Welcome Guest, Not a member yet? Create Account  

Reversing Spellborn


Hi Saltiel, excellent work on documenting this, you got a lot further than I did in my attempts [Image: default_smile.png] I'm stuck on the L2C_QUERY_UNIVERSE_LIST_ACK packet, I'm pretty sure my packets ok but I get random errors on the client with the same data so I was working on the assumption that there is some decryption taking place somewhere along the line. Have you been able to get this working? If so could you post an example packet?


Btw there are a few status codes above 3 for L2C_USER_LOGIN_ACK_PACKET, not got the code on me atm but you can get the client to display a few different error messages like account banned, e-mail not verified etc.


(This post was last modified: 04-09-2014, 11:34 AM by Saltiel.)

I updated the doc. I still have to format it because markdown is not understanded by the forum. Did not find a good markdown<->bbcode formatter neither a good html<->bbcode converter. :/


And yeah Vampire Trix, it's cool that this site exists because it's the last international place dedicated to The Chronicles of Spellborn, and without it I do not know if I would have had the envy to start reversing.


Thank you Slink for your support! I must say that I do not take the time to go through all the possibilities for the data into the packet because my main goal currently is to manage to make the game connect to the world (or at least character creation). So as soon as I know enough to make the game going a step forward, I go to the next packet. Sometimes the next packet explain unknown data in the previous one. But you're right at some time it will be important to find all the possible values! If you have the time to test them it would be cool. [Image: default_smile.png]


About that,  I think that the few DWORD marked as "unknownDword" in the doc are mainly check code because in the client their values are tested against a constant (in programming we also say "magic number") directly hard coded in the assembly code.


You have now the info about the  L2C_USER_LOGIN_ACK packet in the doc. It is not encrypted, at least on version 0.9.


For the record, I now see the loading screen and see in the log that "baseCharacterSelection.sbw" has been loaded.  I still have a lot of work to pass the loading screen but it's motivating.


Edit: formatting done.



By the way, I checked my header files and noticed that some encryption is done with AES.

<pre class="_prettyXprint">
public: static void __cdecl d_mmos:_packet_util::EncryptAES(struct d_mmos:_message &);</pre>
[Image: banner10.jpg]


You can also find some TCOS SDK's (incomplete but have usefull code)made by reversing and created by humm3rjack.



[Image: banner10.jpg]

(This post was last modified: 04-09-2014, 07:32 PM by Saltiel.)

Interesting! This guy did a huge work! Thanks for the link.


I had found the encrypt method but for now the packets I study do not pass through and therefore are not crypted. But it may become something to study if it becomes the case after. To be honest I don't know how far I will be able to go in that process, and that's why I publish doc because even if I'm stuck maybe other people will want to give a try and so they would be able to start directly with info.



I'm happy to see you guys are doing all this effort. Brings a tear to my eyes [Image: default_wink.png]. Sadly I'm not skilled enough to help out but let me know if there's something else I can do for you.



I will also do anything I can do, just let me know.


(This post was last modified: 01-10-2014, 12:21 AM by Saltiel.)

Just a little update to keep you informed. I am currently on a big packet structure containing a bunch of info about the player. It's approximatively 320 bytes to understand so it takes time (reverse the code + coding utility to verify what I found). Fortunately, the TCoS SDK pointed to me by Acidburn help me a lot to understand the data that is sent. I think with these files having a basic emulation should be only a question of time (but time can be a big issue ^^). But still I don't want to give any false hope and there is a long way before having something to play with. I hope I could manage at least to have access to the character creation in the next month, but maybe I am very optimistic. We will see!


@Vampire Trix and CowMooFlage: your morale support helps a lot to stay motivated! Having the markdown syntax being understood by the forum would be cool if you think this is easyly doable (but it's not very important so don't sracth your head on that!)


P.S: again, I apologize for my bad english speaking...


Edit: tcos sdk



Your progress sounds sweet.

Every little step forward is a success.


I'm really sure we will have SB back someday.


And don't worry about your english, we are all not perfect.

It's very international here.

What lies hidden. must be found

TCoS Gameplay Videos:



I edited my previous post, the TCoS SDK is a goldmine!


If some people are interested by the reverse engineering topic, I can recommend them to read the following list of books/site:

An introduction to server side emulation, very easy to read: http://cellframework.sourceforge.net/upl...lation.pdf

http://reversewithme.blogspot.fr/201...-assembly.html <= introduction to assembly
http://beginners.re/ <= MUST READ, ~700 pages book, I am far of the end and already learning a lot

And a bunch of resources and tutorials here:
http://thelegendofrandom.com/blog/ <= very good tutorials, aimed at cracking but very useful to understand how to navigate through assembly with Olly etc, I recommend to start with that
http://nagareshwar.securityxploded.c...ng-techniques/ => also bunch of articles
http://resources.infosecinstitute.com/ => bunch of articles
http://www.bubblews.com/news/1210350...ational-ebooks <= MMO oriented


If you do not know how to program you should start by learning that (but reversing may be really hard if you never programmed before...). Learning C for the basics (conditions, loops, pointer), then C++ for the oriented object programming, or C# because this language is highly recommended to start an emulated server (good asynchronous network library). I think that if I manage to reach the "real server emu programming step" it will be in C#.


Users browsing this thread:
1 Guest(s)