.: Strike :.
Active Member
- Joined
- Mar 8, 2008
- Messages
- 22
- Reaction score
- 26
The XTEA key as shown in Wireshark has the same byte order as in the packet. Let's see what OTClient does with it:
You can convert between both representations with this snippet:
I think I misunderstood your
Some information about when commands changed (The same command ID being used for different things across versions) would be helpful to avoid the false positives.
But I am not sure how often (if at all this occurred). Anything else, I think should be written in Lua by users for their specific use case instead.
Code:
c4 7e 46 25 5a d4 92 29 84 18 e9 82 d1 e2 e7 38 # 16 bytes, as in the Wireshark key
c4 7e 46 25 5a d4 92 29 84 18 e9 82 d1 e2 e7 38 # turn into array of 4 integers
25 46 7e c4 29 92 d4 5a 82 e9 18 84 38 e7 e2 d1 # swap byte order of each integer, this is same as in OTClient
You can convert between both representations with this snippet:
Code:
echo "c4 7e 46 25 5a d4 92 29 84 18 e9 82 d1 e2 e7 38" | sed -es/^/0:/ | xxd -r | xxd -g4 -e
Yes, the client generates a random XTEA key and sends it over the line RSA-encrypted. You can copy the XTEA key as shown in Wireshark and add it to the XTEA key list for dissection.but it looks to me that an XTEA key is at least offered
I think I misunderstood your
as meaning there's a different key displayed in the login packet and the subsequent packets.And a completely different XTEA key is also shown through Wireshark for packets to and from the login server.
Aha. I have tested version 7.72. I will have to test 7.70 and 7.71, because at least one of them seems to differ in which fields are RSA-encrypted and which aren't.I was using the 7.72 protocol
Is there a way we could contribute to this using OTC source code or something as an easy reference
Some information about when commands changed (The same command ID being used for different things across versions) would be helpful to avoid the false positives.
But I am not sure how often (if at all this occurred). Anything else, I think should be written in Lua by users for their specific use case instead.
just trying to understand how this works so I can everything working and possibly contribute as well in the future.