Packet 44C and 41C?

03/23/2012 12:50 -impulse-#1

Those packets are sort of new and are sent after the password verification is done, right after the server sends the 41F packet to the client. I want to know exactly what they are for...

Here is a dump:

Code:

Client -> Server: 1100 ~ 52
34 00 4C 04 0A F6 83 01 30 38 30 30 32 37 30 30 45 30 31 45    ;4.L..??.08002700E01E
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    ;....................
00 00 00 00 00 00 00 00 00 00 00 00                            ;............

Client -> Server: 1052 ~ 28
1C 00 1C 04 0A F6 83 01 0B 00 00 00 72 65 73 2E 64 61 74 00    ;.....??.....res.dat.
00 00 00 00 00 00 00 00                                        ;........

So I have no clue what the first packet does (44C), but apparently the second one (NOTE: this is happening on the auth server and not the game server) has 2 ints and 1 string:
unkown:int(4)
value from file res.dat:int(8)
string "res.dat": string(12)

03/23/2012 13:17 � Haydz#2

Quote:
Originally Posted by -impulse-
Those packets are sort of new and are sent after the password verification is done, right after the server sends the 41F packet to the client. I want to know exactly what they are for...

Here is a dump:
Code:
Client -> Server: 1100 ~ 52
34 00 4C 04 0A F6 83 01 30 38 30 30 32 37 30 30 45 30 31 45    ;4.L..??.08002700E01E
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    ;....................
00 00 00 00 00 00 00 00 00 00 00 00                            ;............

Client -> Server: 1052 ~ 28
1C 00 1C 04 0A F6 83 01 0B 00 00 00 72 65 73 2E 64 61 74 00    ;.....??.....res.dat.
00 00 00 00 00 00 00 00                                        ;........
So I have no clue what the first packet does (44C), but apparently the second one (NOTE: this is happening on the auth server and not the game server) has 2 ints and 1 string:
unkown:int(4)
value from file res.dat:int(8)
string "res.dat": string(12)

They aren't really new packets, they've always existed, just the packet types have changed around. (iirc).

The first one (44C), contains the two tokens (key1, key2) and the 12 character string your seeing there is your MAC Address. I couldn't really tell you what this does specifically as it's not referenced in EO and I don't have any co binaries to reverse.

The second (41C), has the structure of:

Code:

ushort MsgSize;
ushort MsgType;
uint    AccountID;
uint dwData;
string szInfo[16];

and basically just sends the integer contained within res.dat (afaik this was one of the methods they used to determine whether you had patched to 4351 back in the mysticmerchant days).

03/23/2012 13:26 -impulse-#3

Thanks Haydz. Well, apparently the client took my virtualbox host-only network MAC... which is why I wouldn't think of it as a MAC.

Unless someone else has misunderstandings about the related packets I request #close.