Packets packets packets...

10/05/2012 23:40 badguy4you#1

I have been struggling to understand what is a Packet how could i create one with the data i want then send it to my server

So please any one tell if as example i want to send some info from my client to my server, then handle them from the server

how could i do that

[Note] : i have my socket server, also i don't wanna copy and paste codes i want to UNDERSTAND.

My PacketReader.cs

Spoiler

Handler.cs

Spoiler

Operations is an Enum : ushort

10/06/2012 00:32 I don't have a username#2

Pointers #1

Spoiler

Structs & Pointers #2

Spoiler

DataPackets & Packet Structures

Spoiler

We have already looked a bit into this by using structs, but now we'll look more into it and also how to write/read data using pointers proper by making a datapacket class.

Why do I cover this? Well we'll use this class in the socket tutorial, so it's important you follow here. We won't use structs at any time in this, but the pointer information is still important!

Let's start out by making our datapacket class.
It has to have a variable for a byte array and a property to get it.

It has to be unsafe, because we're going to use pointers.

Code:

    public unsafe class DataPacket
    {
  private byte[] _buffer;
  public byte[] DataBuffer
  {
    get
    {
    return _buffer;
    }
  }
    }

Now we'll have to make two constructors. One constructor to pass a byte array to our datapacket and one constructor to give our datapacket a size and an id.

Code:

  public DataPacket(byte[] inBuffer)
  {
  }
  public DataPacket(int packetSize, int packetID)
  {
  }

In the constructor for passing a byte array we'll copy the data into a new byte array. We can do that using System.Buffer.BlockCopy, however we can go native as well and use PInvoke from msvcrt.dll with memcpy. Memcpy is far faster, but I felt lazy :p

[Only registered and activated users can see links. Click Here To Register...]

Code:

  public DataPacket(byte[] inBuffer)
  {
	    _buffer = new byte[inBuffer.Length];
    System.Buffer.BlockCopy(inBuffer, 0, _buffer, 0, inBuffer.Length);
  }

We won't look into the other constructor just yet as we need to create our reading/writing.

First of all we'll need to create a pointer to our buffer. We'll make the pointer a property.

Code:

  private byte* dataPointer
  {
    get
    {
    }
  }

Now to create the pointer we'll have to use the fixed keyword.

Code:

'    get
    {
    fixed (byte* pointer = _buffer)
    return pointer;
    }

Reading and writing is basically the same with pointers.

I'll make the first write and read method for you then you can make for the rest datatypes. (Don't make for string just yet as I'll get into that after!)

The writing method has to take two parameters. The value and the offset.
Then remember from how we read data from the pointer (in the struct part.)
That's the same way we'll do to write, but instead of returning we'll just give it a value.

Code:

  public void WriteByte(byte value, int offset)
  {
    (*(byte*)(dataPointer + offset)) = value;
  }

The same goes for reading, except it should only take one parameter as the offset and then return the value.

Code:

  public byte ReadByte(int offset)
  {
    return (*(byte*)(dataPointer + offset));
  }

If you cannot figure out how to make them here is the all, but really... Try yourself.

Code:

