---ULTIMATE WINSOCK PACKET EDITOR PRO TUTORIAL---
Written by DJRehab
I Introduction and Required Files
II Basic Overview of WPE Pro
III Understanding Packets
IV Sniffing Packets
V Sending Packets
VI Filtering Packets
PART I - Introduction and Required Files
Winsock Packet Editor Pro (referred to as WPE Pro) is a packet editing utility
used for many purposes related to network analyzation, security, and game hacking (which
is what will be covered in this tutorial). WPE Pro analyzes, or "captures" packets (data)
sent and recieved over a network, in this case the internet. Packets are divided into raw
bytes which are hex codes which give issue commands for the server to execute (SENT
packets), or issue commands for the client to execute (RECIEVED packets). Game hackers can
use WPE Pro to modify the packets sent/recieved by the client or to send a single or set
of packet(s) to a server. Modifying packets can completely change the outcome of the
action taken by the client/server to the advantage of the player.
To recieve a copy of WPE Pro go to http://wpepro.net/index.php?categoryid=9 and
while you are there, snag a copy of Perm Edit as well. Perm Edit can be used to grant
system access to WPE Pro allowing it to target files which are hidden processes (World of
Warcraft is a good example).
PART II - Basic Overview of WPE Pro
In this section, I will briefly describe the functions available in WPE Pro. Note
that more information on these functions will be explained later on in this tutorial.
Target Program - This will allow you to select the process to capture packets from
(Your game client's .exe file) If you cannot find your game client in the process list,
you need to grant WPE Pro system access with Perm Edit.
Trace Console - This consists of a Play Button, Pause Button, and Stop Button
which will start, pause, and stop packet analyzation (or sniffing). It also displays a
buffer gauge which shows how much of your network resources are being used by the game
client, and a Packet gauge showing how many packets have been captured by WPE Pro. (Click
on "Trace Console" next to "Target Program" to show/hide this feature). You can also use
the Detail tab to display a more detailed packet capture display telling how many packets
captured were Sent, SendTo, Recieved, RecievedFrom. To return to the default gauges click
the "Gauge" tab.
Actions Console (Filters)- This display by default your Packet Filters (which are
used to modify or change packets). In this console you can double click a filter to change
the settings of the filter. To start filtering (modifying) the packets just click the "On"
button at the top of this console and click "Off" to stop filtering. (Note that packet
filters cannot be edited while the packet filter feature is ON. You can also Save, Save
As, or Open with the Folder and Disk Icons. The "X" Icon will erase the selected filter,
and the Trash Can Icon will erase all filters in the list.
Actions Console (Send) - Clicking the "Send" tab in the Actions Console will
display the "Send List" which can be used to send a list or single packet to the server
any amount of times (1 time - Continuously Send). To add a packet to be sent to the server
click the Blank Page icon, and input the data to be sent to the server. Make sure the
"size" of the packet is the size of the original packet and identical to the original
packet you captured that you wish to send. You can also save/open packet lists in this
window for future use of the same hack you have created. The start/stop buttons will start
or stop a packet send. Make sure that you set the socket ID for the packet before sending
to the server or it will result in error (see "Sending Packets" below).
Packet Data Window - After you capture packets and hit the stop button, a window
will appear with the information captured. It will display the source of the packet, the
destination of the packet, the packet size, all the bytes in the packet, and whether it
was a Send, SendTo, Recv, RecvFrom packet. Here is where you will collect information for
building Send Lists or Packet Filters. Upon selecting a packet, all the data will be shown
in the bottom half of the window (which is useful for packets that will not fit in the top
half of the window as it only shows the first 42 or so bytes of the packet) To save the
list of packets captured, you can save a text file in the "File" dropdown menu with
File>Save As>Text File I always use Hide IPs as it is easier to compare this way.
