Titan/I-poker network packet decoding for hand grabbing

[Mattindamaze]

I m trying to develop a hand grabber for titan. I would like to sniff and decode packet rather than read memory but I can't understand the data coding. I tried to decode them in UTF7, UTF8, unicode but it doesn't give anything readable. Anyone have a clue ?

Thanks for your futur answers !

Matt

[Phil153]

An SSL codebreaker is what you need. I think I saw one on eBay the other day.

[Mattindamaze]

you mean they coded the packets in SSL ? So I would need to decode SSL before beeing able to read packets ?

[Phil153]

Sorry, little joke.

SSL is the secure cryptography used for online transactions and such. It's pretty much unbreakable at current computer speeds. All you possess is the encoding key, so once the packet is encoded (before leaving the app), you cannot break it without the decode key (which only the poker site possesses).

Basically this means that packet sniffing is out, which is a great thing since you don't want anyone on the internet being able to read your hole cards or credit card details.

I'm afraid you'll have to use another method.

[jukofyork]

[ QUOTE ]
Sorry, little joke.

SSL is the secure cryptography used for online transactions and such. It's pretty much unbreakable at current computer speeds. All you possess is the encoding key, so once the packet is encoded (before leaving the app), you cannot break it without the decode key (which only the poker site possesses).

Basically this means that packet sniffing is out, which is a great thing since you don't want anyone on the internet being able to read your hole cards or credit card details.

I'm afraid you'll have to use another method.

[/ QUOTE ]
You can always try hooking the SSL_read() function's output parameters.

Surprisingly though some sites don't use SSL (eg: Pacific) and it may turn out that the data is just in some binary format that seems hard to understand. Dump the contents of the (unencrypted) packets to a DOS terminal and open a single table. Then make a video of your desktop and see if you can start to decipher the packet format that way.

Juk [img]/images/graemlins/smile.gif[/img]

[yli]

The poker software must still do the decryption of arriving data, so what you need to do is find out the decryption key. The algorithm used is of lesser importance.

Finding out the structure of the decrypted packet data is a whole different story.

[Phil153]

Yeah for some reason I was thinking about outbound traffic...doh. Of course you have the key for inbound traffic. Juk's method might be worth a try [img]/images/graemlins/smile.gif[/img]

[Mattindamaze]

ok, thanks for your answers, still I m not sure what to do. Regarding pacific stuff I already done the work, packets are in ascii, raw data are directly readable, so I hadn't any problem to understand the data structure. But on titan I got packet with data like :
17030100605182EE1610DB81E324E9B8
F175A15DB65469CAF5F46BCAC88585D9
C06E82725FEBD7892FABBC480F4CB4C9
84C479EDC633AC1D969E58F5022E9B56
A06E979E6C380084B97BFBDB59950450
1602B6424B806253786C6C81A323F2F8
B5E4AFBA97

And without decoding them I can't do anything. One strange thing is that most of them starts with '17030100' string but not all. Could it means that it is not encrypted, or is that a known SSL header ?

Matt

[betafemale]

I also thought about making a handgrabber, as a AHK script. But it will use the chatbox rather than sniffing. So much easier.

[betafemale]

[ QUOTE ]
The poker software must still do the decryption of arriving data, so what you need to do is find out the decryption key.

[/ QUOTE ]

Correct, but the key is not a fixed one, but varies with each session. So the program would have to pick up the key after it has been generated. Very much hassle for such a simple thing as datamining.