#include <sys/socket.h>#include <netinet/in.h>#include <stdlib.h>#include

1. #include <sys/socket.h>
2. #include <netinet/in.h>
3. #include <stdlib.h>
4. #include <stdio.h>
5. #include <time.h>
6. #include <string.h>
7.  
8. #define LOGINSERVERPORT 2000
9. #define LOGINSERVERIP "64.124.47.60"
10. #define CLIENTVERSION1 6
11. #define CLIENTVERSION2 8
12. #define CLIENTVERSION3 0
13. #define CLIENTVERSION4 0
14. #define CLIENTNAME "baram\n"
15. #define USERNAME "gniu"
16. #define PASSWORD "aaa1"
17. #define LENGTHOFUSERNAME 4
18. #define LENGTHOFPASSWORD 4
19.  
20. //#define DEBUG 0
21.  
22. struct packets
23. {
24. int n;
25. char **buffers;
26. int *lengths;
27. };
28.  
29. struct packets *splitpacket(unsigned char *buffer, int result)
30. {
31. struct packets *packet = malloc(sizeof(struct packets));
32. packet->buffers = malloc(sizeof(char*) * 256);
33. packet->lengths = malloc(sizeof(int) * 256);
34. packet->n = 0;
35.  
36. int i;
37. for (i = 0; i < result;)
38. {
39. packet->buffers[packet->n] = buffer;
40. packet->n = packet->n + 1;
41.  
42. int length = (buffer[2] | (buffer[1] >> 8)) + 3;
43. buffer = buffer + length;
44. i = i + length;
45. }
46.  
47. return packet;
48. }
49.  
50. void crypt(unsigned char *buffer, unsigned int length, unsigned char increment)
51. {
52. unsigned char key[9] = {'N', 'e', 'x', 'o', 'n', 'I', 'n', 'c', '.'};
53.  
54. unsigned int n;
55. for (n = 0; n < length; n++)
56. {
57. buffer[n] ^= key[n%9];
58.  
59. unsigned char x = n / 9;
60. if (x == increment)
61. {
62. x = 0;
63. }
64.  
65. buffer[n] ^= x;
66. buffer[n] ^= increment;
67. }
68. }
69.  
70. void identifypacket(unsigned char *buffer, int result)
71. {
72. /*if (buffer[3] == 0x0d)
73. {
74. int inc = buffer[4];
75. buffer = buffer + 5;
76. crypt(buffer, result-5, inc);
77. printf("%s\n", buffer+6);
78. buffer = buffer - 5;
79. }
80.  
81. else if (buffer[3] == 0x0a) //chat and whisper
82. {
83. int inc = buffer[4];
84. buffer = buffer + 5;
85. crypt(buffer, result-5, inc);
86. int length = buffer[2];
87. buffer = buffer + 3;
88.  
89. /int x;
90. for (x = 0; x < length; x++)
91. {
92. putchar(buffer[x]);
93. }
94. putchar(10); //newline
95. buffer = buffer - 8;
96. }
97.  
98. else if (buffer[3] == 0x1a) //emote
99. {
100. //sometimes terminated by two 0x00 instead of
101.  
102. int inc = buffer[4];
103. buffer = buffer + 5;
104. crypt(buffer, result - 5, inc);
105. printf("%02x%02x%02x%02x emoted %02x\n", buffer[0], buffer[1], buffer[2], buffer[3], buffer[4]);
106. buffer = buffer - 5;
107. }*/
108.  
109. unsigned int length = (buffer[2] | (buffer[1] >> 8)) - 2;
110. unsigned char id = buffer[3];
111. unsigned char inc = buffer[4];
112.  
113. buffer = buffer + 5;
114. crypt(buffer, length, inc);
115.  
116. if (id == 0x1a) //emote | sometimes terminated by 0x00 0x00 instead of 0x00
117. {
118. /*
119. a - p
120.  
121. a 0b music
122. b 0c tears
123. c 0d red face
124. d 0e wink heart
125. e 0f boring
126. f 10 snoring (also used when afk) TODO: how long does it take? and at what intervals?
