Silkroad Online Forums

Before accusing me of any wrongdoing or flaming me for no reason, skim through this article first/again (it was posted in a sticky):

http://en.wikipedia.org/wiki/White_hat (I hate referencing Wikipedia, but considering the audience, I feel that it is my only choice)

Many people here seem to think that the only way to get “hacked” or to lose your account is either through a keylogger, a weak password (eg, brute force), or sheer stupidity (eg, falling for a “FREE SILK” scam).

In actual fact, considering just how oblivious Joymax is, the number of ways to get “hacked” is endless. Anything from chatting to someone, to doing an exchange/party invitation, to even running a stall can result in sad results. Although I disagree with the fact that Joymax is doing everything they can to safeguard its players, I have to admit that given the nature of current technology and programming standards, there are some things that just can’t be “fixed”.
I would like to emphasize that I am who that article claims, and that I never have, currently do not, and never will engage in activities that cause any Silkroad players pain and grief.

My goal in this short post is to give you an idea of what I am talking about, but without giving away enough information to cause any further harm. Let’s get straight to the point.

Packets
The best way to think about a packet is a package. It contains something (in this case information) that is sent from one destination to another. In networking a packet is sent from one node to another, using some sort of a protocol (in this case TCP/IP).
Go ahead and open you command prompt (if you use windows) or a shell if you use unix/linux. Do a ping command to 121.128.133.12 (Joymax). You have just sent a packet. In this case it doesn’t really do anything useful. The ping command will wait for a reply (another packet) and calculate the time difference. This time difference is known as latency. In VERY simple English, latency is the amount of time it takes for a packet to go from one node to another. Actually in this specific case it won’t work at all, because the other end drops ping requests, which means you won’t get any replies.

Well, that was easy, wasn’t it? Not very useful though. So let’s take it a step further. Google for a “packet sniffer” (on my windows machine, I use Wireshark). Have your SRO running (IF you are afraid of getting banned, just use another account). Let’s capture some packets from the server. (here is a challenge – find out which PORT SRO is running on). Go to town and press start, wait a few seconds before pressing stop. See those? They are packets! Carrying data! Now try this: go to a place that has no players, or mobs or anything else around, make sure there is no guild/union/GM/global chat of any kind. Now have your friend message you. Do you see those? Those packets carry information required to go from your friend to you (instead of someone else) along with the message. A single action or request may involve one packet but may also involve more.
Now what about the actual content? It may seem meaningless, but in actual fact it carries a lot of valuable information. It is simply in hexadecimal, that’s all.

The hexadecimal system is fairly easy to understand. Binary has two possible values 0 or 1. Decimal system has 10 -> 0 – 9. Hexadecimal has 16 -> 0 – 9 and after the 9 another 6 letters, A B C D E F.

Packets are all designed with similar principles but may look different. For example, a simple packet may look like this:

---------------------------------------------------
Destination
---------------------------------------------------
Size (how many bytes are expected)
---------------------------------------------------
Payload (the actual information)
---------------------------------------------------


Go ahead; capture packets, read through them. Trial and error should give you an idea of their design and what they mean (at least some of them).

We captured packets, now what about sending some. Well it is not easy, but it is not impossible either. You have to know a programming language or some sort. I am using C, Java, C#, C++, VB, depening on what I am doing. If you have visual studio, open up MSDN documentation and search for Socket class (C# or Java). Read through it. Specifically take note of how to send and receive Bytes. Open your SRO client, connect and login while capturing packets using your packet sniffer. Once you’ve done that, attempt to replicate the same in your application. It took me 15 minutes of coding to get as far as the character selection process (minus the image verification). It took me about two hours to write a program that can send a chat message to any recipient.

Side note: This is how the so called Clientless Bots are written.

Getting the idea yet? Well whether you do or not, this is where I have to stop, as any more information may become dangerous in the hands of those who wish to do harm.



Assembly... Memory... and all that Jazz
I’ll be brief on this one. Back in the old days of programming and computer science, long before FORTRAN ALL code was written by hand. Assembly is still used today and can also be used to gain some interesting information.

I am using a memory scanner I wrote myself, so I am not posting it here. But you can get one off Google. If you want something really easy, then get something like Cheat Engine. There is a tutorial that does a fairly good job of explaining on how to retrieve values from a process and how to modify them. It is limited in terms of theory and true usage, but you don’t need to know more than that anyway (unless you are serious about hacking). If you are curious, try it out on a simple application such as a calculator. While it may appear at first that there isn’t much you can do by modifying those values client side, doing a bit more reading and playing around can reveal some pleasant surprises. You can also get the assembly statements.

Well that’s all for now, but I do plan on posting some more stuff in the future. This little piece of writing is not designed to scare you, or to make you paranoid. It is just a way to make people stop thinking certain “fairytales” and put certain myths to rest.

Intruder wrote:Open your SRO client, connect and login while capturing packets using your packet sniffer. Once you’ve done that, attempt to replicate the same in your application. It took me 15 minutes of coding to get as far as the character selection process (minus the image verification).

I thought I read somewhere that the packets were encrypted using a modified blowfish. I could be totally off, as I only vaguely recall reading something like that.

