ok this is a long expansive hack but this will get u millions of anything u want remember watevr u want go's into packets and goes into the server so watevr u intercept u can change then let it go but here is the problem u have to get something and in that split almost second u have to catch that packet just as it goes in so that way u can change it now ther is a way to counter this...freeze ur game yes thats right and if it works the packet will stop in the middle of transfer change it then try to unfreeze ur computer i kno this might seem a little hard and frustsrtrating but its the only other way.

Ex. i wanna get a million creds in a sec go do a mission and once it says ur money has been put in the bank get the packet thats flieing out then change the value and ta da now im going to see if this will work once i get the program

The only problem I see with this, a packet is received/sent less than every second, depending on what you are doing. it would not just be 1 packet you have to hack, maby up to a hundred.

is there a way that u or someone else could make a programs that does the "packet" thing on it's own. because I don't understand the hole prosess. :(

Very hard, but you could unplug your modem when finishing the mission to stop receiving packets.

:/ I dunno about that...

It possible to just shut the modem off? If this is true then I may just keep playing, I've gotten kind of sick of it lately.

yes it is quite possible and i have found out a solution to our problem ok listen up just as wannabe pointed out that yes it is kinda hard cause u might actually have to search through hundreds but each one carries a piece of that data change one and u change them all so do wat xunkar said just after it says the money has been placed in ur bank shut ur modem off and get the packets a litte hard but i think i kno how it works

K cool, I can't give you the website of the packet analyzers because I'm at my dad's and I don't have them here :/, but just search on www.google.com for Packet Analyzer.

<----------------------------------------------------------------------------------------------------------------------------------------->

Hey Cloud, if possible could you post or E-Mail me everything you know about packets, hacking, MMORPG hacking, and anything else on the subject? If possible, or just a basic explanation

<----------------------------------------------------------------------------------------------------------------------------------------->

I have the whole theory worked out, but I just need some hard information. Don't want to bother you if it to much. If anyone else knows anything about this subject please post!!!

<----------------------------------------------------------------------------------------------------------------------------------------->

Well wish you luck Cloud, and wish me luck :dead: . Cloud, try to get some info out of your bro' if possible LOL, it would be cool to hear some stuff from an experienced MMORPG hacker.

<----------------------------------------------------------------------------------------------------------------------------------------->

Well back to my long journey that looks good but probably fail, since I'm good at doing that. :bunny:

don't you think the server keeps information on how many credits you have, when you reconnect and it sees that you have more than you did when you log, don't you think it will know something is wrong?

I think it works like this :

When you complete a mission, the server sends a packet to your client with something like : "cash +2501" if you attempt to change this packet to "cash +25010" you will receive this money as if the mission would give 25k. But I'm pretty sure you need to change the next packet, from client to server.

Here's the basic idea:

Data is sent over the internet using TCP/IP. This is the language used to control data transmission, encapsulation, etc. When information is sent using TCP/IP it is divided into seperate units called packets. These are sent in series to and from the source and destination. Normally, the information contained in these packets is in hexadecimal format, and in SWG's case, enycrypted as well.

I've run a few experiments to find out what knowledge can be obtained from these packets.

First, I acquired the IP addresess and ports used for SWG including both the client and server. I then setup a handy program called Ethereal, to intercept the packets sent from SWG over the IP's and ports I found earlier. So, with Ethereal setup, I intiated combat with a creatute. From the packets intercepted by Ethereal, I was able to find the following:

My SWG character coordinates (X,Y,Z)
The creature's coordinates (X,Y,Z).
The damage dealt and taken by myself and the creature.

All numerical values assigned to all commands being used, etc, etc, etc.

Just form the 2 minutes time it took to destroy the creature the Ethereal program had intercepted thousands of packets.

So to sum things up:

All data sent/received whlile running SWG can be viewed in hexadecimal format, and then converted to normal values.

If you follow the combat logs, HUD, etc, you can find the values you are looking for and search for them in the intercepted packets.

Assuming it can be done fast enough NOT to be rejected by the server, I don't see any reason why one would not be able to alter the values in the packets, and send the altered packet back to SWG.

Now, we need to find a pattern for values assigned to different functions, as far as what packet order they are sent in, so we know exactly where to look. After that, we must find a way to inject our altered packets back into the TCP/IP data stream without interruption.

Let me know if what you folks think.

