If you want to help us maintaining this wiki, check out our discord server: https://discord.gg/3u69jMa

Difference between revisions of "Gamespy in Republic Commando"

From SWRC Wiki
Jump to navigation Jump to search
 
(23 intermediate revisions by the same user not shown)
Line 1: Line 1:
__FORCETOC__
===Gamespy protocol analysis in Star Wars Republic Commando===
===Gamespy protocol analysis in Star Wars Republic Commando===
Author: -ffs-PLASMA aka. HW_KILLER_PR
Author: -ffs-PLASMA aka. HW_KILLER_PR


Note: This documentation is incomplete and some information/aspects may be interpreted/understood wrong! Visit: https://333networks.com/
Note: This documentation may be incomplete and some information/aspects may be interpreted/understood wrong!
 
 
 
Gamespy Gamename: swrcommando
 
Gamespy Gamekey: y2s8Fh


Gamespy Version: 3 (EnctypeX)
For a gamespy alternative for various games, visit: https://333networks.com/


* Gamespy Gamename: swrcommando
* Gamespy Gamekey: y2s8Fh
* Gamespy Version: 0~3 (Hybrid) Plaintext and partial encrypted communication


The communication between Master Server and Game Server is completly in plaintext, however communication between Master Server and Game Client is partially encrypted. The data sent from Game Client to Master Server is plaintext, however Game Client expects the answer to be encrypted in EnctypeX algorithm!


==Master Server <-> Game Server==
==Master Server <-> Game Server==
The communication between Master Server and Game Server is in plaintext and only uses UDP protocol. Master Server listens on port 27900:


The communication between Master and Game Server uses UDP protocol only and no encryption/algorithm.
When a Game Server boots up for first time, it sends out 2 UDP packets to let Master Server know a new remote host is coming up. Master Server doesn't have to respond:
 
<syntaxhighlight lang="C++" line>
 
0x09    <packet ID>
When the game server boots up for first time, it sends out 2 UDP packets to let Master Server know. Master Server doesn't need to respond:
<source lang="cpp" line">
0x09    <message type>
0x00    <no use>
0x00    <no use>
0x00    <no use>
0x00    <no use>
Line 39: Line 35:
0x6f    o
0x6f    o
0x00    <null terminator>
0x00    <null terminator>
</source>
</syntaxhighlight>


 
Once Game Server is booted up and ready to accept connections, it sends all relevant game info to Master Server, essentially a \\status\\ packet every 30 seconds or so:
Once Game Server is booted up and ready to accept connections, it sends all relevant game info to Master Server:
<syntaxhighlight lang="C++" line>
<source lang="cpp" line">
0x03    <packet ID>
0x03    <message type>
0xd6    -- <Next 4 bytes are random ID generated by game server>
0xd6    -- <Next 4 bytes are random ID generated by client>
0x0c    --
0x0c    --
0x82    --
0x82    --
Line 128: Line 123:
0x74    t
0x74    t
0x00    <null seperator>
0x00    <null seperator>
0x31    1    <query port of the game server, default 11138, every server instance increases number by 1>
0x31    1    <query port of the game server, default 11138, every server instance increases number by 1 up to 11187 (x49)>
0x31    1
0x31    1
0x31    1
0x31    1
Line 143: Line 138:
0x30    0    <0 = disabled>
0x30    0    <0 = disabled>
0x00    <null seperator>
0x00    <null seperator>
0x73    s    <statechanged indicates when server wants to update information or is performing a special task>
0x73    s    <statechanged indicates when game server performs mapchange or shuts down, etc>
0x74    t
0x74    t
0x61    a
0x61    a
Line 156: Line 151:
0x64    d
0x64    d
0x00    <null seperator>
0x00    <null seperator>
0x33    3    <Needs more investigation as to what kind of states exist>
0x33    3    <3 = ready to accept connections>
0x00    <null seperator>
0x00    <null seperator>
0x67    g    <gamespy gamename>
0x67    g    <gamespy gamename>
Line 192: Line 187:
0x73    s
0x73    s
0x74    t
0x74    t
0x20    <space>
0x20    (space)
0x74    t
0x74    t
0x65    e
0x65    e
Line 211: Line 206:
0x36    6
0x36    6
0x00    <null seperator>
0x00    <null seperator>
0x68    h    <hostport (connect port) of the game server>
0x68    h    <hostport (connect port) of the game server, default: 7777>
0x6f    o
0x6f    o
0x73    s
0x73    s
Line 292: Line 287:
0x65    e
0x65    e
0x00    <null seperator>
0x00    <null seperator>
0x6f    o    <set to openplaying, but there are no other states, atleast they dont get used>
0x6f    o    <set to openplaying, unknown if game actually uses this>
0x70    p
0x70    p
0x65    e
0x65    e
Line 313: Line 308:
0x73    s
0x73    s
0x00    <null seperator>
0x00    <null seperator>
0x30    0    <set to 0 cuz DM, does it even get used by the game?>
0x30    0    <set to 0 for deathmatch, may be set to 2 for teamdeathmatch/ctf/assault>
0x00    <null seperator>
0x00    <null seperator>
0x66    f    <also known as goalscore>
0x66    f    <goalscore>
0x72    r
0x72    r
0x61    a
0x61    a
Line 372: Line 367:
0x65    e
0x65    e
0x00    <null seperator>
0x00    <null seperator>
0x30    0    <0 %>
0x30    0    <value between 0 and 100>
0x00    <null seperator>
0x00    <null seperator>
0x00    <null seperator>
0x00    <null seperator>
Line 415: Line 410:
0x00    <null seperator>
0x00    <null seperator>
0x00    <null seperator>
0x00    <null seperator>
0x74    t    <team_t : array for player team (trandoshan team), does it get used?>
0x74    t    <team_t : array for player team (trandoshan team), unknown if it gets used>
0x65    e
0x65    e
0x61    a
0x61    a
Line 422: Line 417:
0x74    t
0x74    t
0x00    <null seperator>
0x00    <null seperator>
0x73    s    <score_t : array for player score (trandoshan team, does it get used?)>
0x73    s    <score_t : array for player score (trandoshan team), unknown if it gets used>
0x63    c
0x63    c
0x6f    o
0x6f    o
Line 431: Line 426:
0x00    <null seperator>
0x00    <null seperator>
0x00    <end of packet indicator>
0x00    <end of packet indicator>
</source>
</syntaxhighlight>
 