public void WriteSByte(sbyte value, int offset)
  {
    (*(sbyte*)(dataPointer + offset)) = value;
  }
  public void WriteInt16(short value, int offset)
  {
    (*(short*)(dataPointer + offset)) = value;
  }
  public void WriteInt32(int value, int offset)
  {
    (*(int*)(dataPointer + offset)) = value;
  }
  public void WriteInt64(long value, int offset)
  {
    (*(long*)(dataPointer + offset)) = value;
  }
  public void WriteByte(byte value, int offset)
  {
    (*(byte*)(dataPointer + offset)) = value;
  }
  public void WriteUInt16(ushort value, int offset)
  {
    (*(ushort*)(dataPointer + offset)) = value;
  }
  public void WriteUInt32(uint value, int offset)
  {
    (*(uint*)(dataPointer + offset)) = value;
  }
  public void WriteUInt64(ulong value, int offset)
  {
    (*(ulong*)(dataPointer + offset)) = value;
  }
public sbyte ReadSByte(int offset)
  {
    return (*(sbyte*)(dataPointer + offset));
  }
  public short ReadInt16(int offset)
  {
    return (*(short*)(dataPointer + offset));
  }
  public int ReadInt32(int offset)
  {
    return (*(int*)(dataPointer + offset));
  }
  public long ReadInt64(int offset)
  {
    return (*(long*)(dataPointer + offset));
  }
  public byte ReadByte(int offset)
  {
    return (*(byte*)(dataPointer + offset));
  }
  public ushort ReadUInt16(int offset)
  {
    return (*(ushort*)(dataPointer + offset));
  }
  public uint ReadUInt32(int offset)
  {
    return (*(uint*)(dataPointer + offset));
  }
  public ulong ReadUInt64(int offset)
  {
    return (*(ulong*)(dataPointer + offset));
  }

Now let's look into writing and reading string data.
Remember back at data types that I explained strings are not a real data type? Well they're a collection of unicode characters (char) and a char equals a byte. However we'll have to convert the chars to bytes.
What we can do is loop through all the characters in the string and then conver them to a byte and write them into our buffer.

Code:

  public void WriteString(string value, int offset)
  {
    foreach (char _char in value)
    WriteByte((byte)_char, offset++);
  }

The reason we do offset++ it's because we don't want all the characters to be stored at the same offset.

Now there is another writing method for strings we want to implement which is writing the length of the string as well. The reason is that we cannot always know what the length of the string is so we want to have it as dynamicly as we can!

Code:

  public void WriteStringWithLength(string value, int offset)
  {
    WriteByte((byte)value.Length, offset);
    offset++;
    WriteString(value, offset);
  }

Basically what the code above does is writing the length of the string into the current offset and then it will add 1 to the offset and write the string values from there.

Now what about reading a string? That's basically the same. We'll have to convert the bytes to characters. A good idea is to use StringBuilder here for a better performance.

Code:

  public string ReadString(int offset, int length)
  {
    StringBuilder stringBuilder = new StringBuilder();

    for (int i = 0; i < length; i++)
    {
    byte _byte = ReadByte(offset + i);
    stringBuilder.Append((char)_byte);
    }

    return stringBuilder.ToString();
  }

The code above will read a string with a specific length. Now what about if we could make it dynamicly? Well that would only work if the string was written with the WithLength method, but we'll just have to gather the length from there then.

Code:

  public string ReadStringFromLength(int offset)
  {
    byte Length = ReadByte(offset);
    offset++;
    return ReadString(offset, Length);
  }

And that's it. Now we actually have a class that wraps around a datapacket. Now the time to get back to the other constructor comes.

All we have to do is write the size to the offset 0 and the id to the offset 4, because it's an int.

Code:

  public DataPacket(int packetSize, int packetID)
  {
    _buffer = new byte[packetSize];
    WriteInt32(packetSize, 0);
    WriteInt32(packetID, 4);
  }

Now what you can use this for is to wrap it around an actual class for a specific packet.

Example:

Code:

    public class AuthPacket : DataPacket
    {
  public AuthPacket(byte[] inBuffer)
    : base(inBuffer)
  {
  }

  public AuthPacket(string account, string password)
    : base(8 + account.Length + password.Length, 1000)
  {
    WriteStringWithLength(account, 8);
    WriteStringWithLength(password, account.Length + 8 + 1);
  }

  public string Account
  {
    get
    {
    return ReadStringFromLength(8);
    }
  }

  public string Password
  {
    get
    {
    return ReadStringFromLength(Account.Length + 8 + 1);
    }
  }
    }

Example Usage:

Code:

    // creating
    AuthPacket packet = new AuthPacket("test", "1234");
    byte[] buffer = packet.DataBuffer;

    // reading
    Console.WriteLine(packet.Account);
    Console.WriteLine(packet.Password);

I think that was it about datapackets and packet structures!

