| Author | Message | Time |
|---|---|---|
| mime | Hello, I have some problem with parsing d2gs decompressed data. At the parse I meet unknown packets... It is an example of decompressing and parse of first big packet after game logon: [code] Compressed packet: 17 5f a0 14 c6 b1 b9 48 a8 35 8c a3 2f ff 82 1b ._.....H.5../... f3 25 62 e8 66 6c e8 6f bf 02 2c bf dd 7b bd c2 .%b.fl.o..,..{.. 5d c2 65 c2 6d c2 75 d0 5d 8b 9f b8 ef 68 79 b8 ].e.m.u.]....hy. f9 68 06 dc 07 da 02 34 25 db 40 4a 7c 0a 5c 3a .h.....4%.@J|.\: bf 8f 96 db 6d b2 f8 c2 f7 77 7b df dd df 7e ef ....m....w{...~. bb bb bd f1 c0 94 87 ef 7a 0f e4 73 47 bc e6 e7 ........z..sG... 0c 1a 0f 06 ac 1a 12 6f 7b df bc c0 d1 d7 7b de .......o{.....{. e9 b7 ff ff 8f 83 c6 60 68 52 6b ff f0 fb ad ff .......`hRk..... ad e7 72 03 90 12 02 b6 b7 9d c8 0a de b6 40 48 ..r...........@H 0f ad ad ff ff fa de b6 b7 ff f3 1b f1 89 f9 cc ................ 5c 39 74 87 2b 93 d4 1f 14 5c e5 01 99 d2 28 18 \9t.+....\....(. 62 a0 c2 2f 1d 18 c2 33 ce 4c 8f 0e 8c c2 f9 02 b../...3.L...... 73 02 a8 0d cd 1f 9a 56 c6 5c 3f 0c 80 21 10 f2 s......V.\?..!.. 02 08 a3 a0 2c 84 4e 34 5f df 9a d6 c6 50 ed 95 ....,.N4_....P.. a2 a8 7a 84 79 0b 2e 66 26 17 15 49 c3 2a d4 8b ..z.y..f&..I.*.. 82 24 83 e8 07 07 e0 1d 11 3c 3c 1e c0 4b 2c 34 .$.......<<..K,4 2c 92 c4 22 90 31 00 26 60 7c 1f 8e e0 ,..".1.&`|... Length: 269 Decompressed packet: 59 01 00 00 00 04 44 72 75 67 46 72 65 65 00 00 Y.....DrugFree.. 00 00 00 00 00 00 00 00 00 00 aa 00 01 00 00 00 ................ 0c 69 59 f9 ff 1f 76 00 01 00 00 00 94 13 01 00 .iY...v......... 00 00 00 00 01 02 00 01 01 00 01 d9 00 01 da 00 ................ 01 db 00 01 dc 00 01 04 00 01 05 00 01 03 00 01 ................ 7f 00 14 82 00 01 8a 00 14 8d 00 01 91 00 14 94 ............... 00 06 95 00 14 99 00 03 9b 00 01 23 00 01 00 00 ...........#.... 00 00 8a 00 ff ff ff ff 97 5e 01 00 01 01 01 01 .........^...... 00 01 00 01 00 00 00 00 01 01 01 00 00 01 00 00 ................ 00 01 01 00 00 01 01 01 01 01 00 01 00 00 77 28 ..............w( 06 00 00 00 00 00 01 00 01 00 04 00 00 00 00 00 ................ 00 00 19 10 01 00 01 00 1d 00 01 18 05 10 81 11 ................ 05 10 25 00 01 00 01 00 01 00 01 00 00 00 01 00 ..%............. 09 10 01 02 01 00 01 00 01 00 01 12 00 00 01 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 8a 81 00 00 09 10 4d 14 00 00 00 00 00 00 00 00 ......M......... 00 00 00 00 00 00 29 00 00 00 80 00 00 ......)...... Length: 269 Start parsing... Packet: 0x59 01 00 00 00 04 44 72 75 67 46 72 65 65 00 00 00 .....DrugFree... 00 00 00 00 00 00 00 00 00 ......... Length: 25 Packet: 0xaa 00 01 00 00 00 0c 69 59 f9 ff 1f ......iY... Length: 11 Packet: 0x76 00 01 00 00 00 ..... Length: 5 Packet: 0x94 01 00 00 00 00 00 01 02 00 01 01 00 01 d9 00 01 ................ da 00 01 db 00 01 dc 00 01 04 00 01 05 00 01 03 ................ 00 01 7f 00 14 82 00 01 8a 00 14 8d 00 01 91 00 ............... 14 94 00 06 95 00 14 99 00 03 9b 00 01 23 00 .............#. Length: 63 Here the beginning of unknown packets ... [/code] The remained data : [code] 02 00 00 00 00 8a 00 ff ff ff ff 97 5e 01 00 01 ............^... 01 01 01 00 01 00 01 00 00 00 00 01 01 01 00 00 ................ 01 00 00 00 01 01 00 00 01 01 01 01 01 00 01 00 ................ 00 77 28 06 00 00 00 00 00 01 00 01 00 04 00 00 .w(............. 00 00 00 00 00 19 10 01 00 01 00 1d 00 01 18 05 ................ 10 81 11 05 10 25 00 01 00 01 00 01 00 01 00 00 .....%.......... 00 01 00 09 10 01 02 01 00 01 00 01 00 01 12 00 ................ 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 8a 81 00 00 09 10 4d 14 00 00 00 00 00 .........M...... 00 00 00 00 00 00 00 00 00 29 00 00 00 80 00 00 .........)...... 00 00 .. Length: 162 [/code] In what a problem? May be wrong length? Thanks. | December 6, 2009, 12:18 PM |
| mime | I cannot find packets yet 0x9D, 0x26, 0x9C ... : ( | December 6, 2009, 4:49 PM |
| Purri | [code]Packet: 0x59 01 00 00 00 04 44 72 75 67 46 72 65 65 00 00 00 .....DrugFree... 00 00 00 00 00 00 00 00 00 ......... Length: 25[/code] Even Length is 25, you need to skip first byte and start parsing at Length: 26. Hard to explaing with bad english | December 6, 2009, 6:51 PM |
| mime | [quote author=Purri link=topic=18124.msg183815#msg183815 date=1260125461] [code]Packet: 0x59 01 00 00 00 04 44 72 75 67 46 72 65 65 00 00 00 .....DrugFree... 00 00 00 00 00 00 00 00 00 ......... Length: 25[/code] Even Length is 25, you need to skip first byte and start parsing at Length: 26. Hard to explaing with bad english [/quote] 26? Why? As I understand, length of 0x59 packet == 25 (without packetId). | December 7, 2009, 7:25 AM |
| zeroirc | [code] Public m_PacketLengths() As Variant m_PacketLengths = Array(&H1, &H8, &H1, &HC, &H1, &H1, &H1, &H6, &H6, &HB, &H6, &H6, &H9, &HD, &HC, &H10, _ &H10, &H8, &H1A, &HE, &H12, &HB, &H0, &H0, &HF, &H2, &H2, &H3, &H5, &H3, &H4, &H6, _ &HA, &HC, &HC, &HD, &H5A, &H5A, &H0, &H28, &H67, &H61, &HF, &H0, &H8, &H0, &H0, _ &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H0, &H22, _ &H8, &HD, &H0, &H6, &H0, &H0, &HD, &H0, &HB, &HB, &H0, &H0, &H0, &H10, &H11, _ &H7, &H1, &HF, &HE, &H2A, &HA, &H3, &H0, &H0, &HE, &H7, &H1A, &H28, &H0, _ &H5, &H6, &H26, &H5, &H7, &H2, &H7, &H15, &H0, &H7, &H7, &H10, &H15, &HC, _ &HC, &H10, &H10, &HA, &H1, &H1, &H1, &H1, &H1, &H20, &HA, &HD, &H6, &H2, _ &H15, &H6, &HD, &H8, &H6, &H12, &H5, &HA, &H4, &H14, &H1D, &H0, &H0, &H0, _ &H0, &H0, &H0, &H2, &H6, &H6, &HB, &H7, &HA, &H21, &HD, &H1A, &H6, &H8, &H0, _ &HD, &H9, &H1, &H7, &H10, &H11, &H7, &H0, &H0, &H7, &H8, &HA, &H7, &H8, &H18, _ &H3, &H8, &H0, &H7, &H0, &H7, &H0, &H7, &H0, &H0, &H0, &H0, &H1) Public Function GetSize(ByVal id As Byte, ByVal Data As String) As Integer Dim interimVal As Integer If id > 179 Then GetSize = -2: Exit Function End If interimVal = m_PacketLengths(id) If interimVal = 0 Then Select Case id Case &H9C GetSize = Asc(Mid$(Data, 3, 1)): Exit Function Case &H9D GetSize = Asc(Mid$(Data, 3, 1)): Exit Function Case &H5B GetSize = Asc(Mid$(Data, 2, 1)): Exit Function Case &HA8 GetSize = Asc(Mid$(Data, 7, 1)): Exit Function Case &HAA GetSize = Asc(Mid$(Data, 7, 1)): Exit Function Case &HAC GetSize = Asc(Mid$(Data, 13, 1)): Exit Function Case &HAE GetSize = GetDWORD2(Mid(data, 2, 2)) + 3: Exit Function Case &H26 p_data = Mid$(Data, 2) GetSize = Parsechat: Exit Function Case &H94 GetSize = 6 + (Asc(Mid$(Data, 1, 1)) * 3): Exit Function End Select End If GetSize = interimVal: Exit Function End Function [/code] | December 7, 2009, 8:46 AM |
| rabbit | Absolutely horrible code. | December 7, 2009, 1:13 PM |
