Sunday, June 3, 2012

Packet Editor Progress #1

So, I've spent the last couple weeks working on my packet analyzer/manipulator, hence why it's been so long since the last update here.
Here's an update on the packet analyzer/manipulator's progress:

All the Core's GUI's components are pretty much done. I decided to program the GUI from scratch and have everything be drawn dynamically, so all the graphics are drawn using AS.

I'm going to add options that allow you to change setting on a per-socket basis (for if you have more than one socket connected to it at a time)

The Core GUI's far from finished, but here's a sneak preview of the current system:
Plugins are SWF's (there'll be a custom file type for them when I get around to it containing important information like which functions to hook, which Core variables it needs access to, title, ect) so are easy and quick to program. Each plugin will run within it's own window and by default will not be able to access other plugins.

Plugins will by default be able to do the following:
Change their window size, change their window title, have their flash code do whatever they want within their window.
Manipulate incoming/outgoing packets
Send packets and simulate receiving  packets

Things that will probably require extra permissions for plugins are:
Adding servers and ports to the "hooked servers/ports" list
Stop other plugins having access to specific packets (i.e stopping another plugin editing a packet it doesn't want it to edit)
Changing run order of plugins
Loading other plugins
Changing other plugins settings
Accessing/overriding other plugins

I might add more stuff in the future, but that's how I see it now.

The socket hook it uses will be cross-platform (However, Linux uses an outdated version of AIR, so a Linux version might not happen but I can confirm is possible) and works by hooking individual servers/ports. And since it's AIR and plugins are written in flash, it's 100% cross-platform allowing the Core and all plugins to work on Windows, Mac and Linux (when I get around to it), making it one of the few (if not only?) cross-platform packet analyzer/manipulators. But the hook does have some downsides.

To take a look at the hook objectively:
Cross-platform (Windows, Mac, Linux)
Easy to program
Harder for anti-hack/cheat programs to detect as it doesn't involve modifying programs to hook sockets
Not many (if any) anti-hack/cheat programs check for this specific type of hook
No need to piss around with "socket ID's"
Still possible to detect
Works per-server instead of per-program, so can pick up unwanted connections from other programs trying to access the hooked server
Also works per-port and any connections to unhooked ports on the hooked server will be dropped/time out.

I'm expecting the first release to come out in about a month from now.

here's the gist of my progress including percentage completes:
Core: 30% - Core GUI: 60%, Core API: 30%, Core Hook: 30%
Plugins: 15% - Plugin integration: 60%, Packet Analyzer Plugin: 0%, Packet Manipulator Plugin: 0%

No comments: