Wireshark Packet Decrypter Plugin
Hello, this is basically a more user friendly version of darkys previously released packet decoder in the form of a wireshark plugin.
If you don't know what this is for, this is not for you and you don't need to read on.
It was built and tested on Wireshark version 1.8.3 (32bit) and will propably only work for that version. Also, it might not work for versions of Arma2OA above or far below beta98836.
To install, simply put the arma.dll file into "C:\Program Files (x86)\Wireshark\plugins\1.8.3".
To use, start sniffing in wireshark and find the arma2oa udp packets (maybe by server ip, or by not doing much else than having arma on) in the list, select one and click "Follow UDP Stream" as can be seen in the screenshot, then "Decode As..." and select the ARMA from the list. Then you can see the decrypted data in its own tab.
UC Downloads - Multiplayer Game Hack Downloads - wireshark_arma2ao_decoder.zip
This has no anti-detection. However, in theory, that is not needed as you can run this on a computer that is acting as a internet gateway for the computer that arma is running on, and you do not need to run it on the computer running arma itself.
If you don't know what this is for, this is not for you and you don't need to read on.
It was built and tested on Wireshark version 1.8.3 (32bit) and will propably only work for that version. Also, it might not work for versions of Arma2OA above or far below beta98836.
To install, simply put the arma.dll file into "C:\Program Files (x86)\Wireshark\plugins\1.8.3".
To use, start sniffing in wireshark and find the arma2oa udp packets (maybe by server ip, or by not doing much else than having arma on) in the list, select one and click "Follow UDP Stream" as can be seen in the screenshot, then "Decode As..." and select the ARMA from the list. Then you can see the decrypted data in its own tab.
UC Downloads - Multiplayer Game Hack Downloads - wireshark_arma2ao_decoder.zip
This has no anti-detection. However, in theory, that is not needed as you can run this on a computer that is acting as a internet gateway for the computer that arma is running on, and you do not need to run it on the computer running arma itself.
 | This image has been resized. Click this bar to view the full image. The original image is sized 844x667. |
wireshark complains about invalid plugin.
however, i don't realy need this. i was checking it out since i am stuck wirth darkys code.
if someone is still around here, reading this and has a clue:
whats the problem with just telling the algorithm for decoding oO
its not a problem of the bytecode / arma version as long as we are in 1.62, right?
are only the packet bytes above offset 24 decoded?
as from comparing wireshark captures and decodings by darkys tools i just see that not the entire data changes after decoding...
however, i don't realy need this. i was checking it out since i am stuck wirth darkys code.
if someone is still around here, reading this and has a clue:
whats the problem with just telling the algorithm for decoding oO
its not a problem of the bytecode / arma version as long as we are in 1.62, right?
are only the packet bytes above offset 24 decoded?
as from comparing wireshark captures and decodings by darkys tools i just see that not the entire data changes after decoding...
Quote:
| int __cdecl sub_B713BD(int a1) // 1.62 { return ( (unsigned __int16)(-5331 * (9 * (a1 ^ ((a1 ^ 0x3D0000u) >> 16)) ^ (9 * (a1 ^ ((a1 ^ 0x3D0000) >> 16)) >> 4))) ^ (unsigned __int16)(668265261 * (9 * (a1 ^ ((a1 ^ 0x3D0000) >> 16)) ^ (9 * (a1 ^ ((a1 ^ 0x3D0000) >> 16)) >> 4)) >> 15) ) & 0x7FFF; } int DecodePacket(BYTE* packet, int size) { int Result = 0; if (packet && size >= 24){ int unknownVal = 0; int i = 24; int unknown_field0 = *(DWORD *)(packet + 0x08); unknownVal = sub_B713BD(unknown_field0); do { *((BYTE *)packet + i) ^= byte_table[(i + unknownVal) & 0x7FF]; ++i; } while (i <= packet[0]); // according to other thread, this is supposed to be (i <= *(WORD *)packet)? Result = 1; } return Result; } https://www.unknowncheats.me/forum/arma-2-a/81114-wireshark-packet-decrypter-plugin.html |
.png)
.png)
No comments:
Post a Comment