| Author | Message | Time |
|---|---|---|
| i8igmac | sudo tcpick -i wlan0 -C -yX -h "port 6113" --seperator (I would like to share this tool for monitoring packets... way more options to display packets and is lightweight... read the man) #usage ruby script.rb [ip] [port] #Usage ruby script.rb 123.13.14.111 6113 [code]require "socket" ARGV.each data="693869676d6163" # i8igmac s=TCPSocket.open(ARGV[0],ARGV[1]) s.print(["f71e2d00c50d00300000000000e01709000000#{data}000100020017d7c0a8016b0000000000000000"].pack("H*")) s.print(["f7420d000100000001219e1f00"].pack("H*")) s.print(["f74608003b983d47"].pack("H*")) s.print(["f7281a000201020310706f6f6f6f6f6f6f6f6f6f6f6f6f6f7000"].pack("H*")) s.read [/code] i have been playing around with this little script, the first s.print will establish a name with the server, but that is as far is i can get... when ever i try to print other data the server will close the connection... i pulled all the data from wireshark... im justing looking to say "hello world" or with this example the string is "Poooooooooooooooooop" | October 3, 2011, 3:21 AM |
| RealityRipple | What uses port 6113...? | October 4, 2011, 2:30 AM |
| i8igmac | [quote author=RealityRipple link=topic=18328.msg185511#msg185511 date=1317695442] What uses port 6113...? [/quote] not battle.net server but a wc3 server may use ports 6112-6119 | October 4, 2011, 3:52 AM |
| RealityRipple | Next time, please mention that somewhere.... Also, you really should make a packet buffer/debuffer, it's pretty hideous looking that way.... Then check BNETdocs (or I think there's a page on w3gs in here somewhere... use the search). | October 4, 2011, 5:56 AM |
| i8igmac | I just want to share what i have working so far. with some example ruby code i can join a custom war3 game and keep the connection alive... [code] 199.168.142.199:6113 AP > 192.168.1.107:49599 (63) 0x0000 f701 0800 d981 0c6c f70f 3700 0102 0110 .......l..7..... 0x0010 3920 6d6f 7265 2070 6c61 7965 7273 202d 9.more.players.- 0x0020 2055 5342 6573 7442 6f74 4067 6d61 696c .USBestBot@gmail 0x0030 2e63 6f6d 202d 2031 3030 4d42 2f73 00 .com.-.100MB/s.l 192.168.1.107:49599 AP > 199.168.142.199:6113 (8) 0x0000 f746 0800 d981 0c6c .F.....l. 199.168.142.199:6113 A > 192.168.1.107:49599 (0) 199.168.142.199:6113 AP > 192.168.1.107:49599 (8) 0x0000 f701 0800 6095 0c6c ....`..l. 192.168.1.107:49599 AP > 199.168.142.199:6113 (8) 0x0000 f746 0800 6095 0c6c .F..`..l. [/code] server ack-push f701 0800 d981 0c6c . . . . . . . . . . client ack-push f746 0800 d981 0c6c server ack-push f701 0800 6095 0c6c client ack-push f746 0800 6095 0c6c this was very easy to too reproduce... [code] #ruby <ip> <port> #ruby 66.77.88.99.11 6115 require "socket" ARGV.each name="23000000000023"# juck name, 16 length TCPSocket.open(ARGV[0],ARGV[1]) {|sock| sock.print(["f71e2d00c50d00300000000000e01709000000#{name}000100020017d7c0a8016b0000000000000000"].pack("H*")) while data=(sock.sysread(65535).unpack("H*")) if data.to_s.strip.include?("f7010800") == true; ping=data.to_s.index("f7010800") sock.print(["f7010800#{data.to_s[ping+8..ping+15]}"].pack("H*")) else sleep 1 end end } [/code] | October 7, 2011, 5:19 AM |
