Follow us on Twitter!
You cannot teach a man anything; you can only help him find it within himself. - Galileo
Friday, April 18, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 28
Guests Online: 28
Members Online: 0

Registered Members: 82828
Newest Member: uberscon
Latest Articles
View Thread

HellBound Hackers | Computer General | Cryptography

Author

GAH I need uber help (some sort of encryption between a client I intercepted.....)


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-07-08 05:00
Hey - I was working on this a while ago, got stressed, and queried my mind for a list of websites that could help... This one obviously hit number one.


Long story - I dont have too much more time tonite... bleh
short story: I got my hands on a game server that isn't working too well (it keeps sending out weird messages to make the client think its under mait.). I found out how to get the client to connect to a different IP and port than its default, so I ended up making a two way program interface with the client, then having another program interface with the server -- me being the middle man to intercept the data. Well, at first, I just started bombarding the server with weird commands hoping something would work, then I found the command line flag to make it connect on a different port.

ANYWAYS for the point of the thread: its encrypted. and not simply encrypted, like in hex or something like that, but in i dunno what. Hopefully you can help?

Ill do a realtime connection with it two times (each session provides different messages) and post them here. Keep in mind the FIRST message (from the client) is ALWAYS the same - Id assume its a message that is sent to the server to tell it it really is the client, but the rest of the messages are different.

Anything after the brackets on the following lines are what the server sends (even the whitespace on the end I found could screw things up and produce error messages if left off, so pay attention to those). Also, the third message, I found, sends either a binary (hex) value, or the gibberish, but on random...:

SESSION 1:
[client starts, then I connect to the server]
[I type in login info, then i click login]

[client]/и0Wf'
[server]))*%uFd
[client]0xA9D61CAD6690E9959AF6D562618AE705419CD1206C65354000F155F616DEE4B50DE092EE55E19C39AA9B3A8F152FBE339208461E
[the above translates to:]f镚baA le5@
[server]h ]%`k5^0i9 g#p
[at this point, the client has a server window displayed, with a server list, and a channel list - both are empty]

then it stops - I send the client its thing, and it never replies...

at this point, the server and channel lists are empty, but the client isn't frozen or anything...

NOW - I found out there is a command line flag "_test" - Im not sure what this does, but it makes it, if I have the client connect dirctly to the server, have a server, and a channel - this mode is the mode that makes it say the servers are under mait. on the client end. Here is the session WITH the test flag thrown...

SESSION 2

[client]/и0Wf'
[the above is the same as the first time... this time, the second is different]
[server]nVB
[again, the client sends hex...]
[client]0x4A3C6E5355B1A93DFC26C9474100E6F955DCE5ECE0A50C0406E0A6927CF2E0F9F2D1158007099154DDFC25A9707F93923F3FD2E8
[which translates to:]J<nSU=&GA
[hmm.. interesting.. the server sent hex as well...]
[server]0xEC816C4582C90A45CF63D60067E4100385A88E7130C3BA2C4C
[which translates to:]lE
Ec
[wow.. theres a line break - I didn't do that]
[now at this point, the server list has "Server 1" in it - which appeared after I sent the last line of hex]
[client]y_
%C,
[again, line break was there]
[server]#\Ɛt JK
[client now has "Channel 1(Not Busy)" in the channels list - I will double click on channel 1 - what Id normally do if I was using a working server]
[client] Fcb_#
[server]Lk7QI W~>46N7

And thats when the error message pops up that the servers are under mait. Upon clicking OK, the client dies... let me see if it sends anything on termination...

nope..

WELL, now you see my dilema. As Im writing this, Im thinking this might be RC4 encryption, with the second message being the key? Idk, Ill look at it.

In the meantime, I was hoping someone could help me out on this?

Thanks sooo much!

-Intocksify


Author

RE: GAH I need uber help (some sort of encryption between a client I intercepted.....)

fashizzlepop
Member



Posts: 482
Location: Old folks home.
Joined: 08.04.08
Rank:
Moderate
Posted on 07-07-08 06:36
My quick reply- It's under/says it is Maintenance for a REASON! lol


"The definition of insanity is doing the same thing over and over again and expecting different results.
~Albert Einstein~


csullivan.codeinspire.net/images/boomsig2.png
fashizzlepop@gmail.com http://csullivan.codeinspire.net/
Author

RE: GAH I need uber help (some sort of encryption between a client I intercepted.....)


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-07-08 06:37
Protocol used?


Author

RE: GAH I need uber help (some sort of encryption between a client I intercepted.....)


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-07-08 20:21
TCP/IP

Client was told to connect to port 666 on my networked computer, but the server connects with 29000.

Not sure if that really helps anything but you never know...