Post: Packet Inject concept
Options
07-31-2008, 06:02 PM
#1
Coldblade
Haxor!
*Correct me if I am wrong about this, I haven't went packet messing in a couple of months*
// Things in italic I'm pretty sure makes no sense or is wrong
[size='4']// Also this is not the exact way to do it, doesn't show how to bypass checks, following it this way will you get you nowhere unless you know how to complete all pre-tasks (which will not be included because I want it kept secure and out of noob reach)[/size]
Also if you don't understand a raw packet or packet injection then don't read this! If you think you put this into your savefile also stop reading this. You see a source code you compile correct? OF COURSE!
Basically take this source code in a compiler and compile the script (if you don't know how to do that then forget it just please stop reading now).
After compiling continue the concept below the source code.
You must login or register to view this content.
#define SRC_ETHER_ADDR "aa:aa:aa:aa:aa:aa"
#define DST_ETHER_ADDR "bb:bb:bb:bb:bb:bb"
#define SRC_IP "192.168.0.10"
#define DST_IP "192.168.0.11"
typedef struct EthernetHeader{
unsigned char destination[6];
unsigned char source[6];
unsigned short protocol;
}EthernetHeader;
typedef struct ArpHeader{
unsigned short hardware_type;
unsigned short protocol_type;
unsigned char hard_addr_len;
unsigned char prot_addr_len;
unsigned short opcode;
unsigned char source_hardware[6];
unsigned char source_ip[4];
unsigned char dest_hardware[6];
unsigned char dest_ip[4];
}ArpHeader;
int CreateRawSocket(int protocol_to_sniff)
{
int rawsock;
if((rawsock = socket(PF_PACKET, SOCK_RAW, htons(protocol_to_sniff)))== -1)
{
perror("Error creating raw socket: ");
exit(-1);
}
return rawsock;
}
int BindRawSocketToInterface(char *device, int rawsock, int protocol)
{
struct sockaddr_ll sll;
struct ifreq ifr;
bzero(&sll, sizeof(sll));
bzero(&ifr, sizeof(ifr));
/* First Get the Interface Index */
strncpy((char *)ifr.ifr_name, device, IFNAMSIZ);
if((ioctl(rawsock, SIOCGIFINDEX, &ifr)) == -1)
{
printf("Error getting Interface index !n");
exit(-1);
}
/* Bind our raw socket to this interface */
sll.sll_family = AF_PACKET;
sll.sll_ifindex = ifr.ifr_ifindex;
sll.sll_protocol = htons(protocol);
if((bind(rawsock, (struct sockaddr *)&sll, sizeof(sll)))== -1)
{
perror("Error binding raw socket to interfacen");
exit(-1);
}
return 1;
}
int SendRawPacket(int rawsock, unsigned char *pkt, int pkt_len)
{
int sent= 0;
/* A simple write on the socket ..thats all it takes ! */
if((sent = write(rawsock, pkt, pkt_len)) != pkt_len)
{
/* Error */
printf("Could only send %d bytes of packet of length %dn", sent, pkt_len);
return 0;
}
return 1;
}
EthernetHeader* CreateEthernetHeader(char *src_mac, char *dst_mac, int protocol)
{
EthernetHeader *ethernet_header;
ethernet_header = (EthernetHeader *)malloc(sizeof(EthernetHeader));
/* copy the Src mac addr */
memcpy(ethernet_header->source, (void *)ether_aton(src_mac), 6);
/* copy the Dst mac addr */
memcpy(ethernet_header->destination, (void *)ether_aton(dst_mac), 6);
/* copy the protocol */
ethernet_header->protocol = htons(protocol);
/* done ...send the header back */
return (ethernet_header);
}
ArpHeader *CreateArpHeader(void)
{
ArpHeader *arp_header;
in_addr_t temp;
arp_header = (ArpHeader *)malloc(sizeof(struct ArpHeader));
/* Fill the ARP header */
arp_header->hardware_type = htons(ARPHRD_ETHER);
arp_header->protocol_type = htons(ETHERTYPE_IP);
arp_header->hard_addr_len = 6;
arp_header->prot_addr_len = 4;
arp_header->opcode = htons(ARPOP_REPLY);
memcpy(arp_header->source_hardware, (void *)ether_aton(SRC_ETHER_ADDR) , 6);
temp = inet_addr(SRC_IP);
memcpy(&(arp_header->source_ip), &temp, 4);
memcpy(arp_header->dest_hardware, (void *) ether_aton(DST_ETHER_ADDR) , 6);
temp = inet_addr(DST_IP);
memcpy(&(arp_header->dest_ip), &temp, 4);
return arp_header;
}
/* argv[1] is the device e.g. eth0 */
main(int argc, char **argv)
{
int raw;
unsigned char *packet;
EthernetHeader *ethernet_header;
ArpHeader *arp_header;
int pkt_len;
/* Create the raw socket */
raw = CreateRawSocket(ETH_P_ALL);
/* Bind raw socket to interface */
BindRawSocketToInterface(argv[1], raw, ETH_P_ALL);
/* create Ethernet header */
ethernet_header = CreateEthernetHeader(SRC_ETHER_ADDR, DST_ETHER_ADDR, ETHERTYPE_ARP);
/* Create ARP header */
arp_header = CreateArpHeader();
/* Find packet length */
pkt_len = sizeof(EthernetHeader) + sizeof(ArpHeader);
/* Allocate memory to packet */
packet = (unsigned char *)malloc(pkt_len);
/* Copy the Ethernet header first */
memcpy(packet, ethernet_header, sizeof(EthernetHeader));
/* Copy the ARP header - but after the ethernet header */
memcpy((packet + sizeof(EthernetHeader)), arp_header, sizeof(ArpHeader));
/* Send the packet out ! */
if(!SendRawPacket(raw, packet, pkt_len))
{
perror("Error sending packet");
}
else
printf("Packet sent successfullyn");
/* Free the memory back to the heavenly heap */
free(ethernet_header);
free(arp_header);
free(packet);
close(raw);
return 0;
}
This code is in c++ for a raw socket (?or packet holder?) which allows you to modify packets given from a gave to save it,edit it, and injected/resend(?) it back into the game server allowing different effects. Taking the raw socket you can now connect with ws/we/wireshark and start the real business.
Caputre:
The packets come by the tens,hundreds,and thousands. One or two packets can contain same data just going to different places. Capture the ammo packet which is fairly easy. Set-up,shoot,capture.
Edit:
The fun part, you edit what the packet does and the instructions to whenever decrease or increase the ammo amount. Therefore you can take the packet that subtracts hex from one place to another and basically put 90's all around the code data. Most programs read hex 90 has 'No Operation'.
Send:
This part is what makes the hack work. Basically just send the edited packet before interval between packet 1 and duplicate packet 1(2) comes in. This takes mere seconds and quite easy. Now test the hack.
Credits:
- Coldblade (myself for this guide)
- the_god91 (source code)
Edit 1:
#define SRC_IP "192.168.0.10"
#define DST_IP "192.168.0.11"
60% of the time leaving this like that will mess up the process. You need to find a free IP
that other computers don't connect to. Some computers uses 2 IPs, 1 for main networking and another for proxy transfer. Edit the source IP (SRC) and detestation (DST) ip to what suits your settings.
Edit 2:
Originally posted by tarik792
where do u put it i got it in my drive u mean the savegame?
I had to modify the header a little to prevent noobs from reading this. You don't put this into your save file !>.>!
08-22-2008, 09:08 AM
#11
Kirizmaxx
Don't Fear the Repear
hmm ill save this for a while but if we could edit tht packet of ammo r u sayin tht if we were to edit it to say 90 instead of 1 and instead of sending the 1 packet back we inject the duplicate 1 with 90? interesting i think if we can get this right it will be alot easier then Stueys tutorial cuz i did everything he said and no mistakes but its like half luck not to get disconnected half the time i've gotten pretty far but its just plain hard lol
08-22-2008, 11:56 AM
#12
Blazin Bayley
Grunt
08-24-2008, 04:05 AM
#13
Coldblade
Haxor!
Originally posted by Blazin
well we are not all ****ing retards who spend all day making shitty codes to as they say "glitch the system"
ffs get a pissing life, i do glitches thats about it
hacking is a totally diffrent lvl
basicalyl if i dnt no codes n shit dnt bother
ffs get a pissing life, i do glitches thats about it
hacking is a totally diffrent lvl
basicalyl if i dnt no codes n shit dnt bother
Well I guess I'm the censored retard that likes making code to hack a game.
lol I'm not try to bring you down or anything I'm just bored and decided to release this and all.
Copyright © 2026, NextGenUpdate.
All Rights Reserved.
