Hey,

I don't have EQ, but i'm interested in the network encryption and SEQ in general, and just wondered if anyone could tcpdump to file a full session (right up to actual start of play).

I'd prefer the full tcpdump (-w filename), but if you don't to give any details away then just a capture of the packet summary logged to file will be great, just so I have an idea of whats being passed back and forth.

Anyone able to help me out please?

Thanks!

Yeah, but if they give you a dump leading up to play, you will have their logins and passwords to give you access to their accounts.

Right, but I wasn't sure how secure that still was (I presume that bit is non decryptable since its a hash or sorts).

But like I said, even the tcpdump summary text (i.e. just plain tcpdump logging the output of packets between a and b) would be a start. I can at least see the type, size, direction etc of the packets without seeing the contents.

The login encryption is theoretically decryptable by a knowledgable individual despite SOE's claims. As such I wouldn't recommend giving a tcpdump of that data to anyone you don't know and trust.

If you are truely interested in the protocol just look at the ShowEQ code and that found in EQEmu (www.eqemulator.net). You can also look old Protocol description by Xylor (http://www.doomed.to/showeq/Protocol.txt) which isn't perfect, but gives a general basis.

Enjoy,
Zaphod (dohpaZ)

Thanks Zaphod, I'll digest that later :)

The main reason for doing this was to see if any other games from SOE (Planetside, SWG) used similar methods for encryption, but since the forums for those equivalent SEQ's are more or less dead I thought I'd check out SEQ similarities myself.

Just from looking at that protocol doc though they seem quite different - nothing is sent plain text at all after you've connected to the game's login server, whereas with EQ you seem to get a list of servers available and so on.

I'll probably go prod the other forum anyway to see if anyone is lurking and made some progess, but at least for now it seems they've changed their approach for the newer games.

I would hope they've changed their protocol in the newer games. The design and implementation of this one is fairly poor and has several border cases that actually exacerbate minor network glitches to the point of causing link deaths. As far as encryption is concerned, they encrypt most things but at a higher network layer. In fact they use a different decryption for login then they do for general use once you're logged in.

Thanks and Enjoy,
Zaphod (dohpaZ)