news flash
the client cleartexts the key to the the server in the login packet.
Jul 09 2014 13:51:22:888 [Decoded] [Client->Server] [Size: 464]
[OPCode: 0x4dd0]
[Name: OP_SendLoginInfo][Updated: 10/27/05]
000 | 31 32 33 34 35 36 00 AB EE CD 4a FF 32 44 FF 56 | 123456.38ICZ2XYV
016 | 4b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | K...............
(values obfuscated intentionally)
The 10 digit ascii above is the encryption key for this session, sent by client to server. It's a cyclic xor encryption like everyone suspected. They put it into the "password" field. Special thanks to another friend who is working on this as well.