Table of Contents:
- Introduction (1/12)
- The Easy Way (2/12)
- Basics (3/12)
- Debugging (4/12)
- Hooking Winsock (5/12)
- Egress – Walking the Call Stack (6/12)
- Egress – Reversing the Request Encrypt Function (7/12)
- Egress – Monitoring (8/12)
- Ingress – Walking the Call Stack (9/12)
- Ingress – Reversing the Response Decrypt Function (10/12)
- Ingress – Monitoring (11/12)
- Conclusion (12/12)
- Source code
This next series of posts will describe how to reverse engineer a client application in order to find out how it communicates with a server. Specifically, what we will find throughout the rest of the series, is how the Age of Empires IV game builds requests and decrypts responses. This will be done in multiple steps: first, we will do some basic analysis on the application with a debugger attached, then we will begin to look at the networking functions that the game uses in order to perform client-server communication. From there, we will look deeper into the game logic and reverse engineer the internal functions that build and decode messages. Lastly, we will wrap by up hooking these internal functions in order to see the decrypted content, which will grant us full control over what is being sent and received.
To do this is going to require a set of tools and libraries. Below is what will be used throughout the rest of this series:
- Tool: x64dbg – A great debugger for x86/x64
- Tool: Visual Studio 2022 – This will be used to develop and debug the API hook DLL
- Library: Detours – We will use this library to perform the API hooking
- Library [optional]: Catch2 – Used for writing unit tests
The tools were downloaded as is, and the libraries were downloaded and installed via vcpkg. The source is available for all of the code that will be written and discussed in this series.