| i8igmac | Im looking for help, i dont understand what these numbers mean, im just looking for patters and trying to reproduce... i can connect to a custom game and keep the connection alive... this packet would chat or speak with the players in the server, "hello players in custom game" i dont understand this packet just seems random, 'f7 28 1a' im not sure how you guys break these things down... "f7281a000201020310706f6f6f6f6f6f6f6f6f6f6f6f6f6f7000" when i dump packets with the real wc3 client then send some chat messages the first few bytes are always random, maybe im wrong... another small problem, the packet that establish a name, how do i set the length of the name... im finding my way around your forum with the search function, "search f71 or search f728" has not brought up anything useful for me... [glow=red,2,300]name=[/glow]"11223344556677" # this would be your name "f71e2d00c50d00300000000000e01709000000#{[glow=red,2,300]name[/glow]}000100020017d7c0a8016b0000000000000000" | October 9, 2011, 6:10 AM |
| MysT_DooM | Learn about the different protocol headers there are. From there you'll be able to understand and pick out which packets are what. Once you can identify W3GS packets you can go to bnetdocs.org and scroll down to the packet list and then scroll down to W3GS Messages, and look for the packet you need help with. If the packet isn't there then you could search the forum or post a question about the specific packet you didn't find. [quote=BnetDocs] Warcraft III In-game Headers Used by both ladder games and custom games, the format of these messages are nearly the same as BNCS packets. Every packet has the same header: (BYTE) Always 0xF7 (BYTE) Message ID (WORD) Message length, including this header (VOID) Message Data [/quote] So for example "f7281a000201020310706f6f6f6f6f6f6f6f6f6f6f6f6f6f7000" is W3GS 0x28. http://www.bnetdocs.org/?op=packet&pid=465 So F7 is the W3GS identifier, 28 is the packet ID, 1a00 is the length of the packet. And the rest is the packet data. Understanding that will help you identify the packets you're researching and help you with your search words. | October 10, 2011, 5:01 PM |
| i8igmac | Thanks for reply, ill do some test then post more data... I just want to share a google dork by example... with every reply you guys give i gain more and more google dot com [code] inurl:"bnetdocs" intext:"Client -> Server (Sent)" intext:"w3gs"[/code] so, i want to confirm one of my test, my ruby client was sending messages to the server but the packet may not of had the proper color, slot, player options set But the server was responding with Ack... during this test i was also connected with my real wc3 client but seen know messages... was a bit confused... so the server did not pass out the chat to the other clients, but the message was received ? | October 11, 2011, 2:01 AM |
