• You've discovered RedGuides, an EverQuest multi-boxing and scripting community 🧙‍♀️⚙️. We want you to play several EQ characters at once, come join us and say hello! 👋

  • A TLP without truebox has thawed (Very Vanilla ready)
    Frostreaver

Tip - New Packet send method

D

dencelle

Creator
Joined
Sep 19, 2010
RedCents
110¢
So it took me a while to figure out how MQ2 was being detected on live, then it hit me when i started looking into the history of MQ2 and EQLive. back in 2006 during SoF SOE changed their send_message function inside of eqgame. now before this (i think) we were directly accessing it and calling it sendeqmessage() or something like that. after 2006 there was a few programmers that came out with the new way to send packets... (took me forever to understand what the hell they did..) but it finally hit me... literally... i hit my desk really hard because it was right there and i couldn't see it...

so how packets worked prior to the most recent ban waves and stuff was mq2 would take the packet and structure, construct a wrapper class for the opcode, then send it (yup... its still sending through send_message...)

so i kinda got curious (since we know all of this now) maybe they changed how that wrapper is done...

no... -.- fuck... but it is larger :D i haven't had a chance to tamper with it any but i figured i'd share this in hopes SOMEONE could maybe get a working undetectable warp again lol

anyone have enough knowledge of how these wrappers and wants to give it a shot?
 
Only person who has claimed to have beat this and has warp I believe on his site is Abyss
 
FYI, warp still works, it is the getting caught that isnt 100% clear. they havent had a ban wave in so long and that is the only way to know for sure. people still use warp and havent been banned, but that doesnt mean they wont be tomorrow. There may or may not be a threshold tolerance for how many warps/distance, but it is so impossible to tell what that may be with waves being months apart. So even testing the idea, you wouldnt see results for days to months to years.
 
Why are you so sure that the warp detection has to do with packets? My money is on serverside checks on things like distance, etc, which don't depend on packet handshakes. In other words, you need to know what the server is checking for; it's doubtful that there would be bypasses in the client (unless there is a god client setting like swg had, and even then I'd imagine god commands are super tracked).
 
... what makes you so sure its not a handshake issue? SoE has done this in the past, and who says they havent done it again, if you dont like the idea of this, ignore it.

as for my proof.. warps arent the only packets that were being detected. Obviously you were under a rock when all of this happened. One of the "active" hacks for example was mq2aaspend, the one you currently use was the result of a complete rewrite of the plugin... I DO have my doubts that this is the answer, but as redbot has told me before, its better to try than to never know.

I have a few other ideas on how mq2 is being detected but ill wait till I can show some proof before I just invite people openly to help.
 
That's what I mean. If they are smart, they would have implemented more server checks (as opposed to handshake checks) to detect these things. I mean, it's a great idea, I just want to throw a wrench into it before you get too excited because it seems to me that there will be server checks. Echoing what Pete says, you can't tell if it's undetectable because you don't have a clue what the server is doing. But now that you can register limitless free accounts, it wouldn't be too awful to try out a lot of stuff. And then wait around for a few months to see who got banned.
 
That was my plan dannuic. I am not stating that i have "beat" the warp detection method, i'm just attempting to find a solution or bring up ideas incase we get another ban wave...

maskoi, as pete has stated, we don't honestly know how eq is detecting warps, so who says even abyss's method is bullet proof? p99 hasn't done a ban wave in quite some time for warps/zones/mq2 use in general... does that mean our old methods of doing all this are no longer detected?

my plan of attack wasn't stated in the original post, my main plan was to find a way to use this plan, test it (years if needed) then release it when the next ban wave came along IF none of the test accounts were banned. i know it seems like a long drawn out process but it seems to be the only fool proof way we can officially tell the users that it is undetectable by the CURRENT detection method.

- - - Updated - - -

btw the main reason i posted this in the first place was, i like many plugin writers, were under the assumption that the packets needed to be encrypted in some sort of way. i was told that you had to be a really good programmer to do this. after studying many methods of encryption i couldn't figure out how what i had was a encryption... its because it wasn't a encryption at all. it was a wrapper i was looking at. (i never studied about wrappers since i thought they were irrelevant and not used in eq. turns out i was wrong... oops...) so more or less this post was in aim to help inform anyone out there that might be trying to attack this, that we were never using any type of encryption apart from the normal every day encryption that eq already provides us.

seemed like usefull information to me... but idk..
 
You think that movement packets use a different type of encryption than other packets? Interesting thought. I used to dev at SWGEmu, where the bulk of my work was reversing packets and structures. Whereas I never saw evidence supporting multiple encryption methods, there were a lot of unknowns in certain packets that could have been validation flags (even decompiling the client didn't fully help with those, just gave us a variable type). Compound that with EQ being an order of magnitude older than SWG ever got, and we are back to the beginning with assumptions we can make. So anything is possible given the current information...

SWGEmu has a really really good packet structure and encryption wiki. Does this community have something similar (perhaps for EQEmu)? This would be a good jumping off point.

- - - Updated - - -

Also, you should amend your plan to include testing many different ways on as many different accounts and see which ones get banned. That would give a lot more clues as to the detection method.

- - - Updated - - -

Also also, encryption isn't so much about programming as it is math. It's almost all number theory with a bit of logic thrown in (which is nearly indistinguishable from number theory anyway...). In order to reverse encryption, you need to figure out the method they use by looking for keys and handshake bits, then apply number theory to figure out how they used it (using a lot of references because I doubt they would come up with something completely new and unique).
 
You must log in or register to reply here.
Tip - New Packet send method
Next unread thread 🦁

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Back
Top
Cart

Cart

Total -