Luigi Auriemma

so i know that my atheros network adapter wont work with gshsniff.exe, but isnt there a way to edit the C code so it could work without using promiscuous mode? i know its possible, it will sniff packets if its not in promiscuous mode. i done so in wireshark and noticed that it works fine without promiscuous mode.

here is a screen of the error:

if you can compile the tool it's enough that you modify the following:
in
while if you can't recompile it open gshsniff.exe with a hex editor, go to offset 0xEEA and replace 0x01 with 0x00

thank you that worked. however, im trying to get the special auth part so i can use your gskeyinuse.exe program.

however, it only gives me this when i refresh swbf2 on server list:


I then tried using the -e -v method on what you used in the video. it didnt display anything at all. i thought this must be the wrong host. so, luckily i saved a query operation relating to swbf2 and it shows this in wireshark:

The query seems to resolve to the IP address 69.10.30.247. i tried using that in gshsniff.exe, and again nothing happened.

so what am i doing wrong to get the auth lines for swbf2? wrong host?

uhmmm don't know, the packet is catched because the IPs are correct so maybe the content is encrypted in another way... but sounds strange.
if you can sniff and collect the original packet (those versus 69.10.30.248:27900) I can take a look at them

the following is a wireshark capture file containing the refresh server operation. interesting stuff in there. also, it contains me trying to join a server with a banned key:
http://96.9.161.91/bf2/pubpackets/bf2%20query%20packets.pcap

here is the .dll from proxocket that contains the start up and shut down of the BattlefrontII.exe:
http://96.9.161.91/bf2/pubpackets/BattlefrontII.exe_proxocket_03.jan.2011-19.28.06.cap

I have verified the sniffs and the only udp packet sent to gamespy is that one containing the name of the game so with nothing to decrypt.

maybe the cdkey authentication is done in another moment