Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

GAH I need uber help (some sort of encryption between a client I intercepted.....)


ghost's Avatar
0 0

Hey - I was working on this a while ago, got stressed, and queried my mind for a list of websites that could help… This one obviously hit number one.

Long story - I dont have too much more time tonite… bleh short story: I got my hands on a game server that isn't working too well (it keeps sending out weird messages to make the client think its under mait.). I found out how to get the client to connect to a different IP and port than its default, so I ended up making a two way program interface with the client, then having another program interface with the server – me being the middle man to intercept the data. Well, at first, I just started bombarding the server with weird commands hoping something would work, then I found the command line flag to make it connect on a different port.

ANYWAYS for the point of the thread: its encrypted. and not simply encrypted, like in hex or something like that, but in i dunno what. Hopefully you can help?

Ill do a realtime connection with it two times (each session provides different messages) and post them here. Keep in mind the FIRST message (from the client) is ALWAYS the same - Id assume its a message that is sent to the server to tell it it really is the client, but the rest of the messages are different.

Anything after the brackets on the following lines are what the server sends (even the whitespace on the end I found could screw things up and produce error messages if left off, so pay attention to those). Also, the third message, I found, sends either a binary (hex) value, or the gibberish, but on random…:

SESSION 1: [client starts, then I connect to the server] [I type in login info, then i click login]

[client]¦¬/и0Wf' [server]))*Ó%¨uFÇd [client]0xA9D61CAD6690E9959AF6D562618AE705419CD1206C65354000F155F616DEE4B50DE092EE55E19C39AA9B3A8F152FBE339208461E [the above translates to:]©Ö­fé•šöÕbaŠçAœÑ le5@ [server]hËü ]%`Ìök5^0i×£×9© g#p [at this point, the client has a server window displayed, with a server list, and a channel list - both are empty]

then it stops - I send the client its thing, and it never replies…

at this point, the server and channel lists are empty, but the client isn't frozen or anything…

NOW - I found out there is a command line flag "_test" - Im not sure what this does, but it makes it, if I have the client connect dirctly to the server, have a server, and a channel - this mode is the mode that makes it say the servers are under mait. on the client end. Here is the session WITH the test flag thrown…

SESSION 2

[client]¦¬/и0Wf' [the above is the same as the first time… this time, the second is different] [server]µn’V·ÎòB• [again, the client sends hex…] [client]0x4A3C6E5355B1A93DFC26C9474100E6F955DCE5ECE0A50C0406E0A6927CF2E0F9F2D1158007099154DDFC25A9707F93923F3FD2E8 [which translates to:]J<nSU±©=ü&ÉGA [hmm.. interesting.. the server sent hex as well…] [server]0xEC816C4582C90A45CF63D60067E4100385A88E7130C3BA2C4C [which translates to:]ìlE‚É EÏcÖ [wow.. theres a line break - I didn't do that] [now at this point, the server list has "Server 1" in it - which appeared after I sent the last line of hex] [client]y_ %¹–¶CÏ, [again, line break was there] [server]Ù#¸Á“ááÂú\¾¼Ætï‡ JðK¢ù› [client now has "Channel 1(Not Busy)" in the channels list - I will double click on channel 1 - what Id normally do if I was using a working server] [client] ïŠFcüb‡˜_Á#Ý [server]Lk7£ÊQI ²’W~¬>•Žåž46ÞN7

And thats when the error message pops up that the servers are under mait. Upon clicking OK, the client dies… let me see if it sends anything on termination…

nope..

WELL, now you see my dilema. As Im writing this, Im thinking this might be RC4 encryption, with the second message being the key? Idk, Ill look at it.

In the meantime, I was hoping someone could help me out on this?

Thanks sooo much!

-Intocksify


fashizzlepop's Avatar
Member
0 0

My quick reply- It's under/says it is Maintenance for a REASON! lol


ghost's Avatar
0 0

Protocol used?


ghost's Avatar
0 0

TCP/IP

Client was told to connect to port 666 on my networked computer, but the server connects with 29000.

Not sure if that really helps anything but you never know…