[WIP] NetGuard � Clean C# Packet Filter for Silkroad Online

Welcome to the official thread for NetGuard
NetGuard is a new open-source packet filter base that is designed to be compatible with Legend 1 (ECSRO, jSRO) files, it's also expected to work seamlessly with vSRO 1.88 files
Why NetGuard?
I set out to create a packet filter with a clean and structured approach to handling packets from both the server and the client. While this version achieves that goal, it is not the final/full release and will keep getting updates daily. The project was ported to .NET 8.0 from .NET Framework, which now supports both Windows and Linux environments.

Performance preview
[Only registered and activated users can see links. Click Here To Register...]
Framework/PacketHandlingResult.cs
Code:
using SilkroadSecurityAPI;

namespace Module.Framework
{
    public enum PacketResultType
    {
        None,         // Do nothing, default
        Block,        // Block further processing
        Disconnect,   // Disconnect the client
        Ban,          // Ban the client
        SkipSending,   // Whether avoiding using _localSecurity.Send or _remoteSecurity.Send
        DoReceive
    }

    public class PacketHandlingResult
    {
        public PacketResultType ResultType { get; set; } = PacketResultType.None;
        public Packet ModifiedPacket { get; set; } = null!; // Whether to use _remoteSecurity.Send or _localSecurity.Send to spoof a packet
        public bool SendImmediately { get; set; } = false; // Whether Send(true) or Send(false)
    }
}
PacketManager/Gateway/Client/ClientPacketManager.cs
Code:
using Module.Engine.Classes;
using Module.Framework;
using Module.PacketManager.GatewayModule.Client.Handlers;
using SilkroadSecurityAPI;
using static Module.PacketManager.Gateway.Opcodes.Client;
using static Module.PacketManager.Gateway.Opcodes.Server;

namespace Module.PacketManager.GatewayModule.Client
{
    public class GatewayClientPacketManager
    {
        public static IPacketHandler GetHandler(Packet packet, SessionData client)
        {
            switch (packet.Opcode)
            {
                default:
                    return new Default();
            }
        }
    }
}
PacketManagerGateway/Client/Handlers/Default.cs
Code:
using System;
using Module.Engine.Classes;
using Module.Framework;
using Module.Services;
using SilkroadSecurityAPI;
using static Module.PacketManager.Gateway.Opcodes.Client;
using static Module.PacketManager.Gateway.Opcodes.Server;

namespace Module.PacketManager.GatewayModule.Client.Handlers
{
    public class Default : IPacketHandler
    {
        public PacketHandlingResult Handle(Packet packet, SessionData client)
        {
            PacketHandlingResult response = new PacketHandlingResult();

            response.ModifiedPacket = null!;

            Custom.WriteLine($"[C->S] [{packet.Opcode:X4}][{packet.GetBytes().Length} bytes]{(packet.Encrypted ? "[Encrypted]" : "")}{(packet.Massive ? "[Massive]" : "")}{Environment.NewLine}{Utility.HexDump(packet.GetBytes())}{Environment.NewLine}", ConsoleColor.Yellow);
            response.ResultType = PacketResultType.Block;

            return response;
        }
    }
}
Download
There is no released binaries of the program, you will have to build it yourself here:
[Only registered and activated users can see links. Click Here To Register...]
Requirements
.NET 8.0 installed [Only registered and activated users can see links. Click Here To Register...]

Client itemdata .txt files in client_data folder

Setup guide
Will come eventually
Special thanks
DaxterSoul for the SilkroadDocs

pushedx for the first version of SilkroadSecurityAPI

Chernobyl for the main idea about building a packet filter

DuckSoup for some of his packet parsing with the help of other devs like BimBum1337

02/11/2025 19:35 SubZero**#2

Goofie?
02/12/2025 10:01 theminkman#3
Commit ad58c05

The module was freezing under heavy load due to a bug I had previously overlooked in the Module Handler. This issue has now been fixed and tested successfully with 2,000 clients spamming 20,000 packets per second without any problems.

The gateway now continuously accepts new connections without issues, even under high connection floods, which previously occurred after a server restart.

