|
1) What is a Filter?
---------------------
A filter is a TCP proxy that sits between:
Client <—> Filter <—> Gateway/Agent Server
Main purposes:
- Inspect packets
- Block dangerous opcodes (exploits)
- Protect against flood/spam attacks
- Modify packets (rewrite data)
- Add custom rules/features
- Log all client/server communication
A filter = networking + packet parsing.
-------------------------------------------------------------
2) What you must learn first
------------------------------
A) Programming Language
Recommended:
- C# (easy for beginners)
- C++ (faster, used in professional filters)
Learn:
- OOP (classes, inheritance, interfaces)
- Multithreading
- Async sockets
- Streams and binary parsing
B) Networking Basics
- TCP handshake
- What is a proxy
- Listening on ports
- Forwarding bytes between sockets
- Handling multiple connections (threads/tasks)
C) Silkroad Packet Structure
Typical structure:
[Opcode 2 bytes]
[Security bytes]
[Length]
[Payload]
Each Silkroad version has small differences.
-------------------------------------------------------------
3) How does a filter work?
---------------------------
Basic mechanism:
1. The filter listens on a fake port (e.g., 15779).
2. The client connects to the filter.
3. The filter opens another connection to the real server.
4. Every packet goes through the filter:
- Client → Filter → Server
- Server → Filter → Client
This is a **transparent TCP proxy**.
-------------------------------------------------------------
4) Packet Logger (the most important part)
-------------------------------------------
Before you can decrypt or modify packets,
you MUST be able to **log them**.
Log format:
timestamp | direction | opcode | length | raw hex
Example:
2025-11-14T10:32:55Z | C->S | 0x7001 | 34 | 01 00 A2 7F ...
Why logging?
- You discover opcodes
- You detect handshake packets
- You understand all game behavior
- You can reverse custom features in the server
The logger is your primary tool.
-------------------------------------------------------------
5) Handshake + Encryption (simple explanation)
-----------------------------------------------
Silkroad uses a security layer (Joymax Security).
At the beginning of each connection:
- The client and server exchange keys
- Security flags are activated
- Some packets become encrypted
How to reverse it:
1. Log packets during the login phase.
2. Compare raw packets before/after forwarding.
3. Identify handshake-related opcodes.
4. Extract key bytes / seeds.
5. Implement decrypt/encrypt using the same logic.
Every client version has small variations.
-------------------------------------------------------------
6) How to build an Opcode Map
------------------------------
No one gives you a complete opcode list.
You create it yourself through logging.
Steps:
1. Log packets while performing actions in game:
- Login
- Pick items
- Move
- Attack
- Talk to NPC
- Use skills
2. Identify the opcode by watching packet patterns.
Example map:
Opcode | Direction | Description
----------------------------------------
0x2001 | C->S | Login request
0xA102 | S->C | Login response
0x7001 | C->S | Movement
0xB021 | S->C | Skill cast
0x3026 | C->S | Use item
Make your own CSV/JSON file.
-------------------------------------------------------------
7) How to start building the filter (step-by-step)
--------------------------------------------------
1. Create a .NET 6/7 Console Project.
2. Make the filter listen on a port:
TcpListener listener = new TcpListener(IPAddress.Any, 15779);
3. When a client connects:
- Connect to the real server.
- Start two tasks:
• client → filter → server
• server → filter → client
4. Before forwarding a packet:
- Parse the opcode
- Log it
- Apply rules
5. Add simple protection rules:
Example:
- Block opcode 0x3026
- Block packets larger than 10 KB
- Block users sending too many packets (flooding)
-------------------------------------------------------------
8) Easy features you can build later
-------------------------------------
- HWID/IP limit system
- Anti-flood & anti-spam
- Ban players when sending forbidden packets
- Detect bot-like packet timing
- Job penalty / anti-cheat features
- Custom teleport restrictions
- Auto-block exploit packets
-------------------------------------------------------------
9) Best resources to learn from (search for them)
--------------------------------------------------
- SilkroadSecurityApi (C# / C++)
- xFilter source code
- SRO_Proxy (open-source)
- ProjectHax Silkroad Development section
- Elitepvpers Silkroad Section
|
