I am into hacking for the learning experience. By hacking I mean writing program code that interferes with other processes and can manipulate their data. I have written a memory scanner in C/C++ that repeatedly scans a windows process for an integer value until the address is singled out. I can then write to the memory address and change that data to whatever I want.

After finishing that project I have learned so much about programming and how memory works. It was a great learning experience. Anyone can download a program that hacks things, but making your own is much more rewarding. This is why I would like to learn more about interfering with packets, in particular online game's packets.

I have read a little bit about packet scanning/sniffing and it seems that pretty much everything is encrypted am I right? And each game can encrypt packets with its own method. So my question is what are some things you can do to find out where in the program is the data you (the client) is sending to the server? Or is that even possible?

I have read a little bit about packet scanning/sniffing and it seems that pretty much everything is encrypted am I right? And each game can encrypt packets with its own method. So my question is what are some things you can do to find out where in the program is the data you (the client) is sending to the server? Or is that even possible?

Packet sniffing can get you a lot of interesting information.


Many games are unencrypted. Most game programmers are practical and will use variations on simple serialization: Pass a size and an identifier to know what data is expected, then pass the data. With a little bit of experience and luck, you can reverse engineer most communication systems very quickly. That kind of simple encoding is pretty easy to figure out, especially if you can run a local server and watch all the traffic between all the machines.

Sadly, there are many cheaters out there who invest in getting that information and modify it on its way to the server. They will analyze the packets and their traffic patterns to find exploits in the game, or find ways to crash the server or crash their opponents.

That's why many major companies require game data to be encrypted. It is often specified as a legal requirement by publishers. As an example, on the X360 all game data is encrypted before it crosses the network so packet sniffing alone won't expose game exploits. But other data, such as VoIP, might be unencrypted due to local wiretap laws.

The same is true for non-game data sent across the wire. Laws for financial and medical records mean that certain data must be protected against simple packet sniffing, so you will see similar measures in place across various industries.