09/30/2005 01:06 MrTeenie#12

Quote:

Originally posted by anticlownn+Sep 29 2005, 22:30--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (anticlownn @ Sep 29 2005, 22:30)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin--MrTeenie@Sep 28 2005, 23:59
Here is one I made up awhile back.

Quote:

Dreams -
1. Eternity - 69.59.162.100
2. Dream - 64.151.72.148
3. Glory - 64.151.112.4
4. Faith - 64.151.107.12
5. Freedom - 69.59.172.4
6. Honor - 216.93.167.116
7. Justice - 64.151.82.236
8. Triumph - 69.59.141.236

Gem World -
1. Turquoise - 216.93.171.44
2. Emerald - 69.59.188.196
3. Crystal - 69.59.177.140
4. Diamond - Server Down!
5. Ruby - 69.59.188.100
6. Sapphire - 69.59.183.44

Wild Kingdom -
1. Eagle - 64.151.81.204
2. Lion - 64.151.81.28
3. Tirger - 69.59.188.124
4. Phoenix - 69.59.185.108
5. Dragon - 69.59.185.100
6. Kylin - 69.59.177.116

Login Server(s)
1. Conquer Online 1.0 Login Server - 69.59.142.13
2. Conquer Online 2.0 Alpha Login Server - 216.93.176.137

lol Diamond is "Server Down!"? :P [/b][/quote]
When I was getting the ips it was :p

09/30/2005 01:55 sabbathin#13

lets fire up our coders, this sould be pinned, nice job btw

09/30/2005 02:48 Hojo#14

is it like COpac?

no real explination of what it actually does. Basically decrypts packets?

Pined anyways becuase looks good lol :P

09/30/2005 03:00 sabbathin#15

the same as copac, just that it doesnt send packets

Page 1 of 4

Last »