There are three stages: [[#Flipping|Flipping]], [[#Interleaving|interleaving]] and "[[#Dickwinding|dickwinding]]". These only apply to the actual packet data (including the ID) and ''not'' the length bytes. For most client-to-server packets there is also a byte inserted immediately following the packet ID which we will refer to as the "[[#Counter|counter]]".
===Flipping===
All of the bytes in a packet are simply have their most significant bits flipped (i.e. XOR 0x80).
e.g. <pre>0x20 -> 0xA0
or
0x17 -> 0x97
</pre>
===Interleaving===
Packets are "woven" in to each-other using the following patterns.
Encoding e.g. <pre>abcde -> aebdc
or
abcdef -> afbecd
</pre>
This is the only step that requires different code for encoding and decoding.
Decoding e.g. <pre>abcde -> acedb
or
abcdef -> acefdb
</pre>
===Dickwinding===
This was named by Sausage and first implemented in the EOProxy project. There are two numbers sent from the server to the client on connect between 6 and 12 that represent a "send packet swap multiple" and a "receive packet swap multiple".
Any two bytes next to each other in the packet data that are divisible by that number are flipped.
<pre>Multiple = 5 (ASCII values: T=84, a=97, g=103, h=104, i=105, s=115, x=120)
"This is a gay six" -> "Thsi si a gay xis"</pre>
===Counter===
There are 2 values sent on connect, and with every [[PACKET_PING|ping packet]] that comes from the server, that give the client a "starting counter ID". A private counter is kept on both the server and the client that increases from 0 to 9 for each packet sent before looping back to 0. If a packet is sent with the wrong counter value (should be starting + loopingcount), the server usually disconnects them (however, no private servers implement this, and only some packets do on the official servers). When the "starting counter ID" is updated by a ping packet, the counter does not reset. | 