Jump to content

Recommended Posts

Posted

Hi all,

 

We all know that wow packets are getting encrypted, some partially some in total. In the past we could mess around by filtering some packets and modifieng certain slots.

What if we could really get to the packets before they get encrypted? It would offer alot more fields to test wouldn't it?

 

Well, ollyDBG is a program that reads the assembler of ur comp. I have small experience with this program and I am looking for some1 to find out more about it.

I don't know for sure where i should place breakpoints, at what specific adresses.

I know the lines must look like : PUSH EAX and CALL wow.xxxxx but I find many of these.

 

How can i know where to place a Breakpoint? Do i have to test all of those lines?

 

Greetings ;)

  • 2 weeks later...
Posted

packet is other and asm is other thing

the assembly code its not the same with packets

example mov eax,1 <---- this is sys_exit

              mov ebx,0 <---- 0 error mesage

              int    80h    <---- kernel call

this is sys_exit

or system exit command

the shellcode of this is:

\xb8\x01\xbb\xcd\x80

or more clear

0xb8 0x01 0xbb 0xcd 0x80

and in packet is:

0x00000000: 6d 6f 76 09 65 61 78 2c - 31 0a 6d 6f 76 09 65 62  movIeax,1JmovIeb

0x00000010: 78 2c 30 0a 69 6e 74 09 - 38 30 68 0a                    x,0JintI80hJ

anyway the server encrypt the packets not the client

you know server side shits...if u want t dcrypt u must find the encryption way and make ur decryptor

lets say 1 2 3 i wanna encrypt this using 1 + 1, 2 + 1, 3 +1 so 123 is now 2 , 3, 4 this is encrypted to decrypt it u must make something to do 2 - 1, 3 - 1, 4 - 1

good luck

 

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...