Closed whitesmith82 closed 7 years ago
i hope someone will debug the ragexe server send 00DD packet after 01DB
ex: DD 0D 14 37 AD 32 B6 02 A6 34 E7 64 C0 41 B7 79 6A 49 77 98
this 0DDD packet change every 01DB sent
but if i used wpe , i didn't receive 0DDD instead, i received 01DC
and i always get password error 006A , may be related?
may be some one will upload the ragexe, have limited network here
here is the ragexe
DD 0D 14 37 AD 32 B6 02 A6 34 E7 64 C0 41 B7 79 6A 49 77 98
0DDD
is secure_login reply, 3741
should be the length and the rest is secure code, CMIIW, it'll be salt for secure login by 01DD
But somehow, I recheck the password md5 with salt given by openkore and try other md5 generator, the value are not match.
even I sniffed the Ragexe login using Wireshark and try to match the value manually, it' doesn't match.
and i always get password error 006A , may be related?
because the password sent by OpenKore doesn't match.
Well, in today's patch, there's cclient.dll on idRO, I presume it's binary for password encryption (doesn't simply MD5 + Salt) Who knows, maybe I wrong. :D
Remember, Lyto promised to add 'dual protection system', if the cclient.dll for encryption on client side and they has the dencryptor for it, it makes sense.
I'll try put my gist link for people review. :P https://gist.github.com/cydh/23a0f23b7c02f8c2062b51859f551d5d
i was apply your patch, but still not success. this that report
Loading tables/msgstringtable.txt...
Generating session Admin Password...
Checking for new portals... none found
Connecting to Account Server...
Connecting (202.43.167.67:6900)... connected
Secure Login...
code: 44 EE 5B D7 DE ED 42 7A E8 C5 04 BF 52 CB B5 1B .|
secureLoginKey: a³L¢w¿RSh .|
secureLoginKey hex: 1C 96 61 B3 82 4C A2 19 77 1A 99 BF 52 53 94 68 .|
Sending encoded password...
password: ******** => ********* .|
type: 1 .|
salt: a³L¢w¿RSh .|
salt hex: 1C 96 61 B3 82 4C A2 19 77 1A 99 BF 52 53 94 68 .|
Disconnecting (202.43.167.67:6900)...disconnected
Password Error for account [*********]
------------ Query ------------
Enter your Ragnarok Online password again.
-------------------------------
Enter your answer:
@ragnarok-id Just FYI, you posted the hexadecimal data of your plaintext password. Anyone can convert the hex back into ASCII.
I've updated your post to remove the password, but you probably should change your password anyway... :)
Yea well the password still in emails :) On Wed, Apr 20, 2016 at 21:40 Rachel Fish notifications@github.com wrote:
@ragnarok-id https://github.com/ragnarok-id Just FYI, you posted the hexadecimal data of your plaintext password. Anyone can convert the hex back into ASCII.
I've updated your post to remove the password, but you probably should change your password anyway... :)
— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub https://github.com/OpenKore/openkore/issues/77#issuecomment-212574194
@ragnarok-id Chang eyour password. xD or maybe I'm the one who wrong here? previously,
'01DC' => ['secure_login_key', 'x2 a*', [qw(secure_key)]],
the recvpackets.txt said it's 01DC -1 ...
I tried copy the 0DDD
for same values, I didn't get the key. That's why I changed the 0DDD
to v a*
.
the clientinfo.xml says
<passwordencrypt></passwordencrypt>
md5_pass_withsalt key + pass
or pass + key
?
Thx for reminding me, /swt2 One player has successfully entering idRO with bot, he serve free warp for other player @ Payon.
@ragnarok-id
One player has successfully entering idRO with bot, he serve free warp for other player @ Payon.
Nope, the "Payon Bawel" group, right? right after maintenance (about 5 minutes) BOT still can login normally (I and some people experienced this), but when we logged out, we can't login back. Like the idRO staff "Shit! I forget to turn this on!!" You can found some 'leftover' bots actually.
Well, (maybe) I found something interesting. Maybe idRO edit the 01DD
notation. When the Z24
for username, maybe altered to less than it.
have something to do with cclient.dll??
Here's the comparison
idRO Client
00000000 04 02 44 ee 5b d7 de ed 42 7a e8 c5 04 bf 52 cb ..D.[... Bz....R.
00000010 b5 1b db 01 ....
00000000 dd 0d 14 37 9f 7d c9 48 09 b6 01 14 0d c1 e2 b7 ...7.}.H ........
00000010 e5 f4 a6 9b ....