127. g 11 stars
128. h 12 mad steam
129. i 13 tongue out
130. j 14 shoulder shrug
131. k 15 spit steam
132. l 16 dance music
133. m 09 bow
134. n 0a fist up happy
135. o 17 embarassed
136. p 18 bow kiss
137.  
138. attack (space bar) = 01
139. drop (,) = 04
140. */
141.  
142. //printf("%02x%02x%02x%02x emoted %02x\n", buffer[0], buffer[1], buffer[2], buffer[3], buffer[4]);
143. return;
144. }
145.  
146. else if (id == 0x0a) //whsiper/sage/wisdom | not null terminated, be careful
147. {
148. /*int messagelength = buffer[2];
149. buffer = buffer + 3;
150.  
151. int x;
152. for (x = 0; x < messagelength; x++)
153. {
154. putchar(buffer[x]);
155. }
156. putchar(10);*/
157. return;
158. }
159.  
160. else if (id == 0x0d) //talk
161. {
162. //printf("%s\n", buffer + 6);
163. return;
164. }
165.  
166. else if (id == 0x11) //face direction, also something else, change frame animation?
167. {
168. /*
169. 00 up
170. 01 right
171. 02 down
172. 03 left
173. */
174.  
175. //printf("%02x%02x%02x%02x is now facing %02x\n", buffer[0], buffer[1], buffer[2], buffer[3], buffer[4]);
176. return;
177. }
178.  
179. else if (id == 0x0c)
180. {
181. /*
182. 00 up
183. 01 right
184. 02 down
185. 03 left
186. */
187.  
188. //printf("%02x%02x%02x%02x moved from %02x%02x, %02x%02x (X,Y) %02x\n", buffer[0], buffer[1], buffer[2], buffer[3], buffer[4], buffer[5], buffer[6], buffer[7], buffer[8]);
189. return;
190. }
191.  
192. else if (id == 0x19)
193. {
194. //printf("attack\n");
195. return;
196. }
197.  
198. else if (id == 0x1d)
199. {
200. //printf("equip\n");
201. return;
202. }
203.  
204. else if (id == 0x33)
205. {
206. //printf("new object on screen\n"0;
207. return;
208. }
209.  
210. else if (id == 0x0e)
211. {
212. //printf("object left building\n");
213. return;
214. }
215.  
216. else if (id == 0x08 || id == 0x68 || id == 0x3b)
217. {
218. return;
219. }
220.  
221. else
222. {
223. int x;
224. for (x = 0; x < length; x++)
225. {
226. if (buffer[x] == 0x00 && buffer[x+1] == 0x01 && buffer[x+2] == 0x00 && buffer[x+4] == 0x04)
227. {
228. printf("AH!\n");
229. }
230. }
231.  
232. /*char *filename = malloc(64);
233. sprintf(filename, "log/%02x.txt", id);
234. FILE *fd = fopen(filename, "a");
235. int x;
236. for (x = 0; x < length; x++)
237. {
238. fprintf(fd, "%02x ", buffer[x]);
239. }
240. fprintf(fd, "\n");
241. fclose(fd);*/
242.  
243. printf("%d\t%02x\t%3d\n", time(NULL), id, length);
244. }
245. }
246.  
247. int main(void)
248. {
249. int sockfd = socket(AF_INET, SOCK_STREAM, 0);
250.  
251. struct sockaddr_in addr;
252. addr.sin_family = AF_INET;
253. addr.sin_port = htons(LOGINSERVERPORT);
254. inet_aton(LOGINSERVERIP, (struct in_addr*)&addr.sin_addr);
255.  
256. connect(sockfd, (struct sockaddr*)&addr, sizeof(addr));
257.  
258. #ifdef DEBUG
259. printf("connected to login server\n");
260. #endif
261.  
262. unsigned char *connectedserver = malloc(22);
263. recv(sockfd, connectedserver, 22, 0);
264.  
265. #ifdef DEBUG
266. printf("recved CONNECTED SERVER\n");
267. #endif
268.  
269. free(connectedserver);
270.  
271. //you have 6 seconds to send BOTH packets or you will be disconnected
272.  
273. unsigned char *baram = malloc(10);
274. baram[0] = 0xaa;
275. baram[1] = 0x00;
276. baram[2] = 0x07;
277. baram[3] = CLIENTNAME[0];
278. baram[4] = 0x00;
279. baram = baram + 5;
280. baram[0] = CLIENTNAME[1];
281. baram[1] = CLIENTNAME[2];
282. baram[2] = CLIENTNAME[3];
283. baram[3] = CLIENTNAME[4];
284. baram[4] = CLIENTNAME[5];
285. crypt(baram, 5, 0);
286. baram = baram - 5;
287. send(sockfd, baram, 10, 0);
288.  
289. #ifdef DEBUG
290. printf("sent baram\n");
291. #endif
292.  
293. free(baram);
294.  
295. /* 0000 aa 00 08 00 02 a8 c5 00 00 01 00 ...........*/
296.  
297. unsigned char *version = malloc(11);
298. version[0] = 0xaa;
299. version[1] = 0x00;
300. version[2] = 0x08;
301. version[3] = 0x00;
302. unsigned int clientversion = CLIENTVERSION1 * 100 + CLIENTVERSION2 * 10 + CLIENTVERSION3;
303. version[4] = clientversion >> 8;
304. version[5] = clientversion & 0xFF;
305. version[6] = 0xC5;
306. version[7] = 0x00;
307. version[8] = CLIENTVERSION4;
308. version[9] = 0x01;
309. version[10] = 0x00;
310. send(sockfd, version, 11, 0);
311.  
312. #ifdef DEBUG
313. printf("sent client version\n");
314. #endif
315.  
316. free(version);
317.  
318. //TODO: if client version is not 6 8 0 0
319.  
320. unsigned char *unknown = malloc(20);
321. recv(sockfd, unknown, 20, 0);
322.  
323. #ifdef DEBUG
324. printf("recved unknown\n");
325. #endif
326.  
327. /*
328. id = 0x00
329. unencrypted
330. unknown[5] - unknown[9] = unknown static bytes
331. unknown[10] = key length
332. unknown[11] - unknown[19] = key
333. */
334. free(unknown);
335.  
336. unsigned char sendinc = 1;
337.  
338. unsigned char *skinny = malloc(7);
339. skinny[0] = 0xaa;
340. skinny[1] = 0x00;
341. skinny[2] = 0x04;
342. skinny[3] = 0x7b;
343. skinny[4] = sendinc;
344. skinny = skinny + 5;
345. skinny[0] = 0x01;
346. skinny[1] = 0x00;
347. crypt(skinny, 2, sendinc);
348. skinny = skinny - 5;
349. send(sockfd, skinny, 7, 0);
350.  
351. #ifdef DEBUG
352. printf("sent skinny packet\n");
353. #endif
354.  
355. free(skinny);
356.  
357. sendinc = sendinc + 1;
358.  
359. unsigned char *charicinfo = malloc(512);
360. recv(sockfd, charicinfo, 512, 0);
361. #ifdef DEBUG
362. printf("recved charic info\n");
363. #endif
364. free(charicinfo);
365.  
366. unsigned char *login = malloc(LENGTHOFUSERNAME + LENGTHOFPASSWORD + 12);
367. login[0] = 0xaa;
368. login[1] = 0x00;
369. login[2] = LENGTHOFUSERNAME + LENGTHOFPASSWORD + 9;
370. login[3] = 0x03;
371. login[4] = sendinc;
372. login = login + 5;
373.  
374. register unsigned int n = 1;
375. register unsigned int i;
376.  
377. login[0] = LENGTHOFUSERNAME;
378.  
379. for (i = 0; i < LENGTHOFUSERNAME; i++, n++)
380. {
381. login[n] = USERNAME[i];
382. }
383.  
384. login[n] = LENGTHOFPASSWORD;
385. n = n + 1;
386.  
