do not distribute any binaries of this nor use any binaries of this that you didnt compiled self.

i tuned mverns code some to send the key over udp to the showeq box and use a config file.

this is the config sample file:


[Client]
SessionKeyLocation=0x00773b90
SendInterval=600

[ShowEQ]
IP=192.168.1.11
Port=666


SendInterval is used to send the key all X seconds to the showeq box.
set it to 0 to not send it automaticaly.

this is the source for it. compiles fine with lcc


// $Header: /usr/local/cvsroot/senseheading/senseheading.c,v 1.1.1.1 2002/11/02 21:10:16 hoihoi Exp $

#include <stdio.h>
#include <string.h>
#include <winsock2.h>
#include <tlhelp32.h>

#define CONF_FILE "C:/senseheading/senseheading.conf"
#define CONF_SIZE 16

struct CONFIG
{
unsigned long long SessionKeyLocation;
unsigned int SendInterval;
char seq_ip[16];
int seq_port;
} config;

int SendSessionKey(unsigned long long SessionKey);

void readkey (HANDLE hProcess, int useConfig)
{
while (1)
{
unsigned long addr;
unsigned long long key;
char keypressing;

if (useConfig == 0)
{
printf ("\nenter offset (ie: 0x00773b90): ");
if (scanf ("%08x", &addr) == 1)
{
printf ("offset:\t0x%08x\n", addr);
}
}
else
addr = config.SessionKeyLocation;

if (ReadProcessMemory (hProcess, (void *)addr, &key, 8, NULL) == 0)
{
printf ("ReadProcessMemory on 8 bytes at 0x%08x failed: %u\n", addr, GetLastError());
}
else
{
printf ("Session key:\t0x%016llx\n", (unsigned long long) key);
}

if ( useConfig == 1)
{
if (SendSessionKey(key) != SOCKET_ERROR)
printf("Sent the session key to %s:%d\n", config.seq_ip, config.seq_port);
else
printf("Failed to send the session key to %s:%d\n", config.seq_ip, config.seq_port);
}

if (config.SendInterval != 0)
sleep(config.SendInterval*1000);
else
{
printf("\nPress some key to continue");
scanf("%s", &keypressing);
}
}

fflush (stdin);
}

int scanproclist ( int useConfig )
{
HANDLE hProcessSnap = NULL;
PROCESSENTRY32 pe32 = {0};

// Take a snapshot of all processes in the system.
hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

if (hProcessSnap == INVALID_HANDLE_VALUE)
return 0;

// Fill in the size of the structure before using it.
pe32.dwSize = sizeof(PROCESSENTRY32);

if (Process32First(hProcessSnap, &pe32))
{
HANDLE hProcess;

do
{
LPSTR pCurChar;
char pName[512];

// strip path and leave exe filename
for (pCurChar = (pe32.szExeFile + strlen (pe32.szExeFile));
*pCurChar != '\\' && pCurChar != pe32.szExeFile - 1;
--pCurChar)

strcpy(pName, pCurChar);
strlwr(pName);

if ( (strncmp (pName, "testeqgame", 10) == 0) || (strncmp (pName, "eqgame", 6) == 0) )
{
printf ("found eqgame - pid = %u\n\n", pe32.th32ProcessID);
hProcess = OpenProcess (PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);
if (hProcess == NULL)
{
DWORD dw;
dw = GetLastError();
printf ("OpenProcess failed, error: %u\n", dw);
return 0;
}
readkey (hProcess, useConfig);
}
}
while (Process32Next(hProcessSnap, &pe32));
}

CloseHandle (hProcessSnap);
return 0;
}


int ReadConfig (void)
{
int useConfig = 0;
char conf_buffer[CONF_SIZE];

GetPrivateProfileString("Client", "SessionKeyLocation", "0", conf_buffer, CONF_SIZE, CONF_FILE);
config.SessionKeyLocation = strtol(conf_buffer,NULL,16);

GetPrivateProfileString("Client", "SendInterval", "0", conf_buffer, CONF_SIZE, CONF_FILE);
config.SendInterval = atoi(conf_buffer);

GetPrivateProfileString("ShowEQ", "IP", "0", conf_buffer, CONF_SIZE, CONF_FILE);
strcpy(config.seq_ip, conf_buffer);

