Hello, I never tried to use packets before. I was always making bots with keyboard/mouse simulation so I need some help to understand how to work with it.
I already downloaded wpe pro (packet sniffer) and "played" repeating packets (also repeating actions in Tibia) and trying to understand. But i did not understand.
Can someone help me about "packet syntax" ?
Like to learn what means " 0C 00 FA 03 5F 11 8F 8D 59 6C 70 92 46 D0 " (a packet sent) . How it is encrypted or whatever?
Thanks.
First two bytes are the packet lenghtOriginally Posted by lifriet
0C 00 = 0x000C = 12 Bytes
In these 12 bytes, the first 4 is the adler32 checksum of the rest of the packet
FA 03 5F 11 = 0x115F03FA = adler32(&Packet[6], 8)
The other 8 bytes are encrypted with XTEA, and is only possible to know them with the key, that is generated everytime you connect to Tibia
8F 8D 59 6C 70 92 46 D0
decrypt(&Packet[6], 8, Key)
Nope, this packet is first packet you get after estabilishing connection with login server.
[code=Delphi]
0C 00 FA 03 5F 11 8F 8D 59 6C 70 92 46 D0
[ SIZE ] [ ADLER32 ] [ UNKOWN ] [ SECURITY BYTES ]
[/code]
All byte structures are in Little Endian so you need to swap them to Big Endian before reading them, size and adler32 were explained in @up post, UNKOWN are three bytes I don't really care, you shouldn't too. Last five packets are so called Security Bytes, you need to save them somewhere cuz you'll need them later. This packet isn't encrypted at all, because as it's first packet sent by server before client send any (and XTEA key isn't generated yet). Client generates XTEA key as 4 random LongWord (or _uint32 if you like). Here are threads that can explain you that:
http://tpforums.ianobermiller.com/forum/thread-4838.html
http://tpforums.org/forum/thread-7722.html
And also it'll be good for you to check TFS and YATC sources you can find on google.
you get the security bytes only at the game server connection, and they have the ID 0x1F
its structure is like that:
Code:0C 00 01 02 03 04 06 00 1F 01 02 03 04 05I think the repetition of the packet length is just because of the reutilization of some packet creation code, you can notice that this message has exactly 8 bytes, fitting the divisible-by-eight rule of XTEA, but is not encrypted because the XTEA key isn't generated at this momentCode:0C 00 = 0x000C = 12 = Message Length 01 02 03 04 = 0x04030201 = Adler32 Checksum (just an example one) 06 00 = 0x0006 = 6 = Length, again 1F = Packet ID for the secuity bytes 01 02 03 04 05 = security bytes
Do not assume that every packet that has 12 bytes length is the security bytes, the thing that identifies it is its ID (0x1F)
It should be a stupid question, but I always read people saying about this Adler32/Adler Checksum etc..
What is that ? What informations it has ?
http://en.wikipedia.org/wiki/Adler-32
Posting Permissions
Reply With Quote