From 79de826981479f1f0bbe9889ad20aaee1415d29e Mon Sep 17 00:00:00 2001 From: xGladius Date: Sun, 28 Feb 2021 22:19:33 -0700 Subject: [PATCH] Update README.md --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 2e47c55..133ef76 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,10 @@ # wiz-packet-map +2/28/2021 Update: Kingsisle (you should hire me) decided to patch this by detecting if AuthenticatedSymmetricCipherBase functions were hooked in the function with the sig of `55 8D AC 24 ? ? ? ? 81 EC ? ? ? ? 6A FE`. As of 2/28/2021 this tool is fully funtional and working. + Wizard101 tool that dynamically dumps packet data and decrypts packets to and from the server that use aes-gcm encryption Wizard101 has very recently (11/18/2020) started encrypting important packets using a symmetric-key cryptographic block cipher operation mode called Galois/Counter Mode (GCM) using an implementation from an open source crypto library written in C++ (https://github.com/weidai11/cryptopp/blob/master/gcm.h) -IV and nonce are both 16 bytes, this project just completely bypasses the encryption entirely. - -(mainly to be used in the aid of cheating software I guess, since custom implementation using this method is possible but not recommended or viable or good!) +IV and nonce are both 16 bytes. This project hooks a function in Crypto++ called `AuthenticatedSymmetricCipherBase::ProcessData` to retrieve the inString and outString to retrieve the packet buffer before encryption (or after decryption). -It is also not a token that is generated every few minutes. It is a IV/nonce and a new iv and nonce are generated every time a zone change occurs, and is generated when the initial login packet is sent. +Shoutout to Kingsisle (who is lurking on this repo !!) again, you should hire me! I will write you better security.