Sockets #1

Spoiler

Sockets #2

Spoiler

Now to the client. I won't really explain a lot about that, because there isn't much to explain. The only difference from that is that the SocketClient class should not be accepted by any server, but connect to one, so the SocketServer class is not needed here and neither is the EndAccept method. All we actually have to do after is implementing the events for disconnecting and receiving.

You should be able to do that by yourself, but if you struggle here is the complete client:

Code:

    public delegate void ConnecionEvent(SocketClient Client);
    public delegate void BufferEvent(SocketClient Client, byte[] Buffer);

    public class SocketClient
    {
  private byte[] dataHolder;
  private Socket _socket;

  public ConnecionEvent OnDisconnection;
  public BufferEvent OnReceive;

  public void Receive()
  {
    ReceiveData(4);
  }

  private void ReceiveData(int size)
  {
    dataHolder = new byte[size];
    _socket.BeginReceive(dataHolder, 0, size, SocketFlags.None, new AsyncCallback(Receive_Callback), null);
  }

  private int requiredSize, currentSize;
  private bool isHeader = true;

  private void Receive_Callback(IAsyncResult asyncResult)
  {
    try
    {
    SocketError err;
    int receiveSize = _socket.EndReceive(asyncResult, out err);
    if (err != SocketError.Success)
    {
    Disconnect();
    return;
    }
    if (isHeader)
    {
    DataPacket header = new DataPacket(dataHolder);
    requiredSize = (header.ReadInt32(0) - 4);
    ReceiveData(requiredSize);
    isHeader = false;
    }
    else
    {
    currentSize += receiveSize;
    if (currentSize == requiredSize)
    {
    currentSize = 0;
    isHeader = true;

    byte[] rBuffer = new byte[requiredSize];
    System.Buffer.BlockCopy(dataHolder, 0, rBuffer, 0, requiredSize);
    OnReceive.Invoke(this, rBuffer);
    ReceiveData(4);
    }
    else if (currentSize > requiredSize)
    {
    Disconnect();
    }
    }
    }
    catch
    {
    Disconnect();
    }
  }

  private bool alreadyDisconnected = false;

  public void Disconnect()
  {
    if (alreadyDisconnected)
    return;
    alreadyDisconnected = true;

    _socket.Disconnect(false);
    OnDisconnection.Invoke(this);
  }

  public void Send(DataPacket packet)
  {
    int size = packet.DataBuffer.Length;
    byte[] sendBuffer = new byte[size];
    System.Buffer.BlockCopy(packet.DataBuffer, 0, sendBuffer, 0, size);
    try
    {
    System.Threading.Monitor.Enter(this);

    if (_socket.Connected)
    {
    _socket.BeginSend(sendBuffer, 0, size, SocketFlags.None, new AsyncCallback(Send_Callback), null);
    }
    }
    finally
    {
    System.Threading.Monitor.Exit(this);
    }
  }
  private void Send_Callback(IAsyncResult asyncResult)
  {
    try
    {
    int size = _socket.EndSend(asyncResult);
    if (size < 8) // if the size/id is not included in the packet
    Disconnect();
    }
    catch
    {
    Disconnect();
    }
  }

  public void Connect(string IP, int Port)
  {
    _socket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
    _socket.Connect(new IPEndPoint(IPAddress.Parse(IP), Port));
  }
    }

Now what about implementing these two?
Here is an example for the server:

Code:

namespace Server
{
    class Program
    {
  static void Main(string[] args)
  {
    SocketServer server = new SocketServer();
    SocketServer.OnConnection = new ConnecionEvent(OnConnection);
    SocketServer.OnDisconnection = new ConnecionEvent(OnDisconnection);
    SocketServer.OnReceive = new BufferEvent(OnReceive);
    server.Start("127.0.0.1", 8886);
    server.Accept();

    while (true)
    Console.ReadLine();
  }

  static void OnConnection(SocketClient Client)
  {
    Console.WriteLine("connected.");
  }
  static void OnDisconnection(SocketClient Client)
  {
    Console.WriteLine("disconnected.");
  }
  static void OnReceive(SocketClient Client, byte[] Packet)
  {
    Console.WriteLine("received data");
    DataPacket packet = new DataPacket(10 + 8, 100);
    packet.WriteString("0123456789", 8);
    Client.Send(packet);
  }
    }
}

