Difference between revisions of "Gamespy in Republic Commando"

Latest revision as of 14:00, 3 October 2021

Gamespy protocol analysis in Star Wars Republic Commando

Author: -ffs-PLASMA aka. HW_KILLER_PR

Note: This documentation may be incomplete and some information/aspects may be interpreted/understood wrong!

For a gamespy alternative for various games, visit: https://333networks.com/

Gamespy Gamename: swrcommando
Gamespy Gamekey: y2s8Fh
Gamespy Version: 0~3 (Hybrid) Plaintext and partial encrypted communication

The communication between Master Server and Game Server is completly in plaintext, however communication between Master Server and Game Client is partially encrypted. The data sent from Game Client to Master Server is plaintext, however Game Client expects the answer to be encrypted in EnctypeX algorithm!

Master Server <-> Game Server

The communication between Master Server and Game Server is in plaintext and only uses UDP protocol. Master Server listens on port 27900:

When a Game Server boots up for first time, it sends out 2 UDP packets to let Master Server know a new remote host is coming up. Master Server doesn't have to respond:

0x09     <packet ID>
0x00     <no use>
0x00     <no use>
0x00     <no use>
0x00     <no use>
0x73     s    <gamespy gamename>
0x77     w
0x72     r
0x63     c
0x6f     o
0x6d     m
0x6d     m
0x61     a
0x6e     n
0x64     d
0x6f     o
0x00     <null terminator>

Once Game Server is booted up and ready to accept connections, it sends all relevant game info to Master Server, essentially a \\status\\ packet every 30 seconds or so:

