Pieter6
08-20-2007, 08:41 PM
Some time ago ruud wanned to help me making a clientless bot ;) he told me how to send the login packet:
You have to send a login packet to the login-server(tibia01.cipsoft.com,7171)
That packet looks like this:
packet[1]:=$91;
packet[2]:=$00;
packet[3]:=$01;
packet[4]:=$02;
packet[5]:=$00;
packet[6]:=$18;
packet[7]:=$03;
packet[8]:=$73;
packet[9]:=$7B;
packet[10]:=$9E;
packet[11]:=$45;
packet[12]:=$E8;
packet[13]:=$0F;
packet[14]:=$88;
packet[15]:=$45;
packet[16]:=$23;
packet[17]:=$09;
packet[18]:=$67;
packet[19]:=$45;
This is the first part wich dont need to be encryped.
The next 128 bytes(20-147) have to be filled with $00;
it has to be 128 bytes for the rsa encryption.
This is the buffer that has to be encrypted:
TeaKey[0]:=Random($FFFFFFFF);
TeaKey[1]:=Random($FFFFFFFF);
TeaKey[2]:=Random($FFFFFFFF);
TeaKey[3]:=Random($FFFFFFFF);
buffer[1]:=$00;
//Random XTEA Key[0]
buffer[2]:=byte(TeaKey[0]);
buffer[3]:=byte(TeaKey[0] shr 8);
buffer[4]:=byte(TeaKey[0] shr 16);
buffer[5]:=byte(TeaKey[0] shr 24);
//Random XTEA Key[1]
buffer[6]:=byte(TeaKey[1]);
buffer[7]:=byte(TeaKey[1] shr 8);
buffer[8]:=byte(TeaKey[1] shr 16);
buffer[9]:=byte(TeaKey[1] shr 24);
//Random XTEA Key[2]
buffer[10]:=byte(TeaKey[2]);
buffer[11]:=byte(TeaKey[2] shr 8);
buffer[12]:=byte(TeaKey[2] shr 16);
buffer[13]:=byte(TeaKey[2] shr 24);
//Random XTEA Key[3]
buffer[14]:=byte(TeaKey[3]);
buffer[15]:=byte(TeaKey[3] shr 8);
buffer[16]:=byte(TeaKey[3] shr 16);
buffer[17]:=byte(TeaKey[3] shr 24);
//Account Number
buffer[18]:=byte(acc); //$07
buffer[19]:=byte(acc shr 8); //$B2
buffer[20]:=byte(acc shr 16); //$01
buffer[21]:=byte(acc shr 24); //$00
//Password
buffer[22]:=byte(length_pass); //pass length
buffer[23]:=byte(length_pass shr 8); //pass length
//Adding password to the packet
for cpos:= 1 to (length_pass) do
buffer[cpos+23]:= ord(pass[cpos]);
So the buffer has to be encrypted with RSA and then have to be put after the first 19 bytes wich give a total length of 147 bytes. Send this to the login server. You will receive a packet back wich is encrypted with XTEA. The key for that xtea is what you put in the rsa packet.
In that packet the characters are located with their worlds etc.
but didnt say what to do when u recive characters list and how to login the game :P can u guys explain me how it works?
You have to send a login packet to the login-server(tibia01.cipsoft.com,7171)
That packet looks like this:
packet[1]:=$91;
packet[2]:=$00;
packet[3]:=$01;
packet[4]:=$02;
packet[5]:=$00;
packet[6]:=$18;
packet[7]:=$03;
packet[8]:=$73;
packet[9]:=$7B;
packet[10]:=$9E;
packet[11]:=$45;
packet[12]:=$E8;
packet[13]:=$0F;
packet[14]:=$88;
packet[15]:=$45;
packet[16]:=$23;
packet[17]:=$09;
packet[18]:=$67;
packet[19]:=$45;
This is the first part wich dont need to be encryped.
The next 128 bytes(20-147) have to be filled with $00;
it has to be 128 bytes for the rsa encryption.
This is the buffer that has to be encrypted:
TeaKey[0]:=Random($FFFFFFFF);
TeaKey[1]:=Random($FFFFFFFF);
TeaKey[2]:=Random($FFFFFFFF);
TeaKey[3]:=Random($FFFFFFFF);
buffer[1]:=$00;
//Random XTEA Key[0]
buffer[2]:=byte(TeaKey[0]);
buffer[3]:=byte(TeaKey[0] shr 8);
buffer[4]:=byte(TeaKey[0] shr 16);
buffer[5]:=byte(TeaKey[0] shr 24);
//Random XTEA Key[1]
buffer[6]:=byte(TeaKey[1]);
buffer[7]:=byte(TeaKey[1] shr 8);
buffer[8]:=byte(TeaKey[1] shr 16);
buffer[9]:=byte(TeaKey[1] shr 24);
//Random XTEA Key[2]
buffer[10]:=byte(TeaKey[2]);
buffer[11]:=byte(TeaKey[2] shr 8);
buffer[12]:=byte(TeaKey[2] shr 16);
buffer[13]:=byte(TeaKey[2] shr 24);
//Random XTEA Key[3]
buffer[14]:=byte(TeaKey[3]);
buffer[15]:=byte(TeaKey[3] shr 8);
buffer[16]:=byte(TeaKey[3] shr 16);
buffer[17]:=byte(TeaKey[3] shr 24);
//Account Number
buffer[18]:=byte(acc); //$07
buffer[19]:=byte(acc shr 8); //$B2
buffer[20]:=byte(acc shr 16); //$01
buffer[21]:=byte(acc shr 24); //$00
//Password
buffer[22]:=byte(length_pass); //pass length
buffer[23]:=byte(length_pass shr 8); //pass length
//Adding password to the packet
for cpos:= 1 to (length_pass) do
buffer[cpos+23]:= ord(pass[cpos]);
So the buffer has to be encrypted with RSA and then have to be put after the first 19 bytes wich give a total length of 147 bytes. Send this to the login server. You will receive a packet back wich is encrypted with XTEA. The key for that xtea is what you put in the rsa packet.
In that packet the characters are located with their worlds etc.
but didnt say what to do when u recive characters list and how to login the game :P can u guys explain me how it works?