00000014 dd 01 02 00 00 00 74 65 6e 31 30 74 65 6e 31 30 ......te n10ten10
00000024 00 7b 78 7a 0e 75 7e 7a 2b 2a 85 85 85 85 7a 3a .{xz.u~z +*....z:
00000034 c5 b4 71 82 e6 19 4f 78 0b 78 77 f0 18 99 0c ..q...Ox .xw....
00000014 69 00 6f 00 61 1a 00 00 20 52 bc 00 00 00 00 00 i.o.a... R......
00000024 81 cd 7d 04 00 00 00 00 00 00 00 00 00 00 00 00 ..}..... ........
00000034 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ .......
00000043 ca 2b a7 51 70 17 41 73 67 61 72 64 20 28 4e 65 .+.Qp.As gard (Ne
00000053 77 29 00 00 00 00 00 00 00 00 00 02 00 00 00 00 w)...... ........
00000063 ca 2b a7 61 70 17 4d 69 64 67 61 72 64 00 00 00 .+.ap.Mi dgard...
00000073 00 00 00 00 00 00 00 00 00 00 92 01 00 00 00 00 ........ ........
see there, the username is not 24 bytes
secureLogin 1
00000000 04 02 44 ee 5b d7 de ed 42 7a e8 c5 04 bf 52 cb ..D.[... Bz....R.
00000010 b5 1b ..
00000012 db 01 ..
00000000 dd 0d 14 37 c7 bc f7 57 3f 44 c6 ab ad 4e 0d 1e ...7...W ?D...N..
00000010 be 03 c6 2f .../
00000014 dd 01 02 00 00 00 74 65 6e 31 30 74 65 6e 31 30 ......te n10ten10
00000024 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e3 cc ........ ........
00000034 60 65 19 c9 9b 65 da 16 ed 59 e2 c9 d0 bb 0c `e...e.. .Y.....
00000014 6a 00 01 71 b8 88 58 1d d0 fd 59 14 a2 db 41 00 j..q..X. ..Y...A.
00000024 e4 fd 59 14 b8 88 58 ..Y...X
secureLogin 2
00000000 04 02 44 ee 5b d7 de ed 42 7a e8 c5 04 bf 52 cb ..D.[... Bz....R.
00000010 b5 1b ..
00000012 db 01 ..
00000000 dd 0d 14 37 a2 0a 0e 26 35 da ee 4e 99 d2 5b 41 ...7...& 5..N..[A
00000010 bb 21 41 38 .!A8
00000014 dd 01 02 00 00 00 74 65 6e 31 30 74 65 6e 31 30 ......te n10ten10
00000024 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4a a0 ........ ......J.
00000034 eb 3e 0f c4 7d ad 2c ed 0c be 08 70 a3 33 0c .>..}.,. ...p.3.
00000014 6a 00 01 71 78 31 c6 1c d0 fd 59 14 a2 db 41 00 j..qx1.. ..Y...A.
00000024 e4 fd 59 14 78 31 c6 ..Y.x1.
no, it is still 24 i guess is your weird 01dd from wireshark ? i used smartsnif and wpe both result same normal 01dd
i try to read from openkore forum i did not play when they created xyz.dll in 2010 seems they enhance it with sequence formula or something, so translation table is not enough ?
@cydh can you confirm?
@c4c1n6kr3m1 confirm what?
sorry , no need again just want to confirm that they change the 01dd username as u said but actually , they don't
i'm not familiar with sniffing never used wireshark, until you said weird thing
i am using wifi thethering, and i can not find the weird 01dd like you mentioned using smartsniff so yesterday i go to my uncle's home , borrow his computer and download wireshark and testing using lan network interesting i found weird 01dd using wireshark and smartsniff ( not raw , but winpcap option ) but when i saw the 01dd , i found the addition to 01dd username is somewhat " cache of my previous username ?, wtf ?" so i doubt it and today i test wireshark from my computer using wifi , i can not find the weird 01dd
so, NO!!! just like i said before. your 01dd is wrong. confirmed
was try to use delphine plugins, and i make delphine-key right like i do was 5 years ago, but its nothing, cant login, some how in other version just password eror, this result :
Connecting to Account Server... [Network::Receive] Network::Receive::idRO (mode: new) [Network::Send] Network::Send::idRO (mode: new) Connecting (202.43.167.67:6900)... connected Secure Login... Sent packet : 01DB [ 2 bytes] [Login Code Request] << Received packet: 01D0 - Spirit or Coin Count (revolving entities) [ 8 bytes] Unknown #1302265876 has 11909 spirit(s) now
Packet Tokenizer: Unknown switch: 35F8