0x03    <packet ID>
0xd6    -- <Next 4 bytes are random ID generated by game server>
0x0c    --
0x82    --
0xe0    --
0x6c    l    <localip0>
0x6f    o
0x63    c
0x61    a
0x6c    l
0x69    i
0x70    p
0x30    0
0x00    <null seperator>
0x31    1    <First local IP>
0x39    9
0x32    2
0x2e    .
0x31    1
0x36    6
0x38    8
0x2e    .
0x31    1
0x38    8
0x38    8
0x2e    .
0x33    3
0x00    <null seperator>
0x6c    l    <localip1>
0x6f    o
0x63    c
0x61    a
0x6c    l
0x69    i
0x70    p
0x31    1
0x00    <null seperator>
0x31    1    <Second local IP>
0x39    9
0x32    2
0x2e    .
0x31    1
0x36    6
0x38    8
0x2e    .
0x32    2
0x30    0
0x33    3
0x2e    .
0x31    1
0x00    <null seperator>
0x6c    l    <localip2>
0x6f    o
0x63    c
0x61    a
0x6c    l
0x69    i
0x70    p
0x32    2
0x00    <null seperator>
0x31    1    <Third local IP>
0x39    9
0x32    2
0x2e    .
0x31    1
0x36    6
0x38    8
0x2e    .
0x31    1
0x37    7
0x34    4
0x2e    .
0x31    1
0x00    <null seperator>
0x6c    l    <localport>
0x6f    o
0x63    c
0x61    a
0x6c    l
0x70    p
0x6f    o
0x72    r
0x74    t
0x00    <null seperator>
0x31    1    <query port of the game server, default 11138, every server instance increases number by 1 up to 11187 (x49)>
0x31    1
0x31    1
0x33    3
0x38    8
0x00    <null seperator>
0x6e    n    <NAT Negotiation>
0x61    a
0x74    t
0x6e    n
0x65    e
0x67    g
0x00    <null seperator>
0x30    0    <0 = disabled>
0x00    <null seperator>
0x73    s    <statechanged indicates when game server performs mapchange or shuts down, etc>
0x74    t
0x61    a
0x74    t
0x65    e
0x63    c
0x68    h
0x61    a
0x6e    n
0x67    g
0x65    e
0x64    d
0x00    <null seperator>
0x33    3    <3 = ready to accept connections>
0x00    <null seperator>
0x67    g    <gamespy gamename>
0x61    a
0x6d    m
0x65    e
0x6e    n
0x61    a
0x6d    m
0x65    e
0x00    <null seperator>
0x73    s    <swrcommando>
0x77    r
0x72    r
0x63    c
0x6f    o
0x6d    m
0x6d    m
0x61    a
0x6e    n
0x64    d
0x6f    o
0x00    <null seperator>
0x68    h    <server name displayed in browser>
0x6f    o
0x73    s
0x74    t
0x6e    n
0x61    a
0x6d    m
0x65    e
0x00    <null seperator>
0x74    t    <server name: test test>
0x65    e
0x73    s
0x74    t
0x20    (space)
0x74    t
0x65    e
0x73    s
0x74    t
0x00    <null seperator>
0x67    g    <game version, republic commando only uses 2226>
0x61    a
0x6d    m
0x65    e
0x76    v
0x65    e
0x72    r
0x00    <null seperator>
0x32    2
0x32    2
0x32    2
0x36    6
0x00    <null seperator>
0x68    h    <hostport (connect port) of the game server, default: 7777>
0x6f    o
0x73    s
0x74    t
0x70    p
0x6f    o
0x72    r
0x74    t
0x00    <null seperator>
0x37    7    <default: 7777>
0x37    7
0x37    7
0x37    7
0x00    <null seperator>
0x6d    m    <mapname of server>
0x61    a
0x70    p
0x6e    n
0x61    a
0x6d    m
0x65    e
0x00    <null seperator>
0x4b    K    <english name: canyon>
0x41    A
0x4d    M
0x50    P
0x46    F
0x53    S
0x43    C
0x48    H
0x49    I
0x46    F
0x46    F
0x00    <null seperator>
0x67    g    <gametype of server>
0x61    a
0x6d    m
0x65    e
0x74    t
0x79    y
0x70    p
0x65    e
0x00    <null seperator>
0x44    D    <DM - deathmatch>
0x4d    M
0x00    <null seperator>
0x6e    n    <amount of players on the server currently>
0x75    u
0x6d    m
0x70    p
0x6c    l
0x61    a
0x79    y
0x65    e
0x72    r
0x73    s
0x00    <null seperator>
0x30    0    <player ammount>
0x00    <null seperator>
0x6d    m    <max players capacity>
0x61    a
0x78    x
0x70    p
0x6c    l
0x61    a
0x79    y
0x65    e
0x72    r
0x73    s
0x00    <null seperator>
0x38    8    <set to 8 maxplayers>
0x00    <null seperator>
0x67    g    <state of current gamemode>
0x61    a
0x6d    m
0x65    e
0x6d    m
0x6f    o
0x64    d
0x65    e
0x00    <null seperator>
0x6f    o    <set to openplaying, unknown if game actually uses this>
0x70    p
0x65    e
0x6e    n
0x70    p
0x6c    l
0x61    a
0x79    y
0x69    i
0x6e    n
0x67    g
0x00    <null seperator>
0x6e    n    <number of teams>
0x75    u
0x6d    m
0x74    t
0x65    e
0x61    a
0x6d    m
0x73    s
0x00    <null seperator>
0x30    0    <set to 0 for deathmatch, may be set to 2 for teamdeathmatch/ctf/assault>
0x00    <null seperator>
0x66    f    <goalscore>
0x72    r
0x61    a
0x67    g
0x6c    l
0x69    i
0x6d    m
0x69    i
0x74    t
0x00    <null seperator>
0x31    1    <set to 10>
0x30    0
0x00    <null seperator>
0x74    t    <timelimit in minutes>
0x69    i
0x6d    m
0x65    e
0x6c    l
0x69    i
0x6d    m
0x69    i
0x74    t
0x00    <null seperator>
0x36    6    <60 minutes>
0x30    0
0x00    <null seperator>
0x64    d    <set whether server is in dedicated mode or not>
0x65    e
0x64    d
0x69    i
0x63    c
0x61    a
0x74    t
0x65    e
0x64    d
0x73    s
0x65    e
0x72    r
0x76    v
0x65    e
0x72    r
0x00    <null seperator>
0x31    1    <0 = off | 1 = on>
0x00    <null seperator>
0x66    f    <friendlyfire %>
0x72    r
0x69    i
0x65    e
0x6e    n
0x64    d
0x6c    l
0x79    y
0x66    f
0x69    i
0x72    r
0x65    e
0x00    <null seperator>
0x30    0    <value between 0 and 100>
0x00    <null seperator>
0x00    <null seperator>
0x00    <null seperator>
0x00    <null seperator>
0x70    p    <player_ : array for player names/ids>
0x6c    l
0x61    a
0x79    y
0x65    e
0x72    r
0x5f    _
0x00    <null seperator>
0x73    s    <score_ : array for player scores>
0x63    c
0x6f    o
0x72    r
0x65    e
0x5f    _
0x00    <null seperator>
0x64    d    <deaths_ : array for player deaths>
0x65    e
0x61    a
0x74    t
0x68    h
0x73    s
0x5f    _
0x00    <null seperator>
0x70    p    <ping_ : array for player pings>
0x69    i
0x6e    n
0x67    g
0x5f    _
0x00    <null seperator>
0x74    t    <team_ : array for player pings>
0x65    e
0x61    a
0x6d    m
0x5f    _
0x00    <null seperator>
0x00    <null seperator>
0x00    <null seperator>
0x00    <null seperator>
0x74    t    <team_t : array for player team (trandoshan team), unknown if it gets used>
0x65    e
0x61    a
0x6d    m
0x5f    _
0x74    t
0x00    <null seperator>
0x73    s    <score_t : array for player score (trandoshan team), unknown if it gets used>
0x63    c
0x6f    o
0x72    r
0x65    e
0x5f    _
0x74    t
0x00    <null seperator>
0x00    <end of packet indicator>

Master Server acknowledges the information and sends ack response back to Game Server:

0xfe    <gamespy MAGIC bytes for the QR2 queries>
0xfd    <gamespy MAGIC bytes for the QR2 queries>
0x03    <packet ID>
0xd6    -- <Next 4 bytes are random ID generated by game server>
0x0c    --
0x82    --
0xe0    --
0x00    <end of packet indicator>

Finally, Game Server sends a heartbeat to Master Server every 10 seconds or so:

0x08    <packet ID>
0xd6    -- <Next 4 bytes are random ID generated by game server>
0x0c    --
0x82    --
0xe0    --

Master Server sends heartbeat back to Game Server:

0xfe    <gamespy MAGIC bytes for the QR2 queries>
0xfd    <gamespy MAGIC bytes for the QR2 queries>
0x08    <packet ID>
0xd6    -- <Next 4 bytes are random ID generated by game server>
0x0c    --
0x82    --
0xe0    --
0x00    <end of packet indicator>

Master Server <-> Game Client

The communication between Game Client and Master Server uses TCP most of the part. Only at the beginning of the server list query, Game Client sends UDP packet and afterwards communicates in TCP. Yet the Game Client sends all data in plaintext, but expects the Master Server response to be encrypted in EnctypeX algorithm.

