Archive for the ‘IntPe9’ Category

IntPe9 0.5.0 – all purpuse sniffer included



I just release IntPe9 0.5.0. Proud on the release, i am! But I would love to have some more feedback from users and increase its user base. So spread the word and this packet editor/sniffer. It has now a core “General winsock” that will sniff all packets send by as good as all windows processes. So try it and see for yourself!!

Download link for IntPe9 0.5.0

IntPe9 0.5.0:
– Two new cores
– IntPe9 now can only run one instance
– Proxy dll system
– Small bug fixes

– First proxy dll that is able to sniff com packets for Stollmann NFCStack+Eva R04

– General winsock sniffer core
– Sniffs send/recv/WSASend/WSARecv/WSASendTo/WSARecvFrom
– Places hooks with IAT by default
– If IAT hooks fails uses inline hooks (tested on windows seven x64)

Remember it is open source so you can write your own cores. If there are any issues with this release please post them here.



[Recruiting] People to work on LoL server emulator



The guy who motivated me to start the project HeroWars dissapeared. So i’m searching for people to do tiny parts on HeroWars to keep me motivated. (Big parts are ofcourse even more welcome).

Little details:
Game: League of Legends
Goal: Full game server sandbox
Opensource repo:
Tool for packet analyse: (Also packet editing capability’s look at the python interpreter extensions)
Language: C++

So if you like to write wiki entry’s, do packet research, code some C++, design some images, make a standalone good forum or have any other thing you can provide or help.

Send me a mail and go to work!
You can also find me lurking in (Ping me as only then the screen goes active)

I’m hoping forward to meet you!


Stupid headers!



So i’ve been trying to figure this out and well, its not that simple. BUT HEY! That makes it good!

So the the decrypting is coming along nicely. So with that all my notes i have i published in a pastebin. Ofcourse there is a lot of stuff not done yet, i’m having a lot of troubles with the different header sizes, and the main header type flag, or something……

O well its a lot of fun. If you need help with decrypting the packets contact me 😉 i can provide you with some code examples if needed.

O YA!, 1 more important point. It seems that the packets are in big endian form!


League of Legends (LOL!)



Well, i’ve been playing this game for quite some time now, and i’m really enjoying it. But o well the hacker in me always comes snooping around. So here are some facts (some better proven then others)


  • Uses blowfish ECB for send/recv
  • Uses WSARecvFrom & WSASendTo
  • The key for that game session is given to the game client thought command line by the launcher process
  • The key is base64 encoded
  • Still not sure what they do with the (packetLenght-headerSize) % 8, i’m thinking of some custom simpel xoring, but no idea yet for that part.

I’m currently trying to derive what the different headers for the recv packets means, its quit a hassle but i think i’m starting to see the pattern. You have 2 different types, a multi packet header (32 bytes) and a solo packet header (14 bytes)

Well while i’m making this, i’m upping my IntPe9 packet editor, and its getting awesome. Currently it works through:

  • Boost IPC (message que)
  • Qt GUI client
  • Skeleton hooking system for a per target app

Well i keep you informed about progress on these 2 projects.