I'm trying to read packets sent by the client, but they don't seem decrypted properly. I also tried injecting dll into flash version, it also doesn't work. The cipher key and packet structures are from decompiled flash version, for rc4 i'm using crypto++ library. Is there something i'm missing?
Code:
_loc1_ = Crypto.getCipher("rc4",MoreStringUtil.hexStringToByteArray("6a39570cc9de4ec71d64821894c79332b197f92ba85ed281a023".substring(0,26)));
_loc2_ = Crypto.getCipher("rc4",MoreStringUtil.hexStringToByteArray("6a39570cc9de4ec71d64821894c79332b197f92ba85ed281a023".substring(26)));
serverConnection.setOutgoingCipher(_loc1_);
serverConnection.setIncomingCipher(_loc2_);
key definition
Code:
constexpr size_t key_length = 13;
constexpr uint8_t client_to_server_key[key_length] {0x6a,0x39,0x57,0x0c,0xc9,0xde,0x4e,0xc7,0x1d,0x64,0x82,0x18,0x94};
packet definitions
Code:
class SlotObjectData
{
private:
int object_id;
uint8_t slot_id;
int object_type;
public:
int GetObjectId() const
{
return _byteswap_ulong(object_id);
}
uint8_t GetSlotId() const
{
return slot_id;
}
int GetObjectType() const
{
return _byteswap_ulong(object_type);
}
};
class InvDrop
{
private:
SlotObjectData slot_object_data;
public:
std::string ToString() const
{
return "object_id=" + std::to_string(slot_object_data.GetObjectId()) +
" slot_id=" + std::to_string(slot_object_data.GetSlotId()) +
" object_type=" + std::to_string(slot_object_data.GetObjectType());
}
};
class PacketHeader
{
private:
uint32_t packet_size;
PacketType packet_type;
public:
PacketType GetPacketType() const
{
return packet_type;
}
uint32_t GetPacketSize() const
{
return _byteswap_ulong(packet_size);
}
};
code inside hooked send packet
Code:
const RotmgExaltSdk::PacketHeader *packet_header = (decltype(packet_header))buf;
if(packet_header->GetPacketType() == RotmgExaltSdk::PacketType::INVDROP)
{
constexpr uint8_t header_size = sizeof(RotmgExaltSdk::PacketHeader);
const uint32_t packet_data_size = packet_header->GetPacketSize() - header_size;
const uint8_t *packet_data = (uint8_t*)(buf + header_size);
arc4.SetKey(client_to_server_key, key_length);
arc4.ProcessData(decrypted_packet_data, packet_data, packet_data_size);
for(uint32_t i = 0; i < packet_data_size; ++i)
{
printf("%d ", decrypted_packet_data[i]);
}
putchar('\n');
RotmgExaltSdk::InvDrop *inv_drop = (decltype(inv_drop))decrypted_packet_data;
std::cout << inv_drop->ToString() << std::endl;
}
packets
Code:
34 219 51 30 252 147 60 170 92
object_id=584790814 slot_id=252 object_type=1543503872
24 142 237 147 180 221 109 30 49
object_id=412020115 slot_id=180 object_type=822083584
177 53 83 199 230 177 204 205 252
object_id=-1321905209 slot_id=230 object_type=-67108864
8 28 163 180 94 211 45 228 183
object_id=136094644 slot_id=94 object_type=-1224736768
230 148 17 152 98 184 9 8 239
object_id=-426503784 slot_id=98 object_type=-285212672