PowerLoaf2000

wow thats quite an explanation power loaf u r experienced in packet hacking? if so i would like to elaborate more on your process as i have tried it and yes it has WORKED have i got caughten yet...yes

im afraid to say that while i was changing the packets for getting money i was able to get the amount but just in the same amount of time i was emailed by swg to cease my hacking or my account will be banned aparently its easier to detect hacking throught packets so here is a precaution

DO NOT change the values TOO MUCH for money or exp or maybe even items (though i havent tried that one yet) or else they will detect u i dont how or y but they detected me but i will post it as a hack on the exploit forum

Hmm. We should discuss this in further detail Cloud91690.

Email: toilet_duck_cleaner@yahoo.com

AIM:
dwheeler1983

Well people, I think I've got next tool required for this project. The first I've mentioned allready; Ethereal. This is what will be used to analyze the data. The second tool needed, is a program capable of injecting the altered packet back into the data stream. SUCCESS! I've found such a program! It's called Engage Packet Builder. It will be able to do everything we will need and then some. I will keep my eyes and ears open to find out what else could prove worthwhile.

hey power loaf goto the exploits topic according to shadow he already succeded in the "packet hacking" ordeal. since hes not on ill use ur prgram good work

wow look at this powerloaf ur a great help to this packet hacking

i have a propisition how about u and me work together on this then we will discover how to avoid these SOE bastards by all means contact me

I'm curious how you found SWG's packet encryption scheme. did you guys disassemble the client?

It looks like we have come pretty far on this subject. I am almost 100% sure that the packet thing will work. Cloud has evolved my idea into a more complex version. My original idea was just to save the packets then send them, but now the subject is hacking into the encrypted packets.

I think we should get my idea down first, before we jump into hacking the packets. I just think we should take it one step at a time, but that is my 2 cents.

Well if anyone figures this all out please post and/or e-mail me.

Goodluck all! :classic: :classic: :classic: :classic:

Oh Cloud, if you got the Jedi account Congratz!!!

joker swg encription code is like evry other packet encription code ther is a program which breaks down the encription the we change some values and ta da my idea is a sure fire one that works but again this is highly risky but of course im always a shu in for great rewards

btw i did get the jedi account i will crack that down in the same time as doing this packet hacking

Do you guys think it's possible to packet hack Final Fantasy XI since it's also from SOE?

Originally posted by Cloud91690
joker swg encription code is like evry other packet encription code ther is a program which breaks down the encription the we change some values and ta da my idea is a sure fire one that works but again this is highly risky but of course im always a shu in for great rewards

btw i did get the jedi account i will crack that down in the same time as doing this packet hacking

its not "like every other packet encryption". there are many out there and it could've been anything. What is this program you speak of that decodes the packets?

Joker your exactly right the SWG packets are NOT like everyother packets. Its encrypted in some form of UDP Security.

yes, ipsec according to powerloaf. AH/ESP encryption. not sure which it is.

either way ther is no possible way I can break it and either way it seems that this is just another way to memory hack and that doesnt exactly work

The TRE Archiver Wont Create .TREs for me! This puts on hold the Jedi Exploit since i can't test out my new .TRE :-(. I already altered the files if anyone knows anyway I can create a TRE file that works PLEASE Post how to here. Thank You.

hmm yes graphix im having that same prblem...the xentax i thought had the right encription but apparently i was wrong in my assumption

we will packet edit this thing to the ground :)

*hint*

do you guys rembember the old meridian59? there was a porgram called "pkk" that did the packet editing for the player - if u don't know it allredy, u might want to have alook at it :)

this is interesting hase give me more info on this program and wher i can get it plz

ah i have looked into this 'pkk' but it seems its for meridian 59 now im not sure that this would work with swg and if it does please tell y u think it

i guess they implented missions like the following

on use of an mission terminal generate 5 missions with values which depends on character strength and some random input. Send these infos to the client w/ a special packet. Then the client list those 5 missions, when you refresh the client will send a packet to the server so the server computes new 5 missions, when you choose an mission and you accept it the client will most likely just send a short packet w/ an numeric value of <missionnumer> which will be from 1 to 5 or 0 to 4. When the Server receives the packet it will take the values which is generate for mission with the id you send (maybe the forgot to check whether the chosen mission is in the 1 to 5 range so this could be an exploit where you might get an crazy mission/crash the server or other undefined behavior, or most likely an error message) when you finished your missions it will get the data it stored server side and will transfer the money and send you a message that you finished your mission and maybe an update packet on how much credits you have on your bank now (if you change it, it will be just client side thus a fake and useless).
But knowing the packet stream has one advantage

1) You might get Informations you shouldn't get
2) You might access functions you shouldn't have (this is the case when checks are just client side and not server side, maybe they forgot a few of those...)
3) You might change values which are out of the destined range (example would be on this bank transfer where you have this slider money in packet <---------------------> money in bank, you could try to alter the packet so it sends 1000k in packet and 1000k on bank although you just have 1000k of money, just works if they forgot the checks)

you have to try packet alterings the devs wouldnt think of, thus surpassing non-existent checks.
I think a first good step would be to reverse the crypt/compression algorithmns then program a proxy like program which is between client/server (alter login.cfg so the client connects to the local proxy) which decrypts the data, log the raw data, encrypts it again and send it the server again, i didnt start to reverse swg atm. but it will need a way to get the key(s) for the crypt part. Then start over to reverse the packet stream (and thus knowing the content and size of packets) when its more or less finished you can use the proxy to process packets instead of just receiving,decrypting,logging,encrypting and sending. this would be interesting for a 1) emulator or 2) third party (cheating) tool.
you could also just inject code before the raw data is encrypted or just after it was decrypted in the client but this isnt as good as the proxy thingy in two ways
1) you have to alter the client over and over again with each update
2) afaik checksums are send to ensure client integrity so you have to bypass that too, and it changes every update too => more work.

ahh and one thing dont post possible exploits or working exploits in public or it'll be fixed fast.

very good explanation but as it stands i dont kno exactly how to go about using 2 programs at once to hack and sniff out the packets going in for those missions and going out for missions so really its just outta my reach plus i think even when i do get a mission done its gonna take forevr for SWG client to minimize so i will miss my chance (damn memory!) but yes anyways this packet hacking requires at least 1 or 2 programs that will hack and sniff out the packets for such and such and then dencrypt then change values that takes time...time that i nor my brother has so for right now im gonna put off packet hacking as it not only has alot of problems but it requires hellz alot of work and right now i dont have the time to make a program neither does my bro so ending this discussion of SWG Packet Hacking til i get the time and other ppl get the time to actually do this and i thank all that have contributed to this topic but this requires more work than i thought so for now its bak to editing .tre files cya all another time (for packet hacking at least).

An instant Jedi hack sounds better anyway... :)

Good luck... :D

it's back to nuts as i'm sure .tre editing is useless ;) but i think server emulator would be.. well a wonderful idee to start working on
still i don't have the network programming skills to play with packet :/ but if some other ppls are insterested in well.. looking into this w/ me id' love to :)

ill tell u now im right now looking at swg's patching system...new topic ariseing

So for a brief resfresher on those new to SWG, what programs should we use to packet hack?

Engage Packet Builder(sender), Ethereal(reciever)

Ah man this is giving me a headache. Let me just say there are certain things you can and can't do. Packet editing can work, but you have to pull it off quickly and with an automated program, it's not too hard to do really, once you find the right values. Since those values will always be the same, unless they change it with a patch, you'll be good to go for awhile. It's not easily detected, given the amount of people playing they'd need to be suspicious of you, unless you did something really insane. A guess is that they have certain flags set at suspicious activities. Like getting a lot of money suddenly might raise a flag and cause them to look at you, etc. As for editing the .tre's, you'll probably come up dead there, as the data stored in them is mostly for refrence. When you unlock Jedi your account gets a marker saying you have the FSCS (force sensitive character slot), so even if SWG pulled data directly from the .tre's, you'd raise a flag by simply having a Jedi character and you'd be checked out immediately (and since you didn't unlock it legitimately you'd be screwed). If I come up with any ideas I'll drop down some input as I have some experience in packet editing (back in the early days of d2, spent hours finding packets that determined the gold picked up, and the item dropped, etc). Have fun mucking about, and try not to get banned eh?

lol ill try not too but i thank u for ur input i will try and make an automated prog. or try and get my bro to make one (he has sucsessfully done packet editing)but yea anyways ill give it a shot or 2

hi.. i know this is a little off topic, but has anyone ever tried packet hacking in project entropia. i have been trying but im not very good, any help would be much apreciated.

thanks.

project entropia?

its a MMORPG where u kill animals and stuff.. very similar to SWG.

its a free game u can dl it www.project-entropia.com

ah i c

anyway, i been reading and i been trying to packet hack project entropia, but im new to this and i need help..

any info would be appreciated.