| Purri | Im using ringo's DLL to get packet size: [code] Public Function GetPacketSize(data As String) As Long Dim tmpData$, RetSize&, OffSet& tmpData = data Call GamePacketSize(tmpData, RetSize, OffSet) data = Mid(data, 1 + OffSet) 'Remove Lengh header GetPacketSize = RetSize End Function [/code] | December 8, 2009, 3:20 AM |
| mime | Where it is possible to find the code of GetPacketSize function from ringo's dll? | December 8, 2009, 7:21 AM |
| Ringo | At a quick glance, it look's like you're decompresssing incorrectly, and just decompressing through the joins/headers. I say this mainly because: [quote] Compressed packet: 17 5f a0 14 c6 b1 b9 48 a8 35 8c a3 2f ff 82 1b...... Length: 269 [/quote] Assumeing you have posted the compressed data in full (so we can step through it, all the way to decompressed form) so we can help you easyer. The 1st and/or 2nd byte of the compressed data, is the compressed packet header. This will tell you how long the compressed packet is, and how many bytes total the compressed packet header uses (1 or 2) So for a compressed packet starting with 0x17, the header lengh (offset) should be 1 (size of the 0x17 byte) and the lengh of the compressed packet should be 0x16 (0x01+0x16=0x17), then you would decompress 16 bytes into 5f a0 14..... etc. This post has examples of before and after decompression, stepping through from start to finish, of the enter game data. https://davnit.net/bnet/vL/index.php?topic=11756.msg123533#msg123533 This should proove very usefull as test data, to run through you're parser, decompress etc, then compare the decompressed results. The compression code in D2GS.dll, is here: https://davnit.net/bnet/vL/index.php?topic=13890.msg141520#msg141520 And the decompression code, here: https://davnit.net/bnet/vL/index.php?topic=585.msg4318#msg4318 Both should contain the compressed packet header functions. I'm pretty sure you're problem can be solved with the above 3 links. hope this helps. | December 8, 2009, 9:14 AM |
| mime | Ringo, Thanks you for your answer :) [code] Compressed packet: 17 5f a0 14 c6 b1 b9 48 a8 35 8c a3 2f ff 82 1b ._.....H.5../... f3 25 62 e8 66 6c e8 6f bf 02 2c bf dd 7b bd c2 .... [/code] This compressed data without length bytes. If to you it is not difficult, you can check up at yourselves these packets ? I have just capture this package by means of Wireshark: [code] 0000 f1 11 17 57 e8 05 31 ac 6e 52 2a 0d 63 28 cb ff 0010 e0 86 bf 32 56 2e 86 66 ce 86 fa fc 08 b2 bf dd 0020 7b bd c2 5d c2 65 c2 6d c2 75 d0 5d 8b 9f b8 ef 0030 68 79 b8 f9 68 06 dc 07 da 02 34 25 db 40 4a 7c 0040 0a 5c 3a af e3 e5 b6 db 6c be 30 bd dd de f7 f7 0050 77 df bb ee ee ef 7c 70 25 21 fb de 83 f9 1c d1 0060 ef 39 b9 c3 06 83 c1 ab 06 84 9b de f7 ef 30 34 0070 75 de f7 ba 6d ff ff e3 e0 f1 98 1a 14 9a ff fc 0080 3e eb 7f eb 79 dc 80 e4 04 80 ad ad e7 72 02 b7 0090 ad 90 12 03 eb 6b 7f ff fe b7 ad ad ff fc c6 bf 00a0 18 9f 9c c5 c3 97 48 72 b9 3d 41 f1 45 ce 50 19 00b0 9d 22 81 86 2a 0c 22 f1 d1 8c 23 3c e4 c8 f0 e8 00c0 cc 2f 90 27 30 2a 80 dc d0 e3 9a 56 c6 5c 3f 0c 00d0 80 21 10 f2 02 08 a3 a0 2c 84 4e 34 23 fa fc d6 00e0 b6 32 87 6c ad 15 43 d4 23 c8 59 73 31 30 b8 aa 00f0 4e 19 56 a4 5c 11 24 1f 40 38 3f 00 e8 89 e1 e0 0100 f6 02 59 61 a1 64 96 21 14 81 88 01 33 03 e0 fc 0110 77 // length 273 [/code] My program log: [code] Compressed data: // (without length bytes) 17 57 e8 05 31 ac 6e 52 2a 0d 63 28 cb ff e0 86 .W..1.nR*.c(.... bf 32 56 2e 86 66 ce 86 fa fc 08 b2 bf dd 7b bd .2V..f........