(adsbygoogle = window.adsbygoogle || []).push({}); You must login or register to view this content.

*Correct me if I am wrong about this, I haven't went packet messing in a couple of months*

// Things in italic I'm pretty sure makes no sense or is wrong

[size='4']// Also this is not the exact way to do it, doesn't show how to bypass checks, following it this way will you get you nowhere unless you know how to complete all pre-tasks (which will not be included because I want it kept secure and out of noob reach)[/size]


Also if you don't understand a raw packet or packet injection then don't read this! If you think you put this into your savefile also stop reading this. You see a source code you compile correct? OF COURSE!




Basically take this source code in a compiler and compile the script (if you don't know how to do that then forget it just please stop reading now).

After compiling continue the concept below the source code.

You must login or register to view this content.

    #define SRC_ETHER_ADDR "aa:aa:aa:aa:aa:aa"

#define DST_ETHER_ADDR "bb:bb:bb:bb:bb:bb"

#define SRC_IP "192.168.0.10"

#define DST_IP "192.168.0.11"



typedef struct EthernetHeader{



unsigned char destination[6];

unsigned char source[6];

unsigned short protocol;



}EthernetHeader;



typedef struct ArpHeader{



unsigned short hardware_type;

unsigned short protocol_type;

unsigned char hard_addr_len;

unsigned char prot_addr_len;

unsigned short opcode;

unsigned char source_hardware[6];

unsigned char source_ip[4];

unsigned char dest_hardware[6];

unsigned char dest_ip[4];

}ArpHeader;





int CreateRawSocket(int protocol_to_sniff)

{

int rawsock;



if((rawsock = socket(PF_PACKET, SOCK_RAW, htons(protocol_to_sniff)))== -1)

{

perror("Error creating raw socket: ");

exit(-1);

}



return rawsock;

}



int BindRawSocketToInterface(char *device, int rawsock, int protocol)

{



struct sockaddr_ll sll;

struct ifreq ifr;



bzero(&sll, sizeof(sll));

bzero(&ifr, sizeof(ifr));



/* First Get the Interface Index */





strncpy((char *)ifr.ifr_name, device, IFNAMSIZ);

if((ioctl(rawsock, SIOCGIFINDEX, &ifr)) == -1)

{

printf("Error getting Interface index !n");

exit(-1);

}



/* Bind our raw socket to this interface */



sll.sll_family = AF_PACKET;

sll.sll_ifindex = ifr.ifr_ifindex;

sll.sll_protocol = htons(protocol);





if((bind(rawsock, (struct sockaddr *)&sll, sizeof(sll)))== -1)

{

perror("Error binding raw socket to interfacen");

exit(-1);

}



return 1;



}





int SendRawPacket(int rawsock, unsigned char *pkt, int pkt_len)

{

int sent= 0;



/* A simple write on the socket ..thats all it takes ! */



if((sent = write(rawsock, pkt, pkt_len)) != pkt_len)

{

/* Error */

printf("Could only send %d bytes of packet of length %dn", sent, pkt_len);

return 0;

}



return 1;





}



EthernetHeader* CreateEthernetHeader(char *src_mac, char *dst_mac, int protocol)

{

EthernetHeader *ethernet_header;





ethernet_header = (EthernetHeader *)malloc(sizeof(EthernetHeader));



/* copy the Src mac addr */



memcpy(ethernet_header->source, (void *)ether_aton(src_mac), 6);



/* copy the Dst mac addr */



memcpy(ethernet_header->destination, (void *)ether_aton(dst_mac), 6);



/* copy the protocol */



ethernet_header->protocol = htons(protocol);



/* done ...send the header back */



return (ethernet_header);

}



ArpHeader *CreateArpHeader(void)

{

ArpHeader *arp_header;

in_addr_t temp;



arp_header = (ArpHeader *)malloc(sizeof(struct ArpHeader));



/* Fill the ARP header */

arp_header->hardware_type = htons(ARPHRD_ETHER);

arp_header->protocol_type = htons(ETHERTYPE_IP);

arp_header->hard_addr_len = 6;

arp_header->prot_addr_len = 4;

arp_header->opcode = htons(ARPOP_REPLY);

memcpy(arp_header->source_hardware, (void *)ether_aton(SRC_ETHER_ADDR) , 6);

temp = inet_addr(SRC_IP);

memcpy(&(arp_header->source_ip), &temp, 4);

memcpy(arp_header->dest_hardware, (void *) ether_aton(DST_ETHER_ADDR) , 6);

temp = inet_addr(DST_IP);

memcpy(&(arp_header->dest_ip), &temp, 4);



return arp_header;

