To bypass this protection, you first need to modify ShowEQ to read the key from the OP_SendLoginInfo code, and then apply a null-preserving, rotating XOR to the spawnStructs. The code change takes about ~30 lines of C code added to ShowEQ:
Modify the ShowEQ Configuration Op Codes document to expect the additional data.
Modify the ‘struct’ to contain the decryption key.
Store the key in memory for the session and update when necessary.
Modify the spawnStruct handling functions to decrypt the entire packet before further processing.
Reply With Quote