<< Received unknown packet [12 bytes] Apr 27 00:34:48 2016 0> F8 35 7C 2E AB CF 54 62 3C 9E 4C 99 .5|...Tb<.L. Timeout on Account Server, reconnecting. Wait 0 seconds... Disconnecting (202.43.167.67:6900)...disconnected Connecting to Account Server... [Network::Receive] Network::Receive::idRO (mode: new) [Network::Send] Network::Send::idRO (mode: new) Connecting (202.43.167.67:6900)... connected Secure Login... Sent packet : 01DB [ 2 bytes] [Login Code Request] << Received packet: 01D0 - Spirit or Coin Count (revolving entities) [ 8 bytes] Unknown #3495690260 has 9950 spirit(s) now
Packet Tokenizer: Unknown switch: 2B99
<< Received unknown packet [12 bytes] Apr 27 00:35:00 2016 0> 99 2B 08 A1 AC C1 4F 80 62 96 08 97 .+....O.b... Timeout on Account Server, reconnecting. Wait 0 seconds... Disconnecting (202.43.167.67:6900)...disconnected Connecting to Account Server... [Network::Receive] Network::Receive::idRO (mode: new) [Network::Send] Network::Send::idRO (mode: new) Connecting (202.43.167.67:6900)... connected Secure Login... Sent packet : 01DB [ 2 bytes] [Login Code Request] << Received packet: 01D0 - Spirit or Coin Count (revolving entities) [ 8 bytes] Unknown #558235668 has 22140 spirit(s) now
Packet Tokenizer: Unknown switch: 4C18
<< Received unknown packet [12 bytes] Apr 27 00:35:12 2016 0> 18 4C 32 62 22 13 46 3C 9C 7C 2A 4A .L2b".F<.|*J Timeout on Account Server, reconnecting. Wait 0 seconds... Disconnecting (202.43.167.67:6900)...disconnected Connecting to Account Server... [Network::Receive] Network::Receive::idRO (mode: new) [Network::Send] Network::Send::idRO (mode: new) Connecting (202.43.167.67:6900)... connected Secure Login... Sent packet : 01DB [ 2 bytes] [Login Code Request] << Received packet: 01D0 - Spirit or Coin Count (revolving entities) [ 8 bytes] Unknown #2896953364 has 53308 spirit(s) now
Packet Tokenizer: Unknown switch: 32EE
<< Received unknown packet [12 bytes] Apr 27 00:35:24 2016 0> EE 32 78 AF 35 56 EE 91 9F 80 DB 56 .2x.5V.....V
@c4c1n6kr3m1 no, I'm not wrong about the 01DD
packet, just a miss understood about how client works, it simply doesn't clear all buffer of username bytes. At least this is gave me another hint for other works especially for PS development. Clear Username Buffer on Cancel-to-login-window
now openkore on xkore mode cant inject the netredirect.dll after this day idro update
no need xkore anymore, at midgard its normal but server asgard cant login to map
midgard can bot again, but when chose Asgard "packet Tokenizer : unknown switch : 0478 and disconnect
Cannot use xkore again, and cannot use snif(wpe) again... >_<
How about cclient.dll?? its like new xyz file, i think it makes netredirect.dll cant inject ragexe http://dl5.lytogame.com/patch/ro/cclient.dll
by the way.. if try equip armor its always disconnect. anyone have same problem? how to solve it?? its make can't switch equip at openkore..
well, this issue now only for Asgard server. On April 27, 2016, after MT seems the encryption only for Asgard server on map_loaded (right after char selection). For the reset, the packet headers & bodies are raw (sniffed by Wireshark).
@phinokio ur openkore maybe older than 8ee08cd889a2feb85d276eea8657cff0c7bd07d1
@cydh thanks for helping... problem solved...
maintenance today... updating double guard asgard server... because yesterday some bot can bypass the guard...
unknown packet 6871 and 3C19 using xkore 0 xkore 1 still same problem "unable to inject netredirect.dll"
as a note, on today's MT they update the cclient.dll again. :P netredirect.dll injection is failed since last week MT as they removed the encryption for Midgard server \o/
there is some bot that is already active after from the beggining of each maintenances; like this one. I suspect that it is owned by the inside man since they hold the key? One obvious one is the autotrade bot buying skel bone running 24/7 in prontera spawn spot.
some my friends told me that skel bone's buyer in pront is not a bot, she is her friend name acxxx.. because if she away, that character cannot trade anymore.. but for me that's impossible, because that player always buying 24 hours in 3-4 days
now there is a warping bot in prontera spawn spot.
Amazing.
hi there, i'm using the latest openkore and now its have new packet tokenizer
Connecting to Character Server... Connecting (202.43.167.81:6000)... connected Sent packet : 0065 [17 bytes] [Character Server Login]
Packet Tokenizer: Unknown switch: 66F6
<< Received unknown packet [4 bytes] May 9 06:52:50 2016 0> F6 66 89 34 .f.4
Packet Tokenizer: Unknown switch: 3C19
<< Received unknown packet [35 bytes] May 9 06:52:50 2016 0> 19 3C 29 34 23 30 34 31 23 34 34 34 34 34 34 34 .<)4#041#4444444 16> 34 34 34 34 34 34 34 34 34 34 34 34 34 94 3D 3D 4444444444444.== 32> 34 34 34 444
Someone can fix it?
I believe they'll change/improve the packet encryption weekly (at least until the Asgard Challenge event ended xD)
yeah i think it will be end, when Asgard Challenge event ended.. >__<
no update??
cydh can i ask something? is it possible if xkore run ragexe.exe with parameter 1rag1?
i get info from someone.. he tell me for create file at src folder for redirect to asgard server.. but I am still confused about what he means..
@phinokio exactly, someone who claimed that he can boting tell me that we should create plugin for describe IP and port for asgard server and map, but i cannot snif with wpe anymore. im not used to use whireshark @__@
i think their plugin is, ip for connect normal then after go to map their ip and port is changing. i sniff with wpe and wireshark and have same IP and port after go to map. i dont really understand to configure bot so i only can give this information
at login and char selection IP is xxx.xx.xxx.67 port 6900 (like at server.txt), then after go to map change to xxx.xx.xxx.85 port 5000.(xxx means same IP). i try to hook with xkore 3, but my port for ro client randomly with range 52k-555k. i only can give this information, hopefully who can configure this bot will help
@ginkzzz i think its not from port server.. in midgard server the server port is also random
Hey legendaryan, try sending it to me alfredohashim92@yahoo.com and ill see what i can do
can anyone make some plugins to receive packet from server to secure login request code ?? i use wpe on different computer with proxy inject , and get hex code for 4 bytes.. and each ID different hex.. and i dont know how to sent packet for that packet....
any news on how to connect to asgard server?
cydh, I'm not a programmer, but I interested in this issue,, I've red a lot about how to decrypt that packet,, but could you please give me clear instruction what should I do after I decrypt that packet?? where should I place that password,,, ? I really need your help,, I'm willing to learn much. For one who can run his bot in asgard server,, please give us at least a hints to run ours... I'm waiting for your answer, thanks
If u can decrypt the incoming packet, u need kore to decrypts it first before processing the packet. And before sending the packet, you need to encrypt (change the way to pack) the packet like idRO client does.
And for people who ask me for Asgard solution, I don't play Asgard and I don't set kore for Asgard. But, I'd like to help once I know the encryption algorithm.
would u mind share it to me how to use bot in asgard, thanks :)
someone can help please with asgard unknown code Potongan Packet: Switch tidak diketahui: 747E Potongan Packet: Switch tidak diketahui: 7356 what should i do to add code rcvdpacket.txt??
@cydh Is it true that these servers were shut down? A user on IRC says there's new idRO servers?
@itsrachelfish the previous server Midgard and Asgard were being closed because the publisher is changed from Lyto to Gravindo. Those servers will be reopened later (maybe this mid year). For now, Gravindo is working on 'fake' classic server just like thRO's. On last CBT event, it uses same encryption just like Asgard server (the cclient.dll thing).
idRO already OBT today.. any news about new openkore idRO??
this new code from idRO OBT today
00000000 04 02 8e a4 56 45 64 eb 31 c5 5c db a7 d1 06 ff ....VEd. 1.\.....
00000010 01 c8 db 01 ....
00000000 cf 16 15 37 fd b5 ad 1d 76 ee 87 58 20 58 72 27 ...7.... v..X Xr'
00000010 c5 fc a0 99 ....
00000014 dd 01 02 00 00 00 75 73 65 72 69 64 00 00 08 00 ......us erid....
00000024 00 00 08 00 00 00 08 00 00 00 08 00 00 00 6b ea ........ ......k.
00000034 0a 0a d8 f4 59 01 70 b7 a8 95 f3 35 a6 ec 0c ....Y.p. ...5...
00000014 6a 00 00 74 18 99 6a 22 a0 fd c9 18 42 dc 41 00 j..t..j" ....B.A.
00000024 b4 fd c9 18 18 99 6a ......j
i think "CF16" is secure_key_code and I've put on OpenKore replace old secure_key_code (01DC). but openkore said wrong password.. so I think there is an error in the calculation of encoded passwords (MD5) that result does not match the new server.
I've drunk made 12 hours working with it. xD
error say "packet Tokenizer : unknown switch :0DDD help pls