{. c2 5d c2 65 c2 6d c2 75 d0 5d 8b 9f b8 ef 68 79 .].e.m.u.]....hy b8 f9 68 06 dc 07 da 02 34 25 db 40 4a 7c 0a 5c ..h.....4%.@J|.\ 3a af e3 e5 b6 db 6c be 30 bd dd de f7 f7 77 df :.....l.0.....w. bb ee ee ef 7c 70 25 21 fb de 83 f9 1c d1 ef 39 ....|p%!.......9 b9 c3 06 83 c1 ab 06 84 9b de f7 ef 30 34 75 de ............04u. f7 ba 6d ff ff e3 e0 f1 98 1a 14 9a ff fc 3e eb ..m...........>. 7f eb 79 dc 80 e4 04 80 ad ad e7 72 02 b7 ad 90 .y........r.... 12 03 eb 6b 7f ff fe b7 ad ad ff fc c6 bf 18 9f ...k........... 9c c5 c3 97 48 72 b9 3d 41 f1 45 ce 50 19 9d 22 ....Hr.=A.E.P.." 81 86 2a 0c 22 f1 d1 8c 23 3c e4 c8 f0 e8 cc 2f ..*."...#<...../ 90 27 30 2a 80 dc d0 e3 9a 56 c6 5c 3f 0c 80 21 .'0*.....V.\?..! 10 f2 02 08 a3 a0 2c 84 4e 34 23 fa fc d6 b6 32 ......,.N4#....2 87 6c ad 15 43 d4 23 c8 59 73 31 30 b8 aa 4e 19 .l..C.#.Ys10..N. 56 a4 5c 11 24 1f 40 38 3f 00 e8 89 e1 e0 f6 02 V.\.$.@8?....... 59 61 a1 64 96 21 14 81 88 01 33 03 e0 fc 77 Ya.d.!....3...w Length: 271 Decompressed data: 59 02 00 00 00 04 44 72 75 67 46 72 65 65 00 00 Y.....DrugFree.. 00 00 00 00 00 00 00 00 00 00 aa 00 02 00 00 00 ................ 0c 69 59 f9 ff 1f 76 00 02 00 00 00 94 13 02 00 .iY...v......... 00 00 00 00 01 02 00 01 01 00 01 d9 00 01 da 00 ................ 01 db 00 01 dc 00 01 04 00 01 05 00 01 03 00 01 ................ 7f 00 14 82 00 01 8a 00 14 8d 00 01 91 00 14 94 ............... 00 06 95 00 14 99 00 03 9b 00 01 23 00 02 00 00 ...........#.... 00 00 8a 00 ff ff ff ff 97 5e 01 00 01 01 01 01 .........^...... 00 01 00 01 00 00 00 00 01 01 01 00 00 01 00 00 ................ 00 01 01 00 00 01 01 01 01 01 00 01 00 00 77 28 ..............w( 06 00 00 00 00 00 01 00 01 00 04 00 00 00 00 00 ................ 00 00 19 10 01 00 01 00 1d 00 01 18 05 10 81 11 ................ 05 10 25 00 01 00 01 00 01 00 01 00 00 00 01 00 ..%............. 09 10 01 02 01 00 01 00 01 00 01 12 00 00 01 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 8a 81 00 00 09 10 4d 14 00 00 00 00 00 00 00 00 ......M......... 00 00 00 00 00 00 29 00 00 00 80 00 00 00 00 ......)........ Length: 271 [/code] It is correct? | December 8, 2009, 6:24 PM |
| mime | up | December 27, 2009, 11:52 AM |
| Ringo | [quote author=mime link=topic=18124.msg183871#msg183871 date=1261914779] up [/quote] You're asking us, to hardcode the above data into a program, set up a make-shift parser and step through it to find any brakes? [quote author=Ringo link=topic=18124.msg183821#msg183821 date=1260263644] This post has examples of before and after decompression, stepping through from start to finish, of the enter game data. https://davnit.net/bnet/vL/index.php?topic=11756.msg123533#msg123533 This should proove very usefull as test data, to run through you're parser, decompress etc, then compare the decompressed results. The compression code in D2GS.dll, is here: https://davnit.net/bnet/vL/index.php?topic=13890.msg141520#msg141520 And the decompression code, here: https://davnit.net/bnet/vL/index.php?topic=585.msg4318#msg4318 Both should contain the compressed packet header functions. [/quote] You can do all of that you're self, with the above link's, I don't think you can really expect more than that, no? | January 12, 2010, 1:44 AM |