Looking Into The Runescape Packets!

(Program) = to scan the TCP connections from my computer to a server. The program Analyzes the connection and intercepts the packets traveling througth this connection.

Okay so I'm using a program to scan the TCP connections from my computer to a server. The program Analyzes the connection and intercepts the packets traveling througth this connection.

So I read the sticky "401 about runescape" which talks about packets and such. So after reading that I opened up the runescape world 55 and started the (program) then logged in runescape. I stopped the (program) and it had about 12 diffrent packets being sent from the Runescape server (63.31.109.3) to my IP. now there is more I'm guessing that the numbers im about to type are my clients ports and the servers ports.

Client port: 2180

Server port: 43594

I now Stream back the TCP and look at it's contents and this is one of them that seems to be to most interesting.

This seems to be quite interesting but I looked back to see were the source is and it comes back to my IP and says that: (MY IP) > (RS2 SERVER)

which means im sending that info to the server.

Take a closer look in the quote above in there it says:

"AUTO.+.M..r.$..K..k.$G.
K...Iron axe.e..K.....Follow...
.Trade with..s
.Req Assist..J......AUTO.9........Welcome to RuneScape"

notice the "iron axe" as soon as I saw this I logged back in and guess what in my hand was a iron axe which means The client sends whats is in your hand to the server? which doesnt make any bit of sense as to how the client would remember this from the last time you loged in?

any help decoding this son of a bitch and were all gonna be rich..

 

For the last time Runescape is server-side not client-side. All data and information is pulled from the server. The limited amount of information that is saved into your client is matched with the server's value periodically anyway which is why using programs such as ArtMoney will make you have billions of GP but it will disappear as soon as you drop it, bank it, trade it, etc. because your client verifies the value with the server's value.

 

Yes, Nullware but listen I know thats how it works i'm not a super n00b and if you read the post i said that I read TerranKillers Sticky about how this all works but look below






that is the first connection made to the server and its from my IP --> RS Server

and this is the packet that holds the information i posted in the above reply

 

LOL!! I tracked the IP of the RS server and look were it took me!





so i'm not sure right now if this is were one of the RS Teams is stationd or what but thats a big f'n House lol!

 

That doesn't mean there's an "RS Team" there it just means that's where a server is hosted.

Don't you think it's exactly like I said. Your client is verifying things with the server. I'm guessing you'd already logged in and out of the account shortly before so your client had an iron axe in it's memory. When you logged in again it's sending that and other data to be checked with the server. Nothing at all you can do.

 

darn lol thougth i had something........


thanks tho but wat decrytion method would be used to decryte that?

 

Sorry I really don't know anything about Packet Encryption/Decryption or even about Packets at all. I do understand the concept of Server-side and Client-side and that's why I was able to tell you what I did. Best of luck finding out what you want.

 

Watch how far you go. The best of hackers that play runescape/played have or has been Ip banned before... Good luck anyways m8. *psst* Track them to the building and take over there Master computer*/psst*

 

LOL! We could always just go reason with them *COUGH* *COUGH* lol thanks for the feedback and yesi have proxies in order im not that dumb lol...

 

I bet that's Zezima's house J/k

Someone should really stop by that house though rofl.

 

I think he's saying that's like a cashed version. If you were to send a false packet to the server saying that you're holding a whip rather then an axe, then it would have an axe in your hands but soon as you try and use it, it would convert back to an iron axe.

Also, I don't see how you could tell what that code means through all the periods and random numbers with out some sort of knowlage of what it means to begin with.

Perhaps your password is encypted in there also

 

Ya i was also thinking that If you type the username with a false password it would have to verify that password but how by sending you a password througth a packet right? So the packet would need to be decrytped but i think this is something of Jagex's own incryption? so maybe we can figure the "Algerithim" if thats how you spell it? plus I can put this into diffrent Encryptions like HEX. but that above is in ASCII or watever you call it? but i think this could be a very easy way of hacking accounts and such?

Anyone with help or opinions please reply!

 

Bump...

 

That would be aweseome if we could change whats in your invo and what your wielding, kinda weird how it says auto in the runescape packet.

 

Wow complicated.
If you make youself have 100m, when does it change? when it goes into the trade screen or when its completely traded? >

 

Dude nice. I will look into it I know quite a lot of people who do this kind of stuff and people who hacked runescape back in the day when it wasn't secure.

 

Maybe if we could cause a disconnect in that nano-second it would stay true with the server and the client? O-o

Also, didn't the party hat dupe occur by injecting packets?

 

To bad it's near impossible to replicate packet location origination. If the server detects a bad packet, it won't accept it.

 

Yes this is all very possible, but we have to keep working on this not just discard it..

so i thank you all for your help and support and I will keep intouch on here also tell me if you have any answers at all?

 

The server modifies it's own saved data based on what you do in the client but it does not use any "saved" or "cached" data from the client.
The saved data on the server NEVER gets overwritten with data that was saved or cached in the client.

Yes and no. It occured using a glitch in the way the trading system worked back then and was fixed very quickly once Jagex realized what was wrong. Basically players would use a program to send packets saying they were trading an item in a quantity of 0 (zero). This confused the server that one player was giving zero of one item so he should still have it after the trade and since the other player was receiving quantity zero of the item he should receive an item and thus both players ended up with the item.