LOL, we probably need your help...:(

haha someone always needs my help especially when it comes to packet hacking and i think its quite possible cause i dont think that game has security its of course not an MMORPG and not a big name corp. is sponsering it so obviously this one MIGHT be unprotected and quite easy to crack. But anyways....

isn't project entropia that game where you can buy item with real money and so ???

Can someone send me all the hacking details at vader92@burntmail.com ? im really interested :)

I want to learn more about this packet hacking where can I go to find out?

Okay..Some of you are seriously misinformed.

Just because you change the packet you are sending doesn't mean the server will do what you think with it. The same goes for packets you are receiving. Some games are poorly designed and you can easily exploit them via packets..SWG is not one of them. Sony made EverQuest, and while you could hack it via other methods.. Simply sending some packets was not one of them.

If I have 20 credits, and snag 50 from something.. Just because the server tells the client that I get 50 more packets does not mean the client can make the server change values.

Alright..Let me try to explain better.

Your client is nothing but a program that reads data from the server. The only things it has control over are certain client side things (your light, where you are looking, what you have open, where you are moving (to a limited amount), etc). Just because you send a packet to the server saying you gave X credits, traded whatever armor, and so on does NOT mean the server will accept it... Regardless of how "fast" you send it. The client will send the request (your packet), the server will either say it is okay or not okay. If it is okay then the server will send a packet to your client saying remove the item from inventory, and sends a packet to the other guy saying add this item to the inventory. Now if you were to stop the "remove item" packet then it wouldn't be removed from the CLIENT'S inventory, but in your REAL inventory (on the server) it would still be gone. It is just a visual effect. If you modify incomming packets all that will happen is you will see the changes, but they won't really be there. It's the same as using a memory editor to change your client values. The server doesn't accept them.

Another thing to point out is that there is NOTHING that says your client takes the same packets as the server. Just because the server sends you a packet saying (for example) "ADDCRED2000" to add 2000 credits to your amount, does not mean the client would send the same packet back to the server. There is no reason for your client to ever modify it's credit amount directly, so why should they have coded it into the client and server? Your client is a read-only piece of trash that only does what the server tells it to. Pretend the you're in prison. The server is the very big, very muscular black man, and you are the skinny white fresh meat.

Instead of getting banned from your SWG account I suggest getting a crap MMORPG (one of the free ones), and experimenting with your packet editor. This will help you learn about the client<->server relationship in games without losing your account.

I hope I've explained this okay, but if not feel free to ask any questions.

As for the packet encryption.. To track it down you must locate where the game calls the winsock functions. You do this with a debugger or disassembler. Once located you must backtrack until you find where the packets are being assembled. Assembly knowledge is required.

Regarding the UDP packets.. UDP packets are not garunteed to arrive at their destination. They don't require a connection. It's used for things that need to be sent out quickly, but aren't terribly important if lost (streaming media for example). I seriously doubt that Sony would use UDP for anything of serious consequence to the game.

And just a note...Lots of other packet sniffers out there that can both sniff and send packets. Why use Etherheal?

TCP 4 LIFE

Well said ddh, tis exactly like that but then again ther always seems to be problems here and there with there systems but in any case really packet hacking is useless so i for now will dedicate this topic DEAD!

deAd...u mean like tu pac dead or like princess diana dead?

Originally posted by Cloud91690
yes ddh u have made a good post but in any case trieing a few more times always helps even if it wont work, flaws are wat i am looking for and usually those can occur randomly at any second those are wat i look for.

By all means keep looking for something. I was just trying to point out that ya'll are wasting your time with the whole credit thing. While you may not be able to edit your credits, armor, etc you may be able to create a 3rd party application that would let you autohunt, or maybe have an advanced map. Instead of just the name maybe it could also display the HAM, loc, and other details (depending on what the server passes to you when something gets in the area).

hm yes

can u answer my question

For those of you wishing to take this topic to a higher level, I suggest you check out the tutorial on creating a configurable packet sender by Paul[Le] at www.gamehackers.net.

Packets have what are called ID's. When sending a packet to ANY games server, the first thing you tell the server is the size of the packet in length of bytes. Packet ID is one byte. Packet data can be any number of bytes. Pscket ID + Packet Data = Packet Length.

So, say I'm sending packet with the ID of 35, and data of FFFF0000, the packet length would be 5. You can sue Ethereal to find the Packet ID of the packets you recieve. Whenever ANY game sends you a packet, it then expects a response - the response packet has the same packet ID as the packet sent to you, but has different data.

Personally, I like WPE/WPE Pro over Ethreal. It was made just for this purpose.

http://www.fly.to/mtc