387. for (i = 0; i < LENGTHOFPASSWORD; i++, n++)
388. {
389. login[n] = PASSWORD[i];
390. }
391.  
392. login[n] = 0x4e;
393. login[n+1] = 0xec;
394. login[n+2] = 0x57;
395. login[n+3] = 0x23;
396. login[n+4] = 0x00;
397.  
398. crypt(login, LENGTHOFUSERNAME + LENGTHOFPASSWORD + 7, sendinc);
399. login = login - 5;
400. send(sockfd, login, LENGTHOFUSERNAME + LENGTHOFPASSWORD + 12, 0);
401.  
402. #ifdef DEBUG
403. printf("sent login\n");
404. #endif
405.  
406. free(login);
407.  
408. sendinc = sendinc + 1;
409.  
410. unsigned char *response = malloc(256);
411. int result = recv(sockfd, response, 256, 0);
412.  
413. #ifdef DEBUG
414. printf("recved login response\n");
415. #endif
416.  
417. if (result != 40)
418. {
419. #ifdef DEBUG
420. printf("login response is not the info to the game server, error!\n");
421. #endif
422.  
423. unsigned char inc = response[4];
424. response = response + 5;
425. crypt(response, result, inc);
426.  
427. if (result == 115) //Incorrect password. If you can not remember your password you can get a new one from the Nexus patron page.
428. {
429. printf("%s\n", response + 2);
430. }
431.  
432. else //That name does not exist.
433. {
434. printf("%s\n", response + 1);
435. }
436.  
437. response = response - 5;
438. free(response);
439. }
440.  
441. else
442. {
443. #ifdef DEBUG
444. printf("login response is ok! connect to game server\n");
445. #endif
446.  
447. response = response + 8; //skip the first packet, it is just 00 00 00 unencrypted saying "correct login"
448.  
449. unsigned char *gsip = malloc(4);
450. unsigned int gsport;
451. gsip[0] = response[7]; //the ip is sent in reverse
452. gsip[1] = response[6];
453. gsip[2] = response[5];
454. gsip[3] = response[4];
455. gsport = (response[9] | (response[8] << 8));
456.  
457. unsigned char importantbytes[2];
458. importantbytes[0] = response[24 + LENGTHOFUSERNAME];
459. importantbytes[1] = response[25 + LENGTHOFUSERNAME];
460.  
461. response = response - 8;
462.  
463. free(response);
464.  
465. unsigned char *cresponse = malloc(9);
466. cresponse[0] = 0xaa;
467. cresponse[1] = 0x00;
468. cresponse[2] = 0x06;
469. cresponse[3] = 0x1b;
470. cresponse[4] = sendinc;
471. cresponse = cresponse + 5;
472. cresponse[0] = 0x01;
473. cresponse[1] = 0x0d;
474. cresponse[2] = 0x00;
475. cresponse[3] = 0x00;
476. crypt(cresponse, 4, sendinc);
477. cresponse = cresponse - 5;
478. send(sockfd, cresponse, 9, 0);
479.  
480. #ifdef DEBUG
481. printf("sent client response from servers OK to connect to game server\n");
482. #endif
483.  
484. free(cresponse);
485.  
486. sendinc = 0;
487.  
488. shutdown(sockfd, SHUT_RDWR);
489. close(sockfd);
490.  
491. #ifdef DEBUG
492. printf("closed login server socket\n");
493. #endif
494.  
495. sockfd = socket(AF_INET, SOCK_STREAM, 0);
496.  
497. addr.sin_family = AF_INET;
498. addr.sin_port = htons(gsport);
499. addr.sin_addr.s_addr = htonl((gsip[0] << 24) | (gsip[1] << 16) | (gsip[2] << 8) | gsip[3]);
500.  
501. connect(sockfd, (struct sockaddr*)&addr, sizeof(addr));
502.  
503. #ifdef DEBUG
504. printf("connected to game server\n");
505. #endif
506.  
507. unsigned char *intro = malloc(22 + LENGTHOFUSERNAME);
508. intro[0] = 0xaa;
509. intro[1] = 0x00;
510. intro[2] = 19 + LENGTHOFUSERNAME;
511. intro[3] = 0x10;
512. intro[4] = sendinc;
513. intro[5] = 0x09;
514. intro[6] = 0x4e;
515. intro[7] = 0x65;
516. intro[8] = 0x78;
517. intro[9] = 0x6f;
518. intro[10] = 0x6e;
519. intro[11] = 0x49;
520. intro[12] = 0x6e;
521. intro[13] = 0x63;
522. intro[14] = 0x2e;
523. intro[15] = LENGTHOFUSERNAME;
524.  
525. n = 16;
526. for (i = 0; i < LENGTHOFUSERNAME; i++, n++)
527. {
528. intro[n] = USERNAME[i];
529. }
530. intro[n] = 0x00;
531. intro[n+1] = 0x00;
532. intro[n+2] = importantbytes[0];
533. intro[n+3] = importantbytes[1];
534. intro[n+4] = 0x01;
535. intro[n+5] = 0x00;
536.  
537. send(sockfd, intro, 22 + LENGTHOFUSERNAME, 0);
538.  
539. #ifdef DEBUG
540. printf("sent intro packet to game server\n");
541. #endif
542.  
543. free(intro);
544.  
545. sendinc = sendinc + 1;
546. }
547.  
548. time_t a = time(NULL);
549.  
550. while (1)
551. {
552. unsigned char *buffer = malloc(65536);
553. int result = recv(sockfd, buffer, 65536, 0);
554.  
555. #ifdef DEBUG
556. printf("recved data in while(1) loop\n");
557. #endif
558.  
559. if (result == 0)
560. {
561. printf("ERROR: result == 0\n");
562. free(buffer);
563. close(sockfd);
564. return -1;
565. }
566.  
567. int length = buffer[2] | (buffer[3] >> 8) + 3;
568. if (length != result)
569. {
570. #ifdef DEBUG
571. printf("length of received data is not the same as result\n");
572. #endif
573.  
574. struct packets *packet = splitpacket(buffer, result);
575.  
576. #ifdef DEBUG
577. printf("split packets\n");
578. #endif
579.  
580. register int n;
581. for (n = 0; n < packet-> n; n++)
582. {
583. identifypacket(packet->buffers[n], packet->lengths[n]);
584. }
585.  
586. #ifdef DEBUG
587. printf("identifed packet\n");
588. #endif
589.  
590. free(packet->lengths);
591. free(packet->buffers);
592. free(packet);
593. }
594.  
595. else
596. {
597. #ifdef DEBUG
598. printf("length of packet is equal to result, only 1 packet\n");
599. #endif
600.  
601. identifypacket(buffer, result);
602.  
603. #ifdef DEBUG
604. printf("identified packet\n");
605. #endif
606. }
607.  
608. //printf("%d\t%d\n", time(NULL) - a, result);
609.  
610. free(buffer);
611.  
612. time_t b = time(NULL);
613. if (b >= a + 32)
614. {
615. unsigned char *keepalive = malloc(8);
616. keepalive[0] = 0xaa;
617. keepalive[1] = 0x00;
618. keepalive[2] = 0x05;
619. keepalive[3] = 0x1b;
620. keepalive[4] = sendinc;
621. keepalive = keepalive + 5;
622. keepalive[0] = 0x00;
623. keepalive[1] = 0x00;
624. keepalive[2] = 0x00;
625. crypt(keepalive, 3, sendinc);
626. keepalive = keepalive - 5;
627. send(sockfd, keepalive, 8, 0);
628. free(keepalive);
629.  
630. sendinc = sendinc + 1;
631. a = a + 32;
632. }
633. }
634.  
635. shutdown(sockfd, SHUT_RDWR);
636. close(sockfd);
637.  
638. return 0;
639. }
640.  
641. /*
642. 6 right
643. 4 up
644.  
645. 0000 aa 00 0b 32 1c 50 d2 34 73 75 55 70 7f 32 ...2.P.4suUp.2
646. aa 00 0b
647. 32
648. 1c
649.  
650. */