}







/* argv[1] is the device e.g. eth0 */



main(int argc, char **argv)

{



int raw;

unsigned char *packet;

EthernetHeader *ethernet_header;

ArpHeader *arp_header;

int pkt_len;



/* Create the raw socket */



raw = CreateRawSocket(ETH_P_ALL);



/* Bind raw socket to interface */



BindRawSocketToInterface(argv[1], raw, ETH_P_ALL);



/* create Ethernet header */



ethernet_header = CreateEthernetHeader(SRC_ETHER_ADDR, DST_ETHER_ADDR, ETHERTYPE_ARP);



/* Create ARP header */



arp_header = CreateArpHeader();



/* Find packet length */



pkt_len = sizeof(EthernetHeader) + sizeof(ArpHeader);



/* Allocate memory to packet */



packet = (unsigned char *)malloc(pkt_len);



/* Copy the Ethernet header first */



memcpy(packet, ethernet_header, sizeof(EthernetHeader));



/* Copy the ARP header - but after the ethernet header */



memcpy((packet + sizeof(EthernetHeader)), arp_header, sizeof(ArpHeader));



/* Send the packet out ! */



if(!SendRawPacket(raw, packet, pkt_len))

{

perror("Error sending packet");

}

else

printf("Packet sent successfullyn");



/* Free the memory back to the heavenly heap */



free(ethernet_header);

free(arp_header);

free(packet);



close(raw);



return 0;

} 

This code is in c++ for a raw socket (?or packet holder?) which allows you to modify packets given from a gave to save it,edit it, and injected/resend(?) it back into the game server allowing different effects. Taking the raw socket you can now connect with ws/we/wireshark and start the real business.

Caputre:
The packets come by the tens,hundreds,and thousands. One or two packets can contain same data just going to different places. Capture the ammo packet which is fairly easy. Set-up,shoot,capture.

Edit:
The fun part, you edit what the packet does and the instructions to whenever decrease or increase the ammo amount. Therefore you can take the packet that subtracts hex from one place to another and basically put 90's all around the code data. Most programs read hex 90 has 'No Operation'.

Send:
This part is what makes the hack work. Basically just send the edited packet before interval between packet 1 and duplicate packet 1(2) comes in. This takes mere seconds and quite easy. Now test the hack.

Credits:

• Coldblade (myself for this guide)
  
• the_god91 (source code)
  

Edit 1:
#define SRC_IP "192.168.0.10"
#define DST_IP "192.168.0.11"

60% of the time leaving this like that will mess up the process. You need to find a free IP
that other computers don't connect to. Some computers uses 2 IPs, 1 for main networking and another for proxy transfer. Edit the source IP (SRC) and detestation (DST) ip to what suits your settings.

Edit 2:


I had to modify the header a little to prevent noobs from reading this. You don't put this into your save file !>.>!

This dose work, yes. Easy? Hell no... Sure you can just throw all the code in CodeWorrior but your gonna have to code each of the variables. rawsock is a variable and it isnt defined so that will show up during debug along with others... This code is very raw. But if you manage to completely compile it, you should be able to send correctly signed headers with all your packets. Id start with simple 'hello' packets to see if you get a response. If you do, your in business. You will actually need to know how to re write the packets so they can be understood by the recipient. You cant just grab random packets and send them. Also remember that the internet is composed of packets, thats how anything communicates. This isnt just limited to COD...

just keep this stuff in mind.

Ok thanks for the information.

This dose work, yes. Easy? Hell no... Sure you can just throw all the code in CodeWorrior but your gonna have to code each of the variables. rawsock is a variable and it isnt defined so that will show up during debug along with others... This code is very raw. But if you manage to completely compile it, you should be able to send correctly signed headers with all your packets. Id start with simple 'hello' packets to see if you get a response. If you do, your in business. You will actually need to know how to re write the packets so they can be understood by the recipient. You cant just grab random packets and send them. Also remember that the internet is composed of packets, thats how anything communicates. This isnt just limited to COD...

just keep this stuff in mind.

Yeah nice, I use packet injection to bypass the 360 patch.

I didn't think of doing the hacks straight from the packet injection, nice post.