Bake Ice...

[ADAL13]

What does the bake ice protection?

Well people say that it's  a loader/launcher but frienzl2 in the launcher don't say anything about bakeice but when i proxifilter the connection ALL the packets are encrypted (init too) i read this

 

Interlude changed the way tokens work completely.

 

There are now two tokens used in connection.

 

There's a static one, default 6B60CB5B82CE90B1CC2B6C556C6C6C6C

The static key is used to encrypt the init packet from server(the very first packet)

 

All subsequent packets are encrypted using a dynamic key the init packet contained(I believe it's the last field)

 

i proxifilter the connection using Proxifier and WPC sauron with this script:

 

begin

gSys.tLA2BFToken:=Hstr('6B 60 CB 5B 82 CE 90 B1 CC 2B 6C 55 6C 6C 6C 6C 00');

end.

 

to see the init packet and nothing encrypted...

any idea or knowledge?

[sltbnjr]

sauron's WP does not support interlude login and game server protocols as far as I know.

[jackee]

it doesnt

[ADAL13]

as far i know interlude use RSA and sauron supports RSA no?

if not what packet capture editor should i use?

[mpj123]

phx

[Boter+]

Saurons WP suports Interlude and RSA. In the last version:

A quote from the user guide:

gSys.tPDecode : int;  - тип де/кодировки пакетов (PDecode),

'-1' стоит автоопределение, но еще не определен.

'0' - нет де/кодировки, выключено,

'2' - LA2, LS: BF;

'2' - LA2, GS: GSDecode/GSDecodej/GSDecodeI (см. gSys.tKeyType)

'2' - RFO: ...

'3'..'14' - резерв.

 

gSys.tKeyType : int; - тип ключа для де/кодировки (зависит от PDecode и типа трафика)

(при включенной системе Auto Detect устанавливается автоматически)

значениния tKeyType:

LA2:

1 - GS: GSDecodeJ (C4/C5 ключ 8 байт, инкрементация половины ключа , L2J сервера)

2 - GS: GSDecode (C4/C5 ключ 8 байт, инкрементация всего ключа , official сервер LA2)

3 - GS: GSDecodeI (Interlude ключ 16 байт, инкрементация второй половины)

1 - LS: BF decode

2 - LS: BF decode, RSA present

 

 

[ADAL13]

dark soy camiseta^^

[Boter+]

I know it was you, I was just informing the people in these forums :P

[ADAL13]

I know it was you, I was just informing the people in these forums :P

Okey then xD

any new you know, pm me^^

but a question then the token changes for every connection (init packet) or the server puts a static token that is forever?

ah and in this

gSys.tKeyType: int-type key for de / encoding (depends on the type of traffic and PDecode)

with that u can make a script to decode the packages like in C4???

Thanks

[sltbnjr]

A static key is used for the first packet then a dynamic key is used for the rest of the loginserver connection.

[ADAL13]

ok but u say that is the lasted 16 bytes and i don't think that in this init packet the last 16 bytes will be the token:

here's the packet:

[1]            S>c            0ms.            20:25:25

-------------------------------------------------------------------------------

TType: LA2    Server: LS1    ParseType: 2 (auto)    EnCode: T2 K2 (auto)

------- 0  1  2  3  4  5  6  7 -  8  9  A  B  C  D  E  F    -------------------

000000 AB 00 00 35 2D D1 41 5A | 78 00 00 8A 61 1B 8A 5D    «..5-ÑAZx..Ša.Š]

000010 E4 A2 2E 87 46 FA 41 F8 | 45 4E 96 A2 BB 35 23 82    ä¢.‡FúAøEN–¢»5#‚

000020 60 C2 1C 89 77 75 5F 6E | CA 89 CA EF 2F BE 46 7F    `Â.‰wu_nʉÊï/¾F

000030 2B 01 84 2C 99 11 94 EF | EB 48 ED B3 48 B3 4C 42    +.„,™.”ïëHí³H³LB

000040 8F D2 48 AC 3B DA 13 36 | 40 18 41 B6 55 97 1D DA    ÒH¬;Ú.6@.A¶U—.Ú

000050 2F 5D E3 7F 39 B1 DA 13 | 80 6C F1 37 1B 22 41 31    /]ã9±Ú.€lñ7."A1

000060 67 06 B4 0B 89 63 C3 A2 | 9A 6B 25 92 59 57 59 9D    g.´.‰câšk%’YWY

000070 49 61 C3 AA C0 F0 59 39 | 0C 1B AA F6 73 83 8B F8    IaêÀðY9..ªösƒ‹ø

000080 5A F6 B5 D9 36 6B 52 BB | 92 78 32 00 00 00 00 00    ZöµÙ6kR»’x2.....

000090 00 00 00 00 00 00 00 00 | 00 00 00 30 30 30 30 30    ...........00000

0000A0 30 30 30 30 30 30 30 30 | 30 30 30                    00000000000

-------------------------------------------------------------------------------

LA2:      "Init"                            size: 171    prot: 30810  $785A

Addr:  Size:    Type:        Description:    Value:

0000    2  word          psize            171        | $00AB                           

0002    1  byte          ID                0          | $00                             

0003    4  integer      LoginSessionID    1104227637 | $41D12D35                       

0007    4  integer      LoginProtocolRev  30810      | $0000785A                       

000B  128  array[const]  RSApubKey        (Ša.Š]ä¢.‡FúAøEN–¢»5#‚`Â.‰wu_nʉÊï/¾F

008B    16  -            null              (................)               

[ADAL13]

anyone knows?

[dmitry501]

This is NOT INTERLUDE login server.

It's C4 with RSA and 785a protocolversion.

Sauron says "pseudointerlude" :)

 

Use la2i-d01.fsc

[ADAL13]

ok thanks i wll try

EDIT:

I can't find that script in wpsc folder can u upload it for me?

(i'm using the last version of sauron)

[ADAL13]

anyone?