If you want to help us maintaining this wiki, check out our discord server: https://discord.gg/3u69jMa
Gamespy in Republic Commando
Jump to navigation
Jump to search
Gamespy protocol analysis in Star Wars Republic Commando
Author: -ffs-PLASMA aka. HW_KILLER_PR
Note: This documentation may be incomplete and some information/aspects may be interpreted/understood wrong!
For a gamespy alternative for various games, visit: https://333networks.com/
- Gamespy Gamename: swrcommando
- Gamespy Gamekey: y2s8Fh
- Gamespy Version: 0~3 (Hybrid) Plaintext and partial encrypted communication
The communication between Master Server and Game Server is completly in plaintext, however communication between Master Server and Game Client is partially encrypted. The data sent from Game Client to Master Server is plaintext, however Game Client expects the answer to be encrypted in EnctypeX algorithm!
Master Server <-> Game Server
The communication between Master Server and Game Server is in plaintext and only uses UDP protocol. Master Server listens on port 27900:
When a Game Server boots up for first time, it sends out 2 UDP packets to let Master Server know a new remote host is coming up. Master Server doesn't have to respond:
0x09 <packet ID>
0x00 <no use>
0x00 <no use>
0x00 <no use>
0x00 <no use>
0x73 s <gamespy gamename>
0x77 w
0x72 r
0x63 c
0x6f o
0x6d m
0x6d m
0x61 a
0x6e n
0x64 d
0x6f o
0x00 <null terminator>Once Game Server is booted up and ready to accept connections, it sends all relevant game info to Master Server, essentially a \\status\\ packet every 30 seconds or so:
0x03 <packet ID>
0xd6 -- <Next 4 bytes are random ID generated by game server>
0x0c --
0x82 --
0xe0 --
0x6c l <localip0>
0x6f o
0x63 c
0x61 a
0x6c l
0x69 i
0x70 p
0x30 0
0x00 <null seperator>
0x31 1 <First local IP>
0x39 9
0x32 2
0x2e .
0x31 1
0x36 6
0x38 8
0x2e .
0x31 1
0x38 8
0x38 8
0x2e .
0x33 3
0x00 <null seperator>
0x6c l <localip1>
0x6f o
0x63 c
0x61 a
0x6c l
0x69 i
0x70 p
0x31 1
0x00 <null seperator>
0x31 1 <Second local IP>
0x39 9
0x32 2
0x2e .
0x31 1
0x36 6
0x38 8
0x2e .
0x32 2
0x30 0
0x33 3
0x2e .
0x31 1
0x00 <null seperator>
0x6c l <localip2>
0x6f o
0x63 c
0x61 a
0x6c l
0x69 i
0x70 p
0x32 2
0x00 <null seperator>
0x31 1 <Third local IP>
0x39 9
0x32 2
0x2e .
0x31 1
0x36 6
0x38 8
0x2e .
0x31 1
0x37 7
0x34 4
0x2e .
0x31 1
0x00 <null seperator>
0x6c l <localport>
0x6f o
0x63 c
0x61 a
0x6c l
0x70 p
0x6f o
0x72 r
0x74 t
0x00 <null seperator>
0x31 1 <query port of the game server, default 11138, every server instance increases number by 1 up to 11187 (x49)>
0x31 1
0x31 1
0x33 3
0x38 8
0x00 <null seperator>
0x6e n <NAT Negotiation>
0x61 a
0x74 t
0x6e n
0x65 e
0x67 g
0x00 <null seperator>
0x30 0 <0 = disabled>
0x00 <null seperator>
0x73 s <statechanged indicates when game server performs mapchange or shuts down, etc>
0x74 t
0x61 a
0x74 t
0x65 e
0x63 c
0x68 h
0x61 a
0x6e n
0x67 g
0x65 e
0x64 d
0x00 <null seperator>
0x33 3 <3 = ready to accept connections>
0x00 <null seperator>
0x67 g <gamespy gamename>
0x61 a
0x6d m
0x65 e
0x6e n
0x61 a
0x6d m
0x65 e
0x00 <null seperator>
0x73 s <swrcommando>
0x77 r
0x72 r
0x63 c
0x6f o
0x6d m
0x6d m
0x61 a
0x6e n
0x64 d
0x6f o
0x00 <null seperator>
0x68 h <server name displayed in browser>
0x6f o
0x73 s
0x74 t
0x6e n
0x61 a
0x6d m
0x65 e
0x00 <null seperator>
0x74 t <server name: test test>
0x65 e
0x73 s
0x74 t
0x20 (space)
0x74 t
0x65 e
0x73 s
0x74 t
0x00 <null seperator>
0x67 g <game version, republic commando only uses 2226>
0x61 a
0x6d m
0x65 e
0x76 v
0x65 e
0x72 r
0x00 <null seperator>
0x32 2
0x32 2
0x32 2
0x36 6
0x00 <null seperator>
0x68 h <hostport (connect port) of the game server, default: 7777>
0x6f o
0x73 s
0x74 t
0x70 p
0x6f o
0x72 r
0x74 t
0x00 <null seperator>
0x37 7 <default: 7777>
0x37 7
0x37 7
0x37 7
0x00 <null seperator>
0x6d m <mapname of server>
0x61 a
0x70 p
0x6e n
0x61 a
0x6d m
0x65 e
0x00 <null seperator>
0x4b K <english name: canyon>
0x41 A
0x4d M
0x50 P
0x46 F
0x53 S
0x43 C
0x48 H
0x49 I
0x46 F
0x46 F
0x00 <null seperator>
0x67 g <gametype of server>
0x61 a
0x6d m
0x65 e
0x74 t
0x79 y
0x70 p
0x65 e
0x00 <null seperator>
0x44 D <DM - deathmatch>
0x4d M
0x00 <null seperator>
0x6e n <amount of players on the server currently>
0x75 u
0x6d m
0x70 p
0x6c l
0x61 a
0x79 y
0x65 e
0x72 r
0x73 s
0x00 <null seperator>
0x30 0 <player ammount>
0x00 <null seperator>
0x6d m <max players capacity>
0x61 a
0x78 x
0x70 p
0x6c l
0x61 a
0x79 y
0x65 e
0x72 r
0x73 s
0x00 <null seperator>
0x38 8 <set to 8 maxplayers>
0x00 <null seperator>
0x67 g <state of current gamemode>
0x61 a
0x6d m
0x65 e
0x6d m
0x6f o
0x64 d
0x65 e
0x00 <null seperator>
0x6f o <set to openplaying, unknown if game actually uses this>
0x70 p
0x65 e
0x6e n
0x70 p
0x6c l
0x61 a
0x79 y
0x69 i
0x6e n
0x67 g
0x00 <null seperator>
0x6e n <number of teams>
0x75 u
0x6d m
0x74 t
0x65 e
0x61 a
0x6d m
0x73 s
0x00 <null seperator>
0x30 0 <set to 0 for deathmatch, may be set to 2 for teamdeathmatch/ctf/assault>
0x00 <null seperator>
0x66 f <goalscore>
0x72 r
0x61 a
0x67 g
0x6c l
0x69 i
0x6d m
0x69 i
0x74 t
0x00 <null seperator>
0x31 1 <set to 10>
0x30 0
0x00 <null seperator>
0x74 t <timelimit in minutes>
0x69 i
0x6d m
0x65 e
0x6c l
0x69 i
0x6d m
0x69 i
0x74 t
0x00 <null seperator>
0x36 6 <60 minutes>
0x30 0
0x00 <null seperator>
0x64 d <set whether server is in dedicated mode or not>
0x65 e
0x64 d
0x69 i
0x63 c
0x61 a
0x74 t
0x65 e
0x64 d
0x73 s
0x65 e
0x72 r
0x76 v
0x65 e
0x72 r
0x00 <null seperator>
0x31 1 <0 = off | 1 = on>
0x00 <null seperator>
0x66 f <friendlyfire %>
0x72 r
0x69 i
0x65 e
0x6e n
0x64 d
0x6c l
0x79 y
0x66 f
0x69 i
0x72 r
0x65 e
0x00 <null seperator>
0x30 0 <value between 0 and 100>
0x00 <null seperator>
0x00 <null seperator>
0x00 <null seperator>
0x00 <null seperator>
0x70 p <player_ : array for player names/ids>
0x6c l
0x61 a
0x79 y
0x65 e
0x72 r
0x5f _
0x00 <null seperator>
0x73 s <score_ : array for player scores>
0x63 c
0x6f o
0x72 r
0x65 e
0x5f _
0x00 <null seperator>
0x64 d <deaths_ : array for player deaths>
0x65 e
0x61 a
0x74 t
0x68 h
0x73 s
0x5f _
0x00 <null seperator>
0x70 p <ping_ : array for player pings>
0x69 i
0x6e n
0x67 g
0x5f _
0x00 <null seperator>
0x74 t <team_ : array for player pings>
0x65 e
0x61 a
0x6d m
0x5f _
0x00 <null seperator>
0x00 <null seperator>
0x00 <null seperator>
0x00 <null seperator>
0x74 t <team_t : array for player team (trandoshan team), unknown if it gets used>
0x65 e
0x61 a
0x6d m
0x5f _
0x74 t
0x00 <null seperator>
0x73 s <score_t : array for player score (trandoshan team), unknown if it gets used>
0x63 c
0x6f o
0x72 r
0x65 e
0x5f _
0x74 t
0x00 <null seperator>
0x00 <end of packet indicator>Master Server acknowledges the information and sends ack response back to Game Server:
0xfe <gamespy MAGIC bytes for the QR2 queries>
0xfd <gamespy MAGIC bytes for the QR2 queries>
0x03 <packet ID>
0xd6 -- <Next 4 bytes are random ID generated by game server>
0x0c --
0x82 --
0xe0 --
0x00 <end of packet indicator>Finally, Game Server sends a heartbeat to Master Server every 10 seconds or so:
0x08 <packet ID>
0xd6 -- <Next 4 bytes are random ID generated by game server>
0x0c --
0x82 --
0xe0 --Master Server sends heartbeat back to Game Server:
0xfe <gamespy MAGIC bytes for the QR2 queries>
0xfd <gamespy MAGIC bytes for the QR2 queries>
0x08 <packet ID>
0xd6 -- <Next 4 bytes are random ID generated by game server>
0x0c --
0x82 --
0xe0 --
0x00 <end of packet indicator>Master Server <-> Game Client
The communication between Game Client and Master Server uses TCP most of the part. Only at the beginning of the server list query, Game Client sends UDP packet and afterwards communicates in TCP. Yet the Game Client sends all data in plaintext, but expects the Master Server response to be encrypted in EnctypeX algorithm.
Master Server is listening on port 27900 UDP and Game Client sends a UDP packet followed by TCP packets, therefore no need to answer here:
0x09 <packet ID>
0x00 <no use>
0x00 <no use>
0x00 <no use>
0x00 <no use>
0x73 s <gamespy gamename>
0x77 w
0x72 r
0x63 c
0x6f o
0x6d m
0x6d m
0x61 a
0x6e n
0x64 d
0x6f o
0x00 <end of packet indicator>Game Client requests server list from Master Server, therefore Master Server listens on port 28910 TCP now:
0x00 <First 2 bytes are the packet length>
0x00 --
0x00 <Packet ID: 0>
0x01 <Protcol Version>
0x03 <LIST_ENCODING_VERSION 3>
0x00 <Next 4 bytes: Game Version: Hardcoded to 0000>
0x00 --
0x00 --
0x00 --
0x73 s <gamespy gamename>
0x77 w
0x72 r
0x63 c
0x6f o
0x6d m
0x6d m
0x61 a
0x6e n
0x64 d
0x6f o
0x00 <null seperator>
0x73 s <gamespy gamename>
0x77 w
0x72 r
0x63 c
0x6f o
0x6d m
0x6d m
0x61 a
0x6e n
0x64 d
0x6f o
0x00 <null seperator>
0x70 -- <Next 8 bytes are the validation key created by client. It gets used to encrypt the message from Master Server>
0x57 --
0x63 --
0x38 --
0x5b --
0x56 --
0x7b --
0x5d --
0x00 <null seperator>
0x5c \ <backslash as seperator>
0x68 h <hostname>
0x6f o
0x73 s
0x74 t
0x6e n
0x61 a
0x6d m
0x65 e
0x5c \ <backslash as seperator>
0x68 h <hostport>
0x6f o
0x73 s
0x74 t
0x70 p
0x6f o
0x72 r
0x74 t
0x5c \ <backslash as seperator>
0x6e n <numplayers>
0x75 u
0x6d m
0x70 p
0x6c l
0x61 a
0x79 y
0x65 e
0x72 r
0x73 s
0x5c \ <backslash as seperator>
0x6d m <maxplayers>
0x61 a
0x78 x
0x70 p
0x6c l
0x61 a
0x79 y
0x65 e
0x72 r
0x73 s
0x5c \ <backslash as seperator>
0x6d m <mapname>
0x61 a
0x70 p
0x6e n
0x61 a
0x6d m
0x65 e
0x5c \ <backslash as seperator>
0x67 g <gametype>
0x61 a
0x6d m
0x65 e
0x74 t
0x79 y
0x70 p
0x65 e
0x5c \ <backslash as seperator>
0x66 f <fraglimit>
0x72 r
0x61 a
0x67 g
0x6c l
0x69 i
0x6d m
0x69 i
0x74 t
0x5c \ <backslash as seperator>
0x74 t <timelimit>
0x69 i
0x6d m
0x65 e
0x6c l
0x69 i
0x6d m
0x69 i
0x74 t
0x5c \ <backslash as seperator>
0x6e n <numteams>
0x75 u
0x6d m
0x74 t
0x65 e
0x61 a
0x6d m
0x73 s
0x5c \ <backslash as seperator>
0x64 d <dedicatedserver>
0x65 e
0x64 d
0x69 i
0x63 c
0x61 a
0x74 t
0x65 e
0x64 d
0x73 s
0x65 e
0x72 r
0x76 v
0x65 e
0x72 r
0x5c \ <backslash as seperator>
0x66 f <friendlyfire>
0x72 r
0x69 i
0x65 e
0x6e n
0x64 d
0x6c l
0x79 y
0x66 f
0x69 i
0x72 r
0x65 eNow Master Server needs to fetch the necessary server data and send it back to the client. This is the plain text message before EnctypeX encryption!!!
0x7f <Next 4 bytes are Master Server IP Address, for example: 127.0.0.1>
0x00 --
0x00 --
0x01 --
0x6c <Next 2 bytes are Master Server Query Port : 27900 or 28910>
0xfc --
0x0b <Number of categories/properties, in this case 11>
0x00 <null seperator>
0x68 h <hostname>
0x6f o
0x73 s
0x74 t
0x6e n
0x61 a
0x6d m
0x65 e
0x00 <null seperator>
0x00 <null seperator>
0x68 h <hostport>
0x6f o
0x73 s
0x74 t
0x70 p
0x6f o
0x72 r
0x74 t
0x00 <null seperator>
0x00 <null seperator>
0x6e n <numplayers>
0x75 u
0x6d m
0x70 p
0x6c l
0x61 a
0x79 y
0x65 e
0x72 r
0x73 s
0x00 <null seperator>
0x00 <null seperator>
0x6d m <maxplayers>
0x61 a
0x78 x
0x70 p
0x6c l
0x61 a
0x79 y
0x65 e
0x72 r
0x73 s
0x00 <null seperator>
0x00 <null seperator>
0x6d m <mapname>
0x61 a
0x70 p
0x6e n
0x61 a
0x6d m
0x65 e
0x00 <null seperator>
0x00 <null seperator>
0x67 g <gametype>
0x61 a
0x6d m
0x65 e
0x74 t
0x79 y
0x70 p
0x65 e
0x00 <null seperator>
0x00 <null seperator>
0x66 f <fraglimit>
0x72 r
0x61 a
0x67 g
0x6c l
0x69 i
0x6d m
0x69 i
0x74 t
0x00 <null seperator>
0x00 <null seperator>
0x74 t <timelimit>
0x69 i
0x6d m
0x65 e
0x6c l
0x69 i
0x6d m
0x69 i
0x74 t
0x00 <null seperator>
0x00 <null seperator>
0x6e n <numteams>
0x75 u
0x6d m
0x74 t
0x65 e
0x61 a
0x6d m
0x73 s
0x00 <null seperator>
0x00 <null seperator>
0x64 d <dedicatedserver>
0x65 e
0x64 d
0x69 i
0x63 c
0x61 a
0x74 t
0x65 e
0x64 d
0x73 s
0x65 e
0x72 r
0x76 v
0x65 e
0x72 r
0x00 <null seperator>
0x00 <null seperator>
0x66 f <friendlyfire>
0x72 r
0x69 i
0x65 e
0x6e n
0x64 d
0x6c l
0x79 y
0x66 f
0x69 i
0x72 r
0x65 e
0x00 <null seperator>
0x00 <null seperator>
=== add game servers here!!! ===
0x39 <ICMP_IP_FLAG - 0x38 = only ping, 0x39 ping and query player data>
0xa4 164 <First IP of Gameserver : 164.132.196.125>
0x84 132 ---^
0xc4 196 --^
0x7d 125 -^
0x2b 11138 <First query port of game server (2 bytes) : 11138>
0x82 -^
0xa4 164 <Second IP of Gameserver : 164.132.196.125>
0x84 132 ---^
0xc4 196 --^
0x7d 125 -^
0x2b 11138 <Second query port of game server (2 bytes) : 11138>
0x82 -^
0xa4 164 <Third IP of Gameserver : 164.132.196.125>
0x84 132 ---^
0xc4 196 --^
0x7d 125 -^
0xff <value seperator>
0x44 D <hostname : DM - swrc-modding.net>
0x4d M
0x20 (space)
0x2d -
0x20 (space)
0x73 s
0x77 w
0x72 r
0x63 c
0x2d -
0x6d m
0x6f o
0x64 d
0x64 d
0x69 i
0x6e n
0x67 g
0x2e .
0x6e n
0x65 e
0x74 t
0x00 <value seperator>
0xff <value seperator>
0x37 7 <hostport : 7777>
0x37 7
0x37 7
0x37 7
0x00 <value seperator>
0xff <value seperator>
0x30 0 <numplayers : 0>
0x00 <value seperator>
0xff <value seperator>
0x33 3 <maxplayers: 32>
0x32 2
0x00 <value seperator>
0xff <value seperator>
0x47 G <mapname : GARTEN : DM_HangingGarden>
0x41 A
0x52 R
0x54 T
0x45 E
0x4e N
0x00 <value seperator>
0xff <value seperator>
0x44 D <gametype : DM>
0x4d M
0x00 <value seperator>
0xff <value seperator>
0x32 2 <fraglimit : 25>
0x35 5
0x00 <value seperator>
0xff <value seperator>
0x33 3 <timelimit : 30>
0x30 0
0x00 <value seperator>
0xff <value seperator>
0x30 0 <numteams : 0>
0x00 <value seperator>
0xff <value seperator>
0x31 1 <dedicatedserver : 1 = on>
0x00 <value seperator>
0xff <value seperator>
0x30 0 <friendlyfire : 0>
0x00 <end of data indicator>
=== follow same pattern to add more servers starting with 0x39 and ending with 0x00 ===
0x00 <end of data indicator>
0xff <end of data indicator>
0xff <end of data indicator>
0xff <end of data indicator>
0xff <end of data indicator>