GetPrivateProfileString("ShowEQ", "Port", "0", conf_buffer, CONF_SIZE, CONF_FILE);
config.seq_port = atoi(conf_buffer);

if (config.SessionKeyLocation > 0)
useConfig = 1;

return useConfig;
}

int SendSessionKey(unsigned long long SessionKey)
{
int ret;
char content[18];

sprintf(content, "0x%016llx", SessionKey);

WSADATA wsd;
SOCKET ssocket;
SOCKADDR_IN seq;

if (WSAStartup(MAKEWORD(2, 2), &wsd) != 0)
{
printf("WSAStartup failed!\n");
return SOCKET_ERROR;
}

ssocket = socket(AF_INET, SOCK_DGRAM, 0);
if (ssocket == INVALID_SOCKET)
{
printf("socket() failed; %d\n", WSAGetLastError());
return SOCKET_ERROR;
}

seq.sin_family = AF_INET;
seq.sin_port = htons((short)config.seq_port);
seq.sin_addr.s_addr = inet_addr(config.seq_ip);

ret = sendto(ssocket, content, sizeof(content), 0, (SOCKADDR *)&seq, sizeof(seq));
if (ret == SOCKET_ERROR)
{
return SOCKET_ERROR;
}

closesocket(ssocket);

WSACleanup();
return 0;
}



int main(void)
{
printf ("scanning for eqgame.exe\n");

if (ReadConfig() == 1)
scanproclist(1);
else
scanproclist(0);

return 0;
}





adjusting the showeq source some to capture the packet with the key. will post the code later.

I didnt use nor distro it but it compiles fine =)

-end

p.s. somehow the \ gets pulled out of part of the code, you need to re--add it....annoying but works...

hehe, meant dont use binaries you didnt make self since its sending stuff ;)

Outstanding. Now, if I may make a couple of suggestions for obfuscation on this:

First, the client (key sniffer) should probably establish communication with ShowEQ prior to starting to get keys. This would allow the client to request the key offset from ShowEQ, as well as allowing ShowEQ to select a random port number through which the key exchanges are to occur. The initial handshake would be on a specific port, but once ShowEQ establishes contact with the client on that port and provides the client with a "working" port number to use, ShowEQ would ignore further requests on that port. This would prevent EQ from detecting the client by simply looking for packets being sent on a specific port.

Next, I'd probably have the client encrypt the keys using a simple 8-byte XOR key, also randomly generated by ShowEQ at the time of initial contact. This would prevent EQ from detecting the client by looking for repeated packets which include its key.

The client should probably be written in such a way that it morphs occasionally, or at least shifts parts of itself around randomly each time it's run. This would prevent detection based on process signature.

Last, I'd probably have the key sniffer not look for a key unless ShowEQ sends it a specific request for one. This would prevent detecton on the basis of frequent outside access to EQ's memory, since ShowEQ would only request a key when it sees that a new zone is being loaded.

If you REALLY wanted to go over the top a bit, you could have each packet after the initial handshake be XORed with a different 8-byte key, and whenever either side sends a packet, it would include, encrypted within that packet, the 8-byte key that it wants the receiving end to use the next time it sends a message.

Just some thoughts.

-wxh

do you need to setup a new program to work with this, something like samba, or do you just need to make sure port 666 is set in in servies using udp?

okay, i'm stupid... but what do you have to setup on the OTHER end to get this to work?

adjusting the showeq source some to capture the packet with the key. will post the code later.

Well, on the other end, it seems that he said he was going to have to adjust the code in ShowEQ to make this work and would post it later. He has yet to post that part....

I, on the other hand, only have the Mingw compiler and it won't compile with that compiler. Any ideas? I haven't programmed since my days with a Commodore 64 and ran a BBS written in Commodore Basic with 14 overlay's that took 3 hours to compile!!!!!

yeah, i just went back and saw that... i also can't compile with MinGW



C:\MinGW\bin>gcc -c hoihoi.c
hoihoi.c:94:31: missing terminating ' character
hoihoi.c:94:31: warning: character constant too long
hoihoi.c: In function `scanproclist':
hoihoi.c:95: invalid lvalue in decrement
hoihoi.c:95: parse error before "pCurChar"


**fixed:

*pCurChar != '\' && pCurChar != pe32.szExeFile - 1;
SHOULD BE
*pCurChar != '\\' && pCurChar != pe32.szExeFile - 1;

(added one \ because the \' was escaping the ' so it thought the ' never ended).

okay, still stuck at...



C:\MinGW\bin>gcc -o hoihoi.exe hoihoi.o -lth32 -lwinmm -wsock32
hoihoi.o(.text+0x31e):hoihoi.c: undefined reference to `Process32First@8'
hoihoi.o(.text+0x462):hoihoi.c: undefined reference to `Process32Next@8'
hoihoi.o(.text+0x684):hoihoi.c: undefined reference to `WSAStartup@8'
hoihoi.o(.text+0x6b8):hoihoi.c: undefined reference to `socket@12'
hoihoi.o(.text+0x6d5):hoihoi.c: undefined reference to `WSAGetLastError@0'
hoihoi.o(.text+0x712):hoihoi.c: undefined reference to `htons@4'
hoihoi.o(.text+0x729):hoihoi.c: undefined reference to `inet_addr@4'
hoihoi.o(.text+0x751):hoihoi.c: undefined reference to `sendto@24'
hoihoi.o(.text+0x777):hoihoi.c: undefined reference to `closesocket@4'
hoihoi.o(.text+0x77f):hoihoi.c: undefined reference to `WSACleanup@0'

Those linker errors pop up on MSVC++ also.

You need to specifically tell the linker to include wsock32.lib, as those references appear there.

From your command line (and I'm not familiar with MinGW - sorry) it *appears* that you might already be doing so. Perhaps it cannot find the wsock32 library.

Under lcc, upon first attempt to build, it detects the needed library (wsock32.lib) and adds it (nice!).

duh, it was a typo.



gcc -o hoihoi.exe hoihoi.o -lth32 -lwinmm -lwsock32


(i had -lwsock32, needed -lwsock32)

okay, it compiled... but is it supposed to run in a loop? i changed the config to read from "c:\temp\hoihoi.conf" and made a file there with the info from the first post.



C:\Temp>hoihoi
scanning for eqgame.exe



should it really be:


#define CONF_FILE "C:/temp/hoihoi.conf"


or should it use "C:\temp\" (other slashes)?

floyd might code the seq part he said. if not, ill code it but i dont want to do double work.

for the path: use regular slashes

sorry, i totally forgot to phrase that right... it just exits immediatly after i run it.

If it doesn't find a eqgame.exe (or test) it exits, that is the way it's written.

I'm not sure that was intended, but that is what is written.

sooo... how are you supposed to start it if you play full screen? telnet to windows?

would it be possible to just set it up to run in a loop waiting for eqgame.exe to start? might be more useful for when people play full screen :)

you could just make it like this


int main(void)
{
printf ("scanning for eqgame.exe\n");
sleep(10000);
if (ReadConfig() == 1)
scanproclist(1);
else
scanproclist(0);

return 0;
}


this would wait 10 seconds till it starts scaning for eqgame.exe

while seq isnt picking up the packet yet, just run ethereal or etherape filtering on the specific port

If your looking for something to capture the text on the linux side you can use this simple perl script I put together.



#!/usr/bin/perl

use strict;
use IO::Socket;
my($sock, $oldmsg, $newmsg, $hisaddr, $sender, $MAXLEN, $PORTNO);
$MAXLEN = 1024;
$PORTNO = 666;
$sock = IO::Socket::INET->new(LocalPort => $PORTNO, Proto => 'udp')
or die "socket: $@";
print "Awaiting UDP messages on port $PORTNO\n";
$oldmsg = "This is the starting message.";
while ($sock->recv($newmsg, $MAXLEN)) {
my($port, $ipaddr) = sockaddr_in($sock->peername);
$sender = gethostbyaddr($ipaddr, AF_INET);
print "Client $sender said ``$newmsg''\n";
$sock->send($oldmsg);
$oldmsg = "[$sender] $newmsg";
}
die "recv: $!";


This will just simply print the output to the screen. This runs without any extra stuff under RH8.0.

Now only if I could get my SEQ to stop locking up after entering the key. Anyone know what could be my problem? I input the key and SEQ window hangs.

i'm not familier with perl, but i'm sure i can figure it out... but i thought i'd ask here first... i tend to use 2 - 4 seq sessions, would it be possible to have the perl script write the key to a file named like ... "ipaddress.key" (would be 10.0.0.0.key or something) as well as outputting to screen? i notice it already gets the ip of the sender, so i believe the only hard part about this (for me) would be figuring out how to write to a file with perl ;)

i am looking forward to seq actually doing the listening ;)

this would do something like that.


#!/usr/bin/perl

use strict;
use IO::Socket;
my($sock, $oldmsg, $newmsg, $hisaddr, $sender, $MAXLEN, $PORTNO);
$MAXLEN = 1024;
$PORTNO = 666;
$sock = IO::Socket::INET->new(LocalPort => $PORTNO, Proto => 'udp')
or die "socket: $@";
print "Awaiting UDP messages on port $PORTNO\n";
$oldmsg = "This is the starting message.";
while ($sock->recv($newmsg, $MAXLEN)) {
my($port, $ipaddr) = sockaddr_in($sock->peername);
$sender = gethostbyaddr($ipaddr, AF_INET);
print "Client $sender said ``$newmsg''\n";
$sock->send($oldmsg);
$oldmsg = "[$sender] $newmsg";

open (KEYFILE, ">/tmp/sessionkey_$sender.txt") or die "Couldn't open file.\n";
print KEYFILE $newmsg;
close KEYFILE;
}
die "recv: $!";


adjusting the seq code atm.

i was wondering if you would be willing to test your code on the openssh server for windows <a href="http://www.networksimplicity.com/openssh/">OpenSSH</a>

i can understand not wanting to try it on all of the available telnet clients and ssh client for windows, but i think if everyone at least tested it on openssh, we would have a free and secure way of running apps on the windows box from somewhere else... while being full screen :)

i haven't had much luck with the OTHER client in openssh session, but i believe this one will work (haven't had a chance to test fully).

Seems that all we need is for SEQ to monitor the keyfile.dat file. I am using one of the mvern's derivatives that uses pscp to send the keyfile.dat to my linux box, at which time I currently use the file manager to watch the file, when it updates, I manually tell seq to load keyfile and off we go. If seq had the code built in to just watch for changes in keyfile.dat, and reload it when the time stamp changes, it'd be perfect... at least, in my implementation. :D

it's a much cleaner way to send a packet and have showeq picking it up. with it's function it already has: packet sniffing.
having all kind of services running isn't an good option imo.
im done coding the seq part too, but im at work and can't test it from here.

Hoihoi, like the script, got it working on both ends can get the key and manually enter it into SEQ (crashes often, but at least the key appears to be coming across OK).

The only thing I can't seem to get working is if I save the keycode to /usr/local/share/showeq/keyfile.dat, then just have SEQ Load in the Keyfile, for some reason SEQ doesn't read the key properly, looks like the numbers are being converted, or something. Sure I'm just doing something wrong, or maybe the fixes you did today will resolve this issue.

At any rate, thanks for the help so far.

--add--
Oh, how would you make senseheading.c so it'll only send a new key via UDP if the key has changed since last update?

heres the promissed code. it isn't passing the key itself into the 'theKey()' right, just posting it now if some1 wants to complete it cuz i'm gonna sleep.
the code is still dirty and i don't sugest to use it yet. if i the devs would add a cleaned up and workin version of this, i'll code it done tomorrow with speed optimazions and the seq config file support.



? showeq/BACKUP
Index: showeq/src/interface.cpp
================================================== =================
RCS file: /cvsroot/seq/showeq/src/interface.cpp,v
retrieving revision 1.48
diff -r1.48 interface.cpp
745c745
< m_levelSpinBox = new QSpinBox(1, 60, 1, this, "m_levelSpinBox");
---
> m_levelSpinBox = new QSpinBox(1, 65, 1, this, "m_levelSpinBox");
Index: showeq/src/packet.cpp
================================================== =================
RCS file: /cvsroot/seq/showeq/src/packet.cpp,v
retrieving revision 1.43
diff -r1.43 packet.cpp
61a62,65
> // Sense port
> // Port which ShowEQ recives the windows packet with the session key
> #define SENSE_PORT 666
>
1055c1059
< if (!packet.isValid())
---
> if (!packet.isValid() && packet.getDestPort() != SENSE_PORT)
1115a1120,1124
> else if (packet.getDestPort() == SENSE_PORT && packet.getIPv4SourceN() == m_client_addr)
> {
> set_decoder_key (packet.payloadLength(), packet.payload(), m_eqstreamdir);
> return;
> }
1444c1453
< if (!pf->isValid())
---
> if (!pf->isValid() && packet.getDestPort() != SENSE_PORT)
3291a3301,3313
> void EQPacket::set_decoder_key (uint32_t len, uint8_t *data,
> uint8_t dir)
> {
> char textkey[18];
> uint64_t key = 0xffffffffffffffff;
>
> sprintf(textkey, "%s", data);
>
> key = strtoull(textkey, NULL, 0);
> qDebug("set_decoder_key: User specified key over udp: 0x%llx", key);
> emit theKey(key);
> }
>
3566c3588
< sprintf (filter_buf, "udp[0:2] > 1024 and udp[2:2] > 1024 and ether proto 0x0800");
---
> sprintf (filter_buf, "(udp[0:2] > 1024 and udp[2:2] > 1024 and ether proto 0x0800) or udp[2:2] = %d", SENSE_PORT);
3571c3593
< sprintf (filter_buf, "udp[0:2] > 1024 and udp[2:2] > 1024 and host %s and ether proto 0x0800", host);
---
> sprintf (filter_buf, "(udp[0:2] > 1024 and udp[2:2] > 1024 and host %s and ether proto 0x0800) or udp[2:2] = %d", host, SENSE_PORT);
3578c3600
< sprintf (filter_buf, "udp[0:2] > 1024 and udp[2:2] > 1024 and ether host %s and ether proto 0x0800", host);
---
> sprintf (filter_buf, "(udp[0:2] > 1024 and udp[2:2] > 1024 and ether host %s and ether proto 0x0800) or udp[2:2] = %d", host, SENSE_PORT);
3724c3746
< sprintf (filter_buf, "(udp[0:2] = 9000 or udp[2:2] = 9000 or udp[0:2] = 9876 or udp[0:2] = %d or udp[2:2] = %d) and host %s and ether proto 0x0800", client_port, client_port, hostname);
---
> sprintf (filter_buf, "(udp[0:2] = 9000 or udp[2:2] = 9000 or udp[0:2] = 9876 or udp[0:2] = %d or udp[2:2] = %d or udp[2:2] = %d) and host %s and ether proto 0x0800", client_port, client_port, SENSE_PORT, hostname);
3726c3748
< sprintf (filter_buf, "(udp[0:2] = 9000 or udp[2:2] = 9000 or udp[0:2] = 9876 or udp[0:2] = %d or udp[2:2] = %d) and host %s and ether proto 0x0800", zone_port, zone_port, hostname);
---
> sprintf (filter_buf, "(udp[0:2] = 9000 or udp[2:2] = 9000 or udp[0:2] = 9876 or udp[0:2] = %d or udp[2:2] = %d or udp[2:2] = %d) and host %s and ether proto 0x0800", zone_port, zone_port, SENSE_PORT, hostname);
3728c3750
< sprintf (filter_buf, "(udp[0:2] = 9000 or udp[2:2] = 9000 or udp[0:2] = 9876 or udp[0:2] = %d or udp[2:2] = %d) and ether host %s and ether proto 0x0800", client_port, client_port, hostname);
---
> sprintf (filter_buf, "(udp[0:2] = 9000 or udp[2:2] = 9000 or udp[0:2] = 9876 or udp[0:2] = %d or udp[2:2] = %d or udp[2:2] = %d) and ether host %s and ether proto 0x0800", client_port, client_port, SENSE_PORT, hostname);
3730c3752
< sprintf (filter_buf, "(udp[0:2] = 9000 or udp[2:2] = 9000 or udp[0:2] = 9876 or udp[0:2] = %d or udp[2:2] = %d) and ether host %s and ether proto 0x0800", zone_port, zone_port, hostname);
---
> sprintf (filter_buf, "(udp[0:2] = 9000 or udp[2:2] = 9000 or udp[0:2] = 9876 or udp[0:2] = %d or udp[2:2] = %d or udp[2:2] = %d) and ether host %s and ether proto 0x0800", zone_port, zone_port, SENSE_PORT, hostname);
3736c3758
< sprintf (filter_buf, "udp[0:2] > 1024 and udp[2:2] > 1024 and ether proto 0x0800");
---
> sprintf (filter_buf, "(udp[0:2] > 1024 and udp[2:2] > 1024 and ether proto 0x0800) or udp[2:2] = %d", SENSE_PORT);
3767d3788
<
Index: showeq/src/packet.h
================================================== =================
RCS file: /cvsroot/seq/showeq/src/packet.h,v
retrieving revision 1.26
diff -r1.26 packet.h
681a682
> void theKey(uint64_t);
758c759,760
<
---
> private slots:
> void set_decoder_key (uint32_t len, uint8_t* data, uint8_t direction = 0);

and here is the windows code that needs to be adjusted (placeholders filled into the packet)



// $Header: /usr/local/cvsroot/senseheading/senseheading.c,v 1.2 2002/11/05 00:29:31 hoihoi Exp $

#include <stdio.h>
#include <string.h>
#include <winsock2.h>
#include <tlhelp32.h>

#define CONF_FILE "C:/senseheading/senseheading.conf"
#define CONF_SIZE 16

struct CONFIG
{
unsigned long long SessionKeyLocation;
unsigned int SendInterval;
char seq_ip[16];
int seq_port;
} config;

int SendSessionKey(unsigned long long SessionKey);

void readkey (HANDLE hProcess, int useConfig)
{
while (1)
{
unsigned long addr;
unsigned long long key;
char keypressing;

if (useConfig == 0)
{
printf ("\nenter offset (ie: 0x00773b90): ");
if (scanf ("%08x", &addr) == 1)
{
printf ("offset:\t0x%08x\n", addr);
}
}
else
addr = config.SessionKeyLocation;

if (ReadProcessMemory (hProcess, (void *)addr, &key, 8, NULL) == 0)
{
printf ("ReadProcessMemory on 8 bytes at 0x%08x failed: %u\n", addr, GetLastError());
}
else
{
printf ("Session key:\t0x%016llx\n", (unsigned long long) key);
}

if ( useConfig == 1)
{
if (SendSessionKey(key) != SOCKET_ERROR)
printf("Sent the session key to %s:%d\n", config.seq_ip, config.seq_port);
else
printf("Failed to send the session key to %s:%d\n", config.seq_ip, config.seq_port);
}

if (config.SendInterval != 0)
sleep(config.SendInterval*1000);
else
{
printf("\nPress some key to continue");
scanf("%s", &keypressing);
}
}

fflush (stdin);
}

int scanproclist ( int useConfig )
{
HANDLE hProcessSnap = NULL;
PROCESSENTRY32 pe32 = {0};

// Take a snapshot of all processes in the system.
hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

if (hProcessSnap == INVALID_HANDLE_VALUE)
return 0;

// Fill in the size of the structure before using it.
pe32.dwSize = sizeof(PROCESSENTRY32);

if (Process32First(hProcessSnap, &pe32))
{
HANDLE hProcess;

do
{
LPSTR pCurChar;
char pName[512];

// strip path and leave exe filename
for (pCurChar = (pe32.szExeFile + strlen (pe32.szExeFile));
*pCurChar != '\\' && pCurChar != pe32.szExeFile - 1;
--pCurChar)

strcpy(pName, pCurChar);
strlwr(pName);

if ( (strncmp (pName, "testeqgame", 10) == 0) || (strncmp (pName, "eqgame", 6) == 0) )
{
printf ("found eqgame - pid = %u\n\n", pe32.th32ProcessID);
hProcess = OpenProcess (PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);
if (hProcess == NULL)
{
DWORD dw;
dw = GetLastError();
printf ("OpenProcess failed, error: %u\n", dw);
return 0;
}
readkey (hProcess, useConfig);
}
}
while (Process32Next(hProcessSnap, &pe32));
}

CloseHandle (hProcessSnap);
return 0;
}


int ReadConfig (void)
{
int useConfig = 0;
char conf_buffer[CONF_SIZE];

GetPrivateProfileString("Client", "SessionKeyLocation", "0", conf_buffer, CONF_SIZE, CONF_FILE);
config.SessionKeyLocation = strtol(conf_buffer,NULL,16);

GetPrivateProfileString("Client", "SendInterval", "0", conf_buffer, CONF_SIZE, CONF_FILE);
config.SendInterval = atoi(conf_buffer);

GetPrivateProfileString("ShowEQ", "IP", "0", conf_buffer, CONF_SIZE, CONF_FILE);
strcpy(config.seq_ip, conf_buffer);

GetPrivateProfileString("ShowEQ", "Port", "0", conf_buffer, CONF_SIZE, CONF_FILE);
config.seq_port = atoi(conf_buffer);

if (config.SessionKeyLocation > 0)
useConfig = 1;

return useConfig;
}

int SendSessionKey(unsigned long long SessionKey)
{
int ret;
char content[34];

// dots are to fill stuff for showeq (ie. header & opcode)
sprintf(content, "................0x%llx", SessionKey);

WSADATA wsd;
SOCKET ssocket;
SOCKADDR_IN seq;

if (WSAStartup(MAKEWORD(2, 2), &wsd) != 0)
{
printf("WSAStartup failed!\n");
return SOCKET_ERROR;
}

ssocket = socket(AF_INET, SOCK_DGRAM, 0);
if (ssocket == INVALID_SOCKET)
{
printf("socket() failed; %d\n", WSAGetLastError());
return SOCKET_ERROR;
}

seq.sin_family = AF_INET;
seq.sin_port = htons((short)config.seq_port);
seq.sin_addr.s_addr = inet_addr(config.seq_ip);

ret = sendto(ssocket, content, sizeof(content), 0, (SOCKADDR *)&seq, sizeof(seq));
if (ret == SOCKET_ERROR)
{
return SOCKET_ERROR;
}

closesocket(ssocket);

WSACleanup();
return 0;
}



int main(void)
{
printf ("scanning for eqgame.exe\n");

if (ReadConfig() == 1)
scanproclist(1);
else
scanproclist(0);

return 0;
}

Something is funky with the code that writes the key to file in teh above script. Its writting it alright, but SEQ is reading in something funky when it does

For instance, I recieve a key:
0xfffffffff9086d8d

it writes the file and i do a:

hexdump -c keyfile.dat
0000000 0 x f f f f f f f f f 9 0 8 6 d
0000010 8 d
000001

Problem is, seq reads it in as:
Loaded KEY: 0x6666666666667830

obviously, a problem. Does seq expect it to be ins ome other format?

I know the key is correct cause if i manually enter it, the zone decodes it correctly. I think the perl snippet is jsut writting it perhaps in a byte order seq isnt looking for?

Originally posted by Fantastik
Something is funky with the code that writes the key to file in teh above script. Its writting it alright, but SEQ is reading in something funky when it does

For instance, I recieve a key:
0xfffffffff9086d8d

it writes the file and i do a:

hexdump -c keyfile.dat
0000000 0 x f f f f f f f f f 9 0 8 6 d
0000010 8 d
000001

Problem is, seq reads it in as:
Loaded KEY: 0x6666666666667830

obviously, a problem. Does seq expect it to be ins ome other format?

I know the key is correct cause if i manually enter it, the zone decodes it correctly. I think the perl snippet is jsut writting it perhaps in a byte order seq isnt looking for?


This will write it in the proper format. pack() is your friend.


#!/usr/bin/perl

use strict;
use IO::Socket;
my($sock, $oldmsg, $newmsg, $hisaddr, $sender, $MAXLEN, $PORTNO, $i, $themsg);
$MAXLEN = 1024;
$PORTNO = 3234;
$sock = IO::Socket::INET->new(LocalPort => $PORTNO, Proto => 'udp')
or die "socket: $@";
print "Awaiting UDP messages on port $PORTNO\n";
$oldmsg = "This is the starting message.";
while ($sock->recv($newmsg, $MAXLEN)) {
my($port, $ipaddr) = sockaddr_in($sock->peername);
$sender = gethostbyaddr($ipaddr, AF_INET);
$i = pack("H18",$newmsg);
chop($themsg = reverse $i);
print "Client $sender said ``$newmsg''\n";
$sock->send($oldmsg);
$oldmsg = "[$sender] $newmsg";
open(KEYFILE,">/tmp/keyfile_$sender.dat");
printf KEYFILE $themsg;
close(KEYFILE);

}
die "recv: $!";

Thanks
GrimJack