OpenKore / openkore

A free/open source client and automation tool for Ragnarok Online
http://openkore.com
Other
1.29k stars 1.04k forks source link

tRO Mega Thread - All tRO issues here only #221

Closed aecuto closed 7 years ago

aecuto commented 8 years ago

how can i fix this problem??

today my server has update new EAC, my openkore can login to map server but after 1-3 second my openkore has disconnect from map server, please help me or notice me about this problem.

ps. i'm newbie for programmer :D ps2. i'm from Free bot page....

tharnnatee commented 8 years ago

Its not EAC. Its a new protection, I think they called HMAC, if this help.

as70873463 commented 8 years ago

Its have headers 2 byte before actor code !!

patjung555 commented 8 years ago

i got this problem to someone can help ?

unknown-item commented 8 years ago

quick hack in Send.pm,

use Digest::HMAC_MD5 qw(hmac_md5);

then add:

    $self->encryptMessageID(\$msg);

    ####### begin sample handling of hmac packets
    if ($messageID eq $self->{packet_lut}{map_login}) {
        $self->{hmac_enc} = 1;
        $self->{seq} = 0;
        $self->{flag} = 1;
    } elsif ($self->{net}->getState() != Network::IN_GAME) {
        $self->{hmac_enc} = 0;
        $self->{seq} = 0;
    } elsif($self->{hmac_enc}) {
        $msg .= pack('V', $self->{flag}) . pack('V', $self->{seq}++);
        $msg .= hmac_md5($msg, pack('H*', 'EDB9D10AB84C9A2E05E38997C2F64A29'));
        $msg = pack('v', length($msg) + 2) . $msg;
    }
    ####### end sample handling of hmac packets

    $net->serverSend($msg);

if you use any xkore mode, you can simply trim packets from client (excluding map_login) like this: substr($msg, 2, length($msg) - 2 - 24) then modify as above before sending to server.

TanasanJJ7 commented 8 years ago

@unknown-item

Delete Pls. It's not's true. OK!

porpao commented 8 years ago

Anyone can help ?

zuroba commented 8 years ago

@unknown-item

do you think it's work ?

unknown-item commented 8 years ago

Why don't you capture packets and compare them yourself? My code can produce correct HMAC-ed packets. Packet 0A7B -> 0A7C is not new and it is not changed, just use your existing solution. If your solution is xkore or posideon, you still need to modify them according to my above post to make your bot work.

ghost commented 8 years ago

@unknown-item it's doesn't work bro , I've tried to put your code in send.pm then my xkore can't even run

zuroba commented 8 years ago

@unknown-item i see new head packet and follow old packet about walk take attack

unknown-item commented 8 years ago

@tarkungZ first, you will need that perl package, Digest::HMAC_MD5, then, you need to fix xkore yourself. I provide solution to HMAC, not solution to everything. Maybe you need some openkore devs to do that.

unknown-item commented 8 years ago

@zuroba new packet format, after hmac is: length(2 bytes) + original packet(whole old format packet) + flag(always 1, 4 bytes) + sequence(increase by one starting from 0, 4 bytes) + hmac(16 bytes). my code generate new format packets from old ones. for xkore, you need to extract the original packet from client to server and recalculate other things(because sequence is changed, which is also included in hmac calculation).

unknown-item commented 8 years ago

Digest.zip this is the Digest::HMAC_MD5 package, put it into your bot folder first.

zuroba commented 8 years ago

@unknown-item that you code about last 16bytes calculate from hmac

unknown-item commented 8 years ago

@zuroba last 16 bytes is from hmac_md5(original packet + flag + seq), key is EDB9D10AB84C9A2E05E38997C2F64A29

zuroba commented 8 years ago

@unknown-item it default for all packet

unknown-item commented 8 years ago

@zuroba not for the first map_login packet(not changed), but all packets after that is the same using this new format, sequence will increase for each packet being sent. If you move to another map server, you need to reset sequence to 0 and send the old format map_login again.

zuroba commented 8 years ago

@unknown-item what now you can use all atk take sit not disconnect

unknown-item commented 8 years ago

@zapperlp see my post above. @zuroba if you are sending correct packets, why disconnect? If you run standalone, without A7B handling, you can bot for a little while before kicked by server. If you fix the xkore/posideon part with new packet format handling(from client to bot, not only bot to server), you should be able to bot without problem.

udomsaph commented 8 years ago

it's work for me now many thanks. Hail Hydra.

zapperlp commented 8 years ago

@udomsaph Can you share this solution?

patjung555 commented 8 years ago

is not work for me D:

scream1ng commented 8 years ago

@unknown-item Should I make a new sub or just edit some exiting sub?

porpao commented 8 years ago

@udomsaph Can you help us?

badzob commented 8 years ago

@unknown-item Thank you for your guide. Very hard working on it.

udomsaph commented 8 years ago

sure, just copy and paste very simple,do the way the master instructed you. and you will be able to run it again.

zuroba commented 8 years ago

@unknown-item $msg .= hmac_md5($msg, pack('H*', 'EDB9D10AB84C9A2E05E38997C2F64A29')); <-- your hardcode packet ?

scream1ng commented 8 years ago

@zuroba It's a key that what he said.

windhamwong commented 8 years ago

I would like to ack on this issue. I currently have the tools for extracting sync patterns, shuffled packets and recvpackets but I need help on the login_server pattern. The extraction of encryption key pattern is on my TODO list, however we, twRO, have issues on disconnecting and I have to fix it first.