Master Server is listening on port 27900 UDP and Game Client sends a UDP packet followed by TCP packets, therefore no need to answer here:

0x09    <packet ID>
0x00    <no use>
0x00    <no use>
0x00    <no use>
0x00    <no use>
0x73    s    <gamespy gamename>
0x77    w
0x72    r
0x63    c
0x6f    o
0x6d    m
0x6d    m
0x61    a
0x6e    n
0x64    d
0x6f    o
0x00    <end of packet indicator>

Game Client requests server list from Master Server, therefore Master Server listens on port 28910 TCP now:

0x00    <First 2 bytes are the packet length>
0x00    --
0x00    <Packet ID: 0>
0x01    <Protcol Version>
0x03    <LIST_ENCODING_VERSION 3>
0x00    <Next 4 bytes: Game Version: Hardcoded to 0000>
0x00    --
0x00    --
0x00    --
0x73    s    <gamespy gamename>
0x77    w
0x72    r
0x63    c
0x6f    o
0x6d    m
0x6d    m
0x61    a
0x6e    n
0x64    d
0x6f    o
0x00    <null seperator>
0x73    s    <gamespy gamename>
0x77    w
0x72    r
0x63    c
0x6f    o
0x6d    m
0x6d    m
0x61    a
0x6e    n
0x64    d
0x6f    o
0x00    <null seperator>
0x70    -- <Next 8 bytes are the validation key created by client. It gets used to encrypt the message from Master Server>
0x57    --
0x63    --
0x38    --
0x5b    --
0x56    --
0x7b    --
0x5d    --
0x00    <null seperator>
0x5c    \    <backslash as seperator>
0x68    h    <hostname>
0x6f    o
0x73    s
0x74    t
0x6e    n
0x61    a
0x6d    m
0x65    e
0x5c    \    <backslash as seperator>
0x68    h    <hostport>
0x6f    o
0x73    s
0x74    t
0x70    p
0x6f    o
0x72    r
0x74    t
0x5c    \    <backslash as seperator>
0x6e    n    <numplayers>
0x75    u
0x6d    m
0x70    p
0x6c    l
0x61    a
0x79    y
0x65    e
0x72    r
0x73    s
0x5c    \    <backslash as seperator>
0x6d    m    <maxplayers>
0x61    a
0x78    x
0x70    p
0x6c    l
0x61    a
0x79    y
0x65    e
0x72    r
0x73    s
0x5c    \    <backslash as seperator>
0x6d    m    <mapname>
0x61    a
0x70    p
0x6e    n
0x61    a
0x6d    m
0x65    e
0x5c    \    <backslash as seperator>
0x67    g    <gametype>
0x61    a
0x6d    m
0x65    e
0x74    t
0x79    y
0x70    p
0x65    e
0x5c    \    <backslash as seperator>
0x66    f    <fraglimit>
0x72    r
0x61    a
0x67    g
0x6c    l
0x69    i
0x6d    m
0x69    i
0x74    t
0x5c    \    <backslash as seperator>
0x74    t    <timelimit>
0x69    i
0x6d    m
0x65    e
0x6c    l
0x69    i
0x6d    m
0x69    i
0x74    t
0x5c    \    <backslash as seperator>
0x6e    n    <numteams>
0x75    u
0x6d    m
0x74    t
0x65    e
0x61    a
0x6d    m
0x73    s
0x5c    \    <backslash as seperator>
0x64    d    <dedicatedserver>
0x65    e
0x64    d
0x69    i
0x63    c
0x61    a
0x74    t
0x65    e
0x64    d
0x73    s
0x65    e
0x72    r
0x76    v
0x65    e
0x72    r
0x5c    \    <backslash as seperator>
0x66    f    <friendlyfire>
0x72    r
0x69    i
0x65    e
0x6e    n
0x64    d
0x6c    l
0x79    y
0x66    f
0x69    i
0x72    r
0x65    e

Now Master Server needs to fetch the necessary server data and send it back to the client. This is the plain text message before EnctypeX encryption!!!

0x7f	<Next 4 bytes are Master Server IP Address, for example: 127.0.0.1>
0x00	--
0x00	--
0x01	--
0x6c	<Next 2 bytes are Master Server Query Port : 27900 or 28910>
0xfc	--
0x0b	<Number of categories/properties, in this case 11>
0x00	<null seperator>
0x68	h	<hostname>
0x6f	o
0x73	s
0x74	t
0x6e	n
0x61	a
0x6d	m
0x65	e
0x00	<null seperator>
0x00	<null seperator>
0x68	h	<hostport>
0x6f	o
0x73	s
0x74	t
0x70	p
0x6f	o
0x72	r
0x74	t
0x00	<null seperator>
0x00	<null seperator>
0x6e	n	<numplayers>
0x75	u
0x6d	m
0x70	p
0x6c	l
0x61	a
0x79	y
0x65	e
0x72	r
0x73	s
0x00	<null seperator>
0x00	<null seperator>
0x6d	m	<maxplayers>
0x61	a
0x78	x
0x70	p
0x6c	l
0x61	a
0x79	y
0x65	e
0x72	r
0x73	s
0x00	<null seperator>
0x00	<null seperator>
0x6d	m	<mapname>
0x61	a
0x70	p
0x6e	n
0x61	a
0x6d	m
0x65	e
0x00	<null seperator>
0x00	<null seperator>
0x67	g	<gametype>
0x61	a
0x6d	m
0x65	e
0x74	t
0x79	y
0x70	p
0x65	e
0x00	<null seperator>
0x00	<null seperator>
0x66	f	<fraglimit>
0x72	r
0x61	a
0x67	g
0x6c	l
0x69	i
0x6d	m
0x69	i
0x74	t
0x00	<null seperator>
0x00	<null seperator>
0x74	t	<timelimit>
0x69	i
0x6d	m
0x65	e
0x6c	l
0x69	i
0x6d	m
0x69	i
0x74	t
0x00	<null seperator>
0x00	<null seperator>
0x6e	n	<numteams>
0x75	u
0x6d	m
0x74	t
0x65	e
0x61	a
0x6d	m
0x73	s
0x00	<null seperator>
0x00	<null seperator>
0x64	d	<dedicatedserver>
0x65	e
0x64	d
0x69	i
0x63	c
0x61	a
0x74	t
0x65	e
0x64	d
0x73	s
0x65	e
0x72	r
0x76	v
0x65	e
0x72	r
0x00	<null seperator>
0x00	<null seperator>
0x66	f	<friendlyfire>
0x72	r
0x69	i
0x65	e
0x6e	n
0x64	d
0x6c	l
0x79	y
0x66	f
0x69	i
0x72	r
0x65	e
0x00	<null seperator>
0x00	<null seperator>

=== add game servers here!!! ===

0x39	<ICMP_IP_FLAG - 0x38 = only ping, 0x39 ping and query player data>
0xa4	164		<First IP of Gameserver : 164.132.196.125>
0x84	132		---^
0xc4	196		--^
0x7d	125		-^
0x2b	11138	<First query port of game server (2 bytes) : 11138>
0x82	-^
0xa4	164		<Second IP of Gameserver : 164.132.196.125>
0x84	132		---^
0xc4	196		--^
0x7d	125		-^
0x2b	11138	<Second query port of game server (2 bytes) : 11138>
0x82	-^
0xa4	164		<Third IP of Gameserver : 164.132.196.125>
0x84	132		---^
0xc4	196		--^
0x7d	125		-^
0xff	<value seperator>
0x44	D	<hostname : DM - swrc-modding.net>
0x4d	M
0x20	(space)
0x2d	-
0x20	(space)
0x73	s
0x77	w
0x72	r
0x63	c
0x2d	-
0x6d	m
0x6f	o
0x64	d
0x64	d
0x69	i
0x6e	n
0x67	g
0x2e	.
0x6e	n
0x65	e
0x74	t
0x00	<value seperator>
0xff	<value seperator>
0x37	7	<hostport : 7777>
0x37	7
0x37	7
0x37	7
0x00	<value seperator>
0xff	<value seperator>
0x30	0	<numplayers : 0>
0x00	<value seperator>
0xff	<value seperator>
0x33	3	<maxplayers: 32>
0x32	2
0x00	<value seperator>
0xff	<value seperator>
0x47	G	<mapname : GARTEN : DM_HangingGarden>
0x41	A
0x52	R
0x54	T
0x45	E
0x4e	N
0x00	<value seperator>
0xff	<value seperator>
0x44	D	<gametype : DM>
0x4d	M
0x00	<value seperator>
0xff	<value seperator>
0x32	2	<fraglimit : 25>
0x35	5
0x00	<value seperator>
0xff	<value seperator>
0x33	3	<timelimit : 30>
0x30	0
0x00	<value seperator>
0xff	<value seperator>
0x30	0	<numteams : 0>
0x00	<value seperator>
0xff	<value seperator>
0x31	1	<dedicatedserver : 1 = on>
0x00	<value seperator>
0xff	<value seperator>
0x30	0	<friendlyfire : 0>
0x00	<end of data indicator>

=== follow same pattern to add more servers starting with 0x39 and ending with 0x00 ===

0x00	<end of data indicator>
0xff	<end of data indicator>
0xff	<end of data indicator>
0xff	<end of data indicator>
0xff	<end of data indicator>

Difference between revisions of "Gamespy in Republic Commando"

