Hi there,
I messed around a bit with ShowEQ back in the day and downloaded the EQ2 packet sniffer code a few days ago. I've been messing with it, but it seems like it doesn't properly recognize the message types from the server like I'd expect.
Has there been a change in the message ids since the last post of source here?
I'm a software developer (C++), and I'd be interested in helping out on a SEQ2 project as well if this project is still underway?
Thanks.
If there have been any patches since there was last an update here (quite some time ago) then odds are SOE has changed both the network code and the memory map code and so the sniffer can't recognize it.
Yeah, it's weird. It sort of works - but it's like the packet opcodes have changed. I spent a little time trying to figure them out, but was looking for an easy way out with a source update :-).
Back to the drawing board, it looks like!!
Right now the packets change prety much every day. SoE has their heads up their asses and released yet another live update with 328492734923755234 bugs. This is only likely to get worse in the coming weeks with the release of KoS.
I have a working version of Everdump, I can try to post it later (if I remember).
Hi, Is anyone out there? I have unsuccessfully tried to email Acid, and no one seems to be active here. I even tried to use the donate button he set up, but the email is dead. Is this a dead project? Did SOE finally do something that made it impractical to move ahead?Originally Posted by Acid1789
Thanks,
zep
I'd definately be interested in checking out a working copy if you have one, as well.
Don't hold your breath.... I tried everything I could think of to contact the developer, he disappeared with no response. Too bad too, but it looked like he was doing some cool stuff.
-z
is it okay if I put up an animated avatar on my profile?
I would be very interested in getting my hands on the source to the eq2 sniffer or everdump. Would anyone be willing to email me their a copy? The ftp site seems to be denying access to download the files
I don't care if it's a "working" version or not...
Much appreciated!
j
I too would like the source, especially a way to extract the RSA / RC4 key from the eq2 client, and the packet decoders which are known.
Here is the sourcecode for EverDump.
I've worked on everdump for eq2 recently. everdump expects a pointer to a static structure which contains a pointer to the key. However, it seems Sony got a little smarter and no longer stores this in memory, but destroys it as soon as the rc4 encryption substitution tables are initialized.
Oh well, it was fun thinking there might be a way to get the key still.
Additionally, everdump's code is... well, let's just say I think he learned how to program while writing the code. Sony also hired him, which is why he removed the source.
If you dig around enough, it might be possible to just hook the function which generates the hash table to get the key, using the detours library.
Getting the key is not really the problem. I'm past that, working on understanding the protocol now. It's strange how everdump processes it -- either it really is that strange, with lots of layer crossovers, or that's just how the author processed things.
I also took the code posted here and merged it into my working source. It was a bit more advanced than I had, and (for instance) doesn't core dump or massively corrupt the stack.
It does, however, lose sync at some point, and it still doesn't use the last two bytes of every packet, which I am assuming to be some sort of check value.
Last two bytes of some packets (depending on the network opcode) are just a CRC check.
The underlying protocol layer is very similar between EQ and EQ2 I believe. The seq source might be some help in that. Hopefully it's not that ugly. If it is, at least I'm still around to be beat upon!
Actually processing the data though is game specific.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote