[Help] How to know what a packet contains.

sjaakie100 · 12/01/2010, 18:44

Hi, I am new at this forum but not new to programming and silkroad.
I saw this coding corner and I've a question. I know how to create a socket ectra and I've a packet writer and reader for silkroad but how do I know what I need to read from a packet?

for example the char listing packet

Code:

[S -> C][B007]


02                                                ................


01                                                ................


04                                                ................


86 39 00 00                                       .9..............


0C 00                                             ................


77 59 7R 31 72 64 5F 6B 65 76 69 6E               Sjaakie.........


44                                                D...............


23                                                #...............


F4 93 26 00 00 00 00 00                           ..&.............


39 00                                             9...............


A8 00                                             ................


00 00                                             ................


5D 04 00 00                                       ]...............


DD 0C 00 00                                       ................


00                                                ................


00                                                ................


00                                                ................


00                                                ................


07                                                ................


FD 2E 00 00                                       ................


00                                                ................


45 2F 00 00                                       E/..............


00                                                ................


21 2F 00 00                                       !/..............


00                                                ................


8D 2F 00 00                                       ./..............


00                                                ................


69 2F 00 00                                       i/..............


00                                                ................


B1 2F 00 00                                       ./..............


00                                                ................


D7 2A 00 00                                       .*..............

This is what I parsed with edxanalyzer but how do I know what the server send to me is it just guessing? like read a byte see what the value is. is it something which could be possible check if there is something at the screen what that value can be and we have a match or is there something logical?

I viewed a lot of codes from open source emu's so I used those clients with their packets but that ain't a solution to make progress.

Thank you.

lesderid · 12/01/2010, 19:11

"is it something which could be possible check if there is something at the screen what that value can be and we have a match or is there something logical?"

Most of the times, this is what you have to do.

Xsense · 12/01/2010, 19:32

Learn asm

Learn what a byte is , a word or dword etc ...
You must learn to understand the bytes beeing sended.

So i would suggest learning more about asm

lesderid · 12/01/2010, 20:04

Quote:

Originally Posted by Xsense

Learn asm
Learn what a byte is , a word or dword etc ...
You must learn to understand the bytes beeing sended.

So i would suggest learning more about asm

Nah, you don't need asm knowledge.

Haxor · 12/01/2010, 20:14

You must know from where you get the packets
for example
You do a X action
You get the packets
you must know what action is and what it have
this help understanding

Just keep Sniffing and you will learn by urself

lesderid · 12/01/2010, 20:15

Quote:

Originally Posted by saif1999

You must know from where you get the packets
for example
You do a X action
You get the packets
you must know what action is and what it have
this help understanding

Just keep Sniffing and you will learn by urself

Offtopic: Use my packet documentation format and show me what you parsed please. I'm interested in what you're sniffing.

Haxor · 12/01/2010, 20:21

Quote:

Originally Posted by lesderid

Offtopic: Use my packet documentation format and show me what you parsed please. I'm interested in what you're sniffing.

I just do this to it
this is loginserver packets for EMU based on ksro no isro
so here opcodes changed

Quote:

0x0FF1 (Server to client)
> 01 00 00 00 (Server send to client 1 byte)
00 00 00 00
0xA101 (Server to client)(I think client here recive the server name &... Etc.)
>01 < NameServer id
>02 < Length of NameServer Name
> 14 00 < Nameserver name
>53 69 6C 6B 72 6F 61 64 5F 53 72 65 76 6F 6C 75 74 69 6F 6E <Name Server name (Silkroad_Srevolution_
>00
>01
>01 00 < Gameserver Id
>06 00 <Length of GameServer Name
>45 6E 7A 75 72 61 Gameserver name (The server name (Enzura))
>F4 01 < Max users
>01 < In check or not ) (01 mean on ) (00 mean in check)
>00 < Currently users

0x0FF1 (Server to client)
here again 1 byte recive
01 00 00 00
00 00 00 00

0x0FF3 (Server to client)

Here the client recive successfully login
00 00 00 00
01 00 00 00

[0x703A] (Client to server) (Here client send to server the 2 bytes that server send first)

02

0xB03A (Server to client)

Here is the account information
02
01
01
73 07 00 00 < Character type
04 00 < Character name length
54 65 73 74 < Character name
00 00
22 < Character volume
63 < Character level
00 00 00 00 00 00 00 00 < Character Experince
14 00 < Currently Int points that have char
14 00 < Currently str points that have char
C8 00 < Character stat point
71 05 00 00 < Current Mp user have
71 05 00 00 < Current Hp user have
00 < here says if the character for deletion or not (01) if it for deletion
00 < here says if the character for deletion or not (01) if it for deletion
00
00
03
36 0E 00 00 < I didnt know
00
37 0E 00 00 < I didnt know
00
6B 00 00 00 < I didnt know
01
00

lesderid · 12/01/2010, 20:23

Quote:

Originally Posted by saif1999

I just do this to it
this is loginserver packets for EMU based on ksro no isro
so here opcodes changed

Why don't you use my documentation for this? It has all of this and more.
Also, you didn't understand the 0FFX packets, they are C->C.

Haxor · 12/01/2010, 20:25

Quote:

Originally Posted by lesderid

Why don't you use my documentation for this? It has all of this and more.

I just didnt use yours because i just wanna learn sniffing more and more^^

sjaakie100 · 12/01/2010, 21:37

Thank you very much. This helped me a lot to know what I have to do to understand the content of the packets.

I saw the login packet documentation and it'll help a lot as a startup to see what the result is if I read something. and what saif1999 said about learning to sniff well I also would like to learn sniffing but such great resources are always helpfull

but it wouldn't be smart to use those packet formats without knowing how you got them. if joymax changes something in the packet structure I would have a big problem. I'll ding into those things and just start by reading packets and view the result. I also saw a article of Drew Benton called "Silkroad Security" is that one still usefull or is it oudated?

to Xsense I know what a byte word, dword ect is but i'll take a look at asm it's good to know what happens underneath everything

thank you guys you really helped me out