Classic Conquer packet sniffing (help request)

clock321 · 01/18/2016, 19:53

Hi, im a very old member of this forum, i mostly didnt help anyone on anything right here, years ago i downloaded many bots for all kinds of exploits on CO 1.0 and 2.0.
But now, im grown up, and i want to learn about gamehacking and i think im ready for it, i was reading all the old topics about the packet encryption of conquer, and i was playing on this old CO classic pserver, i would like to try and create some sort of proxy bot, or atleast packet sniff a litle bit, like meteor scrolls, or open wh anywhere, becouse i think you all have been trought it, and has much to me to learn from, i played conquer for very much time, and i understand how the game works, atleast enough to start my own project, i want to do something like the pro4never's project alchemy,
im not as good as he's on programing and coding, but i rly wanna try (

)

idk if there's anyone active on this area, but i rly want to learn, and i would love to hear what u guys think.
ps: sorry for my bad english, im from Brazil, i think my english is good enough to continue this project atleast :F

now im gonna talk where im:
actually i got a undetected wpe pro for packet sniffing, and im starting to learn the encryption for this old CO, i have read a lot of the old topics about it, i understood that i need to get the 3rd and 4th key to every character i log in to the server, so i can reencrypt the packets i send, and the packets i receive, to and from the server. Right now, i just want to try to send a packet to open the twin Warehouse, i know i have to near the npc ( to it to work) , so i started recording packets, clicked the wh npc, and stopped recording, i got 2 samples of packets sended to the server, i think the first one is about the NPC calling ( not sure of how to call this) and the 2nd is the WH opening request ( since i dont use WH password) and im gonna go and try to take these packets, and change it based on these old topics (

)
i will keep posting any results on this project, and if anyone had enough patience to read all this, feel free to swear me and say that i need to learn much more coding before trying to do this kind of thing.

Super Aids · 01/18/2016, 20:29

Do you know programming at all? I would suggest you to look into socket programming if you're not entirely familiar; to be specific TCP.

A simple packet sniffer is pretty easy to make as long as you got the cryptography. Packers have a header of 4 bytes. The first 2 bytes are the size and last 2 bytes are the type. Depending on the size the amount of bytes you receive after that could be anything. Depending on patch you may also need to count 8 bytes off for packet suffixes; these are "TQClient" for packets sent by the client and "TQServer" for packets sent by the server.

Ex.
A packet with a virtual size of 52 will actually be 60 physical. I believe the patches using suffixes only does so on the game server, so for the authentication server the virtual size matches the physical size.

To create a simple proxy all you have to do is create a listener socket that listens to a connection from the client and then forwards packets received from it to the server. Then you need another socket which creates a connection to the server and all packets you want to forward from the client will be send through that, to receive packets the connected socket has to receive and then forward them to the listener socket which sends them to the client.

It's really not rocket science.

clock321 · 01/18/2016, 21:47

thanks for answering that fast, i will try to study a bit about it, im actually looking for ebooks, as you said, creating a proxy wouldnt be that hard, but there are plenty of it right here to download, the problem is to connect to it, idk how it works, but the conquer.exe doesnt look at the server.dat, so switching it to 127.0.0.1 wont make any diference to the log screen, i can packet sniff with wpe pro, and only by it, i couldnt even use cheat engine on it, when i attach to the process, the game closes lmao, i think i have to study much more about programming, but i will do it, and in the process i will try to packet sniff aswel with wpe xD

~~pro4never~~ · 01/18/2016, 22:33

Quote:

Originally Posted by clock321

thanks for answering that fast, i will try to study a bit about it, im actually looking for ebooks, as you said, creating a proxy wouldnt be that hard, but there are plenty of it right here to download, the problem is to connect to it, idk how it works, but the conquer.exe doesnt look at the server.dat, so switching it to 127.0.0.1 wont make any diference to the log screen, i can packet sniff with wpe pro, and only by it, i couldnt even use cheat engine on it, when i attach to the process, the game closes lmao, i think i have to study much more about programming, but i will do it, and in the process i will try to packet sniff aswel with wpe xD

Worry about packet logging a server WITHOUT protection before you try something more advanced.

Step 1: Get access to the incoming/outgoing client data either through a proxy or hooking the send/receive functions

Step 2: If using a proxy, you need to have a working implementation of the encryption being used (not needed if using client hooks)

Step 3: Use public info + common sense to understand what main packet types and subtypes are responsible for (pserver sources are a great reference for that, there's also fang's wiki which has a bunch of info)

Step 4: Make use of that info to write whatever tool you want to do (spoof packing items or attacking or doing w/e it is you want)