Recently a commenter name tAmMo started playing around with how encryption and decryption of the packets might work. He made several comments about his progress and just yesterday he posted something unexpected: Source code related to client packet decryption.
So what does this mean? Not much for the "end user", but a great deal for researchers. Also tAmMo did not release the complete code, especially the part of encrypting packets to be sent to the server. This could be used for hacks or to create a private server which is not the intention of this attempt.
The code is hosted at https://gitorious.org/lotro/lotro-tools for now. Take a look at it, play with it, and keep us updated using comments!
A quick short update:
AntwortenLöschenThe checksum generation is complicater than i thought. I ever thought that the whole data block is parsed at once to generate the 4 byte value. But this isn't so. There are different segments inside a block which are summed (like i did it in source). So, but how to get the segments? There is a kind of lenght value given in the segments and some kind of system, but i haven't found it out yet. I wrote them down til the character selection screen comes. The first encrypted server packet got for example the segments 0x08, 0x0e, 0x24, 0x0e, 0x17. Also i played a little with the character data. I managed to find the hex value of the character level. Some of the packets before seems to be images? If you clear them no shop graphics (the golden coin and the shop logo) are loaded. You can take the none free classes. My next research will cover the ping pong packets, so that the client won't disconnect. Hope to find out the algo behind that.
Greetings
-T-
Progress:
AntwortenLöschen- Checksum gen./validation 100% complete, the hard part, dynamically generated, no look up table with 8.000.000 values.
- "Ping" 100% complete, client doesn't disconnect any more, runs for hours
- Managed to join world with premade chara
the bad side:
- moving round in world stops after a few seconds, need to figure out how pos. packets are handled
Greetings
Great stuff!
AntwortenLöschenFeel free to post a link to the code if you want me to push it to the gitorious repository. I wasn't able to get the last file (containing the Decryption/Ecryption only) to compile, so a "complete dump" would be best!
Keep up the great work.
sad, but true: i am out of this. it's taking to much time to figure things out for a single person. i am holding the working checksum generation back til some people wrote a working server(framework) and don't use it for cheating.
AntwortenLöschenFor all the others: Everything you needed is there. and remember, you don't have to care about the checksums to join the game world, if you patch the two client bytes.
I solved the moving problem in game partially. Your server must confirm the "position?" packets from client and increase a number. if this isn't synchro there are hickups while running and you jump back to start position.
The checksum table with first 256 entries is generated from the two 4 byte words after the 0x00 0x00 (offset 0x2a)in the first server packet.
This table changes each time after 256 packets were received from the server.
Good luck
-T-
I've recently started work on a Java server framework using Netty. I can currently build + encode / decode packets. I'm having to use a patched lotroclient, as I'm unable to figure out checksum generation/validation based on your code/comments. I have also not looked into the ping packets, but that's on my todo list.
AntwortenLöschenI plan on releasing the src + documentation once I'm able to spawn in the world, until then I don't think it's worth it.
@tAmMo, I'd be very interested in getting in contact with you, however #lotroemu on Efnet seems dead. Is there any other place I can contact you ?
Gen