Luigi Auriemma

Now ill tell you what I'm trying to do first. I found luigi's sendto_spoof 0.1.2 code on the website now I want to add this code into ventrilofp. The problem I'm thinking about is... For ventrilofp to work I know it sends first a packet and then it gets a handshake then you send another packet with the handshake to be able to log into it.. I'm pretty sure you don't need a keep alive connection to fill a slot as I've done it before by mistake with the tool. I have both codes but wheres the part in ventrilofp that sends the fake player with the handshake? If anyone can show me or give me and example of where I should place the code?


so this is what I'm trying to do...

Use ventrilofp to get the handshake (before player login)
l
l
add the udp spoof to the code with the saved handshake
l
l
let udp spoof modify the packet so the ip is spoofed
l
l
send the spoofed handshake with player login
l
l
hopefully fill server with spoofed players?(doesn't need keep-alive)


I don't even know if it can be done so thats why i'm asking you guys/girls

Ventrilo uses TCP connections.
UDP is used only for getting the hash and the 64bit key from the master servers (used for scrambling the original keys for the in-game data) and for getting the "query key" from the server.

I don't have the minimal idea why Flagship Industries has added this strange and bad centralized mechanism since it's completely useless for the users: if they wanted to avoid the proxyfying of the clients they have failed since the whole thing is not IP based so the TCP connection can go through the proxy and the UDP direct to server and master server, while if they wanted to avoid the "sniffing" of the data (for understand the protocol which changes often) they have failed too... mah

old topic bump :]

Can anyone guide me as where I should place the code to spoof the packet once it has the corret key?

I dont program in C

I know it can't be done on windows due to the fact of after sp2 on xp you cannot handle Raw Sockets.


A Luigi if you understand what im trying to do it does make sence that it would work right? As all thats going on is after I get the key I send it back with a spoofed IP/player packet.

JD, ventrilo uses TCP connections so you can't spoof them, you can only use a sockscap+tor solution for hiding your IP.
and in any case (so even if it was possible like in the past where the SYN sequence number were predictable) you can't spoof an entire connection but mainly the first TCP data

you can spoof packets also on operating system which don't allow it (like on XP sp2 + the updates) using a virtual machine, because the driver used by it bypasses the checks performed by the OS

Sorry about the UDP thingy I can't find the edit button.

I never knew about the Virtual Machine spoof way thanks :]
What Virtual Machine software do you recommend or use?


Anyways back on topic.

But... I have to explain more I guess I'm not trying to "hide" my ip this is what I'm trying to do.


Send the packet that gets the "query_key" with MY ip. (not spoofed)
(now I should have the "query_key"

Then.

I'm guessing once I have that I can send back a packet with that "query_key" with a spoofed tcp header? EG: the fake player packet that logs in.

I've seen on status they have -1 ping.
It means its not a keep alive connection?


I've seen it happen before, you bring about 150 FP's into a server and leave about 80% of them go but then the ones left are just unkickable/bannable/anything there just taking up space (After about 30mins they leave) that's what I'm trying to re-create, I've rebooted my pc to see if it was still connecting to me but it wasn't. I find it strange that it happens.

here I did my tests with Virtualbox

the -1 ping is caused by the absence of replies from the fake players created by ventrilofp, I don't know if this will be fixed in a far future

the query_key (handshake, handshake_num and handshake_key) is sent through the TCP connection so we return to the issue of spoofed TCP connections