Users browsing this thread: 1 Guest(s)
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
MxO Client - Connection sequence Launchpad->Worldlist (Work in progress)
06-21-2009, 09:47 PM,
#1
MxO Client - Connection sequence Launchpad->Worldlist (Work in progress)
Findings findings and more findings...

At first, i used some easy-cheating software to look for my user and pass. It was supposed to work as even having great encryption mechanism, what you typed has to be plain-text sended to the client as string to encode it later; and it worked indeed.

Got a fixed location where user + pass where plain text stored. I was happy.

But happyness is a short state, as I found that i was mid-wrong. Indeed, MxO client stored the user + pass there but... when I looked more into the matrix code (haha easy joke) i saw that it was copied from another fixed location and writes some more data.

This may mean that what i saw in first place was the place where a copy was stored, and we know that copies are mean to be .. sent, edited, compared, ... so it may be the place where it tooks the password plain-text to encoded one...

It needs some research but... hey.. Big Grin is a start.

More things...

After so many tries, I have found that the first packet to launchpad:

Code:
00 01 00 00 00 02 <4 "random" characters here> 00 00 02 00

is stored in the ingame code (that means where the packet info is) and made a trace after sending, so i reach the place where response is stored too.

first place is always the same, but 2nd i'm not so sure about it (maybe it was xD).

followed the ingame code (from now on i will refer to this as "press F7 till your finger hurts") after getting the:

Code:
00 02 <same 4 chars> <4chars response> 00 00 00 00 00 00 00 00 00 02

And i... (apart from getting a "sick" status over my head) found that:
- it writes it in some code that makes blahblahblah, commented like 100-200 lines of pure asm + "press f7 till finger really hurts...." and got nothing.
- I suspect that it doesnt make so much about that response, meaning that client may accept it and use it later.
- suspecting is augmented because client checks the first block of the response, aka "<same 4 chars>" agains one memory dir, and keeps doing operations with the second block aka "<4chars response>", writing it on another memory place, and not comparing it to anything (or i got tired before it did!)

.... its a work in progress from here peeps! ....
Reply


Messages In This Thread
MxO Client - Connection sequence Launchpad->Worldlist (Work in progress) - by Morpheus - 06-21-2009, 09:47 PM

Forum Jump: