Welcome
Ladies and Gents:

These forums are now closed and registration disabled.

Please join us at our new forum on Proboards. Our hope is that these new forums are more stable, provide more and better features, and allow continuation of the project forums in a safer, more secure, long term environment.

me3explorer.proboards.com

--The ME3Explorer Team

packet replay

Coder-centric area for programming advice and questions.

packet replay

Postby Eddymvp » 05 Mar 2015, 22:41

I'm using wireshark to capture the traffic from my console to the ea blaze server. How can I decryp this package and replay it?
Eddymvp
User
 
Posts: 15
Joined: 05 Mar 2015, 17:03
Has thanked: 0 time
Have thanks: 1 time

Re: packet replay

Postby giftfish » 06 Mar 2015, 02:18

The Research forum isn't for help requests.

relocating your thread to the general help section.
User avatar
giftfish
Toolset Developer
 
Posts: 1247
Joined: 08 Jan 2016, 02:35
Has thanked: 129 time
Have thanks: 75 time

Re: packet replay

Postby WarrantyVoider » 06 Mar 2015, 05:25

something like this if you use my server code's blaze class:

byte[] buff = File.ReadAllBytes(loc + "replay\\04_50_res.bin");
Blaze.Packet pform = Blaze.ReadBlazePacket(new MemoryStream(buff));
List<Blaze.Tdf> form = Blaze.ReadPacketContent(pform);
Blaze.TdfDoubleList ATTR = (Blaze.TdfDoubleList)form[0];
Blaze.TdfInteger GID = (Blaze.TdfInteger)form[1];
...


then

buff = Blaze.CreatePacket(0x4, 0x50, 0, 0x2000, 0, form);
SendPacket(player, buff);


but you need a hexdump (binary file) of your packet first, I think wireshark has export function for this. then open in packetviewer to see how the structure looks like, then use the code to navigate through it... most of your question will be answered if you simply look through the server code, learn the rought inner working first, to know what you need to do in order to get further

greetz WV
always backup your files!
mess with the best or die like the rest!
"I tried everything!" - "mkay, please list that..." ; please dont pm me for help, we have a help section
User avatar
WarrantyVoider
Emeritus
 
Posts: 2270
Joined: 22 Aug 2012, 11:33
Has thanked: 480 time
Have thanks: 626 time

Re: packet replay

Postby Eddymvp » 06 Mar 2015, 11:17

Can you link me to your server code ?
Eddymvp
User
 
Posts: 15
Joined: 05 Mar 2015, 17:03
Has thanked: 0 time
Have thanks: 1 time

Re: packet replay

Postby Eddymvp » 06 Mar 2015, 11:54

I was able to export the packet as binary file. This is what I see when I open the file in blazepackreader.

Image

I also noticed the game uses more than one server, one is the blaze server on port 9988 and another another https server. Is there a way I can decrypt the https traffic?


How am i getting the traffic?
I shared my wifi connection on my laptop and then connected my PS4 to my laptop. I can see all the packets in wireshark, I also was running windump from command line and its pretty cool to watch this traffic live.
Eddymvp
User
 
Posts: 15
Joined: 05 Mar 2015, 17:03
Has thanked: 0 time
Have thanks: 1 time

Re: packet replay

Postby Eddymvp » 06 Mar 2015, 14:44

I've been doing more digging and I believe when you make an action in this game, it sends a (binary xml?) to the blaze server and the blaze server respond with a URL( i believe a json format encrypted) and then the game display the data on the screen.
Eddymvp
User
 
Posts: 15
Joined: 05 Mar 2015, 17:03
Has thanked: 0 time
Have thanks: 1 time

Re: packet replay

Postby Eddymvp » 06 Mar 2015, 18:00

From your LAN proxy on the defaultconfig.txt How did you get the certificates and did you choose those ports random? Are you using this proxy to decrypt the https traffic?

42127;gosredirector.ea.com;159.153.235.22;certs\ssl-gosredir.pfx;ssl3.0
14219;383933-gosprapp396.ea.com;92.52.77.245;certs\383933-gosredir.pfx;ssl3.0
Eddymvp
User
 
Posts: 15
Joined: 05 Mar 2015, 17:03
Has thanked: 0 time
Have thanks: 1 time

Re: packet replay

Postby WarrantyVoider » 07 Mar 2015, 09:02

binkw32.dll is a crack I wrote that also disables ssl cert check in the game, I got these adresseses by simply looking at the wireshark packets and then made my own certificates signed by me, and so my proxy can take the games ssl traffic and pose as real server. but in the redirector packet (the very first packet exchange between game and redi server, included in my server) there was an option to disabled it at all. anyway, just look at your hexdump above, you already get stuff in cleartext, theres no blaze packet header, nor is the data prefaced with binary markers. its plain html or so I guess.

greetz WV
always backup your files!
mess with the best or die like the rest!
"I tried everything!" - "mkay, please list that..." ; please dont pm me for help, we have a help section
User avatar
WarrantyVoider
Emeritus
 
Posts: 2270
Joined: 22 Aug 2012, 11:33
Has thanked: 480 time
Have thanks: 626 time

Re: packet replay

Postby Eddymvp » 07 Mar 2015, 22:12

The game uses like 3 servers to pass data since I'm using my laptop as a gateway and I don't have access to my ps4 , I don't think I will be able decrypt the ssl traffic on the https server, I noticed when I messed with my host file and send gosredirector.ea.com to my local host the game can't connect to the ea server
Eddymvp
User
 
Posts: 15
Joined: 05 Mar 2015, 17:03
Has thanked: 0 time
Have thanks: 1 time

Re: packet replay

Postby Eddymvp » 07 Mar 2015, 22:40

This is what I think is happening,

When I make an action in the menu, it sends the information to the blaze, then it gets respond from the blaze, and then I get the data from this IP 23.253.177.71:10061 and my game respond on this port 53743.

The data that I get is encrypted see an example on below screenshot.
Image

My game doesn't send any data to 23.253.x.x, from wireshark it looks like it sends ack request and then the server respond with the data.
Eddymvp
User
 
Posts: 15
Joined: 05 Mar 2015, 17:03
Has thanked: 0 time
Have thanks: 1 time

Next

Return to Coders' Help

Who is online

Users browsing this forum: No registered users and 0 guests

suspicion-preferred