Master Server acknowledges the information and sends ack response back to Game Server:
<syntaxhighlight lang="C++" line>
0xfe    <gamespy MAGIC bytes for the QR2 queries>
0xfd    <gamespy MAGIC bytes for the QR2 queries>
0x03    <packet ID>
0xd6    -- <Next 4 bytes are random ID generated by game server>
0x0c    --
0x82    --
0xe0    --
0x00    <end of packet indicator>
</syntaxhighlight>
 
Finally, Game Server sends a heartbeat to Master Server every 10 seconds or so:
<syntaxhighlight lang="C++" line>
0x08    <packet ID>
0xd6    -- <Next 4 bytes are random ID generated by game server>
0x0c    --
0x82    --
0xe0    --
</syntaxhighlight>
 
Master Server sends heartbeat back to Game Server:
<syntaxhighlight lang="C++" line>
0xfe    <gamespy MAGIC bytes for the QR2 queries>
0xfd    <gamespy MAGIC bytes for the QR2 queries>
0x08    <packet ID>
0xd6    -- <Next 4 bytes are random ID generated by game server>
0x0c    --
0x82    --
0xe0    --
0x00    <end of packet indicator>
</syntaxhighlight>
 
==Master Server <-> Game Client==
The communication between Game Client and Master Server uses TCP most of the part. Only at the beginning of the server list query, Game Client sends UDP packet and afterwards communicates in TCP. Yet the Game Client sends all data in plaintext, but expects the Master Server response to be encrypted in EnctypeX algorithm.
 
Master Server is listening on port 27900 UDP and Game Client sends a UDP packet followed by TCP packets, therefore no need to answer here:
<syntaxhighlight lang="C++" line>
0x09    <packet ID>
0x00    <no use>
0x00    <no use>
0x00    <no use>
0x00    <no use>
0x73    s    <gamespy gamename>
0x77    w
0x72    r
0x63    c
0x6f    o
0x6d    m
0x6d    m
0x61    a
0x6e    n
0x64    d
0x6f    o
0x00    <end of packet indicator>
</syntaxhighlight>
 
Game Client requests server list from Master Server, therefore Master Server listens on port 28910 TCP now:
<syntaxhighlight lang="C++" line>
0x00    <First 2 bytes are the packet length>
0x00    --
0x00    <Packet ID: 0>
0x01    <Protcol Version>
0x03    <LIST_ENCODING_VERSION 3>
0x00    <Next 4 bytes: Game Version: Hardcoded to 0000>
0x00    --
0x00    --
0x00    --
0x73    s    <gamespy gamename>
0x77    w
0x72    r
0x63    c
0x6f    o
0x6d    m
0x6d    m
0x61    a
0x6e    n
0x64    d
0x6f    o
0x00    <null seperator>
0x73    s    <gamespy gamename>
0x77    w
0x72    r
0x63    c
0x6f    o
0x6d    m
0x6d    m
0x61    a
0x6e    n
0x64    d
0x6f    o
0x00    <null seperator>
0x70    -- <Next 8 bytes are the validation key created by client. It gets used to encrypt the message from Master Server>
0x57    --
0x63    --
0x38    --
0x5b    --
0x56    --
0x7b    --
0x5d    --
0x00    <null seperator>
0x5c    \    <backslash as seperator>
0x68    h    <hostname>
0x6f    o
0x73    s
0x74    t
0x6e    n
0x61    a
0x6d    m
0x65    e
0x5c    \    <backslash as seperator>
0x68    h    <hostport>
0x6f    o
0x73    s
0x74    t
0x70    p
0x6f    o
0x72    r
0x74    t
0x5c    \    <backslash as seperator>
0x6e    n    <numplayers>
0x75    u
0x6d    m
0x70    p
0x6c    l
0x61    a
0x79    y
0x65    e
0x72    r
0x73    s
0x5c    \    <backslash as seperator>
0x6d    m    <maxplayers>
0x61    a
0x78    x
0x70    p
0x6c    l
0x61    a
0x79    y
0x65    e
0x72    r
0x73    s
0x5c    \    <backslash as seperator>
0x6d    m    <mapname>
0x61    a
0x70    p
0x6e    n
0x61    a
0x6d    m
0x65    e
0x5c    \    <backslash as seperator>
0x67    g    <gametype>
0x61    a
0x6d    m
0x65    e
0x74    t
0x79    y
0x70    p
0x65    e
0x5c    \    <backslash as seperator>
0x66    f    <fraglimit>
0x72    r
0x61    a
0x67    g
0x6c    l
0x69    i
0x6d    m
0x69    i
0x74    t
0x5c    \    <backslash as seperator>
0x74    t    <timelimit>
0x69    i
0x6d    m
0x65    e
0x6c    l
0x69    i
0x6d    m
0x69    i
0x74    t
0x5c    \    <backslash as seperator>
0x6e    n    <numteams>
0x75    u
0x6d    m
0x74    t
0x65    e
0x61    a
0x6d    m
0x73    s
0x5c    \    <backslash as seperator>
0x64    d    <dedicatedserver>
0x65    e
0x64    d
0x69    i
0x63    c
0x61    a
0x74    t
0x65    e
0x64    d
0x73    s
0x65    e
0x72    r
0x76    v
0x65    e
0x72    r
0x5c    \    <backslash as seperator>
0x66    f    <friendlyfire>
0x72    r
0x69    i
0x65    e
0x6e    n
0x64    d
0x6c    l
0x79    y
0x66    f
0x69    i
0x72    r
0x65    e
</syntaxhighlight>
 
Now Master Server needs to fetch the necessary server data and send it back to the client. This is the plain text message before EnctypeX encryption!!!
<syntaxhighlight lang="C++" line>
0x7f <Next 4 bytes are Master Server IP Address, for example: 127.0.0.1>
0x00 --
0x00 --
0x01 --
0x6c <Next 2 bytes are Master Server Query Port : 27900 or 28910>
0xfc --
0x0b <Number of categories/properties, in this case 11>
0x00 <null seperator>
0x68 h <hostname>
0x6f o
0x73 s
0x74 t
0x6e n
0x61 a
0x6d m
0x65 e
0x00 <null seperator>
0x00 <null seperator>
0x68 h <hostport>
0x6f o
0x73 s
0x74 t
0x70 p
0x6f o
0x72 r
0x74 t
0x00 <null seperator>
0x00 <null seperator>
0x6e n <numplayers>
0x75 u
0x6d m
0x70 p
0x6c l
0x61 a
0x79 y
0x65 e
0x72 r
0x73 s
0x00 <null seperator>
0x00 <null seperator>
0x6d m <maxplayers>
0x61 a
0x78 x
0x70 p
0x6c l
0x61 a
0x79 y
0x65 e
0x72 r
0x73 s
0x00 <null seperator>
0x00 <null seperator>
0x6d m <mapname>
0x61 a
0x70 p
0x6e n
0x61 a
0x6d m
0x65 e
0x00 <null seperator>
0x00 <null seperator>
0x67 g <gametype>
0x61 a
0x6d m
0x65 e
0x74 t
0x79 y
0x70 p
0x65 e
0x00 <null seperator>
0x00 <null seperator>
0x66 f <fraglimit>
0x72 r
0x61 a
0x67 g
0x6c l
0x69 i
0x6d m
0x69 i
0x74 t
0x00 <null seperator>
0x00 <null seperator>
0x74 t <timelimit>
0x69 i
0x6d m
0x65 e
0x6c l
0x69 i
0x6d m
0x69 i
0x74 t
0x00 <null seperator>
0x00 <null seperator>
0x6e n <numteams>
0x75 u
0x6d m
0x74 t
0x65 e
0x61 a
0x6d m
0x73 s
0x00 <null seperator>
0x00 <null seperator>
0x64 d <dedicatedserver>
0x65 e
0x64 d
0x69 i
0x63 c
0x61 a
0x74 t
0x65 e
0x64 d
0x73 s
0x65 e
0x72 r
0x76 v
0x65 e
0x72 r
0x00 <null seperator>
0x00 <null seperator>
0x66 f <friendlyfire>
0x72 r
0x69 i
0x65 e
0x6e n
0x64 d
0x6c l
0x79 y
0x66 f
0x69 i
0x72 r
0x65 e
0x00 <null seperator>
0x00 <null seperator>
 