Commit 8afa681
Added captcha bypass(Gateway)

Added new settings system(settings.json)

Renamed NetGuardCore to NetGuardLoader

Cleanedup loading dll function

Added file system watcher to automatically reload settings.json

Console.Title now displays the module name again

Added SecurityType on PacketHandlingResult

Fixed weird behavior for modifying packets (was not supported as intended)
Code:
    public class Settings
    {
        public AgentSettings agentSettings { get; set; } = new AgentSettings();

        public class AgentSettings()
        {

        }

        public GatewaySettings gatewaySettings { get; set; } = new GatewaySettings();

        public class GatewaySettings()
        {
            public IBuvChallange captchaSettings { get; set; } = new IBuvChallange();
        }

        public class IBuvChallange()
        {
            public bool bypassCaptcha { get; set; } = false;
            public string captchaCode { get; set; } = "b";
        }
    }
02/14/2025 23:23 Awara Online#4

Do u plan to add isro-r support?

02/15/2025 04:21 theminkman#5

Quote:

Originally Posted by Awara Online

Do u plan to add isro-r support?

Maybe in the future, The reasoning for older files right now is cause I am supporting friends that are building a server on the old jSRO server files

but I am also keeping the filter working with vSRO 1.88 cause I know the majority of servers are using these files

02/15/2025 12:03 Awara Online#6

Ok, good job anyway :) . Good luck

02/15/2025 18:17 theminkman#7

NetGuard AgentModule Packet Filtering Update
We have improved the NetGuard AgentModule to enforce stricter packet filtering based on your current game state:
Not Logged In: Only the following packets are allowed:
Authentication

Identification

Handshake

Accept Handshake

Character Selection Screen: Only these packets are permitted:
Ping Pong

Selection Rename

Selection Join

Selection Action

In-Game: Once you are in-game, you can no longer send authentication or character selection packets, ensuring proper session handling and preventing exploitation.

Additionally, we have enhanced logging to improve exploit detection, with clearer tracking of IP addresses and usernames for security monitoring.
Bug fix
NetGuard would not disconnect people properly and the connection would be stuck in the remote end point, meaning when you disconnected from the game you would not actually logout.

This has now been resolved
Packet handler update
Packet handler now support multiple sends, so you can add a list of packets you want to tell to the client/server
GameMaster configuration added
[Only registered and activated users can see links. Click Here To Register...]
You must now add your GameMasters into the settings.json file

You can make [GM]'s spawn visible

You can set permission for each [GM]

You can disable [GM] pink chat message for others

02/15/2025 20:33 Awara Online#8

Nice one :)

02/16/2025 12:46 theminkman#9

Major bug fixes
Settings.json not saving/re-creating itself

Thread safe writing log files

Thread safe console.write

Updated SilkroadSecurityAPI

Fixed a crash if you made a json error in Settings.json

NetGuard has been updated to eliminate all compiler warnings and messages. This improvement ensures a cleaner and more stable build process, reducing unnecessary output during development. With these warnings and messages removed, you can focus on coding without being interrupted by issues that do not impact functionality, making the development experience smoother and more efficient.
[Only registered and activated users can see links. Click Here To Register...]

If you are not compiling the binaries yourself use the v0.5 version, its declared as stable for now
Added SkillData class
NetGuard will soon use the SkillData.txt file from the client, so please place it in the client_data folder.

We are working on building the filter using client files instead of relying on the database connection from your server.

The main reasons for this are improved performance and enhanced security, especially if the filter is hosted by a third-party provider.

02/20/2025 09:38 m1xawy#10

welcome back bro, and thanks for your sharing

02/21/2025 18:36 theminkman#11

Suggest features you want added to the NetGuard filter!

We will eventually start working with sro_devkit and make our own ClientLib that will change sro_client and the UI of the game but this is a later stage project.

We will also add stuff like PC Limit, but probably not open-source cause it would defeat the purpose of limiting players

Our main focus for now is
vSRO 1.188 files

jSRO files (Legend 1)

NetGuard should be ready for live server testing, if anyone has a small server and want me setup the filter send me a private message

02/23/2025 11:10 gmhasan13#12

Can you send me the codes you used for the stress test?

02/24/2025 19:23 Veigar Omega#13

Helloback. motheroffilter :D misu

02/26/2025 11:25 halloway520#14

nice work, ill try it, thanks:)

05/01/2025 20:52 theminkman#15

Quote:

Originally Posted by halloway520

nice work, ill try it, thanks:)

Appreciate your kind words,

I've been inactive working on multiple projects I will be back eventually working on Netguard

Page 1 of 2 1 2 >

Powered by vBulletin®
Copyright ©2000 - 2026, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.