Here is an example for the client:

Code:

namespace Client
{
    class Program
    {
  static void Main(string[] args)
  {
    SocketClient Client = new SocketClient();
    Console.ReadLine();
    Client.OnDisconnection = new ConnecionEvent(OnDisconnection);
    Client.OnReceive = new BufferEvent(OnReceive);
    Client.Connect("127.0.0.1", 8886);
    Client.Receive();
    while (true)
    {
    Console.ReadLine();
    DataPacket packet = new DataPacket(10 + 8, 100);
    packet.WriteString("0123456789", 8);
    Client.Send(packet);
    }
  }

  static void OnDisconnection(SocketClient Client)
  {
    Console.WriteLine("disconnected.");
  }

  static void OnReceive(SocketClient Client, byte[] Packet)
  {
    Console.WriteLine("received data.");
  }
    }
}

That was my socket tutorial! :) The difference from my old is that it required packets to be split, this does not!

Ref: [Only registered and activated users can see links. Click Here To Register...] (also in my sig.)

10/06/2012 00:35 go for it#3

well the next words im gona say not a perfect explanation but it's what i know and i think that should be enough information to start with
shit im drunk lmao well
packet is a data , byte array , it's send from/to server and from/to client
why you send packets ?
to add information of what you actually do or what client should show you
so lets give a good example about packet 1004
i won't really go inside about encryptions and stuff , just plain packet explaining after i got it
lemme get a 1004 packet and it's structure
1004: chat packet

Offset	type	value
0	ushort	length
2	ushort	type
4	uint	Chat_Color
8	uint	Chat_Type
12	uint	MessageUID1
16	uint	MessageUID2
20	uint	Chat_Mesh
26	String[25]	_From
(27 + _From.Length)	string[26 + _From.Length])	_to
(29 + _From.Length)	string[(28 + _From.Length) + _To.Length]	_Message

so lets try to get a packet and see if it fit this packet structure and explain it
fuck that took forever to find old packet logging text on my lap shit

Code:

Packet Nr 1959. Server -> Client, Length : 101, PacketType: 1004
5D 00 EC 03 00 00 00 FF D0 07 00 00 00 00 00 00      ;] �   ��      
00 00 00 00 00 00 00 00 04 06 53 59 53 54 45 4D      ;        SYSTEM
03 41 4C 4C 00 33 43 6F 6E 67 72 61 74 75 6C 61      ;ALL 3Congratula
74 69 6F 6E 73 21 20 61 68 6D 65 64 31 30 35 35      ;tions! ahmed1055
39 20 77 6F 6E 20 45 78 70 42 61 6C 6C 20 69 6E      ;9 won ExpBall in
20 6C 6F 74 74 65 72 79 2E 00 00 00 00 54 51 53      ; lottery.    TQS
65 72 76 65 72                                       ;erver

forget the titles about packet num. from and to , length and type we will get them from the packet together now
okay now ill split this code out with umm colors ? okay
ill make it like the packet structure , shit i lost words , just look what ill do
fuck i need this types so umm here

Quote:

Talk = 2000,
Whisper = 2001,
Team = 2003,
Guild = 2004,
TopLeft = 2005,
Clan = 2006,
Qualifier = 2007,
Friend = 2009,
Center = 2011,
Service = 2014,
World = 2021,
PopUP = 2100,
Dialog = 2101,
HawkMessage = 2104,
Website = 2105,
FirstRightCorner = 2108,
ContinueRightCorner = 2109,
GuildBulletin = 2111,
BroadcastMessage = 2500;

5D 00 EC 03 00 00 00 FF D0 07 00 00 00 00 00 00 ;] � ��
00 00 00 00 00 00 00 00 04 06 53 59 53 54 45 4D ; SYSTEM
03 41 4C 4C 00 33 43 6F 6E 67 72 61 74 75 6C 61 ;ALL 3Congratula
74 69 6F 6E 73 21 20 61 68 6D 65 64 31 30 35 35 ;tions! ahmed1055
39 20 77 6F 6E 20 45 78 70 42 61 6C 6C 20 69 6E ;9 won ExpBall in
20 6C 6F 74 74 65 72 79 2E 00 00 00 00 54 51 53 ; lottery. TQS
65 72 76 65 72 ;erver

colors should be kinda fucked up but this is for illustration

okay now lets get started
in brown at offset 0 there is 005D
notice how i read it ? this is ushort , that's how i read it
get calculator , convert this from hex to dec and you should get 93 yes this is the packet length and we add the server/client seal to it to be 101
and usually at tq packets they ALWAYS send the length in the very first ushort in client with offset 0
and they ALWAYS send the packet type in the next ushort at offset 2 which is umm 1004 right ? so umm try to convert 1004 to hex and you should get 3EC on calculator which is actually 03EC and should be written in the packet as EC 03

so yeah lets move to something more interesting ?
well what is the 00 00 00 FF ? go check the packet structure above
yes indeed it's chat color
what about those 2 uints ? of 00 00 00 00 00 00 00 00 ?
those are MessageUID1 and MessageUID2 , not really important for now

then D0 07 , how to type this down ? yes indeed 07D0 which is 2000 and yup i know you notice this Talk = 2000 , so this chat_type is talk

then 04 06 , pretty unknown to me , dun bother for now

then some long string starting with 53 ending with 2E
so what the hell is that ? isn't this a string ? yes prolly you need to look up the packet structure once more
well how to convert this packets to hex to string (letters and numbers?)
well i actually know them as i used them alot in reverse engineering but here
basically you need to use bit converter in coding and stuff but if you want to read something you may look up for assic converter or umm wait
here is a cool table i was using years before
[Only registered and activated users can see links. Click Here To Register...]

now what is the last bytes ?
54 51 53 65 72 76 65 72 ? this is tq server seal

im so damn sleepy and can't type anymore
now you got an idea about what's going on about packets and stuff
you won't find packet structure for last packets , you need to try and make wild guesses to figure them out , do something in game and try to figure out what's changed in the packet
goodluck maybe tomorrow ill try to edit this shit to make it more better but that mostly won't happen if i got a hang over >.<
peace out nigga pray for me not to fall while walking to my bed ^^

10/06/2012 00:36 shadowman123#4

@go for it : am afraid to say that he talks in general .. which means all u posted is useless to him Lol

10/06/2012 00:36 pro4never#5

The client is responsible for filling in various packet structures and sending them to the server.

What exactly is it you're trying to do? The most common way to send packets TO server is to write a proxy to sit between the client and the server in order to send fake packets to the server (aka botting/aimbotting/etc)

That being said, there's no LEGITIMATE reason to be trying to manually send packets Client>Server. That's what the client exists for in the first place.

10/06/2012 00:39 badguy4you#6

Quote:

Originally Posted by pro4never

The client is responsible for filling in various packet structures and sending them to the server.

What exactly is it you're trying to do? The most common way to send packets TO server is to write a proxy to sit between the client and the server in order to send fake packets to the server (aka botting/aimbotting/etc)

That being said, there's no LEGITIMATE reason to be trying to manually send packets Client>Server. That's what the client exists for in the first place.

I want to understand packets in general so i can understand conquer ones if i wanted to.

10/06/2012 00:43 I don't have a username#7

Okay edited my post.

