I need help decompressing D2 packets

Juniper · March 14, 2006, 04:26 AM

Hi,
I'm actually not sure if this thread belongs to this forum or the "general programming" forum, so if I posted in the wrong place - sorry!

I've been reading these forums for about 2 weeks now, I must have read every thread with the word "decompress" in it and I even downloaded some VB projects that some people posted but I still can't find something that appears to be very simple to most programmers here.

I'm looking for a took/application that will sniff packets while I'm in a game (D2), decompress the packing that come from bnet servers and parse them to some window online.
I basically just want to be able to see the packets decompressed so I could see what kind of response I get for sending certain packets to bnet.

Does such application exists? can anyone point me in the right direction? please?
thanks in advance,
Jun

l2k-Shadow · March 14, 2006, 08:13 AM

In order to actually have the packets decompress and go to a user-created window, you'd have to make a program which hooks on d2 and packet logs itself, why bother with so much work? Get a packet sniffer such as, WPE PRO (google search will lead you to download link, i'm sure). Then just copy the packets... and use http://forum.valhallalegends.com/index.php?topic=13890.msg141696#msg141696 code to decompress.

Juniper · March 20, 2006, 03:14 PM

Did anyone write a packet decoder in C?
If so, is there any chance I could get it? or see the source code? it would really help me alot.

thanks.

Explicit · March 20, 2006, 03:52 PM

You could port the linked code in l2k-Shadow's post to C.

Juniper · March 20, 2006, 04:18 PM

I think that this was already ported from C, I'm looking for the source code, or rather, a working source code in C that decompresses the packets.

l)ragon · March 23, 2006, 12:55 AM

Quote from: Juniper on March 20, 2006, 04:18 PM
I think that this was already ported from C, I'm looking for the source code, or rather, a working source code in C that decompresses the packets.

http://forum.valhallalegends.com/phpbbs/index.php?board=31;action=display;threadid=4109;start=msg33961#msg33961

Cant find the original post lol.

Juniper · May 24, 2006, 05:01 PM

Hi,

Is this: http://forum.valhallalegends.com/phpbbs/index.php?board=31;action=display;threadid=4109;start=msg33961#msg33961 still valid?
Are the packets still compressed today (new patch) like they were when that post was posted (2003)?

thanks,
Juniper

l2k-Shadow · May 24, 2006, 05:10 PM

Yeah, the code still works... I was going to post that link but I saw reference to you downloading VB projects, so I thought that's what you were looking for.

Juniper · May 29, 2006, 05:21 PM

Ok, I'm back! and this time I have some results with me!
I've rewritten the code that Brand.X posted in http://forum.valhallalegends.com/index.php?topic=585.msg4318#msg4318 .
I am now trying to figure out if I actually got it right, in order to do that I need one (or some) of you to pass the following packets through your packet decompressor and give me the result, so I could compare it to mine.

Here are the packets. Note that these are compressed packets (payload only), S -> C:

Packet #1: 0c 58 1a 1d 38 62 14 93 8f c9 96 80
Packet #2: 07 1f 7f ff ff ff c0
Packet #3: 0f 52 0c ce 8a 63 c3 8b a9 ca e9 9e 94 59 b0
Packet #4: 10 52 0c ce 8a 63 c3 80 44 e3 42 67 a5 16 6c 00

Someone please decompress these and post the results, I must know if what I did so far is even working.

thanks in advance,
Juniper.

teK · May 30, 2006, 01:04 AM

Code Select


6D FB 01 15 F4 42 15 93 12 80

8F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

67 BE 1F 50 81 01 59 15 58 12 01 00 0D 4B 00 05

67 BE 1F 50 81 01 71 15 6E 12 01 00 0D 4B 00 05

Juniper · May 30, 2006, 04:38 AM

First of all, thanks for replying.
your decoded packets are not the same as mine.

Is your decoding procedure based on Brand.X's code and tables?
Did anyone else try to decode these packets by any change and got a different result?

Thanks,
Juniper

l2k-Shadow · May 30, 2006, 02:45 PM

Juniper you do realize that even if you manage to join a game, you will not be able to stay in it for a long period of time due to the fact that wardenclient check(which has not been publicly documented yet, and unless you can crack it yourself, you will probably not get the information) will just kick you off within a minute of joining the game.

Besides that though I will be posting my decompression results the moment I get home.

Juniper · May 30, 2006, 03:09 PM

Hi,
I've managed to use Brand.X's C code and use it to succesfully decode the packets (results are the same as what teK pasted).

I am wondering about something though. In the GamePacketSize function there is a value saved for "offset". But I haven't yet found out what use that offset has. Can anyone shed some light onto this?

Thanks.

Ringo · May 30, 2006, 03:13 PM

Quote from: Juniper on May 30, 2006, 03:09 PM
I am wondering about something though. In the GamePacketSize function there is a value saved for "offset". But I haven't yet found out what use that offset has. Can anyone shed some light onto this?

It returns the offset to the decompressed data/lengh of the lengh header.
I was gonner post a class i wrote awhile back, but you have got it working now, so no need

Juniper · May 30, 2006, 03:20 PM

Hey Ringo,
I didn't quite understand that. It is an offset to some part in the original packet that is already decompressed? Also, what is a lengh header?