I don't think I have the same source tho, because I am able to log in and work the source for a longer time now, anyway the problem that it had with was the patch for DX9 version didn't work, I am working on the DX8 only and I was trying to resolve that. Also I know that the currently modified original Conquer.exe is sending the packets to my account server because I can see the packet dump that I am displaying for login. I can share them and you will see the difference, also I am able to log in without the password with your method and modifying the authserver login method to not require the password, but that is out of option .
So here is the packet from your method that I use on the original 6609 client is:
Packet Length : 312, PacketType: 1542
38 01 06 06 00 00 00 00 77 61 72 00 00 00 00 00 ;8war
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ;
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ;
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ;
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ;
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ;
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ;
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ;
00 00 00 00 00 00 00 00 4D 79 43 6F 6E 71 75 65 72 ;MyConquer
00 00 00 00 00 00 00 00 30 30 31 35 35 44 33 35 ;00155D35
43 37 45 33 00 00 00 00 00 00 00 00 00 00 00 00 ;C7E3
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ;
00 31 30 00 00 00 00 00 00 00 00 00 00 00 00 00 ;10
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ;
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ;
00 00 00 00 FE 98 CD 0F C6 01 92 93 F9 1F 8E B8 ;■?═╞??∙?╕
7D 80 82 FF 17 2A 4C AB D3 36 2D 91 7A DE EE 33 ;}?? *L½╙6-?z▐ε3
39 7F 6F 9A 6C BB 09 77 1D 62 A9 DA C1 13 8E 01 ;9o?l╗ wb⌐┌┴?
D0 B3 82 43 79 4C 27 EE 94 82 89 53 5E A6 64 7C ;╨│?CyL'ε???S^ªd|
BD 58 10 4D 07 96 E3 41 ;╜XM?πA
User: [war] Server: [MyConquer] MacID: [C7E3] Password: []
as you can see here the password field is empty, also I am also not sure if this is the right packet from which the client sends the password but highly likely...
and the one from the what I believe is the modified patched Conquer.exe that was used with this source sends this one:
Packet Length : 312, PacketType: 1542
38 01 06 06 00 00 00 00 77 61 72 00 00 00 00 00 ;8war
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ;
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ;
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ;
00 00 00 00 00 00 00 00 03 72 8C 81 00 00 00 00 ;r?ü
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ;
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ;
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ;
00 00 00 00 00 00 00 00 4D 79 43 6F 6E 71 75 65 72 ;MyConquer
00 00 00 00 00 00 00 00 30 30 31 35 35 44 33 35 ;00155D35
43 37 45 33 00 00 00 00 00 00 00 00 00 00 00 00 ;C7E3
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ;
00 31 30 00 00 00 00 00 00 00 00 00 00 00 00 00 ;10
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ;
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ;
00 00 00 00 A0 DF FB 39 69 30 F7 8A C0 41 C5 6B ;á▀√9i0≈?└A┼k
5D 46 E9 56 B9 12 CB 1B 99 98 2C F5 FA 09 5E F8 ;]FΘV╣╦?,⌡· ^°
AF 46 53 61 78 5F A1 DD 02 62 B3 73 29 4D 5A 3A ;»FSax_í▌b│s)MZ:
A0 E8 3C 4E C7 63 D0 F4 7A 5B BA 54 2A FB 09 43 ;áΦ<N╟c╨⌠z[║T*√ C
96 EB 4A 0F EE 49 24 1F ;?δJεI$
User: [war] Server: [MyConquer] MacID: [C7E3] Password: [war]
you can see here the 03 72 8C 81 or the ascii: ;r?ü is the password (war) sent from that client for which the server source uses this XOR decryption method which i believe is what was modified for the patched Conquer.exe on how to send the password, so it can decrypt it:
public static string DecryptXor(byte[] data, byte size)
{
byte[] buffer = new byte[Math.Min(size, (byte)32)];
for (int i = 0; i < Math.Min(size, (byte)32); i++)
{
buffer[i] = (byte)(Key1[(i * 0x2c) % 0x20] ^ data[i]);
buffer[i] = (byte)(Key2[(i * 0x63) % 0x20] ^ buffer[i]);
}
return System.Text.Encoding.ASCII.GetString(buffer).Replace("\0", "");
}
so what I am asking is how the original Conquer.exe sends the password, is it encrypted, hashed or maybe like a plain text(i doubt that). Also is that 1542 packet the right one to look for the password in?
ps. I am not so familiar with reverse engineering, tried it but that is out of my expertise
