Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 11:36

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 12 posts ] 
Author Message
 Post subject: SA:MP
PostPosted: 27 Feb 2011 03:29 
Hello aluigi!
I am your fan :B

I'd appreciate your help...

I want to do the following but I don't know how :(
I know how to program in C and PHP (and some others) but I dont really understand algorithms.

1.- Transferring the SA:MP fake players to PHP
2.- Making a bot for SA:MP that can send a message.

I've attempted (unsuccessfully) to do so with the sniffer (wireshark).

I'd appreciate your help.

WocaR


Top
  
 
 
 Post subject: Re: SA:MP
PostPosted: 27 Feb 2011 18:51 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
the problem of samp is that everytime they change something to the protocol so if you want to make a generic tool (for example me with sampfp) there is this boring thing of re-reversing it again and again at each release.

that's also why my sampfp.c code could look a bit chaotic, even more chaotic than my usual C code :)

the good news is that as far as I know (remember that I have never used SA:MP in my life) only the client encrypts the packets while those sent by the server should be all in clear text.

the encryption used in version 0.3x is composed by:
- the first byte of the packet acting like a checksum and the rest is the encrypted data
- this data is simply encrypted with a XOR algorithm based on a static 16bit table

in my code the function that does all this job is samp03_crypt that accepts the following arguments:
- data, the buffer containing the data you want encrypt/decrypt
- size, size of the data
- port, port of the server (for example 7777)
- encdec, use 1 (1 means you want to encrypt the data)
- variant, use 2 (2 is for 0.3c)

the checksum is an 8 bit that is simply the sum of the 4 bits part of all the bytes in the original data.
for example if your data is 41 42 43 than you need to sum 0x01 + 0x02 + 0x03.

for encrypting the data you must:
- scan the table looking for each 8bit part that is equal to the byte you want to encrypt
- the new byte will become the position of this value
- XOR this byte with the port if the current position of the data is odd

for example if you have 0x41 0x42 the first byte will become 0x5c because that one is the position of 0xf941 in the table while the second will be 0x40 resulted by 0x21 (position of 0x7442) is XORed with the port 7777.
(I have written this on the fly so some numbers could be wrong)

maybe this could sound chaotic but it's enough easy and moreover the code is open source so I have tried to explain this only because I had nothing else to do :) (usually I NEVER do this!)
so for other doubts consult the code


Top
 Profile  
 
 Post subject: Re: SA:MP
PostPosted: 27 Apr 2011 18:49 

Joined: 27 Apr 2011 18:44
Posts: 47
IF YOU WANT RESOURCES FOR SAMP PROTOCOL PACKETS OR MY DECRYPTED READ ALL THE THREAD PLEASE (THE ATTACHMENT IS HERE : /download/file.rar?id=323)


Dear aluigi.

I know you are a busy man, and it is very boring to explain to people!
Maybe I run out of luck and you won't explain me or perhaps I'm very lucky and you will.


The context is:
I want to make a bot for SAMP in C.
Im trying to copy the original client packets with wireshark.

The question is:
How do I decrypt the client's packet with your samp03_crypt function? (For example decrypt to plain text the 0x16 wich is the join reply from server)
How do I send those packets?


I've trying to do this by coping the exact client packets and sending without using the samp03_crypt but I failed.


Last edited by wocarin on 05 Jun 2011 02:33, edited 1 time in total.

Top
 Profile  
 
 Post subject: Re: SA:MP
PostPosted: 27 Apr 2011 20:40 

Joined: 27 Apr 2011 18:44
Posts: 47
I just figured out that the packets from the client are encrypted in XOR that means that I just gotta run the SAMP crypt with the crypted data to decrypt. Any help will be helpful.


Top
 Profile  
 
 Post subject: Re: SA:MP
PostPosted: 27 Apr 2011 20:53 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
my sampfp.c code and the previous detailed explanation are more than enough, I can't spend other time


Top
 Profile  
 
 Post subject: Re: SA:MP
PostPosted: 27 Apr 2011 21:47 

Joined: 27 Apr 2011 18:44
Posts: 47
I beg you aluigi! Please just help me with this

When I send to the server 0x15 it crypts to 0x05 0x45 0x0a (0x15 => 0x05 0x4, 0x0a)
How do I decrypt 0x05 0x45 0x0a to 0x15 (0x05, 0x45, 0x0a => 0x15)?



Please I beg you to help me please, explain me when you have time on the fly.
I know that you are very busy and I understand please give me 2 minutes of your time!


Top
 Profile  
 
 Post subject: Re: SA:MP
PostPosted: 28 Apr 2011 19:52 

Joined: 27 Apr 2011 18:44
Posts: 47
Dear aluigi thanks for not helping.
I mean it, since I learned myself, I learned much more like about the XOR the tables the CRC and many other things by my own.
I did what you said "I make it a necessity to me so thinks work out" and thats what I did.

I will keep you posted of any advance, and If I manage to finish the bot, I will give you the source code if you want.

Thank you aluigi. :)


Top
 Profile  
 
 Post subject: Re: SA:MP
PostPosted: 28 Apr 2011 21:13 

Joined: 27 Apr 2011 18:44
Posts: 47
Just for people like don't have a clue like me:

When the program is supposed to send 0x15(plaintext) to the server actually it sends 0x05, 0x45, 0x0a
What does this mean? It is very simple and easy, 0x15 converts to 0x05, 0x45, 0x0a because how aluigi said, 0x15 is XOR'd with 0xff and the server port (this means that if you want to send 0x05, 0x45, 0x0a to another server won't work).

I had a very hard time deciphering how to convert from an already encrypted SAMP protocol to plaintext so I could use it for my bot. Here is a table that I did (note: I remove the table from the post to make it shorter and I will upload the list in a txt) with help of aluigi's functions TY ALUGI :DDD



Notice that
Quote:
PLAINTEXT(15) is the same ENCRYPTED(45)

is the JOIN package.


Attachments:
table.txt [10.22 KiB]
Downloaded 105 times
Top
 Profile  
 
 Post subject: Re: SA:MP
PostPosted: 29 Apr 2011 10:13 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
I'm happy that you succeded.
doing things by yourself is an investment for the future.


Top
 Profile  
 
 Post subject: Re: SA:MP
PostPosted: 30 Apr 2011 01:57 

Joined: 27 Apr 2011 18:44
Posts: 47
Yes that is rite :D


But at the end, I succeeded learning a lot of things like
what is XOR
what is a bitwise AND
practised a lot the C language.
got more into the C sockets
got more into the hexadecimal language
got more into the ciphers
got a lot of experience in wireshark.

Also I made a PHP script, that it searches the hex in the list and changes it.
I will attach it here.

I didn't finish my bot but I learned a lot thought.


Thank you aluigi. BTW If a new SAMP version is released, I will update your SAMPFP code for you.



!!!!!!!THANK YOU ALOT!!!!!!


WocaR


Attachments:
replacer.php.txt [3.33 KiB]
Downloaded 177 times
Top
 Profile  
 
 Post subject: Re: SA:MP
PostPosted: 04 Jun 2011 16:47 

Joined: 27 Apr 2011 18:44
Posts: 47
Probably someone is looking for what I just did, if at least 1 people downloads it my objective is done.

I just improved the replacer (I attached it to this post)
Now, it is more effective and you can copy directly your Wire-shark UDP stream to $pack and you are done.
This is NOT meant to be used in CONSOLE MODE, this IS meant to be in the HTTP mode.

Gr33tz N3ptun0 and aluigi

EDIT: I was too noob to understand aluigi's perfect explanation hence I couldn't program nothing. Now that I am more familiarized with math(hex) and binary operators AND something very important for my success was aluigi's calcc

I can simplify my code to the half (but I won't that isn't my main concern at the moment) here is it (Now I added Decode [aka if the byte is odd wont show it] SA:MP protocol + replace the XOR'd characters with plaintext)

If you got time luigi please look at the last part of my script and tell me if I did something wrong.
I will attach the updated version of the replacer in this post.


Attachments:
File comment: Needed for replacer updated, this file contains the static 16 bits tables for XOR (not needed tho)
arrays.php.txt [2.55 KiB]
Downloaded 61 times
File comment: replacer updated
replacer_updated.php.txt [6.38 KiB]
Downloaded 292 times
File comment: replacer.txt
replacer.php.txt [5.91 KiB]
Downloaded 46 times
Top
 Profile  
 
 Post subject: Re: SA:MP
PostPosted: 05 Jun 2011 14:52 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
php supports integer arrays without problems so that string->integer conversion is for sure something you can avoid:
http://php.net/manual/en/language.types.array.php


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 12 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: