WPE Pro Tutorial

---ULTIMATE WINSOCK PACKET EDITOR PRO TUTORIAL---
Written by DJRehab

I Introduction and Required Files
II Basic Overview of WPE Pro
III Understanding Packets
IV Sniffing Packets
V Sending Packets
VI Filtering Packets



PART I - Introduction and Required Files

Winsock Packet Editor Pro (referred to as WPE Pro) is a packet editing utility

used for many purposes related to network analyzation, security, and game hacking (which

is what will be covered in this tutorial). WPE Pro analyzes, or "captures" packets (data)

sent and recieved over a network, in this case the internet. Packets are divided into raw

bytes which are hex codes which give issue commands for the server to execute (SENT

packets), or issue commands for the client to execute (RECIEVED packets). Game hackers can

use WPE Pro to modify the packets sent/recieved by the client or to send a single or set

of packet(s) to a server. Modifying packets can completely change the outcome of the

action taken by the client/server to the advantage of the player.

To recieve a copy of WPE Pro go to http://wpepro.net/index.php?categoryid=9 and

while you are there, snag a copy of Perm Edit as well. Perm Edit can be used to grant

system access to WPE Pro allowing it to target files which are hidden processes (World of

Warcraft is a good example).


PART II - Basic Overview of WPE Pro

In this section, I will briefly describe the functions available in WPE Pro. Note

that more information on these functions will be explained later on in this tutorial.


Target Program - This will allow you to select the process to capture packets from

(Your game client's .exe file) If you cannot find your game client in the process list,

you need to grant WPE Pro system access with Perm Edit.


Trace Console - This consists of a Play Button, Pause Button, and Stop Button

which will start, pause, and stop packet analyzation (or sniffing). It also displays a

buffer gauge which shows how much of your network resources are being used by the game

client, and a Packet gauge showing how many packets have been captured by WPE Pro. (Click

on "Trace Console" next to "Target Program" to show/hide this feature). You can also use

the Detail tab to display a more detailed packet capture display telling how many packets

captured were Sent, SendTo, Recieved, RecievedFrom. To return to the default gauges click

the "Gauge" tab.


Actions Console (Filters)- This display by default your Packet Filters (which are

used to modify or change packets). In this console you can double click a filter to change

the settings of the filter. To start filtering (modifying) the packets just click the "On"

button at the top of this console and click "Off" to stop filtering. (Note that packet

filters cannot be edited while the packet filter feature is ON. You can also Save, Save

As, or Open with the Folder and Disk Icons. The "X" Icon will erase the selected filter,

and the Trash Can Icon will erase all filters in the list.


Actions Console (Send) - Clicking the "Send" tab in the Actions Console will

display the "Send List" which can be used to send a list or single packet to the server

any amount of times (1 time - Continuously Send). To add a packet to be sent to the server

click the Blank Page icon, and input the data to be sent to the server. Make sure the

"size" of the packet is the size of the original packet and identical to the original

packet you captured that you wish to send. You can also save/open packet lists in this

window for future use of the same hack you have created. The start/stop buttons will start

or stop a packet send. Make sure that you set the socket ID for the packet before sending

to the server or it will result in error (see "Sending Packets" below).


Packet Data Window - After you capture packets and hit the stop button, a window

will appear with the information captured. It will display the source of the packet, the

destination of the packet, the packet size, all the bytes in the packet, and whether it

was a Send, SendTo, Recv, RecvFrom packet. Here is where you will collect information for

building Send Lists or Packet Filters. Upon selecting a packet, all the data will be shown

in the bottom half of the window (which is useful for packets that will not fit in the top

half of the window as it only shows the first 42 or so bytes of the packet) To save the

list of packets captured, you can save a text file in the "File" dropdown menu with

File>Save As>Text File I always use Hide IPs as it is easier to compare this way.


PART III - Understanding Packets

First of all, before thinking "Hey, I get it now lets go hack me 80 Billion Gold,

Buy Uber Weapons, Hack my character to level 999 and sell my account on EBay" STOP. It's

not gonna happen like that and you are better off reading the rest of this tutorial before

even attempting something so childish...but if you must go waste an hour of your life and

than come back to this tutorial.

Before you hack the world mr. hot head, you must understand a packet and how the

client and server reacts to them. A packet consists of bytes which are hex-based codes

ranging from 00 to FF in hex. If you do not understand Hex I will give a little example

but will not linger on the subject (if you don't understand use Google) 00 - 09 are just

that...0 - 9...but 10 in hex is not really ten, but 16.....0A is 10 in hex. Below is a

little table to help understand Hex Codes:

00 - 0
01 - 1
02 - 2
03 - 3
04 - 4
05 - 5
06 - 6
07 - 7
08 - 8
09 - 9
0A - 10
0B - 11
0C - 12
0D - 13
0E - 14
0F - 15
10 - 16
11 - 17
12 - 18
13 - 19
14 - 20
15 - 21
16 - 22
17 - 23
18 - 24
19 - 25
1A - 26
1B - 27
1C - 28
1D - 29
1E - 30
1F - 31

and so forth all the way up to FF which is 255.

Every byte in the packet feeds the server information on what action to perform...here is

an example packet which is not real or belonging to any game at all, but just an

example...

20 00 3A 4C 00

The first byte (20) or two bytes (20 00) USUALLY tell the server which action to

perform....lets pretend the first two bytes 20 00 tell the server to move the character (I

know this because I sniffed packets of only moving the player around and taking no other

action and they all started with the same two bytes). the bytes following a command are

arguments or parameters for the command "Move Player" meaning the programmer made the game

to accept three arguments for the command "Move Player" (assuming this is a basic packet

structure...some programmers have better security than a plain packet like the one in the

example, but moving on...)

PART IV - Sniffing Packets

Using the example made up game from above I will teach you how to Sniff and do a

basic analysis on packets. After Targeting your client program (Click "Target program">

"You Game Client's .exe Here") Click the "Play Button" on the Console window. Go back to

the game client, and move up...no other direction, just up. Go back to WPE Pro and click

the "Stop Button" in the console window...if you dont know what Play/Stop buttons look

like you are retarded and hopeless to the game hacking community stop reading now, go to

walmart and buy a cheap DVD Player and read the manual, and than come back

After capturing packets of the player moving in no direction but up you may get the

following packets:

(NOTE ONLY LOOK AT THE "SENT" PACKET TYPES NOT THE "RECV"...YOU CAN DISABLE EVEN CAPTURING

THE RECV PACKETS IN THE DROP DOWN MENU "View > Option"...I ALWAYS UNCHECK RECV and

RECVFROM AS THESE ARE NOT USUALLY NEEDED IN PACKET EDITING)

20 00 3A 4C 00 (The original "Move Player" packet from above /\)

20 00 3A 4B 00
20 00 3A 4A 00
20 00 3A 49 00

See the pattern here....thats what packet sniffing is about, patterns and comparisons. we

now know that the the 2nd argument (4C in the original packet) is the Y position of the

character. We can perform many tests to figure out (decode) what the other arguments mean

now...so lets just move to the left while scanning starting with the original packet...

20 00 3A 4c 00

20 00 39 4C 03
20 00 38 4C 03
20 00 37 4C 03

Can you guess what the 1st argument is......if you guessed the X position of the player,

you are correct! but heres another one for ya....we got one more parameter (the last byte)

but what could it be....hmmmmm

first one to reply with the correct answer gets a cookie :-)

So now we got the "Move Player" command down....the first two bytes tell the server to

move player, the next byte is the X position followed by a byte containing the Y position,

and than the ********* of the player as the final byte.

I smell a warp hack in the making right now....hopefully you get the just of what packets

are/do now and how to scan for them...we will now continue on to the next section on

sending packets!

PART V - Sending Packets

Using the above example I made up in the "Sniffing Packets" section I will teach

you how to send packets. Now that we know the break down of the "Move Player" command we

will make a basic teleport hack using the "Send Packet" function of WPE Pro. First step is

to add the packet to the list.

There are two ways we can do this. The first step in both ways of sending packets

is to click the "Send" tab in the Actions Console (The bottom tabs on the left side of the

screen where it says Filters/Send).

The hard way is to manually add the packet by clicking the "Blank Page" Icon. We

know the size of the "Move Player" packet is 5 bytes so adjust this setting to 5 and you

will have 5 bytes to input data into. You can manually input "20 00 3A 4C 00" which is the

original example packet. Now modify byte 3 and 4 to hex values of the X position and Y

position you wish to warp to and name it "Teleport Player" (bytes 3 and 4 are the bytes

containing "39 4c" if your lame and can't count).

The easy way to add the packet is go the Packet Analysis Window and right click on

any of the "Move Player" packets and click "Add to Send List" and than double clicking on

the packet that was added to the send list and editing the X/Y position bytes.

Before sending a packet you must always get the Open Socket that the client is

using which is very easily done...just right click any of the Move Player packets in the

Packet Analysis Window and click "Set Send List with this socket id".

Now in your send list, click the check box and check the packet you have created

than click the Play button. In the pop-up window click the radio button labeled "(NUMBER

HERE) Time(s)" and make it 1 Time. The timer does not matter as it is just the pause in

milliseconds between sending the packet list again (which is not applicable here as we are

sending it one time). Make sure the radio button "Open Socket" is marked, and the open

socket is already put in the box because we used "Set Send List with this socket id".

Click the play button.

If the packet was sent successfully the Action Consol will display "Sent: 1

Error: 0" if it does not, than you're retarded and didnt follow directions. go back to the

client and OMG I'm standing on a wall!.....well...just modify the packet to a different

location, and send again until you're at the right position :-)

If you did not teleport, the client may be holding you X/Y position locally as

well which means you will have to log out, than log back in....than you will appear at the

location you warped to.....did I just hear a n00b shouting "w00t b1tchez"??? :-D

Part VI - Filtering Packets

Now you know how to send packets and you feel like king shizznit dont you? wel its

not all over yet...most of the popular game hacks used are actually through packet

filtering. In the Action Console click back over to the "Filters" tab and it will show a

filters list. now lets start sniffing packets and use a skill...we'll say "FireBall Lvl 1"

on the "Wild Pigmonkey"...now stop the sniffing and the Packet Analysis window will come

up with something like this:

1A 3B 34 56 08 22

Now sniff again using the skill "Earth Blast Lvl 1" on the same enemy we will get

this:

1A 3B 2B 70 08 22

BINGO!!! the 3rd and 4th byte is the skill used
(FireBall = 34 56 and Earth Blast = 3B 70)

Lets make a filter....Double Click on "Filter 1"

In the "Search" fields click on the box on the table under byte "003" and type "34 56"

(the bytes from a FireBall skill)
Now directly under that in the Modify Fields on byte 003 and 004 type for instance "96 2A"

Now uncheck "RECV and RECVFROM" in the "Search In:" section of the filter window.

Name it "FireBall Hack" and click Apply.

Check the box next to "FireBall Hack" and click the "On" button right above the top

filters name, and go back into the client....now cast FireBall.

Holy hell you just casted "Doom Ray Lvl 9" and cause about 20 million damage on the

beast...to bad the admin was watching you and banned you LOL....friek it just create

another account.

Part VII - Closure

Well that's basically it....but there will be more to come when I think of what

needs added to the tutorial. If anyone wishes me to add to this please PM me what you

think I should add as I am always open to suggestions and enjoyed writing this tutorial

for you guys. I hope this has helped someone out there and I wish you all a happy hacking!

Credits go to DJRehab