Valhalla Legends Forums Archive | Assembly Language (any cpu) | Reverse Engineering suggestions

AuthorMessageTime
thetempest
Hey,

I'm intresting in hearing methods and ideas on ways to reverse engineer a RTS's INGAME mplayer packet protocol.

most importantly, how to associate action->packetID...the reason i think that that is SO difficult is because there are always packets FLYING everywhere. I dont know how to distenquish between the two.

Thanks
December 21, 2003, 10:29 PM
Adron
Find the pattern!

Try to minimize what happens all the time, then look for the pattern in that. You may need to sample a lot of data.

After you see what is "nothing", do "something", perhaps many times, and look for the change in the pattern. If all of the pattern changes randomly, disassemble the game and look for encryption or compression of packets.
December 22, 2003, 1:18 AM
Grok
Yup I do the same. It is important to understand what 'chatter' exists free from your overt actions. You can figure out the chatter later, it's often less fun. Once you filter that out, or by just ignoring it, do something unique, and something less unique, that are the same class of action.

Like, shoot an enemy, then shoot a non-target. You should have two new packets, both indicating you fired a shot, and possibly different parameters. Unless they were in the same spot, you'll at least be shooting a different vector or grid location.

If you have a clean well-designed protocol, it could lend itself to figuring out. I've been trying to figure out the protocol for one of my work applications for over a year. It's a near-total mess, but the header is consistently organized. It has an ID in the first WORD, which is a nice start. But the rest of the packet data is such junk! 90% 00's most of the time.
December 22, 2003, 2:12 AM
iago
In starcraft, when I do work on ingame packets, I dump them all to the screen and a file, with some pattern-filters.
December 22, 2003, 8:00 AM
thetempest
what progs you use iago to filter?
December 23, 2003, 5:05 AM
iago
I call them "if" statements..
December 23, 2003, 10:47 AM
Grok
[quote author=iago link=board=7;threadid=4385;start=0#msg36848 date=1072176429]
I call them "if" statements..
[/quote]

No way? Me too! j/k. switch() is superior in nearly every case I'm accustomed to handling.
December 23, 2003, 12:34 PM
Kp
[quote author=Grok link=board=7;threadid=4385;start=0#msg36853 date=1072182857]
switch() is superior in nearly every case[/quote]

*kick* Bad pun!
December 23, 2003, 3:55 PM
St0rm.iD
That was indeed terrible and horrific. -1
December 25, 2003, 3:57 AM

Search