League of Legends Data with -p true is Encrypted?

[rlaphoenix]

It looks like a bunch of spam

@vH3Gg=20.r
!r=w^7Tdo^
"(-RJFh*hzf9_3sNsUS_Xy) B&lcz+EYwNlhIto~q#R.kd`rTM_-^e5w3GZ-t S9'6cN^N-!r*8DN0RqU)
;kACu
)Y\,:q{W<5IW:"=oS[tJ#:fU(Ykgbgw!{j%\u|pqeXMd.S[~6DveSU{6Q2pDR)!z]>%KcCn0X|\FO.Ql,
w"1>wa6
`1mwJ
1pM]f/|M+n)`A+vIoorpRA*=zx%8WtI(YC
))l4DU1GV=t;#58V]zZjs#Po*XNZE+1:[@^."M7/3D37cjvm7J$,KTm{TVy
;[M}3Xgtsy9(L*}mQr5b/;'TJ&tRPC=
+S7v5NS0
zRXXST 9%;[`o&MV?[Dur}x9%{
'/)MkHb`b/Kbk@gLhf"T
@c4N10-FRAH*9`aCb

This saved to _WSASend.txt if it matters. is there a way to decrypt this?

[NytroRST]

Probably the data is encrypted. It might use a custom library for encryption, I have to check, but this will not happen too soon, sorry.

[rlaphoenix]

Is there a way to find the function it checks if the certificate is valid and instead just override it and return true always? Which would allow me to sniff using Fiddler with a DO_NOT_TRUST Cert

[NytroRST]

I am not sure about a fully implemented project, maybe Interceptor by Casey Smith. It depends how each application is validating the certificate. Most of the time, the application does not use "SSL Pinning" and it is enough to just install your own root CA.

[rlaphoenix]

The Interceptor you mentioned seems to essentially be fiddler. Just I dont have a way to force a CA cert on LoL.

[NytroRST]

The Root CA (for any intercepting tool) has to be installed in the operating system Root CA Store. This way, the application (LoL) will probably use it and consider the certificate valid.

[rlaphoenix]

The Certificate Fiddler provides is a .cer file. This can be used correct?

[NytroRST]

This should be: https://docs.telerik.com/platform/knowledge-base/how-to/how-to-trust-fiddler-root-certificate

[rlaphoenix]

Doesnt seem to work.