10/06/2012 00:45 badguy4you#8

Quote:

Originally Posted by shadowman123

@go for it : am afraid to say that he talks in general .. which means all u posted is useless to him Lol

Although i am talking in general he helped me alot but still a small question, how could you or anyone who gets a packet from a game to analyze it to know each part What it do, and get all the information about it. ! and indeed create a replay for it

10/06/2012 00:48 I don't have a username#9

Quote:

Originally Posted by badguy4you

Although i am talking in general he helped me alot but still a small question, how could you or anyone who gets a packet from a game to analyze it to know each part What it do, and get all the information about it. ! and indeed create a replay for it

Packet analyzing is easy actually as long it's not encrypted and you don't have to reverse the cryptography.

Basically you check each offset with different datatypes until you get a value that is proper.

It can take some time unless you do it automatic. If I can get time I will finish Buu V3 which is so much better than V2 but short on time atm. as I'm coding a few things for a few people xD

I might write a guide for it as well.

10/06/2012 00:50 shadowman123#10

Quote:

Originally Posted by badguy4you

Although i am talking in general he helped me alot but still a small question, how could you or anyone who gets a packet from a game to analyze it to know each part What it do, and get all the information about it. ! and indeed create a replay for it

by lots of trial and Error .. ( Analizing packet needs patience ) and Human Scense for example in packet 1004 ( chat packet ) when u type hello my friend Am shadowman u gonna see alot of sucessive bytes at packet dump so by human scense its string information and you can make sure of that by using Hex to String converter

10/06/2012 01:53 badguy4you#11

if i am receiving packet like this [i am testing on a game called Darkeden] and this is what i receive on login

[Only registered and activated users can see links. Click Here To Register...]

is this encrypted or what, i think no because the username and password just appears normally but how could i make my own replay to it specially that this game has been terminated and the real server closed. [can't sniff real packets]

I brought you that example to help me learn practically.

10/06/2012 02:42 shadowman123#12

Quote:

Originally Posted by badguy4you

if i am receiving packet like this [i am testing on a game called Darkeden] and this is what i receive on login

[Only registered and activated users can see links. Click Here To Register...]

is this encrypted or what, i think no because the username and password just appears normally but how could i make my own replay to it specially that this game has been terminated and the real server closed. [can't sniff real packets]

I brought you that example to help me learn practically.

so forget about making this game cuz u cant depend on guessing in making packet structure as there are surely loads of packets and each packet have type / length and offsets first 2 are very easy as the client request some of the packets to server then the server send the right action to be done to client .. so the hardest part in this offsets which u cant get by guessing specially if it has long packet length

10/06/2012 08:31 pro4never#13

Quote:

Originally Posted by badguy4you

if i am receiving packet like this [i am testing on a game called Darkeden] and this is what i receive on login

[Only registered and activated users can see links. Click Here To Register...]

is this encrypted or what, i think no because the username and password just appears normally but how could i make my own replay to it specially that this game has been terminated and the real server closed. [can't sniff real packets]

I brought you that example to help me learn practically.

There are 3 main ways.

#1: Sniff real packets (most common and easiest way).

You record a sequence of packets being sent between the client and server as you perform actions, then compare the packets to known values to speed up structuring them and allow yourself to create a full packet structure for the systems being written.

#2: Reverse engineer the client. (bit more difficult, provides a more accurate picture when done properly)

You reverse engineer the client to view how packets are being processed and sent in order to get a very clear picture of how each offset in packets are being used and give yourself a much better idea of how things are being done.

#3: Trial and error. (time consuming, rare and less efficient in most cases)

Use known partial structures and trial and error to fill out unknown offsets or in very rare cases, come up with complete structures.

There's a video from my now defunct proxy paradise project where I get into partial structuring from packet dumps (obviously it's not a complete structure but it gives you a bit of an idea of how to go about it from packet dumps)

10/06/2012 09:17 go for it#14

omg :D i should not explain anything when im drunk XD forgot to continue it
well my point from the post was to show a real packet , how server handle it and how client send it , how to get it's structure with testing/guessing
anyway goodluck mate