How did you get started? (aka. how can someone help you reverse engineer this?)
Opened this issue · 4 comments
Title self-explanatory. I have encountered this project in the comment section of a YouTube video reviewing the you-know-it game. As a curious developer amazed by others projects of this kind, I find interesting the whole work you have done, but for me or anyone wanting to attend your #help-wanted tag, would be great if some directions about basic tooling and methods used yet are given.
For eg., iplounge.net exists for mimicking hs, pu and hp2 LAN stats protocols, but no source code was ever published and I doubt so. That's unfortunate because I'm pretty sure people interested in reviving old online games can learn a lot from successful projects and their schooling of reverse engineering thinking.
Anyway, thank you for simply making this space and code available.
Hi @mths0x5f !
Great question. I haven't kept nearly as good notes as I'd like, and it's a 3-4 year old project, but I'll do my best.
Tools used initially were Wireshark and Ida Pro. Without the debug version of the client (which is not generally available) it would have been much harder, as the debug version logs a lot of information that helps you know what to look and search for. From the logs it was easier to determine what software was used for the update and patch servers (Castanet) and the name of the software used for initial login (AuthLogin).
Once I was able to bypass the initial SSL encryption I was able to get to a point where the logs would dump the encryption keys for the main game server communications. Once I had those (they get generated by the client on each session) I was able to review the packets and tease out the general structure by throwing different values and seeing where in the packet those values lived.
My knowledge of the packet structure still contains many holes. I have many additional notes that my paranoia won't allow me to share publicly that greatly help, but this is the basics of how I got started.
I will say, if you aren't able to run a copy of the debug client when talking to this server, it will greatly hamper any attempts and it will seem like this server does a lot less then it currently does.
If you want to help I'd love to hop on a video call of some sort and go over this in depth. Otherwise, I'd be happy to answer any followup questions to the extent I don't post anything that gets me in trouble with the IP owners.
Ah, found the video review and the files listed for that launcher include the debug version of the client. Which makes sense, because that's the only way the offline launchers (there are a few of them) can work since only the debug version has the test mode they all use.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.