miércoles, 9 de enero de 2013

WhatsApp get Basic Info Sniffing


Well, the another day I was seeing the raw data in wireshark, when i see my own phone number in the screen, amazing i said to my self, scrolling the mouse over the wireshark windows I see my WhatsApp version.

I try get the messages but they are encrypted by the WhatsApp aplication.

I dont know if exist one program to decrypt the messages.

I'm able to programing in C, then I write some code for get the Basic info of the whatsapp messages like:

  • MAC Address
  • phone number
  • running version of whatsapp

in a friendly format!!.

If you are follow some person and you want to sniffing his Wireless traffic, you can isolate only one MAC Address communications.

source code: readWAbasicinfo-0.r3.tar.bz2

you need have libpcap installed, and the raw pcap file.

I try do it in real time but it's complicate.

compilation: gcc -o readWAbasicinfo readWAbasicinfo.c -lpcap



Grettings!!

Update 2015/02/26 whatsapp  version 2.11.14.348-5222 for IOS


viernes, 4 de enero de 2013

Map Memory Save File [DS] Yu-Gi-Oh 5Ds World Championship 2011 Over the Nexus

Today I try hack the save file of Yu-Gi-Oh 5Ds World Championship 2011 Over the Nexus for Nintendo DS Running on R4 without succes

I extract two save files, one before and after buy some item.

The first with 1902 coins and the next with 1752 coins

I rename the files like Partida1.sav and Partida2.sav

after do hexdump to the files .hex the command diff should be work to make more easy the search....

root@localhost:# printf "%X\n" 1902
076E

root@localhost:# diff Partida1.sav.hex Partida2.sav.hex  | grep 76e
< 000b860 076e 0000 0000 0101 0001 0000 0000 1f03

root@localhost:# printf "%X\n" 1752
6D8

root@localhost:# diff Partida1.sav.hex Partida2.sav.hex  | grep 6d8
> 0008520 0000 1111 1311 001e 06d8 0000 0000 0101
> 000b860 06d8 0000 0000 0101 0001 0000 0000 1f03

000b860 Its the Address to go, in both cases has the values



< 000b860 076e
> 000b860 06d8


BUT dont work, I use one hex - edit put FFFF in that address but in the game dont make changes, I can  play it without problem

after other chages around  0008520 address the Nintendo DS show one nice BSOD... (B is for Black in this case lol)

after review the full hexcode of the save file I found something of interest


0C80 Record Deck ... 868 bytes??
0F80 Record Deck ... ""
4440 Current Deck??
54B0 1111 28 Times
6530 >>>> 28 Times
65C0 Record Deck
6C00  &;DLPRT
6C09 Zeros..
7AB0 1111 28 Times
8500 SYS_DT      (System Data)??
A949 First Tag
B839 SYS_A       (System A... )????


I found more things like replay games, system info, cards numbers etc...

When i edited around SYS_DT info the BSOD appear in the screen of the Nintendo DS.. may be exist a checksum over there

Still under Construction...

Regards!!

Buscar en el Blog

Populares siempre