Posts Tagged ‘packet’

IntPe9 0.5.0 – all purpuse sniffer included

19/10/2012

Ciaossu,

I just release IntPe9 0.5.0. Proud on the release, i am! But I would love to have some more feedback from users and increase its user base. So spread the word and this packet editor/sniffer. It has now a core “General winsock” that will sniff all packets send by as good as all windows processes. So try it and see for yourself!!

Download link for IntPe9 0.5.0

IntPe9 0.5.0:
– Two new cores
– IntPe9 now can only run one instance
– Proxy dll system
– Small bug fixes

Stollmann:
– First proxy dll that is able to sniff com packets for Stollmann NFCStack+Eva R04

Winsock:
– General winsock sniffer core
– Sniffs send/recv/WSASend/WSARecv/WSASendTo/WSARecvFrom
– Places hooks with IAT by default
– If IAT hooks fails uses inline hooks (tested on windows seven x64)

Remember it is open source so you can write your own cores. If there are any issues with this release please post them here.

~Intline9

Advertisements

Stupid headers!

12/03/2011

Ciaossu,

So i’ve been trying to figure this out and well, its not that simple. BUT HEY! That makes it good!

So the the decrypting is coming along nicely. So with that all my notes i have i published in a pastebin. Ofcourse there is a lot of stuff not done yet, i’m having a lot of troubles with the different header sizes, and the main header type flag, or something……

O well its a lot of fun. If you need help with decrypting the packets contact me 😉 i can provide you with some code examples if needed.

O YA!, 1 more important point. It seems that the packets are in big endian form!

~Intline9

League of Legends (LOL!)

10/03/2011

Ciaossu,

Well, i’ve been playing this game for quite some time now, and i’m really enjoying it. But o well the hacker in me always comes snooping around. So here are some facts (some better proven then others)

Facts:

  • Uses blowfish ECB for send/recv
  • Uses WSARecvFrom & WSASendTo
  • The key for that game session is given to the game client thought command line by the launcher process
  • The key is base64 encoded
  • Still not sure what they do with the (packetLenght-headerSize) % 8, i’m thinking of some custom simpel xoring, but no idea yet for that part.

I’m currently trying to derive what the different headers for the recv packets means, its quit a hassle but i think i’m starting to see the pattern. You have 2 different types, a multi packet header (32 bytes) and a solo packet header (14 bytes)

Well while i’m making this, i’m upping my IntPe9 packet editor, and its getting awesome. Currently it works through:

  • Boost IPC (message que)
  • Qt GUI client
  • Skeleton hooking system for a per target app

Well i keep you informed about progress on these 2 projects.

~Intline9