Latest revision as of 14:00, 3 October 2021

Contents

Gamespy protocol analysis in Star Wars Republic Commando

Master Server <-> Game Server

Master Server <-> Game Client

Navigation menu

Search

@@ Line 1: / Line 1: @@
+__FORCETOC__
 ===Gamespy protocol analysis in Star Wars Republic Commando===
 Author: -ffs-PLASMA aka. HW_KILLER_PR
-Note: This documentation is incomplete and some information/aspects may be interpreted/understood wrong! Visit: https://333networks.com/
+Note: This documentation may be incomplete and some information/aspects may be interpreted/understood wrong!
-Gamespy Gamename: swrcommando
+For a gamespy alternative for various games, visit: https://333networks.com/
-Gamespy Gamekey: y2s8Fh
-Gamespy Version: 3 (EnctypeX)
+* Gamespy Gamename: swrcommando
+* Gamespy Gamekey: y2s8Fh
+* Gamespy Version: 0~3 (Hybrid) Plaintext and partial encrypted communication
+The communication between Master Server and Game Server is completly in plaintext, however communication between Master Server and Game Client is partially encrypted. The data sent from Game Client to Master Server is plaintext, however Game Client expects the answer to be encrypted in EnctypeX algorithm!
 ==Master Server <-> Game Server==
+The communication between Master Server and Game Server is in plaintext and only uses UDP protocol. Master Server listens on port 27900:
-The communication between Master and Game Server uses UDP protocol only and no encryption/algorithm. Only port 27900 gets used.
+When a Game Server boots up for first time, it sends out 2 UDP packets to let Master Server know a new remote host is coming up. Master Server doesn't have to respond:
+<syntaxhighlight lang="C++" line>
+x09     <packet ID>
-When the game server boots up for first time, it sends out 2 UDP packets to let Master Server know. Master Server doesn't need to respond:
-<source lang="cpp" line">
-x09     <message type : 9 = some sort of info message?>
 x00     <no use>
 x00     <no use>
@@ Line 39: / Line 35: @@
 x6f     o
 x00     <null terminator>
-</source>
+</syntaxhighlight>
+Once Game Server is booted up and ready to accept connections, it sends all relevant game info to Master Server, essentially a \\status\\ packet every 30 seconds or so:
-Once Game Server is booted up and ready to accept connections, it sends all relevant game info to Master Server:
+<syntaxhighlight lang="C++" line>
-<source lang="cpp" line">
+x03    <packet ID>
-x03    <message type : 3 = query master server>
+xd6    -- <Next 4 bytes are random ID generated by game server>
-xd6    -- <Next 4 bytes are random ID generated by client>
 x0c    --
 x82    --
@@ Line 128: / Line 123: @@
 x74    t
 x00    <null seperator>
-x31    1    <query port of the game server, default 11138, every server instance increases number by 1>
+x31    1    <query port of the game server, default 11138, every server instance increases number by 1 up to 11187 (x49)>
 x31    1
 x31    1
@@ Line 143: / Line 138: @@
 x30    0    <0 = disabled>
 x00    <null seperator>
-x73    s    <statechanged indicates when server wants to update information or is performing a special task : 3 = ready to accept connections | 2 = server closed>
+x73    s    <statechanged indicates when game server performs mapchange or shuts down, etc>
 x74    t
 x61    a
@@ Line 156: / Line 151: @@
 x64    d
 x00    <null seperator>
-x33    3    <Needs more investigation as to what kind of states exist>
+x33    3    <3 = ready to accept connections>
 x00    <null seperator>
 x67    g    <gamespy gamename>
@@ Line 192: / Line 187: @@
 x73    s
 x74    t
-x20    <space>
+x20    (space)
 x74    t
 x65    e
@@ Line 211: / Line 206: @@
 x36    6
 x00    <null seperator>
-x68    h    <hostport (connect port) of the game server>
+x68    h    <hostport (connect port) of the game server, default: 7777>
 x6f    o
 x73    s
@@ Line 292: / Line 287: @@
 x65    e
 x00    <null seperator>
-x6f    o    <set to openplaying, but there are no other states, atleast they dont get used>
+x6f    o    <set to openplaying, unknown if game actually uses this>
 x70    p
 x65    e
@@ Line 313: / Line 308: @@
 x73    s
 x00    <null seperator>
-x30    0    <set to 0 cuz DM, does it even get used by the game?>
+x30    0    <set to 0 for deathmatch, may be set to 2 for teamdeathmatch/ctf/assault>
 x00    <null seperator>
-x66    f    <also known as goalscore>
+x66    f    <goalscore>
 x72    r
 x61    a
@@ Line 372: / Line 367: @@
 x65    e
 x00    <null seperator>
-x30    0    <0 %>
+x30    0    <value between 0 and 100>
 x00    <null seperator>
 x00    <null seperator>
@@ Line 415: / Line 410: @@
 x00    <null seperator>
 x00    <null seperator>
-x74    t    <team_t : array for player team (trandoshan team), does it get used?>
+x74    t    <team_t : array for player team (trandoshan team), unknown if it gets used>
 x65    e
 x61    a
@@ Line 422: / Line 417: @@
 x74    t
 x00    <null seperator>
-x73    s    <score_t : array for player score (trandoshan team, does it get used?)>
+x73    s    <score_t : array for player score (trandoshan team), unknown if it gets used>
 x63    c
 x6f    o
@@ Line 431: / Line 426: @@
 x00    <null seperator>
 x00    <end of packet indicator>
-</source>
+</syntaxhighlight>
+Master Server acknowledges the information and sends ack response back to Game Server:
-Master Server acknowledges the information and sends response back to Game Server:
+<syntaxhighlight lang="C++" line>
-<source lang="cpp" line">
+xfe    <gamespy MAGIC bytes for the QR2 queries>
-xfe    <?? unknown>
+xfd    <gamespy MAGIC bytes for the QR2 queries>
-xfd    <?? unknown>
+x03    <packet ID>
-x01    <message type 1 = information exchange?>
+xd6    -- <Next 4 bytes are random ID generated by game server>
-xd6    -- <Next 4 bytes are random ID generated by client>
 x0c    --
 x82    --
 xe0    --
-x66    <?? unknown>
-x72    <?? unknown>
-x41    <?? unknown>
-x51    <?? unknown>
-x42    <?? unknown>
-x63    <?? unknown>
-x38    <?? unknown>
-x57    <?? unknown>
-x73    <?? unknown>
-x61    <?? unknown>
-x31    <?? unknown>
-x78    <?? unknown>
-x56    <?? unknown>
-x50    <?? unknown>
-x66    <?? unknown>
-x76    <?? unknown>
-x4a    <?? unknown>
-x63    <?? unknown>
-x72    <?? unknown>
-x67    <?? unknown>
 x00    <end of packet indicator>
-</source>
+</syntaxhighlight>
-Game Server acknowledge Master Server response and send ack/response back:
+Finally, Game Server sends a heartbeat to Master Server every 10 seconds or so:
-<source lang="cpp" line">
+<syntaxhighlight lang="C++" line>
-x01    <message type : 1 = information exchange?>
+x08    <packet ID>
-xd6    -- <Next 4 bytes are random ID generated by client>
+xd6    -- <Next 4 bytes are random ID generated by game server>
 x0c    --
 x82    --
 xe0    --
-x70    <?? unknown>
+</syntaxhighlight>
-x70    <?? unknown>
-x34    <?? unknown>
-x68    <?? unknown>
-x45    <?? unknown>
-x46    <?? unknown>
-x34    <?? unknown>
-x65    <?? unknown>
-x77    <?? unknown>
-x42    <?? unknown>
-x6a    <?? unknown>
-x4e    <?? unknown>
-x6c    <?? unknown>
-x75    <?? unknown>
-x79    <?? unknown>
-x4b    <?? unknown>
-x46    <?? unknown>
-x74    <?? unknown>
-x6c    <?? unknown>
-x35    <?? unknown>
-x6a    <?? unknown>
-x33    <?? unknown>
-x32    <?? unknown>
-x6a    <?? unknown>
-x4b    <?? unknown>
-x43    <?? unknown>
-x6f    <?? unknown>
-x41    <?? unknown>
-x00    <end of packet indicator>
-</source>
-Finally, Game Server sends a heartbeat to Master Server every 5 seconds or so:
-<source lang="cpp" line">
-x08    <message type : 8 = heartbeat>
-xd6    -- <Next 4 bytes are random ID generated by client>
-x0c    --
-x82    --
-xe0    --
-</source>
 Master Server sends heartbeat back to Game Server:
-<source lang="cpp" line">
+<syntaxhighlight lang="C++" line>
-xfe    <?? unknown>
+xfe    <gamespy MAGIC bytes for the QR2 queries>
-xfd    <?? unknown>
+xfd    <gamespy MAGIC bytes for the QR2 queries>
-x08    <message type : 8 = heartbeat>
+x08    <packet ID>
-xd6    -- <Next 4 bytes are random ID generated by client>
+xd6    -- <Next 4 bytes are random ID generated by game server>
 x0c    --
 x82    --
 xe0    --
-x00    <11x null at the end of heartbeat packet>
+x00    <end of packet indicator>
-x00
+</syntaxhighlight>
-x00
-x00
-x00
-x00
-x00
-x00
-x00
-x00
-x00
-</source>
-==Master Server <-> Client==
-The communication between Client and Master Server starts with UDP but then gets shifted to TCP with encryption/algorithm.
+==Master Server <-> Game Client==
+The communication between Game Client and Master Server uses TCP most of the part. Only at the beginning of the server list query, Game Client sends UDP packet and afterwards communicates in TCP. Yet the Game Client sends all data in plaintext, but expects the Master Server response to be encrypted in EnctypeX algorithm.
-Master Server is listening on port 27900 with UDP and Client sends request:
+Master Server is listening on port 27900 UDP and Game Client sends a UDP packet followed by TCP packets, therefore no need to answer here:
-<source lang="cpp" line">
+<syntaxhighlight lang="C++" line>
-x09    <message type : 9 = client starting query>
+x09    <packet ID>
-x00    -- <Next 4 bytes are random ID generated by client, but it doesnt get used for now, so its left blank>
+x00    <no use>
-x00    --
+x00    <no use>
-x00    --
+x00    <no use>
-x00    --
+x00    <no use>
 x73    s    <gamespy gamename>
 x77    w
@@ Line 564: / Line 483: @@
 x6f    o
 x00    <end of packet indicator>
-</source>
+</syntaxhighlight>
+Game Client requests server list from Master Server, therefore Master Server listens on port 28910 TCP now:
-From there, Master Server knows Client will start a TCP connection now to query server list. Master Server needs to listen on port 28910 now:
+<syntaxhighlight lang="C++" line>
-<source lang="cpp" line">
+x00    <First 2 bytes are the packet length>
-x00    <?? unknown>
+x00    --
-xa2    <?? unknown>
+x00    <Packet ID: 0>
-x00    <?? unknown>
+x01    <Protcol Version>
-x01    <?? unknown>
+x03    <LIST_ENCODING_VERSION 3>
-x03    <?? unknown>
+x00    <Next 4 bytes: Game Version: Hardcoded to 0000>
-x00    -- <Next 4 bytes are random ID generated by client, but it doesnt get used for now, so its left blank>
 x00    --
 x00    --
@@ Line 726: / Line 644: @@
 x72    r
 x65    e
-</source>
+</syntaxhighlight>
-Now Master Server needs to fetch the necessary data and send it back to the client. This is the first time the message gets encrypted by the gamespy EnctypeX algorithm.
-This is the plain text message before encryption!!!
-<source lang="cpp" line">
-xe6    <message type>
-x00    <null seperator>
-x00    <null seperator>
-x4c    <?? unknown>
-xd4    <?? unknown>
-xaa    <?? unknown>
-x4e    <?? unknown>
-x05    <?? unknown>
-x90    <?? unknown>
-x19    <?? unknown>
-x2f    <?? unknown>
-xf3    <?? unknown>
-x39    <?? unknown>
-xad    <?? unknown>
-x12    <?? unknown>
-xff    <?? unknown>
-x41    <?? unknown>
-xad    <?? unknown>
-x57    <?? unknown>
-xf1    <?? unknown>
-xf2    <?? unknown>
-x63    <?? unknown>
-x20    <?? unknown>
-xa0    <?? unknown>
-x20    <?? unknown>
-x13    <?? unknown>
-xcb    <?? unknown>
-x86    <?? unknown>
-xb5    <?? unknown>
-xf5    <?? unknown>
-x04    <?? unknown>
-xac    <?? unknown>
-x05    <?? unknown>
-xf2    <?? unknown>
-x8a    <?? unknown>
-x5e    <?? unknown>
-xec    <?? unknown>
-xff    <Client IP Address : For example: (255.255.255.255)>
-xff
-xff
-xff
-x6c    <Client destination port : 27900>
-xfc
-x00    <?? unknown>
-x00    <?? unknown>
-x7e    <?? unknown>
-xa4    <Game Server IP (164.132.196.125)>
-x84
-xc4
-x7d
-x2b    <query port of Game Server : 11138>
-x82
-xa4    <Game Server IP (164.132.196.125)>
-x84
-xc4
-x7d
-x2b    <query port of Game Server : 11138>
-x82
-xa4    <Game Server IP (164.132.196.125)>
-x84
-xc4
-x7d
-x00    <end of packet indicator>
-xff
-xff
-xff
-xff
-</source>
-Once the Client got the server list from Master Server, it will query additional information for the servers like players, map, etc:
+Now Master Server needs to fetch the necessary server data and send it back to the client. This is the plain text message before EnctypeX encryption!!!
-<source lang="cpp" line">
+<syntaxhighlight lang="C++" line>
-x00    <5x null, one of them is the server ID to fetch data, the rest IDK>
+x7f	<Next 4 bytes are Master Server IP Address, for example: 127.0.0.1>
-x00
+x00	--
-x00
+x00	--
-x00
+x01	--
-x00
+x6c	<Next 2 bytes are Master Server Query Port : 27900 or 28910>
-x00    -- <Next 4 bytes are random ID generated by client, but it doesnt get used for now, so its left blank>
+xfc	--
-x00    --
+x0b	<Number of categories/properties, in this case 11>
-x00    --
-x00    --
-x73    s    <gamespy gamename>
-x77    w
-x72    r
-x63    c
-x6f    o
-x6d    m
-x6d    m
-x61    a
-x6e    n
-x64    d
-x6f    o
-x00    <null seperator>
