Guide How to Hack Games Using Packets - Start Here

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

Rake

Cesspool Admin
Administrator
Jan 21, 2014
11,661
78,998
USA
Visit site
2,330
Anticheat
N/A
Tutorial Link
N/A
How long you been coding/hacking?
5 years
Coding Language
C++ masterrace
What is a packet?
Your game client and the server are in constant communication. Each transmission from one to the other is called a packet. Sometimes it's a series of packets which makeup a "stream" of packets, other times it's just 1 packet with an individual purpose. The protocols used by videos games are TCP and UDP. The game will open ports, the Operating System receives the packets and pipes them to the process with the correct port. The client and the server will both have sending and receiving functions for packets. Underlying these game functions will be the normal Windows winsock functions.

This is a GH Guide For Packet Editing Online Games
You will find a brain dump of general information on the topic and then a collection of our best threads, tools, tutorials & links to other important resources.

First of all, if you're a noob: capturing packets, reversing them & sending them is not for you. Only adequate game hackers with minimum 1 year experience should even consider it. Do not make threads about packets if you're an idiot please (yes that means you)

If you want to skip this guide (pro tip: don't) you can jump to these links which represent our greatest resources besides this guide:

Step by Step Guide for Packet Hacking Games
  1. Learn about packets (this thread)
  2. Find packet functions in game client, reverse them
  3. Hook packet functions, log them
  4. Reverse packet structure
  5. Inject a DLL which can call SendPacket()
  6. Send Packets you want to send

Why does a game hacker care about packets?

  • The #1 is so we can SEND PACKETS
  • Working with packets exposes an area of the game logic which may contain the most holes.
  • "sanity check" type logic is often applied to actions the client makes but the same checks are not made on packets.
  • Client side limitations may not be implemented by the server, send some whacky data to the server and the server might accept it when the client would have kicked you.
  • Want to shoot players without being able to see them? Send the shoot packet spoof your coordinates, might work.
  • The client may be authoritative over something that it shouldn't be.
  • The client would never send an "improper" value to the server, but we can using packets.
  • Some features require too much logic and stuff to reverse. Sometimes you can just send a packet and you'll get the same effect. (Don't get any ideas noob, it's not that easy)
  • You can make your own client for mmo bots etc...

What does a packet transaction look like between client and server?

  • Client picks up a health potion -> client runs pickup() function -> health potion count increased by 1
  • pickup() creates a message to send to server -> "client picked up health potion B"
  • the game client turns this message into a packet, the data is "client picked up health potion B"
  • The packet has additional data including, data size, packet id, packet size etc...
  • let's call this function AssemblePacket()
  • the game client then calls SendPacket() which calls the winsock send function
  • the message is now encapsulated in a TCP/UDP packet and sent
  • the server's OS receives the packets, pipes it to the correct process
  • packet is received by the winsock receive function
  • the game server retrieves the "game packet" inside the TCP packet
  • the server calls DissassemblePacket(), getting the message and other necessary data
  • now the "message" is handled by the servers network message handler
  • server side pickup() is executed, removing that pickup from the map and increasing the client's # of potions server side
  • now the server must update the world/map/pickup data to all the clients to tell them that pickup is no longer available
  • that new information is sent to AssemblePacket() on the server and then sent to all the clients via SendPacket() -> Winsock Send()

If you're familiar with the Windows WndProc message queue, you can see some similarity.

Now the key to understanding this is to understand the individual parts to the process and how they're connected:

game::AssemblePacket()
Winsock Layer
Network Layer TCP/UDP
game::DisassemblePacket()

For more serious games you will have another layer of encapsulation: EncryptPacket() and DecryptPacket()

The winsock and network layer are (mostly) not important for game hacking!

We don't care about TPC/UDP and Winsock. The only reason we care about Winsock is because we use references to these winsock functions to find the AssemblePacket() and DisassemblePacket() functions.

Why? Because we only care about what the game cares about. We want to hack the game using the game logic. The data inside the packets is the important part.

What is packet sniffing?

