Need some help here >.> Packet decryption
Hey HBH, been a while since I've been here, but I'm in a tight spot haha.
So I'm trying to create a private server for a game, and the login system itself is encrypted. I'm using wireshark for the sniffing, and excel to put the packets side by side.
I've found a LOT of trends within the packets, and I've even discovered I could ask for the server to verify a username and password that are both 0 bytes (just leaving the fields blank).
However, figuring out how to decrypt the bytes that seem random is what is killing me. I'll upload the excel spreadsheet for you to look at. If you want me to send any username/password combination through and post the bytes here just tell me what to run through and I'll get right back to you.
The file I'm working with is an excel spreadsheet for the 2010 beta, but google docs should open it up just fine. I explain the format of the document at the very top.
I know this is a lot of information all at once, but if someone could just point me in the right direction as far as how i could go about testing new packets that would be awesome. :)
http://www.megaupload.com/?d=ZY8P248X
If you have any question s please let me know – it's 2:30am here and I know most of this prolly doesn't make much sense haha.
Thanks
-Intocksify
The packets are in binary format. What needs to happen is they need to be decrypted into a readable format (obviously). Wireshark has various packet decryptors that can do this, however they don't cover a very wide variety of games. In fact, I think the only think that's covered is the quake protocol. I've ran across this problem before while trying to do something similar with a game, also. You're going to have to reverse engineer the protocol and create a wireshark plugin for it, which from what I've read can be a difficult process. You could try some google searches for it and see if anyone has already made one, but I don't think you'll find much.
Also, never use excel or megaupload. I could have dealt with megaupload, but if your going to use excel I'm not even going to bother downloading the file. A raw pcap file would have been much better.
stealth- wrote: The packets are in binary format. What needs to happen is they need to be decrypted into a readable format (obviously). Wireshark has various packet decryptors that can do this, however they don't cover a very wide variety of games. In fact, I think the only think that's covered is the quake protocol. I've ran across this problem before while trying to do something similar with a game, also. You're going to have to reverse engineer the protocol and create a wireshark plugin for it, which from what I've read can be a difficult process. You could try some google searches for it and see if anyone has already made one, but I don't think you'll find much.
Also, never use excel or megaupload. I could have dealt with megaupload, but if your going to use excel I'm not even going to bother downloading the file. A raw pcap file would have been much better.
I'll play around with Wireshark's decryptors, see if any of them strike gold. Knowing the company, thought, they probably have their own encryption method.
Also, the excel spreadsheet has a lot of different data segments of the packets in it, so a pcap would not suffice as it shows only one packet.
Any other format I could put it in?
I'm not sure what you mean by that. Pcap can be used to save the entire captured stream. For example: ettercap can save pcap files that can later be opened in wireshark and it would look exactly as if it was just captured (That's the method I use for sniffing, actually).
Unless I'm missing what you mean, pcap files should work perfect.
Ah, I downloaded the file, and I see what you mean, although it's pretty much unreadable in both OpenOffice and google docs (I'd be a open format nazi, but it's a little pointless at this point).
Either way, though, it pretty much boils down to making you own decryptor. I'm not familiar with the process, unfortunately, so I think you'll have to rely on google past here if you are hoping to find out how it's transferring. Unless of course you can find one that already works.
Good luck with you search.