Hercules WPE Free - June 14th Patch

@@Haru What if I use this tool http://www.robrowser.com/prototype/packet-keys/ then I copy existing values (of a specific client date) but changing randomly some numbers? For example, for the 20141022 default keys are: 0x290551EA0x2B952C750x2D67669B Just changing them a little bit:0x290552EA0x2B951C750x2D67679BThe tool says "Passed" but my questions are: does it makes sense? are my keys strong enough?
If it shows passed, that means its strong, you can use those

 
how bout for 20130807 ? 

i already added this

#if PACKETVER >= 20130807

packetKeys(0x7E241DE0,0x5E805580,0x3D807D80);

#ifdef PACKETVER_RE

#else

#endif // PACKETVER_RE

#endif

also 

// Whether to enable the official packet obfuscation support (good vs WPE)
// 0: disabled
// 1: optional (not recommended) -- identifies whether it is required
// 2: enabled (recommended)
packet_obfuscation: 2
 
and added at diff 
first, second and third as 7E241DE0,5E805580 and 3D807D80 using nemo patcher v2.5...
 
also im running pre-renewal...
 
but rpe is still working on my server.. where did i miss?
 
Last edited by a moderator:
how bout for 20130807 ? 

i already added this

#if PACKETVER >= 20130807

packetKeys(0x7E241DE0,0x5E805580,0x3D807D80);

#ifdef PACKETVER_RE

#else

#endif // PACKETVER_RE

#endif

also 

// Whether to enable the official packet obfuscation support (good vs WPE)
// 0: disabled
// 1: optional (not recommended) -- identifies whether it is required
// 2: enabled (recommended)
packet_obfuscation: 2
 
and added at diff 
first, second and third as 7E241DE0,5E805580 and 3D807D80 using nemo patcher v2.5...
 
also im running pre-renewal...
 
but rpe is still working on my server.. where did i miss?
check this http://www.robrowser.com/prototype/packet-keys/

20130807
Code:
0x7E241DE0 0x5E805580 0x3D807D80
BROKEN (4)
 
Use custom keys if its broken..

You can diff custom keys using nemo

And then change it in src/maps/packets.h

 
Use custom keys if its broken..

You can diff custom keys using nemo

And then change it in src/maps/packets.h
or use

./configure --with-key1=0xFIRSTKEY --with-key2=0xSECONDKEY --with-key3=0xTHIRDKEY

if you use /configure and make

 
1 question...what if the hacker hooks the client skill send() function and make the client process the packet id generation? Is there any way to stop him doing that?

 
Just check this page, and if default keys for your date i broken (and they are), just choose ones that are not. Like these ones:

Code:
0x434115DE 0x34A10FE9 0x6791428E
 
Last edited by a moderator:
I'm using the 2013-08-07 client.

I've modified the required files as per the instructions in this topic. [Diffed in 3 working keys using NEMO, edited client.conf and edited packets.h]

My client connects to the server without any errors, but I'm still able to spam skills/packets using WPE.

I think someone did mention earlier that this client doesnt work, but I don't think anybody confirmed it.

Does this mean that the 2013-08-07 client is definitely not compatible with the feature?

It would be a shame if one of the most stable clients didn't support the best Hercules feature.
default_sad.png


--------------------------

EDIT

--------------------------

Nvm..

I got it to work on the 2013-08-07 client.

Tried changing the keys a few times. 4th time was the charm.

If any of the previous posters who had issues with the 2013-08-07 client are still interested, these are the keys I used -

1581359

55F86C1E

6AFB6E2E

I don't know if these are strong enough or not, because I didn't quite understand the concept of strong/weak keys.

But they passed the test here - http://www.robrowser.com/prototype/packet-keys/ , so I guess they should be good enough.

A big thanks to all those who contributed to developing this feature as well as all those who provide support for it on these forums.

And I guess someone could update the list of compatible clients on the first post..
default_biggrin.png


 
Last edited by a moderator:
Those keys aren't all that strong. Stronger than the ones that originally came with the 2013-08-07 client, but still weak. They don't seem to pass the test at the URL you posted.

 
Those keys aren't all that strong. Stronger than the ones that originally came with the 2013-08-07 client, but still weak. They don't seem to pass the test at the URL you posted.
any tip for a strong key? like which letter/number to use or start with?

 
You can generate your own custom packet keys and check how strong it is by using this tool by Nanakiwurtz.
 

Nkwz RO Toolkit

 
Last edited by a moderator:
1. If the key passes the test on that URL, you can use it on all clients, yes (provided that you compile Hercules with the same key)

2. That URL will tell you. I don't really know how to generate a strong key, but I observed that the second key must be an odd number (ending with 1, 3, 5, 7, 9, B, D, F). If it's an even number, it will repeat after a few iterations. Not all the sets with an odd key are strong, but all sets where the second key is even, are weak (that happens because of the key schedule function that Gravity uses).

3. I'll try to explain it briefly.

After each packet sent, the client (and the server), applies a function to the current encryption (sub-)key to make it different for each packet sent (this is what prevents tools such as WPE from working for packet spamming, because if the key changes, a packet can't be re-played as it is).

Each packet will be a different encryption/decryption sub-key, which is derived from the three original keys, by applying some sort of mathematical function (this is called the key schedule). The page you linked, runs the key schedule algorithm over and over (iterates it) several times, checking if the encryption sub-key changes every time. When it detects that the key didn't change, it reports a failure. The iteration number is how many times the key schedule function was applied before it started repeating the same key.

I hope it makes any sense
default_smile.png


 
Back
Top