| MysT_DooM | Please show packet logs, it would be easier to understand what you're saying if you do so. So after a quick snoop, the war3 host is the one who sends out all the chat. So that means you have to send whatever msg you want, in the proper format, too the host IP, so make sure you're sending it to the right IP. So that means all chat, either from you or another player are sent to the host and then the host sends it out. But before even bother chatting you have to get all that info/actually join the game, which a quick packet log of the war3 client joining a game would show you all those packets. But here's some packetlogs & stuff to explain about the chat part. [u]S<C W3GS 0X0F (Player sending chat - W3GS_CHAT_FROM_HOST)[/u] [quote] [color=red]W3GS Packet Header[/color] [color=green](BYTE) Player count[/color] [color=orange](BYTE)[] Player numbers that will receive the message[/color] [color=blue](BYTE) Player number that sent the message[/color] [color=maroon](BYTE) Flags[/color] (DWORD) Extra Flags [color=pink](STRING) Message[/color][/quote] 0030 f6 95 65 71 00 00 [color=red]f7 0f 12 00[/color] [color=green]06[/color] [color=orange]01 03 04 05 06[/color] ..eq.... ........ 0040 [color=orange]07[/color] [color=blue]02[/color] [color=maroon]10[/color] [color=pink]77 74 66 3f[/color] 00 ...wtf?. 0030 f6 7a ad 67 00 00 [color=red]f7 0f 10 00[/color] [color=green]06[/color] [color=orange]01 02 03 04 06[/color] .z.g.... ........ 0040 [color=orange]07[/color] [color=blue]05[/color] [color=maroon]10[/color] [color=pink]67 6f[/color] 00 ...go. [u]C>S W3GS 0x28 (You sending chat - W3GS_CHAT_TO_HOST)[/u] [quote] [color=red]W3GS Packet Header[/color] [color=green](BYTE) Total[/color] For each total: [color=orange](BYTE) To player number[/color] [color=blue](BYTE) From player number[/color] [color=maroon](BYTE) Flags[/color] For Flag 0x10: [color=pink](STRING) Message[/color] For Flag 0x11: (BYTE) Team For Flag 0x12: (BYTE) Color For Flag 0x13: (BYTE) Race For Flag 0x14: (BYTE) Handicap For Flag 0x20: (DWORD) Extra Flags (STRING) Message[/quote] 0030 fc a5 42 66 00 00 [color=red]f7 28 13 00[/color] [color=green]06[/color] [color=orange]01 02 03 04 05[/color] ..Bf...( ........ 0040 [color=orange]06[/color] [color=blue]07[/color] [color=maroon]10[/color] [color=pink]68 65 6c 6c 6f[/color] 00 ...hello . | October 11, 2011, 5:58 AM |
| i8igmac | OK, i know what i have to do... i need to gather slot info for myself and other players and then some math for message size... f709 7900 7300 0c02 6402 0000 0060 01 6403 6402 0001 0a60 01 6404 6402 0002 0260 01 6400 ff00 0000 0341 01 6400 ff00 0000 0441 01 6400 ff00 0000 0541 01 6400 ff00 0000 0141 01 6400 ff00 0000 0741 01 6400 ff00 0000 0841 01 6400 ff00 0000 0941 01 6400 ff00 0000 0641 01 6400 ff00 0000 0b41 01 6446 6e7d 2400 0c f728 1200 [glow=red,2,300]03[/glow][glow=green,2,300]01 02[/glow][glow=red,2,300]03[/glow] [glow=green,2,300]04[/glow]10 736c 6f74 2033 2000 "slot 3" example message sent from myself, from slot 3 with 3 people in game im going to take a guess, this is the section im after? if start with 64 then end with 01 (generic ruby expression) IM not sure at this point how to identify my own slot number??? here is my real war3client joining a game and sending a message "slot 3" [code] 0x0000 f71e 2d00 8003 0030 0000 0000 00e0 1719 ..-....0........ 0x0010 0000 0069 3869 676d 6163 0001 0002 0017 ...i8igmac...... 