[DEV] SRO Module Sniffer

[devtekve]

This thread is now deprecated, please refer to: for updates

Thanks you very much, DaxterSoul.

---------------------------------------------------------------------------

Sorry for posting here, but SRO Coding corner it's totally dead, that is why I have to post it here.

I am working with Mr. Florian0 trying to spoof packets from AgentServer to Gameserver. So far, we are able to make Gameserver start listening on a different port, so we can then bind the original port with an analyzer and redirect it to the new port.

With it, we can tap into the communication between AgentServer and Gameserver, but this concept applies to any other module in Silkroad that receives its certification from another module (ehem, all of 'em).

Now, there are two big issues to attend:

1) The code is working, but messy, so, to organize it and make it easier we must refactorate it. But the "hard part" it's completed already, which was tricking the modules to bind another port

2) The second issue it's the packet parsing which I don't know if it is either malfunctioning or the packets from AS to GS are somethimes huge and repetitives.

It says VSRO, but it can be applied to any silkroad files
Due the fact that it modifies cert packet A003 on the fly to change the desired ports





Please, your help is needed since this is a whole new approach, we don't know yet what can we accomplish with this, but based on logic, we can be able to make the Gameserver do desired work's without needing to do a lot of ASM.



---------- UPDATE ------------

So far, I've encountered that data parsed is not accurate when packet is encrypted, this is due the fact that handshake is not being properly placed. Apparently AS sends handshake_response to gameserver as first communication, but, never challenge setup. Maybe challenge setup was sent by farm manager in first place? but I really don't know, please, check it out.



---------- UPDATE 2 (06/20/2016) --------------
System now parses the packet properly, also, a new communication system has been implemented (thank you, Drew Benton)



--------- UPDATE 3 (06/20/2016) ---------------
As a proof of concept, I am showing how can remotely move another char, thanks to the hook between AS and GS we are able to make another char do desired stuff.








ERRORS!!!!
Encrypted packets are not working, anyone can help with that?

HINT: in order for the proper decryption of encrypted packets, the system MUST be able to handle the whole handshake process, the problem is, we need to keep it dynamic, so the system can work with any module, so work has to be done to fix that... for now, only unencrypted packets, please, help!.

[xGyros]

Very good project, worth checking and supporting.

The code is messy little bit, but idea standing behind is great. I wish I can see the filters development between modules, but more open one, overwise community is totally useless.

Rgrds, Painful Owl.

[Timlock]

I do not recommend doing this.

You will only achieve creating lag in the server modules.

[devtekve]

Quote:

Originally Posted by Timlock

I do not recommend doing this.

You will only achieve creating lag in the server modules.

Let's not focus on the lag it can create, but instead in the knoledge of how packets and data is processed. Definitely, lag may be a problem, but this is not intended to go live now, but just increase knowledge on server side development.

(lag can be mitigated with C++ and good programming, but C# helps to easily and quickly understand what is really going on)

[Syloxx]

i actually would recommend you doing that sniffer between gameserver and shardmanager but ye, good project

[Spidy.]

#moved…

[devtekve]

Quote:

Originally Posted by Timlock

I do not recommend doing this.

You will only achieve creating lag in the server modules.

Quote:

Originally Posted by Syloxx

i actually would recommend you doing that sniffer between gameserver and shardmanager but ye, good project

You can use it also with ShardManager and Gameserver, works with any module.

[Syloxx]

I Know, just read the Code but i just wanna give z the hint to try that out

[Kai·]

Quote:

Originally Posted by Xutan*

He has just broke the allowed limit of stupidity. considerable dev m8?

So harsh :V

@ic
Great work deserve doing best to complete it, and i'll try

[devtekve]

Thread updated!

[AceSpace]

Quote:

Originally Posted by devtekve

So far, I've encountered that data parsed is not accurate when packet is encrypted, this is due the fact that handshake is not being properly placed. Apparently AS sends handshake_response to gameserver as first communication, but, never challenge setup. Maybe challenge setup was sent by farm manager in first place? but I really don't know, please, check it out.

Might be a stupid reply overall but try checking the current CertificationServer.exe source (Coded in C# and can be decompiled), since it establishes the connection between the modules, i found that Security.cs was modified in that one. I attached it

[devtekve]

Quote:

Originally Posted by Skipper*

Might be a stupid reply overall but try checking the current CertificationServer.exe source (Coded in C# and can be decompiled), since it establishes the connection between the modules, i found that Security.cs was modified in that one. I attached it

Hi Skipper, thank you very much for your contribution, I will test your provided class, but, yesterday I tested the same CertificationManager class and still did not work, the reason seems to be that it gets packet 0x9000 before getting packet 0x5000, which, would not make sense for the system. It expects the following

-> 0x5000
<- 0x5000
-> 0x9000

New update has rolled out!, please check it out




------------ THREAD UPDATED --------
As a proof of concept, I am showing how can remotely move another char, thanks to the hook between AS and GS we are able to make another char do desired stuff.

[devtekve]

#Request close

[Spidy.]

Quote:

Originally Posted by devtekve

#Request close

^
#Closed