• Welcome to Valhalla Legends Archive.
 

Reverse Engineering suggestions

Started by thetempest, December 21, 2003, 04:29 PM

Previous topic - Next topic
Print
|
Go Down Pages1
User actions

thetempest

December 21, 2003, 04:29 PM
Hey,

I'm intresting in hearing methods and ideas on ways to reverse engineer a RTS's INGAME mplayer packet protocol.

most importantly, how to associate action->packetID...the reason i think that that is SO difficult is because there are always packets FLYING everywhere. I dont know how to distenquish between the two.

Thanks

Adron

#1
December 21, 2003, 07:18 PM
Find the pattern!

Try to minimize what happens all the time, then look for the pattern in that. You may need to sample a lot of data.

After you see what is "nothing", do "something", perhaps many times, and look for the change in the pattern. If all of the pattern changes randomly, disassemble the game and look for encryption or compression of packets.

Grok

#2
December 21, 2003, 08:12 PM
Yup I do the same.  It is important to understand what 'chatter' exists free from your overt actions.  You can figure out the chatter later, it's often less fun.  Once you filter that out, or by just ignoring it, do something unique, and something less unique, that are the same class of action.

Like, shoot an enemy, then shoot a non-target.  You should have two new packets, both indicating you fired a shot, and possibly different parameters.  Unless they were in the same spot, you'll at least be shooting a different vector or grid location.

If you have a clean well-designed protocol, it could lend itself to figuring out.  I've been trying to figure out the protocol for one of my work applications for over a year.  It's a near-total mess, but the header is consistently organized.  It has an ID in the first WORD, which is a nice start.  But the rest of the packet data is such junk!  90% 00's most of the time.

iago

#3
December 22, 2003, 02:00 AM
In starcraft, when I do work on ingame packets, I dump them all to the screen and a file, with some pattern-filters.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

thetempest

#4
December 22, 2003, 11:05 PM
what progs you use iago to filter?

iago

#5
December 23, 2003, 04:47 AM
I call them "if" statements..
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Grok

#6
December 23, 2003, 06:34 AM
Quote from: iago on December 23, 2003, 04:47 AM
I call them "if" statements..

No way?  Me too!  j/k.  switch() is superior in nearly every case I'm accustomed to handling.

Kp

#7
December 23, 2003, 09:55 AM
Quote from: Grok on December 23, 2003, 06:34 AM
switch() is superior in nearly every case

*kick*  Bad pun!
[19:20:23] (BotNet) <[vL]Kp> Any idiot can make a bot with CSB, and many do!

Banana fanna fo fanna

#8
December 24, 2003, 09:57 PM
That was indeed terrible and horrific. -1
Print
|
Go Up Pages1
User actions