0x0020 e3c0 a801 6b00 0000 0000 0000 00 ....k......... 209.172.49.193:6115 A > 192.168.1.107:38237 (0) 209.172.49.193:6115 AP > 192.168.1.107:38237 (1147) ---------------- 0x0000 f704 8a00 7300 0c02 6402 0000 0060 0164 ....s...d....`.d 0x0010 0364 0200 010a 6001 6404 ff02 0002 0260 .d....`.d......` 0x0020 0164 00ff 0000 0003 4101 6400 ff00 0000 .d......A.d..... 0x0030 0441 0164 00ff 0000 0005 4101 6400 ff00 .A.d......A.d... 0x0040 0000 0141 0164 00ff 0000 0007 4101 6400 ...A.d......A.d. 0x0050 ff00 0000 0841 0164 00ff 0000 0009 4101 .....A.d......A. 0x0060 6400 ff00 0000 0641 0164 00ff 0000 000b d......A.d...... 0x0070 4101 6446 6e7d 2400 0c04 0200 955d 43b9 A.dFn}$......]C. 0x0080 be70 0000 0000 0000 0000 f706 3a00 0200 .p..........:... 0x0090 0000 017c 6346 4630 3036 3646 4652 4953 ...|cFF0066FFRIS 0x00a0 4b00 0100 0200 0000 0000 0000 0000 0000 K............... 0x00b0 0000 0000 0200 0000 0000 0000 0000 0000 ................ 0x00c0 0000 0000 f706 3200 0200 0000 0261 7669 ......2......avi 0x00d0 6178 3100 0100 0200 0000 4d7d 59e5 0000 ax1.......M}Y... 0x00e0 0000 0000 0000 0200 0000 0a00 0003 0000 ................ 0x00f0 0000 0000 0000 f706 3200 0200 0000 034a ........2......J 0x0100 6f73 654d 6100 0100 0200 0000 6c5b 3a8b oseMa.......l[:. 0x0110 0000 0000 0000 0000 0200 0000 c0a8 0140 ...............@ 0x0120 0000 0000 0000 0000 f73d 5600 0100 0000 .........=V..... 0x0130 4d61 7073 5c44 6f77 6e6c 6f61 645c 5269 Maps\Download\Ri 0x0140 736b 5265 766f 6c75 7469 6f6e 312e 3032 skRevolution1.02 0x0150 5b50 2331 3833 4630 432e 7733 6d00 c7f4 [P#183F0C.w3m... 0x0160 0500 33f5 b138 d5bd f2c3 a177 99e7 f48f ..3..8.....w.... 0x0170 4d61 f9bb 62ef fb37 86c1 1760 7a92 f709 Ma..b..7...`z... 0x0180 7900 7300 0c02 6402 0000 0060 0164 0364 y.s...d....`.d.d 0x0190 0200 010a 6001 6404 ff02 0002 0260 0164 ....`.d......`.d 0x01a0 00ff 0000 0003 4101 6400 ff00 0000 0441 ......A.d......A 0x01b0 0164 00ff 0000 0005 4101 6400 ff00 0000 .d......A.d..... 0x01c0 0141 0164 00ff 0000 0007 4101 6400 ff00 .A.d......A.d... 0x01d0 0000 0841 0164 00ff 0000 0009 4101 6400 ...A.d......A.d. 0x01e0 ff00 0000 0641 0164 00ff 0000 000b 4101 .....A.d......A. 0x01f0 6446 6e7d 2400 0cf7 0fc4 0001 0401 1054 dFn}$..........T 0x0200 6869 7320 6761 6d65 2069 7320 686f 7374 his.game.is.host 0x0210 6564 2062 7920 5468 6520 6772 6f75 7020 ed.by.The.group. 0x0220 6f66 2043 6c61 6e20 5249 534b 2e20 5468 of.Clan.RISK..Th 0x0230 6520 4570 6963 2043 6c61 6e20 5249 534b e.Epic.Clan.RISK 0x0240 2069 7320 636f 6d65 2042 6163 6b20 666f .is.come.Back.fo 0x0250 7220 7520 4775 7973 2e20 4966 2075 2077 r.u.Guys..If.u.w 0x0260 616e 7420 4a6f 696e 206f 7572 2043 6c61 ant.Join.our.Cla 0x0270 6e20 6173 6b20 746f 206f 6e65 206f 6620 n.ask.to.one.of. 0x0280 6f75 7220 5368 616d 616e 206f 7220 6f6e our.Shaman.or.on 0x0290 6520 6f66 2042 6f74 6820 436f 2d4c 6561 e.of.Both.Co-Lea 0x02a0 6465 7220 4561 6749 6520 416e 6420 4372 der.EagIe.And.Cr 0x02b0 617a 792e 4a65 6d73 730d 00f7 0f5d 0001 azy.Jemss....].. 0x02c0 0401 104e 6f77 2054 6865 2053 6563 6f6e ...Now.The.Secon 0x02d0 6420 436c 616e 206f 6620 436c 616e 2052 d.Clan.of.Clan.R 0x02e0 4953 4b20 6973 2068 6572 6520 666f 7220 ISK.is.here.for. 0x02f0 7520 4775 7973 2061 6e64 2063 616c 6c65 u.Guys.and.calle 0x0300 6420 3a20 436c 616e 2041 5242 2021 2045 d.:.Clan.ARB.!.E 0x0310 6e6a 6f79 2021 0d00 f70f 3100 0104 0110 njoy.!....1..... 