Gul wrote:

Intruder wrote:Open your SRO client, connect and login while capturing packets using your packet sniffer. Once you’ve done that, attempt to replicate the same in your application. It took me 15 minutes of coding to get as far as the character selection process (minus the image verification).

I thought I read somewhere that the packets were encrypted using a modified blowfish. I could be totally off, as I only vaguely recall reading something like that.

Why don't you try for yourself. If you were serious about doing something, than you would try every packet and write down the pattern of the request. For instance, the code for initiating an exchange. The data as it is, is not obvious in terms of how to use it, but replicating it is not as hard as you may think.

i would post a pic of Colin Powell ...but i'm just too damn tired.

*yawns* the reading was a bore

shoto wrote:i would post a pic of Colin Powell ...but i'm just too damn tired.

*yawns* the reading was a bore

Which means that either you are simply not capable/willing to understand that or you already know most of that stuff, which is great.

Something like that is probably over my head at this point.

The only thing that I've done that is remotely close to what you described, is using WPE spy to copy and send packets to Gunz, back when it was still in beta. Found the "kill person X" packet and sent it repeatedly

Gul wrote:Something like that is probably over my head at this point.

The only thing that I've done that is remotely close to what you described, is using WPE spy to copy and send packets to Gunz, back when it was still in beta. Found the "kill person X" packet and sent it repeatedly

There you go, and that should be enough to convince you.

The problem with Joymax's approach is that their "request" type of packets retrieves some information that is unsafe to the person who is sending it. On its own, it is not enough to hack someone's account or get their password (impossible at all), but it is part of it.

Intruder wrote:Before accusing me of any wrongdoing or flaming me for no reason, skim through this article first/again (it was posted in a sticky):

http://en.wikipedia.org/wiki/White_hat (I hate referencing Wikipedia, but considering the audience, I feel that it is my only choice)

Many people here seem to think that the only way to get “hacked” or to lose your account is either through a keylogger, a weak password (eg, brute force), or sheer stupidity (eg, falling for a “FREE SILK” scam).

In actual fact, considering just how oblivious Joymax is, the number of ways to get “hacked” is endless. Anything from chatting to someone, to doing an exchange/party invitation, to even running a stall can result in sad results. Although I disagree with the fact that Joymax is doing everything they can to safeguard its players, I have to admit that given the nature of current technology and programming standards, there are some things that just can’t be “fixed”.
I would like to emphasize that I am who that article claims, and that I never have, currently do not, and never will engage in activities that cause any Silkroad players pain and grief.

My goal in this short post is to give you an idea of what I am talking about, but without giving away enough information to cause any further harm. Let’s get straight to the point.

Packets
The best way to think about a packet is a package. It contains something (in this case information) that is sent from one destination to another. In networking a packet is sent from one node to another, using some sort of a protocol (in this case TCP/IP).
Go ahead and open you command prompt (if you use windows) or a shell if you use unix/linux. Do a ping command to 121.128.133.12 (Joymax). You have just sent a packet. In this case it doesn’t really do anything useful. The ping command will wait for a reply (another packet) and calculate the time difference. This time difference is known as latency. In VERY simple English, latency is the amount of time it takes for a packet to go from one node to another. Actually in this specific case it won’t work at all, because the other end drops ping requests, which means you won’t get any replies.

Well, that was easy, wasn’t it? Not very useful though. So let’s take it a step further. Google for a “packet sniffer” (on my windows machine, I use Wireshark). Have your SRO running (IF you are afraid of getting banned, just use another account). Let’s capture some packets from the server. (here is a challenge – find out which PORT SRO is running on). Go to town and press start, wait a few seconds before pressing stop. See those? They are packets! Carrying data! Now try this: go to a place that has no players, or mobs or anything else around, make sure there is no guild/union/GM/global chat of any kind. Now have your friend message you. Do you see those? Those packets carry information required to go from your friend to you (instead of someone else) along with the message. A single action or request may involve one packet but may also involve more.
Now what about the actual content? It may seem meaningless, but in actual fact it carries a lot of valuable information. It is simply in hexadecimal, that’s all.

The hexadecimal system is fairly easy to understand. Binary has two possible values 0 or 1. Decimal system has 10 -> 0 – 9. Hexadecimal has 16 -> 0 – 9 and after the 9 another 6 letters, A B C D E F.

Packets are all designed with similar principles but may look different. For example, a simple packet may look like this:

---------------------------------------------------
Destination
---------------------------------------------------
Size (how many bytes are expected)
---------------------------------------------------
Payload (the actual information)
---------------------------------------------------


Go ahead; capture packets, read through them. Trial and error should give you an idea of their design and what they mean (at least some of them).

We captured packets, now what about sending some. Well it is not easy, but it is not impossible either. You have to know a programming language or some sort. I am using C, Java, C#, C++, VB, depening on what I am doing. If you have visual studio, open up MSDN documentation and search for Socket class (C# or Java). Read through it. Specifically take note of how to send and receive Bytes. Open your SRO client, connect and login while capturing packets using your packet sniffer. Once you’ve done that, attempt to replicate the same in your application. It took me 15 minutes of coding to get as far as the character selection process (minus the image verification). It took me about two hours to write a program that can send a chat message to any recipient.

Side note: This is how the so called Clientless Bots are written.

Getting the idea yet? Well whether you do or not, this is where I have to stop, as any more information may become dangerous in the hands of those who wish to do harm.



Assembly... Memory... and all that Jazz
I’ll be brief on this one. Back in the old days of programming and computer science, long before FORTRAN ALL code was written by hand. Assembly is still used today and can also be used to gain some interesting information.

I am using a memory scanner I wrote myself, so I am not posting it here. But you can get one off Google. If you want something really easy, then get something like Cheat Engine. There is a tutorial that does a fairly good job of explaining on how to retrieve values from a process and how to modify them. It is limited in terms of theory and true usage, but you don’t need to know more than that anyway (unless you are serious about hacking). If you are curious, try it out on a simple application such as a calculator. While it may appear at first that there isn’t much you can do by modifying those values client side, doing a bit more reading and playing around can reveal some pleasant surprises. You can also get the assembly statements.

Well that’s all for now, but I do plan on posting some more stuff in the future. This little piece of writing is not designed to scare you, or to make you paranoid. It is just a way to make people stop thinking certain “fairytales” and put certain myths to rest.

Things like this interest me, im not sure why...wish i just concentrate enough to know all about this...

For being someone knowing little to nothing about these things, I am always happy when people try to explain the basics. Thanks for sharing.

too long to read

heroo wrote:too long to read

and youll probably be the nxt person without a account

meh... I have a firewall

Gul, your sig made me chuckle.

i know about packets and how they behave on the network.
its just that i suck at programming esp assembly.
but i do appreciate what youve posted.

This actually interests me aswell, never thought of myself as an computer-nerd or anything, but I've always loved to know how the heck things work. Got more?

rangah wrote:This actually interests me aswell, never thought of myself as an computer-nerd or anything, but I've always loved to know how the heck things work. Got more?

Yes I do. I'll post a bit more theory, but as far as technical stuff is concerned... no more (this is already too much).

lets all be paranoid. ready, go!

Fat_Smurf wrote:meh... I have a firewall

Which means absolutely nothing. Traffic going through a port used by SRO_Client is legit. Firewall would not do anything to protect you from someone, who is trying to hack you within the game.

Intruder wrote:

Fat_Smurf wrote:meh... I have a firewall

Which means absolutely nothing. Traffic going through a port used by SRO_Client is legit. Firewall would not do anything to protect you from someone, who is trying to hack you within the game.

im just questioning your intentions

but are you really a white hat
ive seen some turn black lol tempted with all that power

"Greed takes us all sooner Or Later"

Intruder wrote:

Fat_Smurf wrote:meh... I have a firewall

Which means absolutely nothing. Traffic going through a port used by SRO_Client is legit. Firewall would not do anything to protect you from someone, who is trying to hack you within the game.

Was going to answer the same way but clicked "X" instead.
Anyways trying to teach myself abit of VS. And some WR. But hard to get a hang of to be honest. I guess you would know my intentions ......

Anyways appreciate your post, given me some idea's. Lookign forward to reading more of your posts seeing as SRF needs more intellectual people.

Karlos Vandango wrote:

Intruder wrote:

Fat_Smurf wrote:meh... I have a firewall

Which means absolutely nothing. Traffic going through a port used by SRO_Client is legit. Firewall would not do anything to protect you from someone, who is trying to hack you within the game.

im just questioning your intentions

but are you really a white hat
ive seen some turn black lol tempted with all that power

"Greed takes us all sooner Or Later"

No need to question my intentions. Ask yourself, why am I spending time here on SRF instead of doing what you think I might be tempted to do.

I have other things to do in life... causing grief to others is not one of them.

Hi Intruder,

You've obviously done some protocol analysis on SRO (something I have done as well with other online games, but haven't analyzed SRO yet).

Are you considering making a server emulator, or a tool like ShowEQ? Just curious - I have some ideas bouncing around my head.

StealMySoda wrote:Gul, your sig made me chuckle.

Lol me too.

nice post

give us more

numatan wrote:Hi Intruder,

You've obviously done some protocol analysis on SRO (something I have done as well with other online games, but haven't analyzed SRO yet).

Are you considering making a server emulator, or a tool like ShowEQ? Just curious - I have some ideas bouncing around my head.

For the hell of it? Maybe, depends on whether I have time to kill.

For a purpose? Hell no.

He just Wikepidea'd your ass!

Meh i didn't know what to say, hell no am I reading all that shizz.

Sounds wierd though.

Edit: Woah just found some time to go through it and was pretty impressed, I've always wanted to know, like Rangah, how things work and how messaged are recived within a program.

Would love to hear more from you. I'm hoping to take programming when i get to College so is that anything like what we are talking about here?

Matsuko wrote:He just Wikepidea'd your ass!

Meh i didn't know what to say, hell no am I reading all that shizz.

Then don't say anything.

conclusion: smart people should leave sro.