=== add game servers here!!! ===
 
0x39 <ICMP_IP_FLAG - 0x38 = only ping, 0x39 ping and query player data>
0xa4 164 <First IP of Gameserver : 164.132.196.125>
0x84 132 ---^
0xc4 196 --^
0x7d 125 -^
0x2b 11138 <First query port of game server (2 bytes) : 11138>
0x82 -^
0xa4 164 <Second IP of Gameserver : 164.132.196.125>
0x84 132 ---^
0xc4 196 --^
0x7d 125 -^
0x2b 11138 <Second query port of game server (2 bytes) : 11138>
0x82 -^
0xa4 164 <Third IP of Gameserver : 164.132.196.125>
0x84 132 ---^
0xc4 196 --^
0x7d 125 -^
0xff <value seperator>
0x44 D <hostname : DM - swrc-modding.net>
0x4d M
0x20 (space)
0x2d -
0x20 (space)
0x73 s
0x77 w
0x72 r
0x63 c
0x2d -
0x6d m
0x6f o
0x64 d
0x64 d
0x69 i
0x6e n
0x67 g
0x2e .
0x6e n
0x65 e
0x74 t
0x00 <value seperator>
0xff <value seperator>
0x37 7 <hostport : 7777>
0x37 7
0x37 7
0x37 7
0x00 <value seperator>
0xff <value seperator>
0x30 0 <numplayers : 0>
0x00 <value seperator>
0xff <value seperator>
0x33 3 <maxplayers: 32>
0x32 2
0x00 <value seperator>
0xff <value seperator>
0x47 G <mapname : GARTEN : DM_HangingGarden>
0x41 A
0x52 R
0x54 T
0x45 E
0x4e N
0x00 <value seperator>
0xff <value seperator>
0x44 D <gametype : DM>
0x4d M
0x00 <value seperator>
0xff <value seperator>
0x32 2 <fraglimit : 25>
0x35 5
0x00 <value seperator>
0xff <value seperator>
0x33 3 <timelimit : 30>
0x30 0
0x00 <value seperator>
0xff <value seperator>
0x30 0 <numteams : 0>
0x00 <value seperator>
0xff <value seperator>
0x31 1 <dedicatedserver : 1 = on>
0x00 <value seperator>
0xff <value seperator>
0x30 0 <friendlyfire : 0>
0x00 <end of data indicator>
 
=== follow same pattern to add more servers starting with 0x39 and ending with 0x00 ===
 
0x00 <end of data indicator>
0xff <end of data indicator>
0xff <end of data indicator>
0xff <end of data indicator>
0xff <end of data indicator>
</syntaxhighlight>

Latest revision as of 14:00, 3 October 2021

Gamespy protocol analysis in Star Wars Republic Commando

Author: -ffs-PLASMA aka. HW_KILLER_PR

Note: This documentation may be incomplete and some information/aspects may be interpreted/understood wrong!

For a gamespy alternative for various games, visit: https://333networks.com/

  • Gamespy Gamename: swrcommando
  • Gamespy Gamekey: y2s8Fh
  • Gamespy Version: 0~3 (Hybrid) Plaintext and partial encrypted communication

The communication between Master Server and Game Server is completly in plaintext, however communication between Master Server and Game Client is partially encrypted. The data sent from Game Client to Master Server is plaintext, however Game Client expects the answer to be encrypted in EnctypeX algorithm!

Master Server <-> Game Server

The communication between Master Server and Game Server is in plaintext and only uses UDP protocol. Master Server listens on port 27900:

When a Game Server boots up for first time, it sends out 2 UDP packets to let Master Server know a new remote host is coming up. Master Server doesn't have to respond: 

0x09     <packet ID>
0x00     <no use>
0x00     <no use>
0x00     <no use>
0x00     <no use>
0x73     s    <gamespy gamename>
0x77     w
0x72     r
0x63     c
0x6f     o
0x6d     m
0x6d     m
0x61     a
0x6e     n
0x64     d
0x6f     o
0x00     <null terminator>

Once Game Server is booted up and ready to accept connections, it sends all relevant game info to Master Server, essentially a \\status\\ packet every 30 seconds or so: 

0x03    <packet ID>
0xd6    -- <Next 4 bytes are random ID generated by game server>
0x0c    --
0x82    --
0xe0    --
0x6c    l    <localip0>
0x6f    o
0x63    c
0x61    a
0x6c    l
0x69    i
0x70    p
0x30    0
0x00    <null seperator>
0x31    1    <First local IP>
0x39    9
0x32    2
0x2e    .
0x31    1
0x36    6
0x38    8
0x2e    .
0x31    1
0x38    8
0x38    8
0x2e    .
0x33    3
0x00    <null seperator>
0x6c    l    <localip1>
0x6f    o
0x63    c
0x61    a
0x6c    l
0x69    i
0x70    p
0x31    1
0x00    <null seperator>
0x31    1    <Second local IP>
0x39    9
0x32    2
0x2e    .
0x31    1
0x36    6
0x38    8
0x2e    .
0x32    2
0x30    0
0x33    3
0x2e    .
0x31    1
0x00    <null seperator>
0x6c    l    <localip2>
0x6f    o
0x63    c
0x61    a
0x6c    l
0x69    i
0x70    p
0x32    2
0x00    <null seperator>
0x31    1    <Third local IP>
0x39    9
0x32    2
0x2e    .
0x31    1
0x36    6
0x38    8
0x2e    .
0x31    1
0x37    7
0x34    4
0x2e    .
0x31    1
0x00    <null seperator>
0x6c    l    <localport>
0x6f    o
0x63    c
0x61    a
0x6c    l
0x70    p
0x6f    o
0x72    r
0x74    t
0x00    <null seperator>
0x31    1    <query port of the game server, default 11138, every server instance increases number by 1 up to 11187 (x49)>
0x31    1
0x31    1
0x33    3
0x38    8
0x00    <null seperator>
0x6e    n    <NAT Negotiation>
0x61    a
0x74    t
0x6e    n
0x65    e
0x67    g
0x00    <null seperator>
0x30    0    <0 = disabled>
0x00    <null seperator>
0x73    s    <statechanged indicates when game server performs mapchange or shuts down, etc>
0x74    t
0x61    a
0x74    t
0x65    e
0x63    c
0x68    h
0x61    a
0x6e    n
0x67    g
0x65    e
0x64    d
0x00    <null seperator>
0x33    3    <3 = ready to accept connections>
0x00    <null seperator>
0x67    g    <gamespy gamename>
0x61    a
0x6d    m
0x65    e
0x6e    n
0x61    a
0x6d    m
0x65    e
0x00    <null seperator>
0x73    s    <swrcommando>
0x77    r
0x72    r
0x63    c
0x6f    o
0x6d    m
0x6d    m
0x61    a
0x6e    n
0x64    d
0x6f    o
0x00    <null seperator>
0x68    h    <server name displayed in browser>
0x6f    o
0x73    s
0x74    t
0x6e    n
0x61    a
0x6d    m
0x65    e
0x00    <null seperator>
0x74    t    <server name: test test>
0x65    e
0x73    s
0x74    t
0x20    (space)
0x74    t
0x65    e
0x73    s
0x74    t
0x00    <null seperator>
0x67    g    <game version, republic commando only uses 2226>
0x61    a
0x6d    m
0x65    e
0x76    v
0x65    e
0x72    r
0x00    <null seperator>
0x32    2
0x32    2
0x32    2
0x36    6
0x00    <null seperator>
0x68    h    <hostport (connect port) of the game server, default: 7777>
0x6f    o
0x73    s
0x74    t
0x70    p
0x6f    o
0x72    r
0x74    t
0x00    <null seperator>
0x37    7    <default: 7777>
0x37    7
0x37    7
0x37    7
0x00    <null seperator>
0x6d    m    <mapname of server>
0x61    a
0x70    p
0x6e    n
0x61    a
0x6d    m
0x65    e
0x00    <null seperator>
0x4b    K    <english name: canyon>
0x41    A
0x4d    M
0x50    P
0x46    F
0x53    S
0x43    C
0x48    H
0x49    I
0x46    F
0x46    F
0x00    <null seperator>
0x67    g    <gametype of server>
0x61    a
0x6d    m
0x65    e
0x74    t
0x79    y
0x70    p
0x65    e
0x00    <null seperator>
0x44    D    <DM - deathmatch>
0x4d    M
0x00    <null seperator>
0x6e    n    <amount of players on the server currently>
0x75    u
0x6d    m
0x70    p
0x6c    l
0x61    a
0x79    y
0x65    e
0x72    r
0x73    s
0x00    <null seperator>
0x30    0    <player ammount>
0x00    <null seperator>
0x6d    m    <max players capacity>
0x61    a
0x78    x
0x70    p
0x6c    l
0x61    a
0x79    y
0x65    e
0x72    r
0x73    s
0x00    <null seperator>
0x38    8    <set to 8 maxplayers>
0x00    <null seperator>
0x67    g    <state of current gamemode>
0x61    a
0x6d    m
0x65    e
0x6d    m
0x6f    o
0x64    d
0x65    e
0x00    <null seperator>
0x6f    o    <set to openplaying, unknown if game actually uses this>
0x70    p
0x65    e
0x6e    n
0x70    p
0x6c    l
0x61    a
0x79    y
0x69    i
0x6e    n
0x67    g
0x00    <null seperator>
0x6e    n    <number of teams>
0x75    u
0x6d    m
0x74    t
0x65    e
0x61    a
0x6d    m
0x73    s
0x00    <null seperator>
0x30    0    <set to 0 for deathmatch, may be set to 2 for teamdeathmatch/ctf/assault>
0x00    <null seperator>
0x66    f    <goalscore>
0x72    r
0x61    a
0x67    g
0x6c    l
0x69    i
0x6d    m
0x69    i
0x74    t
0x00    <null seperator>
0x31    1    <set to 10>
0x30    0
0x00    <null seperator>
0x74    t    <timelimit in minutes>
0x69    i
0x6d    m
0x65    e
0x6c    l
0x69    i
0x6d    m
0x69    i
0x74    t
0x00    <null seperator>
0x36    6    <60 minutes>
0x30    0
0x00    <null seperator>
0x64    d    <set whether server is in dedicated mode or not>
0x65    e
0x64    d
0x69    i
0x63    c
0x61    a
0x74    t
0x65    e
0x64    d
0x73    s
0x65    e
0x72    r
0x76    v
0x65    e
0x72    r
0x00    <null seperator>
0x31    1    <0 = off | 1 = on>
0x00    <null seperator>
0x66    f    <friendlyfire %>
0x72    r
0x69    i
0x65    e
0x6e    n
0x64    d
0x6c    l
0x79    y
0x66    f
0x69    i
0x72    r
0x65    e
0x00    <null seperator>
0x30    0    <value between 0 and 100>
0x00    <null seperator>
0x00    <null seperator>
0x00    <null seperator>
0x00    <null seperator>
0x70    p    <player_ : array for player names/ids>
0x6c    l
0x61    a
0x79    y
0x65    e
0x72    r
0x5f    _
0x00    <null seperator>
0x73    s    <score_ : array for player scores>
0x63    c
0x6f    o
0x72    r
0x65    e
0x5f    _
0x00    <null seperator>
0x64    d    <deaths_ : array for player deaths>
0x65    e
0x61    a
0x74    t
0x68    h
0x73    s
0x5f    _
0x00    <null seperator>
0x70    p    <ping_ : array for player pings>
0x69    i
0x6e    n
0x67    g
0x5f    _
0x00    <null seperator>
0x74    t    <team_ : array for player pings>
0x65    e
0x61    a
0x6d    m
0x5f    _
0x00    <null seperator>
0x00    <null seperator>
0x00    <null seperator>
0x00    <null seperator>
0x74    t    <team_t : array for player team (trandoshan team), unknown if it gets used>
0x65    e
0x61    a
0x6d    m
0x5f    _
0x74    t
0x00    <null seperator>
0x73    s    <score_t : array for player score (trandoshan team), unknown if it gets used>
0x63    c
0x6f    o
0x72    r
0x65    e
0x5f    _
0x74    t
0x00    <null seperator>
0x00    <end of packet indicator>