0x0320 4f6e 6c79 204d 656d 6265 7273 206f 6620 Only.Members.of. 0x0330 626f 7468 2063 6c61 6e20 6361 6e20 6265 both.clan.can.be 0x0340 2061 646d 696e 2e0d 00f7 0f1f 0001 0401 .admin.......... 0x0350 1052 6573 7065 6374 2061 6e64 2048 4620 .Respect.and.HF. 0x0360 6775 7973 2021 0d00 f70f 3000 0104 0110 guys.!....0..... 0x0370 4164 6d69 6e20 3a20 4e65 7665 7220 4261 Admin.:.Never.Ba 0x0380 6e20 7065 6f70 6c65 202f 2f20 4f6e 6c79 n.people.//.Only 0x0390 204b 6963 6b2e 0d00 f70f 5500 0104 0110 .Kick.....U..... 0x03a0 4966 2075 2073 6565 206f 6e65 2061 646d If.u.see.one.adm 0x03b0 696e 2061 6275 7365 206f 6620 6974 7320 in.abuse.of.its. 0x03c0 706f 7765 7273 2075 2063 616e 206e 6f77 powers.u.can.now 0x03d0 2070 6f73 7420 6f6e 206f 7572 2066 6163 .post.on.our.fac 0x03e0 6562 6f6f 6b20 7061 6765 2e0d 00f7 0f4e ebook.page.....N 0x03f0 0001 0401 1053 6f20 5669 7369 7420 6f75 .....So.Visit.ou 0x0400 7220 4661 6365 626f 6f6b 2070 6167 6520 r.Facebook.page. 0x0410 3a20 6874 7470 3a2f 2f77 7777 2e66 6163 :.http://www.fac 0x0420 6562 6f6f 6b2e 636f 6d2f 7061 6765 732f ebook.com/pages/ 0x0430 436c 616e 2d52 4953 4b0d 00f7 0f40 0001 Clan-RISK....@.. 0x0440 0401 105b 5b5b 4465 6d6f 6c69 7469 6f6e ...[[[Demolition 0x0450 6372 6166 7420 706c 6179 206e 6f77 2077 craft.play.now.w 0x0460 6974 6820 4372 617a 792e 4a65 6d73 7320 ith.Crazy.Jemss. 0x0470 4163 636f 756e 745d 5d5d 00 Account]]].e 192.168.1.107:38237 A > 209.172.49.193:6115 (0) 192.168.1.107:38237 AP > 209.172.49.193:6115 (13) ---------------- 0x0000 f742 0d00 0100 0000 01c7 f405 00 .B............ 209.172.49.193:6115 A > 192.168.1.107:38237 (0) 209.172.49.193:6115 AP > 192.168.1.107:38237 (121) ---------------- 0x0000 f709 7900 7300 0c02 6402 0000 0060 0164 ..y.s...d....`.d 0x0010 0364 0200 010a 6001 6404 6402 0002 0260 .d....`.d.d....` 0x0020 0164 00ff 0000 0003 4101 6400 ff00 0000 .d......A.d..... 0x0030 0441 0164 00ff 0000 0005 4101 6400 ff00 .A.d......A.d... 0x0040 0000 0141 0164 00ff 0000 0007 4101 6400 ...A.d......A.d. 0x0050 ff00 0000 0841 0164 00ff 0000 0009 4101 .....A.d......A. 0x0060 6400 ff00 0000 0641 0164 00ff 0000 000b d......A.d...... 0x0070 4101 6446 6e7d 2400 0c A.dFn}$..d 192.168.1.107:38237 A > 209.172.49.193:6115 (0) 209.172.49.193:6115 AP > 192.168.1.107:38237 (87) ---------------- 0x0000 f701 0800 4f6c 9a24 f70f 4f00 0302 0304 ....Ol.$..O..... 0x0010 0110 5761 6974 696e 6720 666f 7220 3420 ..Waiting.for.4. 0x0020 6d6f 7265 2070 6c61 7965 7273 2062 6566 more.players.bef 0x0030 6f72 6520 7468 6520 6761 6d65 2077 696c ore.the.game.wil 0x0040 6c20 6175 746f 6d61 7469 6361 6c6c 7920 l.automatically. 0x0050 7374 6172 742e 00 start..a 192.168.1.107:38237 A > 209.172.49.193:6115 (0) 192.168.1.107:38237 AP > 209.172.49.193:6115 (8) ---------------- 0x0000 f746 0800 4f6c 9a24 .F..Ol.$. 209.172.49.193:6115 A > 192.168.1.107:38237 (0) 192.168.1.107:38237 AP > 209.172.49.193:6115 (18) ---------------- 0x0000 f728 1200 0301 0203 0410 736c 6f74 2033 .(........slot.3 0x0010 2000 ... [/code] | October 14, 2011, 2:40 AM |
