Wondering something.

[Viper]

So, I can sniff the packets but they are encrypted, of course. What I am trying to figure out is where is the key to unlock the encryption at? It once was in the client but no more, or so I have been told. So, I am thinking the EQ2 server is sending the client the key now (now that Acid fixed the loophole when he went to go work for the man) but where? I see the data stream but I have no idea what the key even looks like now or which bytes or if the key is encrypted and we have to decrypt it etc... Probably compressed too I bet. Anyone know this stuff for EQ2 anymore? Thanks.

[purple]

Not much EQ2 action around here.

In EQ1, when they were shifting opcodes per connection, there was a world server packet handing over the seed as part of its contents. Being familiar with the expected packet streams before the change helped to identify this new packet quickly. You do not have that luxury with EQ2.

You probably need to do some disassembly (which is a lot easier to type here than to actually do). Find the encryption initializer then trace it back from whence it came.

[Viper]

Yep. I have idapro but it will not allow the program to run while I trace and set my breakpoints. I miss softice but being in Vista 64 it simply will not work (discontinued now anyways) and I haven't found any viable alternatives that will allow it to run and stop on my set breakpoints so I can see where the routine is.

[BlueAdept]

See if olly debug works. I use it to "fix" some programs I use.

[ieatacid]

Yep. I have idapro but it will not allow the program to run while I trace and set my breakpoints. I miss softice but being in Vista 64 it simply will not work (discontinued now anyways) and I haven't found any viable alternatives that will allow it to run and stop on my set breakpoints so I can see where the routine is.

Why won't it let the program run with breakpoints? If I recall correctly, I was able to do this when I tried sometime last year. Did you select "no" if it asked if you'd like to pass exceptions to the application? Also, you can set hardware breakpoints and there are a number of IDA plugins that help with using it in debugger mode.

[ieatacid]

Oh and WinDbg works for EQ2 too, and has a lot more options than IDA's debugger.

[Viper]

Still learning all of this but I have written a simple snooper and I am moving towards a decrypter of the packet stream. Windbg I just could not get my head around like ida and olly (god if olly and ida married their debugging child would be the best in the world).

[BlueAdept]

If you make any progress, I would be more than happy to re-open this section.

I closed it off not long ago because ever since acid got hired by the man, there wasn't any activity.

[Viper]

Well, I am so close but still so far too. :/ Yeah, sucks acid left us but that happened in AC1 too when the original guy who started cracking their protocol got too close. What he did lead to Decal being made and the rest is history. So, the only difference is acid just left us high and dry.

[BlueAdept]

Restored the EQ2 sections.

[Viper]

Sweet. My head is buzzing and after many days of long hours I need a break. I just wish there was a decompiler just a tad better than the hex rays one (I mean decompiler for pseudo c/c++ code) because that would help me immensely.