Reversing Spellborn
Started by Saltiel


Rate this topic
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5


249 posts in this topic
Slink
TCOS Rebirth Dev
**


0
24 posts 0 threads Joined: May 2013
03-09-2014, 12:49 PM -
#11
Hi Saltiel, excellent work on documenting this, you got a lot further than I did in my attempts [Image: default_smile.png] I'm stuck on the L2C_QUERY_UNIVERSE_LIST_ACK packet, I'm pretty sure my packets ok but I get random errors on the client with the same data so I was working on the assumption that there is some decryption taking place somewhere along the line. Have you been able to get this working? If so could you post an example packet?

 

Btw there are a few status codes above 3 for L2C_USER_LOGIN_ACK_PACKET, not got the code on me atm but you can get the client to display a few different error messages like account banned, e-mail not verified etc.

Saltiel
Retired dev
***


0
122 posts 3 threads Joined: Sep 2014
04-09-2014, 09:54 AM -
#12
I updated the doc. I still have to format it because markdown is not understanded by the forum. Did not find a good markdown<->bbcode formatter neither a good html<->bbcode converter. :/

 

And yeah Vampire Trix, it's cool that this site exists because it's the last international place dedicated to The Chronicles of Spellborn, and without it I do not know if I would have had the envy to start reversing.

 

Thank you Slink for your support! I must say that I do not take the time to go through all the possibilities for the data into the packet because my main goal currently is to manage to make the game connect to the world (or at least character creation). So as soon as I know enough to make the game going a step forward, I go to the next packet. Sometimes the next packet explain unknown data in the previous one. But you're right at some time it will be important to find all the possible values! If you have the time to test them it would be cool. [Image: default_smile.png]

 

About that,  I think that the few DWORD marked as "unknownDword" in the doc are mainly check code because in the client their values are tested against a constant (in programming we also say "magic number") directly hard coded in the assembly code.

 

You have now the info about the  L2C_USER_LOGIN_ACK packet in the doc. It is not encrypted, at least on version 0.9.

 

For the record, I now see the loading screen and see in the log that "baseCharacterSelection.sbw" has been loaded.  I still have a lot of work to pass the loading screen but it's motivating.

 

Edit: formatting done.

This post was last modified: 04-09-2014, 11:34 AM by Saltiel.
acid-burn
Moderator
*****


0
207 posts 11 threads Joined: Sep 2010
04-09-2014, 04:28 PM -
#13
By the way, I checked my header files and noticed that some encryption is done with AES.

<pre class="_prettyXprint">
public: static void __cdecl d_mmos:_packet_util::EncryptAES(struct d_mmos:_message &);</pre>
[Image: banner10.jpg]
acid-burn
Moderator
*****


0
207 posts 11 threads Joined: Sep 2010
04-09-2014, 04:45 PM -
#14
You can also find some TCOS SDK's (incomplete but have usefull code)made by reversing and created by humm3rjack.

 

https://sites.google.com/site/humm3rjack/bin

[Image: banner10.jpg]
Saltiel
Retired dev
***


0
122 posts 3 threads Joined: Sep 2014
04-09-2014, 07:30 PM -
#15
Interesting! This guy did a huge work! Thanks for the link.

 

I had found the encrypt method but for now the packets I study do not pass through and therefore are not crypted. But it may become something to study if it becomes the case after. To be honest I don't know how far I will be able to go in that process, and that's why I publish doc because even if I'm stuck maybe other people will want to give a try and so they would be able to start directly with info.

This post was last modified: 04-09-2014, 07:32 PM by Saltiel.
CowMooFlage
Administrator
*******


0
396 posts 7 threads Joined: Aug 2010
05-09-2014, 08:27 PM -
#16
I'm happy to see you guys are doing all this effort. Brings a tear to my eyes [Image: default_wink.png]. Sadly I'm not skilled enough to help out but let me know if there's something else I can do for you.

Kevin
Legend of House Shroud
*******


0
555 posts 87 threads Joined: Oct 2011
05-09-2014, 08:39 PM -
#17
I will also do anything I can do, just let me know.

Saltiel
Retired dev
***


0
122 posts 3 threads Joined: Sep 2014
07-09-2014, 08:15 PM -
#18
Just a little update to keep you informed. I am currently on a big packet structure containing a bunch of info about the player. It's approximatively 320 bytes to understand so it takes time (reverse the code + coding utility to verify what I found). Fortunately, the TCoS SDK pointed to me by Acidburn help me a lot to understand the data that is sent. I think with these files having a basic emulation should be only a question of time (but time can be a big issue ^^). But still I don't want to give any false hope and there is a long way before having something to play with. I hope I could manage at least to have access to the character creation in the next month, but maybe I am very optimistic. We will see!

 

@Vampire Trix and CowMooFlage: your morale support helps a lot to stay motivated! Having the markdown syntax being understood by the forum would be cool if you think this is easyly doable (but it's not very important so don't sracth your head on that!)

 

P.S: again, I apologize for my bad english speaking...

 

Edit: tcos sdk

This post was last modified: 01-10-2014, 12:21 AM by Saltiel.
Czelsior
Eternal Guardian
***


0
187 posts 27 threads Joined: Aug 2010
08-09-2014, 10:13 AM -
#19
Your progress sounds sweet.

Every little step forward is a success.

 

I'm really sure we will have SB back someday.

 

And don't worry about your english, we are all not perfect.

It's very international here.

What lies hidden. must be found

TCoS Gameplay Videos:
http://www.youtube.com/user/czelsior

Saltiel
Retired dev
***


0
122 posts 3 threads Joined: Sep 2014
08-09-2014, 11:04 AM -
#20
I edited my previous post, the TCoS SDK is a goldmine!

 

If some people are interested by the reverse engineering topic, I can recommend them to read the following list of books/site:

An introduction to server side emulation, very easy to read: http://cellframework.sourceforge.net/upl...lation.pdf

http://reversewithme.blogspot.fr/201...-assembly.html <= introduction to assembly
http://beginners.re/ <= MUST READ, ~700 pages book, I am far of the end and already learning a lot
http://reversewithme.blogspot.fr/201...learn-x86.html


And a bunch of resources and tutorials here:
http://thelegendofrandom.com/blog/ <= very good tutorials, aimed at cracking but very useful to understand how to navigate through assembly with Olly etc, I recommend to start with that
http://www.rohitab.com/discuss/topic...l-for-newbies/
http://nagareshwar.securityxploded.c...ng-techniques/ => also bunch of articles
http://resources.infosecinstitute.com/ => bunch of articles
http://www.bubblews.com/news/1210350...ational-ebooks <= MMO oriented

 

If you do not know how to program you should start by learning that (but reversing may be really hard if you never programmed before...). Learning C for the basics (conditions, loops, pointer), then C++ for the oriented object programming, or C# because this language is highly recommended to start an emulated server (good asynchronous network library). I think that if I manage to reach the "real server emu programming step" it will be in C#.



Forum Jump:


Users browsing this thread: 8 Guest(s)