Contribute  :  Web Resources  :  Past Polls  :  Site Statistics  :  Downloads  :  Forum  
    BiW ReversingThe challenge is yours    
 Welcome to BiW Reversing
 Tuesday, November 30 2021 @ 12:07 AM CET
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

How to deal with internet checking

 
Post new topic   Reply to topic    www.reversing.be Forum Index -> Code Reversing
View previous topic :: View next topic  
Author Message
Abe+!_D_Omni
Frequent poster
Frequent poster


Joined: 12 May 2005
Posts: 56
Location: London (No:WaRe$*)

PostPosted: Tue May 17, 2005 11:24 pm    Post subject: How to deal with internet checking Reply with quote

I just downloaded 'Guildwars' game client and was confronted by a stupid 'Create account.......enter access key' screen

I think i can memory patch with softice or ollydbg,
I found some suspicious code but....
When the prog starts, it connects to 'Area net' server.
If i patch with Soft-ice or the like, will it be traceable?

The game downloaded most of the files to my PC but sure if the servers would check them on startup?

Plz help, thanx
-={ Abe+! }=-
Back to top
View user's profile Send private message Visit poster's website
Fredro
New to the board
New to the board


Joined: 18 Mar 2005
Posts: 11
Location: Sweden

PostPosted: Wed May 18, 2005 10:34 am    Post subject: Reply with quote

It would be good if you checked up what info the program sends, and often the game will talk to the server to see so you got the right version and stuff like that, but the best is maybe to find out what the server sends, or even the client is sending some info.

Good luck
Back to top
View user's profile Send private message Visit poster's website
Abe+!_D_Omni
Frequent poster
Frequent poster


Joined: 12 May 2005
Posts: 56
Location: London (No:WaRe$*)

PostPosted: Wed May 18, 2005 12:58 pm    Post subject: I dunno tho ~_~ Reply with quote

As i said, i've not done this type of reversing before.
So i'm not sure what that would look like in S-Ice.

Do u think filemon would see data being sent to the server?
If not, are there any other programs that can display basic (in/out) info on net transfers?


Keep up the great work BiW,
-={ Abe+! }=-
Back to top
View user's profile Send private message Visit poster's website
detten
Site Admin


Joined: 05 Feb 2005
Posts: 317

PostPosted: Wed May 18, 2005 4:17 pm    Post subject: Reply with quote

I did some patching of online checks in the past. I never really made a tutorial about it, but here is a snippet of some application that does an online check (the API's might be interesting to see):

Code:

continue:
.text:00406B04 push ebx
.text:00406B05 mov ebx, ds:InternetOpenUrlA

try_connect_again:
.text:00406B0B push 0
.text:00406B0D push 84000000h
.text:00406B12 push 0
.text:00406B14 push 0
.text:00406B16 push 0
.text:00406B18 lea ecx, [esp+2Ch]
.text:00406B1C call syscall1
.text:00406B21 push eax
.text:00406B22 push ebp
.text:00406B23 call ebx ; InternetOpenUrlA
.text:00406B25 mov esi, eax ; move handle
.text:00406B27 test esi, esi ; Opening InternetPage succeeded
.text:00406B29 jnz short check_serial_online ; if handle != NULL, go on
.text:00406B2B call ds:GetLastError
.text:00406B31 push 5 ; uType
.text:00406B33 push offset aNotice ; int
.text:00406B38 push offset aYouNeedToBeCon ; lpText
.text:00406B3D mov ecx, edi
.text:00406B3F call aMessageBoxRoutine
.text:00406B44 cmp eax, 4
.text:00406B47 jz short try_connect_again
.text:00406B49 test esi, esi
.text:00406B4B jz short failed_to_retrieve ; getserial failed
check_serial_online:
.text:00406B4D lea eax, [esp+1Ch] ; ReturnValue on stack
.text:00406B51 lea ecx, [esp+13h]
.text:00406B55 push eax ; lpdwNumberOfBytesRead
.text:00406B56 push 1 ; dwNumberOfBytesToRead
.text:00406B58 push ecx ; lpBuffer
.text:00406B59 push esi ; hFile
.text:00406B5A call ds:InternetReadFile
.text:00406B60 test eax, eax ; File Read ?
.text:00406B62 jz short read_timed_out ; if not, goto timeout message
.text:00406B64 mov eax, [esp+1Ch]
.text:00406B68 mov cl, [esp+13h]
.text:00406B6C cmp eax, 1
.text:00406B6F jb short go_to_final_check
.text:00406B71 cmp cl, 30h
.text:00406B74 jnz short go_to_final_check
.text:00406B76 push 0
.text:00406B78 push offset aNotice ; "Notice"
.text:00406B7D push offset aActivationCode ; "Activation code failed"
.text:00406B82 jmp short do_final
.text:00406B84 ; ---------------------------------------------------------------------------
go_to_final_check:
.text:00406B84 cmp eax, 1
.text:00406B87 jb short read_timed_out
.text:00406B89 cmp cl, 31h
.text:00406B8C jnz short read_timed_out
.text:00406B8E mov ecx, offset unk_4BC490 ; userregpointer
.text:00406B93 call sub_408320
.text:00406B98 push 0
.text:00406B9A push offset aActivationSucc ; "Activation successful!"
.text:00406B9F push offset aCongratulation ; "Congratulations! Welcome to the world o"...
.text:00406BA4 jmp short do_final
.text:00406BA6 ; ---------------------------------------------------------------------------
read_timed_out:
.text:00406BA6 push 0 ; uType
.text:00406BA8 push offset aNotice ; int
.text:00406BAD push offset aActivationCoul ; lpText

do_final:
.text:00406BB2 mov ecx, edi
.text:00406BB4 call aMessageBoxRoutine
.text:00406BB9 push esi ; internetfile handle
.text:00406BBA call ds:InternetCloseHandle

failed_to_retrieve:
.text:00406BC0 push ebp ; internet file handle
.text:00406BC1 call ds:InternetCloseHandle
.text:00406BC7 pop ebx
give_up:
.text:00406BC8 mov ecx, edi
.text:00406BCA call ?OnOK@CDialog@@MAEXXZ ; CDialog::OnOK(void)
...


The complete thread can be found here :
http://biw.rult.at/vbb/upload/showthread.php?threadid=141

Hope it shows you how such online check can be coded.

_________________
Ignorance is bliss, knowledge is power
Back to top
View user's profile Send private message Visit poster's website
stingduk
Regular
Regular


Joined: 19 Feb 2005
Posts: 148

PostPosted: Thu May 19, 2005 11:33 am    Post subject: Reply with quote

to sniff packets you need some kind of packet sniffer Smile
there are lot of free software as well as commercial ones that sniff and log the packets
commview from tamos is one that offers a trial sniffer
Back to top
View user's profile Send private message
detten
Site Admin


Joined: 05 Feb 2005
Posts: 317

PostPosted: Thu May 19, 2005 11:52 am    Post subject: Reply with quote

For sniffing I recomment 'ethereal' its the best sniffer I cam across so far, and its free. Cool
_________________
Ignorance is bliss, knowledge is power
Back to top
View user's profile Send private message Visit poster's website
Abe+!_D_Omni
Frequent poster
Frequent poster


Joined: 12 May 2005
Posts: 56
Location: London (No:WaRe$*)

PostPosted: Thu May 19, 2005 2:34 pm    Post subject: Big thanx, Reply with quote

Thanx guys, I'll check out those programs.
I posted the same question on another cracking forum & it got removed with a warning to get me banned if I post a similar question ~_~

The site is :-
http://community.reverse-engineering.net
(Think Admin will remove)
I'm just curious why it annoyed them sooo much?

Again, THANX.
Keep up the great work guys n gals

-={ Abe+! }=-
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    www.reversing.be Forum Index -> Code Reversing All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
 Copyright © 2021 BiW Reversing
 All trademarks and copyrights on this page are owned by their respective owners.
Powered By Geeklog 
Created this page in 0.98 seconds