Solved analysis packet

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

brindeds

Newbie
Dank Tier Donator
Jun 22, 2014
2
474
0
So I started to want to make software that would analyze the decrypted packet sent to the server. I found the function, and almost everything right. The problem I'm having is that by the time I give BP the function, it already freezes. As if the game sent package all the time. I need to know where encrypts, and usually I used the chat, but unfortunately in this game does not work.
Does anyone have any idea of how to proceed?




Thanks.

UPDATE:


When I give a bp where the arrow in the picture above this is the information that returns me.
This address "data" constantly change to another address. And the values of "data" in the image address (4F4A0ED0), the values constantly change.

It may be that the address where arriving packets came from two different addresses?

Can anyone tell me if I'm on the way, right? I'm burning the neurons here hehe.
 
Last edited:

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,140
78,998
2,394
The data argument is a pointer to the data from that packet. You will have to hook the function to get the address of the data from each packet.

https://msdn.microsoft.com/en-us/library/windows/desktop/ms740148(v=vs.85).aspx

You said "As if the game sent package all the time" and I just wanted to say: Yes, the game sends packets all the time. So it would definitely trigger the breakpoint immediately

I don't know what your experience level is in reverse engineering but reversing packet encryption is not something done easily. Perhaps they are not encrypted at all, but simply the type of data and how it is assembled inside the packet data buffer are unknown to you.

I would first collect a few hundreds packets and sort them by data length and then try to define the packet header and find a byte that represents the type of packet it is and sort by packet type. Then try to define what function each packet type fulfills. Packet types that you receive the least will probably be some sort of authentication/in game item purchase packet perhaps.

Once you find the byte that represents the packet type you can breakpoint the packet send function with a conditional breakpoint that checks that byte and only breakpoints on certain packet type. Then you can more easily discover what triggers what type of packet if being sent based on the events leading up to the breakpoint being triggered.

Anyways I have never done this before, but that is how I would approach it.


Here are some good videos that talk about packet reversing in games:
https://www.youtube.com/watch?v=Pa41NnpVnTg

https://www.youtube.com/watch?v=McaWzYN_Bts
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods