Jump to content

Recommended Posts

Posted

Hello guys, I'd need to get the blowfish key from a private server, is it stored inside l2.exe or engine.dll? and most important, do you have any idea on how to get it from there? thanks in advance.

Posted

depends on which blowfish key but the static ones are in engine.dll

 

you might be better off explaining why you think you need the blowfish key cuz i'm guessing you might actually need something else

  • Thanks 1
Posted (edited)
20 minutes ago, Anarchy said:

depends on which blowfish key but the static ones are in engine.dll

 

you might be better off explaining why you think you need the blowfish key cuz i'm guessing you might actually need something else


I'm just trying to port L2Net code from C# to NodeJS and I found a server in which login protocol does not work as expected in similar servers so I guess blowfish might be different but I'm not really sure that's the only thing I'm going to need. (I'm talking about this server http://l2.comunidadzero.com)

I think this is what I'm missing after analyzing traffic with Wireshark, after encrypting it with the blowfish key I have different results from my code (which works in other servers with the same protocol version, 268) and the l2.exe client

Edited by blackyale
Posted (edited)
On 1/6/2020 at 9:25 PM, AlmostGood said:

majority of antibots adds own custom traffic encryption, so your best solution will be running l2j server locally

 

 

Thanks for your answer. There's no need of using L2J so far, I'm using L2Idle server to test against it with good results (they allow botting so there's no problem with that). I am very curious about the server I mentioned, how can we determine if they are using custom traffic encryption? and next question would be, where is that custom traffic encryption handled, in engine.dll as well?

Edited by blackyale
Posted (edited)

in most cases you will be able to tell what antibot is used by looking for non-L2 files in /system, also size of dsetup.dll (non modified should be ~60kb), unless its something less popular, then no luck as any file can be used.

 

Traffic encryption will be done in same place of engine.dll but antibots will most often hook that function and do own stuff inside theirs dll, so you would need to reverse chunk of (often packed) antibot to find out how encryption works - unpractical, because knowledge required to do so will let you access packets easier, before encryption/after decryption takes place.

 

Network mitm bots are doomed nowadays :D

Edited by AlmostGood
  • Upvote 1
  • Downvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...