| i8igmac | I have been messing around this for a while now, I still don't see were the server gives me a slot number. | October 21, 2011, 6:22 AM |
| i8igmac | Im going to wake up my old thread with a few new questions... Wc3 first, im watching tcp dump and i see a public list of wc3 games i can join... how can i pull ip and port address from this packet? [code]0x0000 ff09 600c 1400 0000 0120 4800 0904 0000 ..`.......H..... 0x0010 0200 17e7 d4e0 7d8e 0000 0000 0000 0000 ......}......... 0x0020 1000 0000 0000 0000 4857 4920 5b43 4c41 ........HWI.[CLA 0x0030 4e20 4550 5750 5d20 2023 3134 3139 3900 N.EPWP]..#14199. 0x0040 0062 3737 3733 3030 3033 4103 4907 0101 .b77730003A.I... 0x0050 5b01 eb4b 010f 293f 176d cb61 7173 5d65 [..K..)?.m.aqs]e 0x0060 6f77 196f 6d6f 6165 5d49 6b65 736f 2157 ow.omoae]Ikeso!W 0x0070 6173 bb73 2149 6365 6d61 096f 6573 2177 as.s!Icema.oes!w 0x0080 332f 7133 312f 7733 6d01 eb45 7157 715f 3/q31/w3m..EqWq_ 0x0090 4175 3575 6f49 6f73 7501 d901 f365 f3f9 Au5uoIosu....e.. 0x00a0 61d9 e123 bb89 0333 6ffb b33d a98b cb4f a..#...3o..=...O 0x00b0 e1df 0026 0000 0009 0400 0002 0017 e4d1 ...&............ 0x00c0 2c77 4b00 0000 0000 0000 0010 0000 0004 ,wK............. 0x00d0 0000 0042 524f 4b45 4e41 4c4c 4941 4e43 ...BROKENALLIANC 0x00e0 4553 2e43 4f4d 2021 2023 3334 0000 6232 ES.COM.!.#34..b2 0x00f0 3230 3030 3030 3381 0349 0701 01c1 07e5 2000003..I...... 0x0100 c107 df1d 35e7 4dcb 6171 735d 456f 7719 ....5.M.aqs]Eow. 0x0110 6f6d 6f61 655d 439d 736f 6b65 6f21 41d9 omoae]C.sokeo!A. 0x0120 6d6d 6961 6f63 6563 7321 332f 3131 639d mmiaocecs!3/11c. 0x0130 2f77 336d 0147 61f9 7345 5b61 5d59 7335 /w3m.Ga.sE[a]Ys5 0x0140 436f 5523 3301 01fd 875d 5171 79dd 73d5 CoU#3....]Qqy.s. 0x0150 454d cdf7 e725 8543 3737 fd97 21bf 0080 EM...%.C77..!... 0x0160 2049 0109 0400 0002 0017 e240 55a4 3100 .I.........@U.1. 0x0170 0000 0000 0000 0010 0000 0004 0000 0044 ...............D 0x0180 6f74 6120 436c 6173 7369 6320 332e 3720 ota.Classic.3.7. 0x0190 2338 3535 3700 0062 6436 3132 3030 3032 #8557..bd6120002 0x01a0 0103 4907 0101 7501 8975 0155 df09 216d ..I...u..u.U..!m 0x01b0 4b61 7173 5d45 4f55 1f41 335f 3737 652f Kaqs]EOU.A3_77e/ 0x01c0 4f77 336d 0145 6177 1369 6543 6f75 0101 Ow3m.Eaw.ieCou.. 0x01d0 6fc7 11d5 7fbf 6de1 1b69 35e3 dd89 e15f o.....m..i5...._ 0x01e0 4fd7 7de3 6537 a500 0120 4900 0904 0000 O.}.e7....I..... 0x01f0 0200 17e1 ae47 0979 0000 0000 0000 0000 .....G.y........ 0x0200 1000 0000 0300 0000 466f 6f74 ........Foot. [/code] Also my next question... there are bots/servers/(ghost for example) wc3 these servers have -owners and -admins... they have the write to -kick -ban people from there server and they can give out admin writes to friends... i have made a simple client with the source i posted above, i can join these servers with a admins name... the question, is admin rights password protected? is spoofed protected? can i execute my own bann and kick commands? | February 15, 2012, 4:37 AM |
| MysT_DooM | [quote author=i8igmac link=topic=18328.msg185679#msg185679 date=1329280626] Im going to wake up my old thread with a few new questions... Wc3 first, im watching tcp dump and i see a public list of wc3 games i can join... how can i pull ip and port address from this packet? [/quote] Here is the reference: http://bnetdocs.org/?op=packet&pid=266. How to pull it? What I do is I parse the incoming 0x09 data by looping 20 times (#of games incoming from bnet) for each game, each loop starting at a different offset based off the previous length of gamedata. So for example, the first two games would break down like this [color=red]Port:17 e7[/color] [color=purple]IP:d4 e0 7d 8e[/color] [code=Port:17e7 IP:d4e07d8e] 0x0000 ff09 600c 1400 0000 0120 4800 0904 0000 ..`.......H..... 0x0010 0200 17e7 d4e0 7d8e 0000 0000 0000 0000 ......}......... 0x0020 1000 0000 0000 0000 4857 4920 5b43 4c41 ........HWI.[CLA 0x0030 4e20 4550 5750 5d20 2023 3134 3139 3900 N.EPWP]..#14199. 0x0040 0062 3737 3733 3030 3033 4103 4907 0101 .b77730003A.I... 0x0050 5b01 eb4b 010f 293f 176d cb61 7173 5d65 [..K..)?.m.aqs]e 0x0060 6f77 196f 6d6f 6165 5d49 6b65 736f 2157 ow.omoae]Ikeso!W 0x0070 6173 bb73 2149 6365 6d61 096f 6573 2177 as.s!Icema.oes!w 0x0080 332f 7133 312f 7733 6d01 eb45 7157 715f 3/q31/w3m..EqWq_ 0x0090 4175 3575 6f49 6f73 7501 d901 f365 f3f9 Au5uoIosu....e.. 0x00a0 61d9 e123 bb89 0333 6ffb b33d a98b cb4f a..#...3o..=...O 0x00b0 e1df 00 [/code] [color=red]Port:17 e4[/color][color=purple] IP:d1 2c 77 4b[/color] [code=Port:17e4 IP:d12c774b] 26 0000 0009 0400 0002 0017 e4d1 ...&............ 0x00c0 2c77 4b00 0000 0000 0000 0010 0000 0004 ,wK............. 0x00d0 0000 0042 524f 4b45 4e41 4c4c 4941 4e43 ...BROKENALLIANC 0x00e0 4553 2e43 4f4d 2021 2023 3334 0000 6232 ES.COM.!.#34..b2 0x00f0 3230 3030 3030 3381 0349 0701 01c1 07e5 2000003..I...... 0x0100 c107 df1d 35e7 4dcb 6171 735d 456f 7719 ....5.M.aqs]Eow. 0x0110 6f6d 6f61 655d 439d 736f 6b65 6f21 41d9 omoae]C.sokeo!A. 0x0120 6d6d 6961 6f63 6563 7321 332f 3131 639d mmiaocecs!3/11c. 0x0130 2f77 336d 0147 61f9 7345 5b61 5d59 7335 /w3m.Ga.sE[a]Ys5 0x0140 436f 5523 3301 01fd 875d 5171 79dd 73d5 CoU#3....]Qqy.s. 0x0150 454d cdf7 e725 8543 3737 fd97 21bf 00[/code] | February 15, 2012, 11:36 PM |
| i8igmac | Ok, that was easy, here is some example code... i took a shortcut for my project... im running a tcpdump or tcpick and filtering out the ip with this code [code] #gather ip for all servers s="" Thread.start{ for i in 1..100000 data=IO.popen("tcpick -i wlan0 -yx 'port 6112'") while line=data.gets for x in line.split if x.length==4 s<<x end end end sleep 1 end} #create a list ip_list="" Thread.start{ for i in 1..100000 for x in s.scan(/400000.............../) ip_list<<x[13..14].to_i(16).to_s+"."+x[15..16].to_i(16).to_s+"."+x[17..18].to_i(16).to_s+"."+x[19..20].to_i(16).to_s+" "+x[9..12].to_i(16).to_s+"\n" end #print ip_list.to_a.uniq puts " IP LIST---#{ip_list.to_a.uniq.length}----" puts "\n" sleep 1 end} [/code] So, im searching threw the documents, im looking for a way to handle a ping request from a public wc3 game... i only find udp ping request from battlenet servers, is that the samething? im watching tcpdump, i dont even know what byte im looking for that starts the ping request... this ping request is coming from a ghost++ bot hoxsting a public ladder game... | February 22, 2012, 4:33 AM |