So I have been working on coding my own Proxy in VB.Net because I am sitting at home bored, and I have made quite a bit of progress. I found a good package called WinPcap (Used by Wireshark) that comes with .dll's that are easily utilized.
Full VB.Net Wrapper for the Package is called PcapdotNet
1. I connected to my primary network adapter
2. I setup a Packet listener to capture all of the traffic on Port 2050 on that adapter
3. I setup a temporary dump to write the bytes for each packet to
4. I have them filtered between client and server packets
Now I can see all of the packets being sent to and from realm, but they are total gibberish. wtf do I do now lol? I know I have to Decrypt the packets and filter them to determine which packet is which, but I am a little bit confused by the keys.
I went ahead and wrote an RC4 Function that can handle the conversions back and forth, but I am a little bit confused by the keys in the parameters class.
Looking at the RealmRelay source it looks like there are two seperate keys:
Parameters.Class.asasm
Code:
trait const QName(PackageNamespace("", "#0"), "RANDOM1") slotid 34 type QName(PackageNamespace("", "#0"), "String") value Utf8("311f80691451c71b09a13a2a6e") end
trait const QName(PackageNamespace("", "#0"), "RANDOM2") slotid 35 type QName(PackageNamespace("", "#0"), "String") value Utf8("72c5583cafb6818995cbd74b80") end
Or even a third "Public Key" That is massive
Code:
findproperty QName(PackageNamespace("", "#0"), "_-1fg")
pushstring "-----BEGIN PUBLIC KEY-----\n"
pushstring "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCKFctVrhfF3m2Kes0FBL/JFeO"
add
pushstring "cmNg9eJz8k/hQy1kadD+XFUpluRqa//Uxp2s9W2qE0EoUCu59ugcf/p7lGuL99Uo"
add
pushstring "SGmQEynkBvZct+/M40L0E0rZ4BVgzLOJmIbXMp0J4PnPcb6VLZvxazGcmSfjauC7"
add
pushstring "F3yWYqUbZd/HCBtawwIDAQAB\n"
add
pushstring "-----END PUBLIC KEY-----"
add
initproperty QName(PackageNamespace("", "#0"), "_-1fg")