• Welcome to Valhalla Legends Archive.
 

I need help decompressing D2 packets

Started by Juniper, March 14, 2006, 04:26 AM

Previous topic - Next topic

Juniper

Hi,
I'm actually not sure if this thread belongs to this forum or the "general programming" forum, so if I posted in the wrong place - sorry!  ::)

I've been reading these forums for about 2 weeks now, I must have read every thread with the word "decompress" in it and I even downloaded some VB projects that some people posted but I still can't find something that appears to be very simple to most programmers here.

I'm looking for a took/application that will sniff packets while I'm in a game (D2), decompress the packing that come from bnet servers and parse them to some window online.
I basically just want to be able to see the packets decompressed so I could see what kind of response I get for sending certain packets to bnet.

Does such application exists? can anyone point me in the right direction? please?
thanks in advance,
Jun

l2k-Shadow

In order to actually have the packets decompress and go to a user-created window, you'd have to make a program which hooks on d2 and packet logs itself, why bother with so much work? Get a packet sniffer such as, WPE PRO (google search will lead you to download link, i'm sure). Then just copy the packets... and use http://forum.valhallalegends.com/index.php?topic=13890.msg141696#msg141696 code to decompress.
Quote from: replaced on November 04, 2006, 11:54 AM
I dunno wat it means, someone tell me whats ix86 and pmac?
Can someone send me a working bot source (with bnls support) to my email?  Then help me copy and paste it to my bot? ;D
Já jsem byl určenej abych tady žil,
Dával si ovar, křen a k tomu pivo pil.
Tam by ses povídaj jak prase v žitě měl,
Já nechci před nikym sednout si na prdel.

Já nejsem z USA, já nejsem z USA, já vážně nejsem z USA... a snad se proto na mě nezloběj.

Juniper

Did anyone write a packet decoder in C?
If so, is there any chance I could get it? or see the source code? it would really help me alot.

thanks.

Explicit

You could port the linked code in l2k-Shadow's post to C.
I'm awake in the infinite cold.

[13:41:45]<@Fapiko> Why is TehUser asking for wang pictures?
[13:42:03]<@TehUser> I wasn't asking for wang pictures, I was looking at them.
[13:47:40]<@TehUser> Mine's fairly short.

Juniper

I think that this was already ported from C, I'm looking for the source code, or rather, a working source code in C that decompresses the packets.

l)ragon

Quote from: Juniper on March 20, 2006, 04:18 PM
I think that this was already ported from C, I'm looking for the source code, or rather, a working source code in C that decompresses the packets.

http://forum.valhallalegends.com/phpbbs/index.php?board=31;action=display;threadid=4109;start=msg33961#msg33961

Cant find the original post lol.
*^~·.,¸¸,.·´¯`·.,¸¸,.-·~^*ˆ¨¯¯¨ˆ*^~·.,l)ragon,.-·~^*ˆ¨¯¯¨ˆ*^~·.,¸¸,.·´¯`·.,¸¸,.-·~^*

Juniper

Hi,

Is this: http://forum.valhallalegends.com/phpbbs/index.php?board=31;action=display;threadid=4109;start=msg33961#msg33961 still valid?
Are the packets still compressed today (new patch) like they were when that post was posted (2003)?


thanks,
Juniper

l2k-Shadow

Yeah, the code still works... I was going to post that link but I saw reference to you downloading VB projects, so I thought that's what you were looking for.
Quote from: replaced on November 04, 2006, 11:54 AM
I dunno wat it means, someone tell me whats ix86 and pmac?
Can someone send me a working bot source (with bnls support) to my email?  Then help me copy and paste it to my bot? ;D
Já jsem byl určenej abych tady žil,
Dával si ovar, křen a k tomu pivo pil.
Tam by ses povídaj jak prase v žitě měl,
Já nechci před nikym sednout si na prdel.

Já nejsem z USA, já nejsem z USA, já vážně nejsem z USA... a snad se proto na mě nezloběj.

Juniper

Ok, I'm back! and this time I have some results with me!
I've rewritten the code that Brand.X posted in http://forum.valhallalegends.com/index.php?topic=585.msg4318#msg4318 .
I am now trying to figure out if I actually got it right, in order to do that I need one (or some) of you to pass the following packets through your packet decompressor and give me the result, so I could compare it to mine.

Here are the packets. Note that these are compressed packets (payload only),  S -> C:

Packet #1: 0c 58 1a 1d 38 62 14 93 8f c9 96 80
Packet #2: 07 1f 7f ff ff ff c0
Packet #3: 0f 52 0c ce 8a 63 c3 8b a9 ca e9 9e 94 59 b0
Packet #4: 10 52 0c ce 8a 63 c3 80 44 e3 42 67 a5 16 6c 00


Someone please decompress these and post the results, I must know if what I did so far is even working.

thanks in advance,
Juniper.

teK


6D FB 01 15 F4 42 15 93 12 80

8F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

67 BE 1F 50 81 01 59 15 58 12 01 00 0D 4B 00 05

67 BE 1F 50 81 01 71 15 6E 12 01 00 0D 4B 00 05

Juniper

First of all, thanks for replying.
your decoded packets are not the same as mine.

Is your decoding procedure based on Brand.X's code and tables?
Did anyone else try to decode these packets by any change and got a different result?

Thanks,
Juniper

l2k-Shadow

Juniper you do realize that even if you manage to join a game, you will not be able to stay in it for a long period of time due to the fact that wardenclient check(which has not been publicly documented yet, and unless you can crack it yourself, you will probably not get the information) will just kick you off within a minute of joining the game.

Besides that though I will be posting my decompression results the moment I get home.
Quote from: replaced on November 04, 2006, 11:54 AM
I dunno wat it means, someone tell me whats ix86 and pmac?
Can someone send me a working bot source (with bnls support) to my email?  Then help me copy and paste it to my bot? ;D
Já jsem byl určenej abych tady žil,
Dával si ovar, křen a k tomu pivo pil.
Tam by ses povídaj jak prase v žitě měl,
Já nechci před nikym sednout si na prdel.

Já nejsem z USA, já nejsem z USA, já vážně nejsem z USA... a snad se proto na mě nezloběj.

Juniper

Hi,
I've managed to use Brand.X's C code and use it to succesfully decode the packets (results are the same as what teK pasted).

I am wondering about something though. In the GamePacketSize function there is a value saved for "offset". But I haven't yet found out what use that offset has. Can anyone shed some light onto this?

Thanks.

Ringo

Quote from: Juniper on May 30, 2006, 03:09 PM
I am wondering about something though. In the GamePacketSize function there is a value saved for "offset". But I haven't yet found out what use that offset has. Can anyone shed some light onto this?
It returns the offset to the decompressed data/lengh of the lengh header.
I was gonner post a class i wrote awhile back, but you have got it working now, so no need :P

Juniper

Hey Ringo,
I didn't quite understand that. It is an offset to some part in the original packet that is already decompressed? Also, what is a lengh header?