If you have any info about the login part, please put it in this issue thread. Please provide screenshot as well because images explain things easier and better.

For HMAC_MD5 thing, is that only limited to map_login only?

danmadoon commented 8 years ago

I cant follow this step. pls teach me step by step. Now my kore already error hahaha

AsakuraTK commented 8 years ago

xkore 0 worked but xkore 3 not work for me.

viperball commented 8 years ago

@windhamwong yes, it just happen when we arrived to the map.

cydiath commented 8 years ago

Disconec from map server? 5 sec

dogsmile commented 8 years ago

@unknown-item can u teach us step by step ? i dont know what i can do. pls help and thank

unknown-item commented 8 years ago

I believe someone has already followed my post to make proper changes and bot is working.

@windhamwong This post has nothing relating to stuff from twRO. HMAC packet is from EAC, I don't think this new packet format appeared anywhere else and it is applied to every map server packet except the map_login.

login part is fairly simple: '0A76' => ['master_login', 'V Z40 a32 C', [qw(version username password_rijndael master_version)]], Rijndael keys are:

my $key = pack('C32', (0x06, 0xA9, 0x21, 0x40, 0x36, 0xB8, 0xA1, 0x5B, 0x51, 0x2E, 0x03, 0xD5, 0x34, 0x12, 0x00, 0x06, 0x06, 0xA9, 0x21, 0x40, 0x36, 0xB8, 0xA1, 0x5B, 0x51, 0x2E, 0x03, 0xD5, 0x34, 0x12, 0x00, 0x06));
my $chain = pack('C32', (0x3D, 0xAF, 0xBA, 0x42, 0x9D, 0x9E, 0xB4, 0x30, 0xB4, 0x22, 0xDA, 0x80, 0x2C, 0x9F, 0xAC, 0x41, 0x3D, 0xAF, 0xBA, 0x42, 0x9D, 0x9E, 0xB4, 0x30, 0xB4, 0x22, 0xDA, 0x80, 0x2C, 0x9F, 0xAC, 0x41));

It uses 32 as block size.

scream1ng commented 8 years ago

@windhamwong

I'm not sure what you mean by login part.

This is server.txt that we use.

[Thailand - tRO Main server (EXE)] ip 103.55.55.12 port 6900 master_version 7 version 24 serverType tRO secureLogin 0 secureLogin_type 0 secureLogin_account 0 secureLogin_requestCode pauseCharServer 1 patchserver wpatch.ragnarok.in.th patchpath /patch70 serverEncoding Thai addTableFolders tRO charBlockSize 144 gameguard 1

Most of tRO modification could find in https://github.com/DunstleOS/openkore/tree/DunstleOS-patch-9/src/Network.

Personally, HMAC_MD5 happen only in map_login.

If you have another requirement please let me know.

udomsaph commented 8 years ago

untitled for x0 already worked for me, but for x3 i haven't test.

scream1ng commented 8 years ago

@unknown-item Very rare person in tRO use posideon to generate 0A7B

dekaze commented 8 years ago

@unknown-item I received 0A7B from wireshark after that hard code in OPK.

lungkeemao commented 8 years ago

Anyone can help with X3?, please.

as70873463 commented 8 years ago

@unknown-item it works for me x0 ^^

udomsaph commented 8 years ago

@unknown-item i don't understand you asked me, i use only raw straight code from wireshark and add to config that linked to send.pm, that i know. im not concern about posideon.

dekaze commented 8 years ago

@as70873463 Kindly expand step by step please.

firstsozaa commented 8 years ago

Global symbol "$messageID" requires explicit package name at src/Network/Send.pm line 242. Global symbol "$net" requires explicit package name at src/Network/Send.pm line 256. Compilation failed in require at src/Misc.pm line 42. BEGIN failed--compilation aborted at src/Misc.pm line 42. Compilation failed in require at openkore.pl line 59. BEGIN failed--compilation aborted at openkore.pl line 59.

Press ENTER to exit.

mine said this what should i do sir

unknown-item commented 8 years ago

@udomsaph @dekaze @scream1ng Thank you for explaination. I was under the impression that these packets cannot be replayed (experience from nProtect). Now I know why EAC have that E in its name.

@dekaze I think https://github.com/DunstleOS/openkore/tree/DunstleOS-patch-9/src/Network this branch is starting to commit code about HMAC.

cydiath commented 8 years ago

@as70873463 Kindly expand step by step please.

Erorr From star.exe Code.

Global symbol "$messageID" requires explicit package name at src/Network/Send.pm line 242. Global symbol "$net" requires explicit package name at src/Network/Send.pm line 256. Compilation failed in require at src/Misc.pm line 42. BEGIN failed--compilation aborted at src/Misc.pm line 42. Compilation failed in require at openkore.pl line 59. BEGIN failed--compilation aborted at openkore.pl line 59.

Press ENTER to exit.

unknown-item commented 8 years ago

@cydiath @firstsozaa you should add it to sendToServer function only, not anywhere else.

danmadoon commented 8 years ago

anyone try X3?

zuroba commented 8 years ago

@unknown-item i think my dc about recvpacket not true

unknown-item commented 8 years ago

@zuroba I don't think real packet length are changed since last update, don't add extra size from HMAC into recvpackets.

for x3 to work, you need to strip packets sent by client first(undo HMAC), then do the rest like x0.