Greetings.. I was working on a bot that would read things like guild chat and other things by watching the packet stream. I noticed that most things from the server are sent in an unencrypted format (ie. guild chat or regular chat). Client data sent to the server is however in an encrypted state.
To obtain a guild list your client sends a small packet that I assume is something like "GUILD" or simular to the server. This data changes every time though. The first part of this is the request followed by a confirmation and then the server sends its information followed by a client confirmation.
(!empty($user->lang['CODE'])) ? $user->lang['CODE'] : ucwords(strtolower(str_replace('_', ' ', 'CODE'))):
Ether: mac -> mac
IP 192.168.0.2 -> wow.server.ip
TCP ack push 40851 -> 3724
TCP Option: No Operation
TCP Option: No Operation
TCP Option: Timestamp
7c29 b580 ccdf |)....
Ether: mac -> mac
IP wow.server.ip -> 192.168.0.2
TCP ack 3724 -> 40851
TCP Option: No Operation
TCP Option: No Operation
TCP Option: Timestamp
Ether: mac -> mac
IP wow.server.ip -> 192.168.0.2
TCP ack push 3724 -> 40851
TCP Option: No Operation
TCP Option: No Operation
TCP Option: Timestamp
61f5 881f 1700 0000 5465 616d 2053 7065 a.......Team Spe
616b 2053 6572 7665 7220 4164 6472 6573 ak Server Addres
733a 2037 302e 3836 2e33 302e 3136 343a s:
That's what the transaction looks like. My main question is has anyone figured out the encryption process by watching memory. Is it key or timestamp based?
If possible could someone grab me the assembly used to process outgoing packets that need to be encrypted? Would it be easier to hook the chat window, and if so does anyone have some offsets?
I'd need the chat window offset and the guild roster listing offset.
WoW Packet structure : World of Warcraft General Discussions
RSS Feed
Sitemap