PART III - Understanding Packets
First of all, before thinking "Hey, I get it now lets go hack me 80 Billion Gold,
Buy Uber Weapons, Hack my character to level 999 and sell my account on EBay" STOP. It's
not gonna happen like that and you are better off reading the rest of this tutorial before
even attempting something so childish...but if you must go waste an hour of your life and
than come back to this tutorial.
Before you hack the world mr. hot head, you must understand a packet and how the
client and server reacts to them. A packet consists of bytes which are hex-based codes
ranging from 00 to FF in hex. If you do not understand Hex I will give a little example
but will not linger on the subject (if you don't understand use Google) 00 - 09 are just
that...0 - 9...but 10 in hex is not really ten, but 16.....0A is 10 in hex. Below is a
little table to help understand Hex Codes:
00 - 0
01 - 1
02 - 2
03 - 3
04 - 4
05 - 5
06 - 6
07 - 7
08 - 8
09 - 9
0A - 10
0B - 11
0C - 12
0D - 13
0E - 14
0F - 15
10 - 16
11 - 17
12 - 18
13 - 19
14 - 20
15 - 21
16 - 22
17 - 23
18 - 24
19 - 25
1A - 26
1B - 27
1C - 28
1D - 29
1E - 30
1F - 31
and so forth all the way up to FF which is 255.
Every byte in the packet feeds the server information on what action to perform...here is
an example packet which is not real or belonging to any game at all, but just an
example...
20 00 3A 4C 00
The first byte (20) or two bytes (20 00) USUALLY tell the server which action to
perform....lets pretend the first two bytes 20 00 tell the server to move the character (I
know this because I sniffed packets of only moving the player around and taking no other
action and they all started with the same two bytes). the bytes following a command are
arguments or parameters for the command "Move Player" meaning the programmer made the game
to accept three arguments for the command "Move Player" (assuming this is a basic packet
structure...some programmers have better security than a plain packet like the one in the
example, but moving on...)
PART IV - Sniffing Packets
Using the example made up game from above I will teach you how to Sniff and do a
basic analysis on packets. After Targeting your client program (Click "Target program">
"You Game Client's .exe Here") Click the "Play Button" on the Console window. Go back to
the game client, and move up...no other direction, just up. Go back to WPE Pro and click
the "Stop Button" in the console window...if you dont know what Play/Stop buttons look
like you are retarded and hopeless to the game hacking community stop reading now, go to
walmart and buy a cheap DVD Player and read the manual, and than come back
After capturing packets of the player moving in no direction but up you may get the
following packets:
(NOTE ONLY LOOK AT THE "SENT" PACKET TYPES NOT THE "RECV"...YOU CAN DISABLE EVEN CAPTURING
THE RECV PACKETS IN THE DROP DOWN MENU "View > Option"...I ALWAYS UNCHECK RECV and
RECVFROM AS THESE ARE NOT USUALLY NEEDED IN PACKET EDITING)
20 00 3A 4C 00 (The original "Move Player" packet from above /\)
20 00 3A 4B 00
20 00 3A 4A 00
20 00 3A 49 00
See the pattern here....thats what packet sniffing is about, patterns and comparisons. we
now know that the the 2nd argument (4C in the original packet) is the Y position of the
character. We can perform many tests to figure out (decode) what the other arguments mean
now...so lets just move to the left while scanning starting with the original packet...
20 00 3A 4c 00
20 00 39 4C 03
20 00 38 4C 03
20 00 37 4C 03
Can you guess what the 1st argument is......if you guessed the X position of the player,
you are correct! but heres another one for ya....we got one more parameter (the last byte)
but what could it be....hmmmmm
first one to reply with the correct answer gets a cookie :-)
So now we got the "Move Player" command down....the first two bytes tell the server to
move player, the next byte is the X position followed by a byte containing the Y position,
and than the ********* of the player as the final byte.
I smell a warp hack in the making right now....hopefully you get the just of what packets
are/do now and how to scan for them...we will now continue on to the next section on
sending packets!
PART V - Sending Packets
Using the above example I made up in the "Sniffing Packets" section I will teach
you how to send packets. Now that we know the break down of the "Move Player" command we
will make a basic teleport hack using the "Send Packet" function of WPE Pro. First step is
to add the packet to the list.
There are two ways we can do this. The first step in both ways of sending packets
is to click the "Send" tab in the Actions Console (The bottom tabs on the left side of the
screen where it says Filters/Send).
The hard way is to manually add the packet by clicking the "Blank Page" Icon. We
know the size of the "Move Player" packet is 5 bytes so adjust this setting to 5 and you
will have 5 bytes to input data into. You can manually input "20 00 3A 4C 00" which is the
original example packet. Now modify byte 3 and 4 to hex values of the X position and Y
position you wish to warp to and name it "Teleport Player" (bytes 3 and 4 are the bytes
containing "39 4c" if your lame and can't count).
The easy way to add the packet is go the Packet Analysis Window and right click on
any of the "Move Player" packets and click "Add to Send List" and than double clicking on
the packet that was added to the send list and editing the X/Y position bytes.
Before sending a packet you must always get the Open Socket that the client is
using which is very easily done...just right click any of the Move Player packets in the
Packet Analysis Window and click "Set Send List with this socket id".
Now in your send list, click the check box and check the packet you have created
than click the Play button. In the pop-up window click the radio button labeled "(NUMBER
HERE) Time(s)" and make it 1 Time. The timer does not matter as it is just the pause in
milliseconds between sending the packet list again (which is not applicable here as we are
sending it one time). Make sure the radio button "Open Socket" is marked, and the open
socket is already put in the box because we used "Set Send List with this socket id".
Click the play button.
If the packet was sent successfully the Action Consol will display "Sent: 1
Error: 0" if it does not, than you're retarded and didnt follow directions. go back to the
client and OMG I'm standing on a wall!.....well...just modify the packet to a different
location, and send again until you're at the right position :-)
If you did not teleport, the client may be holding you X/Y position locally as
well which means you will have to log out, than log back in....than you will appear at the
location you warped to.....did I just hear a n00b shouting "w00t b1tchez"??? :-D
Part VI - Filtering Packets
Now you know how to send packets and you feel like king shizznit dont you? wel its
not all over yet...most of the popular game hacks used are actually through packet
filtering. In the Action Console click back over to the "Filters" tab and it will show a
filters list. now lets start sniffing packets and use a skill...we'll say "FireBall Lvl 1"
on the "Wild Pigmonkey"...now stop the sniffing and the Packet Analysis window will come
up with something like this:
1A 3B 34 56 08 22
Now sniff again using the skill "Earth Blast Lvl 1" on the same enemy we will get
this:
1A 3B 2B 70 08 22
BINGO!!! the 3rd and 4th byte is the skill used
(FireBall = 34 56 and Earth Blast = 3B 70)
Lets make a filter....Double Click on "Filter 1"
In the "Search" fields click on the box on the table under byte "003" and type "34 56"
(the bytes from a FireBall skill)
Now directly under that in the Modify Fields on byte 003 and 004 type for instance "96 2A"
Now uncheck "RECV and RECVFROM" in the "Search In:" section of the filter window.
Name it "FireBall Hack" and click Apply.
Check the box next to "FireBall Hack" and click the "On" button right above the top
filters name, and go back into the client....now cast FireBall.
Holy hell you just casted "Doom Ray Lvl 9" and cause about 20 million damage on the
beast...to bad the admin was watching you and banned you LOL....friek it just create
another account.
Part VII - Closure
Well that's basically it....but there will be more to come when I think of what
needs added to the tutorial. If anyone wishes me to add to this please PM me what you
think I should add as I am always open to suggestions and enjoyed writing this tutorial
for you guys. I hope this has helped someone out there and I wish you all a happy hacking!
Credits go to DJRehab
WPE Pro Tutorial
Subscribe to:
Posts (Atom)