Packet sniffing is the act of being the "man in the middle" and logging the packets as they are sent. The most popular tool for this is WireShark. This is logging them at the network level so you get all the packets but you can limit which packets are logged by filtering by the port that the game uses. You cannot filter by process in WireShark, so anything that uses that port will be logged.

It's discontinued now but you can try the Microsoft Message Analyzer which lets you filter by process.

Sniffing packets has it's value but for game hacking we don't really care, we want to log packets not sniff them.

WPE Pro & WPE Sonic
GuidedHacking has the greatest collection of WPE or "Winsock Packet Editor" tools. But these are very old, only work on x86 and some don't even work on Windows 10.
Using WPE was a viable hacking method many years ago, in simple games. Games are much more complicated now and this tool will not work well at all.

WPE Pro Sonic - Winsock Packet Editor Collection Download

No one uses WPE anymore, it's here for historical reasons :) I don't expect you to actually use it.

Packets in Browser Games
Try Burp Suite
Burp Suite - Application Security Testing Software

Other Packet Tools

ColaSoft Packet Player

It can replay pcap captures, capture the packets, edit them, then reply them with this tool
https://www.colasoft.com/packet_player/

Advanced Packet Editor
Advance Packet Editor - AppSec Labs

WireEdit - probably the nicest tool
WireEdit — A Full Stack WYSIWYG Packet Editor for Pcap.

GateKeeper - Packet Inspector by @mambda
GateKeeper - Packet Inspector (ReClass based)

How to find packet functions?

To log packets we need to find the packet functions. Winsock functions are always used to send and receive data on windows, check the import table and find these functions. Find cross references to these functions. All functions which call these functions should be reversed. The function which gets called the most often, will probably be your main packet function.

You will want to reverse all these functions and go up the call stack, reversing each one as you go. Get a general idea of what's going on and then pinpoint the Assemble & Disassemble packet functions. Reverse them the best you can.

Packet Logging
So sniffing packets on the network layer is too low level. Once you find the functions which assemble & send the functions and on the other side, disassemble and receive them, hook them. Log the arguments which will probably be a char array representing the packet buffer.

Once you have a list of packets, compare and contrast to start understanding their basic structure. You want to separate the packet header from the data. The packet will have header, id & data size.


HTTP Packet Logging & Manipulation
If the game uses HTTP then you should try Fiddler and Burpsuite they are both amazing.


Now the next most important thing you should do is checkout all the resources below, starting with mambd'a maple story tutorial which I highly recommend

GH Resources

Additional Resources:
- Attacking Network Protocols | No Starch Press

Videos
 
Last edited:

Kauv

Just lookin for a lil tenderoni
Fleep Tier Donator
Sep 1, 2019
32
2,062
USA
Visit site
0
Your comment about WPE and the suggestion to keep it higher level than the protocol level probably just saved me countless hours of time in the upcoming year. I've been thinking about picking up dshell and trying that, but your methodology seems to line up with Manfred's. Hopefully I'll remember this once I finally get some time to sit down and tinker. Very nice into. Thank you!
 
  • Like
Reactions: Rake

mambda

headass
Escobar Tier VIP
Trump Tier Donator
Jun 25, 2014
2,279
37,938
Visit site
269
I highly recommend those last 2 defcon videos for seeing just how ludicrous packet hacking can be

become RICH in 2 minutes with this ONE WEIRD TRICK
 
  • Haha
Reactions: Rake

elodia

Newbie
Full Member
Aug 11, 2016
41
323
Visit site
1
after 1 year and months of headaches i made it, ofc thx god for ppl that know ida and gave me addresses cuz thats way over my head xD
 
Last edited:
  • Like
Reactions: Rake and RyccoSN

sieutruc

Newbie
Fleep Tier Donator
Full Member
Dec 1, 2012
7
398
Visit site
0
Someone still has the copy of the tutorial "Log, Reverse & Spoof Star Craft Packets " from @timb3r part 1 & part 2 ?

i tried to find it but without success.

Thanks in advance for the help.
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods League of Legends Accounts