I'm working on reverse engineering an online game (League of Legends). While a lot of traffic is unencrypted and easily available through your great tool, is some data e.g. the chat, pub-private key encrypted. I know I can add this private key to wireshark to monitor the data, but how can I find the private key? It must be on my computer since the game is able to connect. It can be in the executable, but it should be possible to retrieve non the less, or am I wrong? Any help or pointers would be greatly appreciated! asked 17 Sep '13, 03:42  ramvi |
One Answer:
I'm sorry, but this is totally unrelated to Wireshark. There are tons of web pages out there with game cheating tools and I'm sure those guys will also be able to help you find the key within the memory of the game client. As soon as you have the SSL/TLS session key (if it is SSL/TLS at all), you can try to decrypt the communication.
Regards answered 17 Sep '13, 04:03  Kurt Knochner ♦ edited 17 Sep '13, 04:10 |
Find the key within memory. Thanks for the pointer! And sorry for asking in the wrong place
Yes, the session key must be in memory to be able to encrypt/decrypt data. There are tools available for various game clients to extract that key (and other data) from the process memory.