-x73    s    <gamespy gamename>
-x77    w
-x72    r
-x63    c
-x6f    o
-x6d    m
-x6d    m
-x61    a
-x6e    n
-x64    d
-x6f    o
-x00    <null seperator>
-x5c    \    <backslash as seperator>
-x68    h    <hostname>
-x6f    o
-x73    s
-x74    t
-x6e    n
-x61    a
-x6d    m
-x65    e
-x5c    \    <backslash as seperator>
-x68    h    <hostport>
-x6f    o
-x73    s
-x74    t
-x70    p
-x6f    o
-x72    r
-x74    t
-x5c    \    <backslash as seperator>
-x6e    n    <numplayers>
-x75    u
-x6d    m
-x70    p
-x6c    l
-x61    a
-x79    y
-x65    e
-x72    r
-x73    s
-x5c    \    <backslash as seperator>
-x6d    m    <maxplayers>
-x61    a
-x78    x
-x70    p
-x6c    l
-x61    a
-x79    y
-x65    e
-x72    r
-x73    s
-x5c    \    <backslash as seperator>
-x6d    m    <mapname>
-x61    a
-x70    p
-x6e    n
-x61    a
-x6d    m
-x65    e
-x5c    \    <backslash as seperator>
-x67    g    <gametype>
-x61    a
-x6d    m
-x65    e
-x74    t
-x79    y
-x70    p
-x65    e
-x5c    \    <backslash as seperator>
-x66    f    <fraglimit>
-x72    r
-x61    a
-x67    g
-x6c    l
-x69    i
-x6d    m
-x69    i
-x74    t
-x5c    \    <backslash as seperator>
-x74    t    <timelimit>
-x69    i
-x6d    m
-x65    e
-x6c    l
-x69    i
-x6d    m
-x69    i
-x74    t
-x5c    \    <backslash as seperator>
-x6e    n    <numteams>
-x75    u
-x6d    m
-x74    t
-x65    e
-x61    a
-x6d    m
-x73    s
-x5c    \    <backslash as seperator>
-x64    d    <dedicatedserver>
-x65    e
-x64    d
-x69    i
-x63    c
-x61    a
-x74    t
-x65    e
-x64    d
-x73    s
-x65    e
-x72    r
-x76    v
-x65    e
-x72    r
-x5c    \    <backslash as seperator>
-x66    f    <friendlyfire>
-x72    r
-x69    i
-x65    e
-x6e    n
-x64    d
-x6c    l
-x79    y
-x66    f
-x69    i
-x72    r
-x65    e
-</source>
-Master Server needs to fetch data for this server ID and send it back with EnctypeX encryption.
-Response in plain text before encrypting:
-<source lang="cpp" line">
-x5d	<?? unknown>
-xcd	<?? unknown>
-xf1	<?? unknown>
-x81	<?? unknown>
-x6c	<?? unknown>
-xfc	<?? unknown>
-x0b	<?? unknown>
 x00	<null seperator>
 x68	h	<hostname>
@@ Line 1,102: / Line 782: @@
 x00	<null seperator>
 x00	<null seperator>
-x7e	<?? unknwon>
-xa4	164		<IP of Gameserver : 164.132.196.125>
+=== add game servers here!!! ===
+x39	<ICMP_IP_FLAG - 0x38 = only ping, 0x39 ping and query player data>
+xa4	164		<First IP of Gameserver : 164.132.196.125>
 x84	132		---^
 xc4	196		--^
 x7d	125		-^
-x2b	11138	<Query port of game server (2 bytes) : 11138>
+x2b	11138	<First query port of game server (2 bytes) : 11138>
 x82	-^
-xa4	164		<IP of Gameserver : 164.132.196.125>
+xa4	164		<Second IP of Gameserver : 164.132.196.125>
 x84	132		---^
 xc4	196		--^
 x7d	125		-^
-x2b	11138	<Query port of game server (2 bytes) : 11138>
+x2b	11138	<Second query port of game server (2 bytes) : 11138>
 x82	-^
-xa4	164		<IP of Gameserver : 164.132.196.125>
+xa4	164		<Third IP of Gameserver : 164.132.196.125>
 x84	132		---^
 xc4	196		--^
@@ Line 1,122: / Line 805: @@
 x44	D	<hostname : DM - swrc-modding.net>
 x4d	M
-x20	<space>
+x20	(space)
 x2d	-
-x20	<space>
+x20	(space)
 x73	s
 x77	w
@@ Line 1,184: / Line 867: @@
 x30	0	<friendlyfire : 0>
 x00	<end of data indicator>
+=== follow same pattern to add more servers starting with 0x39 and ending with 0x00 ===
 x00	<end of data indicator>
 xff	<end of data indicator>
@@ Line 1,189: / Line 875: @@
 xff	<end of data indicator>
 xff	<end of data indicator>
-x64	<?? unknown>
+</syntaxhighlight>
-xba	<?? unknown>
-x67	<?? unknown>
-x71	<?? unknown>
-x74	<?? unknown>
-x5a	<?? unknown>
-x7e	<?? unknown>
-xea	<?? unknown>
-x94	<?? unknown>
-xc8	<?? unknown>
-xe6	<?? unknown>
-xa5	<?? unknown>
-xa9	<?? unknown>
-xe8	<?? unknown>
-x9d	<?? unknown>
-x44	<?? unknown>
-xf4	<?? unknown>
-x03	<?? unknown>
-x78	<?? unknown>
-x54	<?? unknown>
-x9b	<?? unknown>
-x86	<?? unknown>
-xf4	<?? unknown>
-x5e	<?? unknown>
-x52	<?? unknown>
-xb5	<?? unknown>
-x2a	<?? unknown>
-x91	<?? unknown>
-xc3	<?? unknown>
-x7a	<?? unknown>
-x7e	<?? unknown>
-xfe	<?? unknown>
-xb0	<?? unknown>
-x3e	<?? unknown>
-x88	<?? unknown>
-xd6	<?? unknown>
-xca	<?? unknown>
-</source>
-The actual player data of the gameservers is missing and needs to be reversed, but for now server list shows the gameservers.