Yoko

http://segundaoitava.hpg.com.br/irwspoiler.JPG

drools kids, drool

gonna add GUI and plugin support, then its ready to be released

hehe nice work matey still cant wait

*drooling*

wow! i can't wait DDD

but where you will release the new core? and last but not least, will it have all yoko's functions or only some?

sweet

thank's!

can't wait can't wait...

any news?

heh, currently I'm stuck in encryption (twofish to be more accurate)

I'll explain:

in crypt.cpp (injection)

in void NewGameCrypt::decrypt(unsigned char * in, unsigned char * out, int len)

you have this table:
static const BYTE sm_bData[] = { 0x05, 0x92, 0x66, 0x23, 0x67, 0x14, 0xE3, 0x62, 0xDC, 0x60, 0x8C, 0xD6, 0xFE, 0x7C, 0x25, 0x69 };

it's generated by a function in the client based on the seed of the game socket. currently injection will only work with Twofish encryption (2.0.3 and above) if the seed is 0x0100007f, thats why it doesnt work in OSI.

what I'm trying to do is get that function, but I dont have enough time to do it (hell, I had SATs/vestibular/abitur this weekend), in case you people wanna try it:

client 2.0.4

00425DFA  |. E8 21610A00    CALL Client20.004CBF20                   ; \twofish init
.
.
00425E03  |. 50             PUSH EAX                                 ;  arg1
00425E04  |. E8 27930800    CALL Client20.004AF130                   ;  unknown
.
.
00425E0E  |. 68 00010000    PUSH 100                                 ;  arg1
00425E13  |. E8 58620A00    CALL Client20.004CC070                   ;  unknown2
.
.
00425E1C  |. 50             PUSH EAX                                 ;  arg2
00425E1D  |. 51             PUSH ECX                                 ;  arg1
00425E1E  |. E8 3D930800    CALL Client20.004AF160                   ;  unknown3
00425E23  |. 8D5424 2C      LEA EDX,DWORD PTR SS:[ESP+2C]            ;  arg2
00425E27  |. 8D86 B0120300  LEA EAX,DWORD PTR DS:[ESI+312B0]         ;  arg1 - the 16 byte table for decrypt
00425E2D  |. 52             PUSH EDX
00425E2E  |. 50             PUSH EAX
00425E2F  |. E8 EC930800    CALL Client20.004AF220                   ;  build the DWORD[4] table for decrypt

have fun ^^

i don't know enough c++ to work on injection... i'll learn with time i hope ^^

still nothing?

I'm working in 4 different projects atm, since IRW is the biggest I'll finish the other 3 first (which are almost done btw)

ok i'll wait...

Any news about this?

yeah news are that the new core is done but im trying to get encryption working and well.. im trying =P

after encryption is done (pray..) I'll work on the plugins and on the release

I don't know if this can be done, but you can look how encryption worls in other progs, can't oyu?

actually yesterday just after that post I got encryption to work..

I was trying to decrypt 200g's stream with blowfish cause I had already tested twofish with 403b client. the thing is the stream was always getting decrypted wrong and I didnt notice that the decrypted part was the twofish rest of the stream

and now you might be wondering "shit if you decrypted the stream with blowfish why would you see twofish?" and I was thinking the same... after wondering for a few minutes I changed the 200g client to a 200 one and decrypted the stream... the result: worked

so the 2.0.0g client uses both twofish and blowfish just like the 203 client. what a bitch huh? I completly rewrote the encryption code a few times (like 4 or 6) and the first one was just perfect! sometimes I just stole it from injection cause I was too tired...

lol all of that cause I didnt look closely at the data

so anyway, I'm trying to find (today) the deleted source code of the first encryption module if I dont find it (I think yoko has a copy i'll check with him) monday I'll rewrite it

cya peeps. wait up

i can't wait for the new core... *excited*

In fact that was assembly language

I don't know if this can help, but I know there is a prog that work as packet hooker and that work both with crypted and decrypted uo clients.

It is written in C# and it is opensource and it is called SpyUo: maybe you can see how works with encryption.

Here is the link:
http://www.runuo.com/forum/showthread.php?t=17020

It also use ultima.dll developed by Krrios (one of the RunUo developers) wich is opensouce too (http://www.runuo.com/forum/showthread.php?t=18022).

Good work,...

SpyUO is a C# conversion from Folko's UOLog. It sets a breakpoint on send (packet encryption function) and on recv (the packet handler function)

I already modded UOLog to be automated so it doesn't need the clients.cfg file so yeah I'm pretty familiar with the code.

tomorrow (monday) I'll clean up irw's code and start plugin development

yay!