Master Server acknowledges the information and sends ack response back to Game Server: 

0xfe    <gamespy MAGIC bytes for the QR2 queries>
0xfd    <gamespy MAGIC bytes for the QR2 queries>
0x03    <packet ID>
0xd6    -- <Next 4 bytes are random ID generated by game server>
0x0c    --
0x82    --
0xe0    --
0x00    <end of packet indicator>

Finally, Game Server sends a heartbeat to Master Server every 10 seconds or so: 

0x08    <packet ID>
0xd6    -- <Next 4 bytes are random ID generated by game server>
0x0c    --
0x82    --
0xe0    --

Master Server sends heartbeat back to Game Server: 

0xfe    <gamespy MAGIC bytes for the QR2 queries>
0xfd    <gamespy MAGIC bytes for the QR2 queries>
0x08    <packet ID>
0xd6    -- <Next 4 bytes are random ID generated by game server>
0x0c    --
0x82    --
0xe0    --
0x00    <end of packet indicator>

Master Server <-> Game Client

The communication between Game Client and Master Server uses TCP most of the part. Only at the beginning of the server list query, Game Client sends UDP packet and afterwards communicates in TCP. Yet the Game Client sends all data in plaintext, but expects the Master Server response to be encrypted in EnctypeX algorithm.

Master Server is listening on port 27900 UDP and Game Client sends a UDP packet followed by TCP packets, therefore no need to answer here: 

0x09    <packet ID>
0x00    <no use>
0x00    <no use>
0x00    <no use>
0x00    <no use>
0x73    s    <gamespy gamename>
0x77    w
0x72    r
0x63    c
0x6f    o
0x6d    m
0x6d    m
0x61    a
0x6e    n
0x64    d
0x6f    o
0x00    <end of packet indicator>

Game Client requests server list from Master Server, therefore Master Server listens on port 28910 TCP now: 

0x00    <First 2 bytes are the packet length>
0x00    --
0x00    <Packet ID: 0>
0x01    <Protcol Version>
0x03    <LIST_ENCODING_VERSION 3>
0x00    <Next 4 bytes: Game Version: Hardcoded to 0000>
0x00    --
0x00    --
0x00    --
0x73    s    <gamespy gamename>
0x77    w
0x72    r
0x63    c
0x6f    o
0x6d    m
0x6d    m
0x61    a
0x6e    n
0x64    d
0x6f    o
0x00    <null seperator>
0x73    s    <gamespy gamename>
0x77    w
0x72    r
0x63    c
0x6f    o
0x6d    m
0x6d    m
0x61    a
0x6e    n
0x64    d
0x6f    o
0x00    <null seperator>
0x70    -- <Next 8 bytes are the validation key created by client. It gets used to encrypt the message from Master Server>
0x57    --
0x63    --
0x38    --
0x5b    --
0x56    --
0x7b    --
0x5d    --
0x00    <null seperator>
0x5c    \    <backslash as seperator>
0x68    h    <hostname>
0x6f    o
0x73    s
0x74    t
0x6e    n
0x61    a
0x6d    m
0x65    e
0x5c    \    <backslash as seperator>
0x68    h    <hostport>
0x6f    o
0x73    s
0x74    t
0x70    p
0x6f    o
0x72    r
0x74    t
0x5c    \    <backslash as seperator>
0x6e    n    <numplayers>
0x75    u
0x6d    m
0x70    p
0x6c    l
0x61    a
0x79    y
0x65    e
0x72    r
0x73    s
0x5c    \    <backslash as seperator>
0x6d    m    <maxplayers>
0x61    a
0x78    x
0x70    p
0x6c    l
0x61    a
0x79    y
0x65    e
0x72    r
0x73    s
0x5c    \    <backslash as seperator>
0x6d    m    <mapname>
0x61    a
0x70    p
0x6e    n
0x61    a
0x6d    m
0x65    e
0x5c    \    <backslash as seperator>
0x67    g    <gametype>
0x61    a
0x6d    m
0x65    e
0x74    t
0x79    y
0x70    p
0x65    e
0x5c    \    <backslash as seperator>
0x66    f    <fraglimit>
0x72    r
0x61    a
0x67    g
0x6c    l
0x69    i
0x6d    m
0x69    i
0x74    t
0x5c    \    <backslash as seperator>
0x74    t    <timelimit>
0x69    i
0x6d    m
0x65    e
0x6c    l
0x69    i
0x6d    m
0x69    i
0x74    t
0x5c    \    <backslash as seperator>
0x6e    n    <numteams>
0x75    u
0x6d    m
0x74    t
0x65    e
0x61    a
0x6d    m
0x73    s
0x5c    \    <backslash as seperator>
0x64    d    <dedicatedserver>
0x65    e
0x64    d
0x69    i
0x63    c
0x61    a
0x74    t
0x65    e
0x64    d
0x73    s
0x65    e
0x72    r
0x76    v
0x65    e
0x72    r
0x5c    \    <backslash as seperator>
0x66    f    <friendlyfire>
0x72    r
0x69    i
0x65    e
0x6e    n
0x64    d
0x6c    l
0x79    y
0x66    f
0x69    i
0x72    r
0x65    e

Now Master Server needs to fetch the necessary server data and send it back to the client. This is the plain text message before EnctypeX encryption!!! 

0x7f	<Next 4 bytes are Master Server IP Address, for example: 127.0.0.1>
0x00	--
0x00	--
0x01	--
0x6c	<Next 2 bytes are Master Server Query Port : 27900 or 28910>
0xfc	--
0x0b	<Number of categories/properties, in this case 11>
0x00	<null seperator>
0x68	h	<hostname>
0x6f	o
0x73	s
0x74	t
0x6e	n
0x61	a
0x6d	m
0x65	e
0x00	<null seperator>
0x00	<null seperator>
0x68	h	<hostport>
0x6f	o
0x73	s
0x74	t
0x70	p
0x6f	o
0x72	r
0x74	t
0x00	<null seperator>
0x00	<null seperator>
0x6e	n	<numplayers>
0x75	u
0x6d	m
0x70	p
0x6c	l
0x61	a
0x79	y
0x65	e
0x72	r
0x73	s
0x00	<null seperator>
0x00	<null seperator>
0x6d	m	<maxplayers>
0x61	a
0x78	x
0x70	p
0x6c	l
0x61	a
0x79	y
0x65	e
0x72	r
0x73	s
0x00	<null seperator>
0x00	<null seperator>
0x6d	m	<mapname>
0x61	a
0x70	p
0x6e	n
0x61	a
0x6d	m
0x65	e
0x00	<null seperator>
0x00	<null seperator>
0x67	g	<gametype>
0x61	a
0x6d	m
0x65	e
0x74	t
0x79	y
0x70	p
0x65	e
0x00	<null seperator>
0x00	<null seperator>
0x66	f	<fraglimit>
0x72	r
0x61	a
0x67	g
0x6c	l
0x69	i
0x6d	m
0x69	i
0x74	t
0x00	<null seperator>
0x00	<null seperator>
0x74	t	<timelimit>
0x69	i
0x6d	m
0x65	e
0x6c	l
0x69	i
0x6d	m
0x69	i
0x74	t
0x00	<null seperator>
0x00	<null seperator>
0x6e	n	<numteams>
0x75	u
0x6d	m
0x74	t
0x65	e
0x61	a
0x6d	m
0x73	s
0x00	<null seperator>
0x00	<null seperator>
0x64	d	<dedicatedserver>
0x65	e
0x64	d
0x69	i
0x63	c
0x61	a
0x74	t
0x65	e
0x64	d
0x73	s
0x65	e
0x72	r
0x76	v
0x65	e
0x72	r
0x00	<null seperator>
0x00	<null seperator>
0x66	f	<friendlyfire>
0x72	r
0x69	i
0x65	e
0x6e	n
0x64	d
0x6c	l
0x79	y
0x66	f
0x69	i
0x72	r
0x65	e
0x00	<null seperator>
0x00	<null seperator>

=== add game servers here!!! ===

0x39	<ICMP_IP_FLAG - 0x38 = only ping, 0x39 ping and query player data>
0xa4	164		<First IP of Gameserver : 164.132.196.125>
0x84	132		---^
0xc4	196		--^
0x7d	125		-^
0x2b	11138	<First query port of game server (2 bytes) : 11138>
0x82	-^
0xa4	164		<Second IP of Gameserver : 164.132.196.125>
0x84	132		---^
0xc4	196		--^
0x7d	125		-^
0x2b	11138	<Second query port of game server (2 bytes) : 11138>
0x82	-^
0xa4	164		<Third IP of Gameserver : 164.132.196.125>
0x84	132		---^
0xc4	196		--^
0x7d	125		-^
0xff	<value seperator>
0x44	D	<hostname : DM - swrc-modding.net>
0x4d	M
0x20	(space)
0x2d	-
0x20	(space)
0x73	s
0x77	w
0x72	r
0x63	c
0x2d	-
0x6d	m
0x6f	o
0x64	d
0x64	d
0x69	i
0x6e	n
0x67	g
0x2e	.
0x6e	n
0x65	e
0x74	t
0x00	<value seperator>
0xff	<value seperator>
0x37	7	<hostport : 7777>
0x37	7
0x37	7
0x37	7
0x00	<value seperator>
0xff	<value seperator>
0x30	0	<numplayers : 0>
0x00	<value seperator>
0xff	<value seperator>
0x33	3	<maxplayers: 32>
0x32	2
0x00	<value seperator>
0xff	<value seperator>
0x47	G	<mapname : GARTEN : DM_HangingGarden>
0x41	A
0x52	R
0x54	T
0x45	E
0x4e	N
0x00	<value seperator>
0xff	<value seperator>
0x44	D	<gametype : DM>
0x4d	M
0x00	<value seperator>
0xff	<value seperator>
0x32	2	<fraglimit : 25>
0x35	5
0x00	<value seperator>
0xff	<value seperator>
0x33	3	<timelimit : 30>
0x30	0
0x00	<value seperator>
0xff	<value seperator>
0x30	0	<numteams : 0>
0x00	<value seperator>
0xff	<value seperator>
0x31	1	<dedicatedserver : 1 = on>
0x00	<value seperator>
0xff	<value seperator>
0x30	0	<friendlyfire : 0>
0x00	<end of data indicator>

=== follow same pattern to add more servers starting with 0x39 and ending with 0x00 ===

0x00	<end of data indicator>
0xff	<end of data indicator>
0xff	<end of data indicator>
0xff	<end of data indicator>
0xff	<end of data indicator>
Retrieved from "https://wiki.swrc-modding.net/index.php?title=Gamespy_in_Republic_Commando&oldid=883"