Check out our discord at https://discord.gg/3u69jMa
Gamespy in Republic Commando: Difference between revisions
No edit summary |
No edit summary |
||
Line 431: | Line 431: | ||
0x00 <end of packet indicator> | 0x00 <end of packet indicator> | ||
</pre> | </pre> | ||
Master Server acknowledges the information and sends ack response back to Game Server: | |||
<pre> | |||
0xfe <gamespy MAGIC bytes for the QR2 queries> | |||
0xfd <gamespy MAGIC bytes for the QR2 queries> | |||
0x03 <packet ID> | |||
0xd6 -- <Next 4 bytes are random ID generated by game server> | |||
0x0c -- | |||
0x82 -- | |||
0xe0 -- | |||
0x00 <end of packet indicator> | |||
</pre> | |||
Finally, Game Server sends a heartbeat to Master Server every 10 seconds or so: | |||
<pre> | |||
0x08 <packet ID> | |||
0xd6 -- <Next 4 bytes are random ID generated by game server> | |||
0x0c -- | |||
0x82 -- | |||
0xe0 -- | |||
</pre> | |||
Master Server sends heartbeat back to Game Server: | |||
<pre> | |||
0xfe <gamespy MAGIC bytes for the QR2 queries> | |||
0xfd <gamespy MAGIC bytes for the QR2 queries> | |||
0x08 <packet ID> | |||
0xd6 -- <Next 4 bytes are random ID generated by game server> | |||
0x0c -- | |||
0x82 -- | |||
0xe0 -- | |||
0x00 <end of packet indicator> | |||
</pre> | |||
== Master Server <-> Game Client == | |||
The communication between Game Client and Master Server uses TCP most of the part. Only at the beginning of the server list query, Game Client sends UDP packet and afterwards communicates in TCP. Yet the Game Client sends all data in plaintext, but expects the Master Server response to be encrypted in EnctypeX algorithm. | |||
Master Server is listening on port 27900 UDP and Game Client sends a UDP packet followed by TCP packets, therefore no need to answer here: |
Revision as of 02:26, 18 May 2024
Gamespy protocol analysis in Star Wars Republic Commando
Note: This documentation may be incomplete and some information/aspects may be interpreted/understood wrong!
For a gamespy alternative for various games, visit 333networks and OpenSpy
Gamespy Gamename: swrcommando Gamespy Gamekey: y2s8Fh Gamespy Version: 0~3 (Hybrid) Plaintext and partial encrypted communication
The communication between Master Server and Game Server is completly in plaintext, however communication between Master Server and Game Client is partially encrypted.
Master Server <-> Game Server
The communication between Master Server and Game Server is in plaintext and only uses UDP protocol. Master Server listens on port 27900:
When a Game Server boots up for first time, it sends out 2 UDP packets to let Master Server know a new remote host is coming up. Master Server doesn't have to respond:
0x09 <packet ID> 0x00 <no use> 0x00 <no use> 0x00 <no use> 0x00 <no use> 0x73 s <gamespy gamename> 0x77 w 0x72 r 0x63 c 0x6f o 0x6d m 0x6d m 0x61 a 0x6e n 0x64 d 0x6f o 0x00 <null terminator>
Once Game Server is booted up and ready to accept connections, it sends all relevant game info to Master Server, essentially a \\status\\ packet every 30 seconds or so:
0x03 <packet ID> 0xd6 -- <Next 4 bytes are random ID generated by game server> 0x0c -- 0x82 -- 0xe0 -- 0x6c l <localip0> 0x6f o 0x63 c 0x61 a 0x6c l 0x69 i 0x70 p 0x30 0 0x00 <null seperator> 0x31 1 <First local IP> 0x39 9 0x32 2 0x2e . 0x31 1 0x36 6 0x38 8 0x2e . 0x31 1 0x38 8 0x38 8 0x2e . 0x33 3 0x00 <null seperator> 0x6c l <localip1> 0x6f o 0x63 c 0x61 a 0x6c l 0x69 i 0x70 p 0x31 1 0x00 <null seperator> 0x31 1 <Second local IP> 0x39 9 0x32 2 0x2e . 0x31 1 0x36 6 0x38 8 0x2e . 0x32 2 0x30 0 0x33 3 0x2e . 0x31 1 0x00 <null seperator> 0x6c l <localip2> 0x6f o 0x63 c 0x61 a 0x6c l 0x69 i 0x70 p 0x32 2 0x00 <null seperator> 0x31 1 <Third local IP> 0x39 9 0x32 2 0x2e . 0x31 1 0x36 6 0x38 8 0x2e . 0x31 1 0x37 7 0x34 4 0x2e . 0x31 1 0x00 <null seperator> 0x6c l <localport> 0x6f o 0x63 c 0x61 a 0x6c l 0x70 p 0x6f o 0x72 r 0x74 t 0x00 <null seperator> 0x31 1 <query port of the game server, default 11138, every server instance increases number by 1 up to 11187 (x49)> 0x31 1 0x31 1 0x33 3 0x38 8 0x00 <null seperator> 0x6e n <NAT Negotiation> 0x61 a 0x74 t 0x6e n 0x65 e 0x67 g 0x00 <null seperator> 0x30 0 <0 = disabled> 0x00 <null seperator> 0x73 s <statechanged indicates when game server performs mapchange or shuts down, etc> 0x74 t 0x61 a 0x74 t 0x65 e 0x63 c 0x68 h 0x61 a 0x6e n 0x67 g 0x65 e 0x64 d 0x00 <null seperator> 0x33 3 <3 = ready to accept connections> 0x00 <null seperator> 0x67 g <gamespy gamename> 0x61 a 0x6d m 0x65 e 0x6e n 0x61 a 0x6d m 0x65 e 0x00 <null seperator> 0x73 s <swrcommando> 0x77 r 0x72 r 0x63 c 0x6f o 0x6d m 0x6d m 0x61 a 0x6e n 0x64 d 0x6f o 0x00 <null seperator> 0x68 h <server name displayed in browser> 0x6f o 0x73 s 0x74 t 0x6e n 0x61 a 0x6d m 0x65 e 0x00 <null seperator> 0x74 t <server name: test test> 0x65 e 0x73 s 0x74 t 0x20 (space) 0x74 t 0x65 e 0x73 s 0x74 t 0x00 <null seperator> 0x67 g <game version, republic commando only uses 2226> 0x61 a 0x6d m 0x65 e 0x76 v 0x65 e 0x72 r 0x00 <null seperator> 0x32 2 0x32 2 0x32 2 0x36 6 0x00 <null seperator> 0x68 h <hostport (connect port) of the game server, default: 7777> 0x6f o 0x73 s 0x74 t 0x70 p 0x6f o 0x72 r 0x74 t 0x00 <null seperator> 0x37 7 <default: 7777> 0x37 7 0x37 7 0x37 7 0x00 <null seperator> 0x6d m <mapname of server> 0x61 a 0x70 p 0x6e n 0x61 a 0x6d m 0x65 e 0x00 <null seperator> 0x4b K <english name: canyon> 0x41 A 0x4d M 0x50 P 0x46 F 0x53 S 0x43 C 0x48 H 0x49 I 0x46 F 0x46 F 0x00 <null seperator> 0x67 g <gametype of server> 0x61 a 0x6d m 0x65 e 0x74 t 0x79 y 0x70 p 0x65 e 0x00 <null seperator> 0x44 D <DM - deathmatch> 0x4d M 0x00 <null seperator> 0x6e n <amount of players on the server currently> 0x75 u 0x6d m 0x70 p 0x6c l 0x61 a 0x79 y 0x65 e 0x72 r 0x73 s 0x00 <null seperator> 0x30 0 <player ammount> 0x00 <null seperator> 0x6d m <max players capacity> 0x61 a 0x78 x 0x70 p 0x6c l 0x61 a 0x79 y 0x65 e 0x72 r 0x73 s 0x00 <null seperator> 0x38 8 <set to 8 maxplayers> 0x00 <null seperator> 0x67 g <state of current gamemode> 0x61 a 0x6d m 0x65 e 0x6d m 0x6f o 0x64 d 0x65 e 0x00 <null seperator> 0x6f o <set to openplaying, unknown if game actually uses this> 0x70 p 0x65 e 0x6e n 0x70 p 0x6c l 0x61 a 0x79 y 0x69 i 0x6e n 0x67 g 0x00 <null seperator> 0x6e n <number of teams> 0x75 u 0x6d m 0x74 t 0x65 e 0x61 a 0x6d m 0x73 s 0x00 <null seperator> 0x30 0 <set to 0 for deathmatch, may be set to 2 for teamdeathmatch/ctf/assault> 0x00 <null seperator> 0x66 f <goalscore> 0x72 r 0x61 a 0x67 g 0x6c l 0x69 i 0x6d m 0x69 i 0x74 t 0x00 <null seperator> 0x31 1 <set to 10> 0x30 0 0x00 <null seperator> 0x74 t <timelimit in minutes> 0x69 i 0x6d m 0x65 e 0x6c l 0x69 i 0x6d m 0x69 i 0x74 t 0x00 <null seperator> 0x36 6 <60 minutes> 0x30 0 0x00 <null seperator> 0x64 d <set whether server is in dedicated mode or not> 0x65 e 0x64 d 0x69 i 0x63 c 0x61 a 0x74 t 0x65 e 0x64 d 0x73 s 0x65 e 0x72 r 0x76 v 0x65 e 0x72 r 0x00 <null seperator> 0x31 1 <0 = off | 1 = on> 0x00 <null seperator> 0x66 f <friendlyfire %> 0x72 r 0x69 i 0x65 e 0x6e n 0x64 d 0x6c l 0x79 y 0x66 f 0x69 i 0x72 r 0x65 e 0x00 <null seperator> 0x30 0 <value between 0 and 100> 0x00 <null seperator> 0x00 <null seperator> 0x00 <null seperator> 0x00 <null seperator> 0x70 p <player_ : array for player names/ids> 0x6c l 0x61 a 0x79 y 0x65 e 0x72 r 0x5f _ 0x00 <null seperator> 0x73 s <score_ : array for player scores> 0x63 c 0x6f o 0x72 r 0x65 e 0x5f _ 0x00 <null seperator> 0x64 d <deaths_ : array for player deaths> 0x65 e 0x61 a 0x74 t 0x68 h 0x73 s 0x5f _ 0x00 <null seperator> 0x70 p <ping_ : array for player pings> 0x69 i 0x6e n 0x67 g 0x5f _ 0x00 <null seperator> 0x74 t <team_ : array for player pings> 0x65 e 0x61 a 0x6d m 0x5f _ 0x00 <null seperator> 0x00 <null seperator> 0x00 <null seperator> 0x00 <null seperator> 0x74 t <team_t : array for player team (trandoshan team), unknown if it gets used> 0x65 e 0x61 a 0x6d m 0x5f _ 0x74 t 0x00 <null seperator> 0x73 s <score_t : array for player score (trandoshan team), unknown if it gets used> 0x63 c 0x6f o 0x72 r 0x65 e 0x5f _ 0x74 t 0x00 <null seperator> 0x00 <end of packet indicator>
Master Server acknowledges the information and sends ack response back to Game Server:
0xfe <gamespy MAGIC bytes for the QR2 queries> 0xfd <gamespy MAGIC bytes for the QR2 queries> 0x03 <packet ID> 0xd6 -- <Next 4 bytes are random ID generated by game server> 0x0c -- 0x82 -- 0xe0 -- 0x00 <end of packet indicator>
Finally, Game Server sends a heartbeat to Master Server every 10 seconds or so:
0x08 <packet ID> 0xd6 -- <Next 4 bytes are random ID generated by game server> 0x0c -- 0x82 -- 0xe0 --
Master Server sends heartbeat back to Game Server:
0xfe <gamespy MAGIC bytes for the QR2 queries> 0xfd <gamespy MAGIC bytes for the QR2 queries> 0x08 <packet ID> 0xd6 -- <Next 4 bytes are random ID generated by game server> 0x0c -- 0x82 -- 0xe0 -- 0x00 <end of packet indicator>
Master Server <-> Game Client
The communication between Game Client and Master Server uses TCP most of the part. Only at the beginning of the server list query, Game Client sends UDP packet and afterwards communicates in TCP. Yet the Game Client sends all data in plaintext, but expects the Master Server response to be encrypted in EnctypeX algorithm.
Master Server is listening on port 27900 UDP and Game Client sends a UDP packet followed by TCP packets, therefore no need to answer here: