You are not logged in.
#51 01 Nov 2006 1:31 pm
Re: bf2142 stat query protocol
you seem to like C#. I threw together this program, i got some source from thecodeproject.com to do CRC16/32 in C#. Then I took a recursive algorithm i wrote about 3 years ago to create permutations of a number. Added in the code with my FunWithBytes project(read in numbers, spit out byte arrays in hex/binary/byte format) and looped it. I had it testing the 8 byte combination of timestamp and pid, every possible combination, that was the results i posted above(8!=40320 possible combinations). So if the crc16 code is correct(i tested a few of the ones that you manually did above and they matched) then it isn't just a straight reordering of bytes(unless it is the full 12-14 bytes instead of just the 8). Anyways, you can get the whole source+solution files at http://www.velox-mortis.com/temp/FunWithBytes.zip should allow you to mofidy the algorithm to test anything. Tonight I think i'll try to get an algorithm to create 4 byte arrays out of the 8 bytes by trying every possible combination of & | and ^.
Offline
#52 01 Nov 2006 2:22 pm
Re: bf2142 stat query protocol
very nice. yea I do more C# work than anything else (but also do quite a bit PHP and C++). I was using the CRCTool class (though i think he has a bug in the ccitt method) as well, but hadn't put anything together on this scale.
Offline
#53 01 Nov 2006 3:15 pm
Re: bf2142 stat query protocol
you should install WinXP pro32bit and dual boot. Thats what I do, I rarely use my 64bit windows. But the debugger works fine on my 64 bit processor(AMD 64bit X2 4400).MadHatter :
how do I enable the hardware breakpoint in olly? I cant debug it from home because I have a 64 bit machine and the injection that allows olly to run in debug mode fails and ends up bluescreening my machine. I try it here at work but the hardware breakpoint dialog is disabled.
I started to ask the guy who wrote the auth what these 2 bytes were, but I want to look at it a little longer before I ask.
Offline
#55 01 Nov 2006 4:58 pm
Re: bf2142 stat query protocol
I found a part in memory which has the pages listed.
Debugging the client:
Block 009E0000
0090FCAC 67 65 74 70 6C 61 79 65 72 69 6E 66 6F 2E 61 73 getplayerinfo.as
0090FCBC 70 78 px
It has most of the pages listed in that area, anything specific you are looking for?
Offline
#56 01 Nov 2006 5:05 pm
Re: bf2142 stat query protocol
I was hoping there was a table that listed the getplayerinfo.aspx to some # used for those 2 bytes.
I suspect that the 2 missing bytes are related to the page somehow. I don't know exactly how that is though.
Offline
#57 01 Nov 2006 6:25 pm
Re: bf2142 stat query protocol
well I finally got xp (32 bit) installed on vmware, and got a server up and running, can attach and set the breakpoint where I need it, but now cant connect w/ my game client. so I guess I have to install the game on the vm as well. slow progress.
Offline
#58 01 Nov 2006 8:54 pm
Re: bf2142 stat query protocol
is the middle int always 100 and are the first 2 bytes of the last int always 1? Are you trying multiple pages? maybe the 100 refers to the type of query. Or maybe the 1 does. if those are all auths to the same page, then they wouldn't change at all.Tubar :
Some data for testing:
Sample1: 8B 66 48 45 64 00 00 00 F9 6A E2 04 01 00 2B 24
Sample2: 63 69 48 45 64 00 00 00 F9 6A E2 04 01 00 1C EF
Sample3: B7 69 48 45 64 00 00 00 F9 6A E2 04 01 00 8F A8
Sample4: C0 6C 48 45 64 00 00 00 F9 6A E2 04 01 00 C0 E8
Sample5: CB 6F 48 45 64 00 00 00 F9 6A E2 04 01 00 AD 41
Offline
#59 01 Nov 2006 11:56 pm
Re: bf2142 stat query protocol
I was able to load it up and poke through the string section in both olly and PE Explorer.
in PE Explorer, I came across what looked like routines to calculate the bytes for each query type. I couldnt find the exact same thing in olly, but I may have missed it.
we should be able to set access breakpoints on strings (like the ones I came across in PE Explorer and olly) and see if / what they do.
here's some stuff I found from that:
Code:
008315D0 90287900 dd SSZ00792890_pers_plrRequestUnlocks 008315D4 20335100 dd L00513320 008315D8 01 db 01h; 008315D9 00 db 00h; 008315DA 00 db 00h; 008315DB 00 db 00h; 008315DC 00 db 00h; 008315DD 00 db 00h; 008315DE 00 db 00h; 008315DF 00 db 00h; 008315E0 78287900 dd SSZ00792878_pers_plrRequestStats 008315E4 E0285100 dd L005128E0 008315E8 01 db 01h; 008315E9 00 db 00h; 008315EA 00 db 00h; 008315EB 00 db 00h; 008315EC 00 db 00h; 008315ED 00 db 00h; 008315EE 00 db 00h; 008315EF 00 db 00h; 008315F0 60287900 dd SSZ00792860_pers_plrRequestAwards 008315F4 302A5100 dd L00512A30 008315F8 01 db 01h; 008315F9 00 db 00h; 008315FA 00 db 00h; 008315FB 00 db 00h; 008315FC 00 db 00h; 008315FD 00 db 00h; 008315FE 00 db 00h; 008315FF 00 db 00h; 00831600 4C287900 dd SSZ0079284C_pers_getStatsKeyVal 00831604 702B5100 dd L00512B70 00831608 01 db 01h; 00831609 00 db 00h; 0083160A 00 db 00h; 0083160B 00 db 00h; 0083160C 00 db 00h; 0083160D 00 db 00h; 0083160E 00 db 00h; 0083160F 00 db 00h; 00831610 34287900 dd SSZ00792834_pers_getRankExperience 00831614 602F5100 dd L00512F60 00831618 01 db 01h; 00831619 00 db 00h; 0083161A 00 db 00h; 0083161B 00 db 00h; 0083161C 00 db 00h; 0083161D 00 db 00h; 0083161E 00 db 00h; 0083161F 00 db 00h; 00831620 20287900 dd SSZ00792820_pers_getNumRanks 00831624 B0265100 dd L005126B0 00831628 01 db 01h; 00831629 00 db 00h; 0083162A 00 db 00h; 0083162B 00 db 00h; 0083162C 00 db 00h; 0083162D 00 db 00h; 0083162E 00 db 00h; 0083162F 00 db 00h; ;---------------------------------------------------------------------------------------------------- 00513312 CCCCCCCCCCCCCCCCCCCC+ Align 16 00513320 L00513320: 00513320 55 push ebp 00513321 8BEC mov ebp,esp 00513323 83EC14 sub esp,00000014h 00513326 56 push esi 00513327 8B750C mov esi,[ebp+0Ch] 0051332A 57 push edi 0051332B 8D45F8 lea eax,[ebp-08h] 0051332E 50 push eax 0051332F BA01000000 mov edx,00000001h 00513334 8BCE mov ecx,esi 00513336 E8951BF1FF call SUB_L00424ED0 0051333B 8D4DFC lea ecx,[ebp-04h] 0051333E 51 push ecx 0051333F 33D2 xor edx,edx 00513341 8BCE mov ecx,esi 00513343 8BF8 mov edi,eax 00513345 E8861BF1FF call SUB_L00424ED0 0051334A 03F8 add edi,eax 0051334C 752C jnz L0051337A 0051334E 8B0D809B8900 mov ecx,[L00899B80] 00513354 8B45FC mov eax,[ebp-04h] 00513357 8B11 mov edx,[ecx] 00513359 50 push eax 0051335A FF5220 call [edx+20h] 0051335D 8BF8 mov edi,eax 0051335F 85FF test edi,edi 00513361 751F jnz L00513382 00513363 8B0D50B67800 mov ecx,[dice_py.dll!PyExc_RuntimeError] 00513369 8B11 mov edx,[ecx] 0051336B 6888BE7C00 push SSZ007CBE88_no_such_player 00513370 52 push edx 00513371 FF15E4B67800 call [dice_py.dll!PyErr_SetString] 00513377 83C408 add esp,00000008h 0051337A L0051337A: 0051337A 5F pop edi 0051337B 33C0 xor eax,eax 0051337D 5E pop esi 0051337E 8BE5 mov esp,ebp 00513380 5D pop ebp 00513381 C3 retn ;---------------------------------------------------------------------------------------------------- ;---------------------------------------------------------------------------------------------------- 005128D3 CCCCCCCCCCCCCCCCCCCC+ Align 16 005128E0 L005128E0: 005128E0 55 push ebp 005128E1 8BEC mov ebp,esp 005128E3 83EC2C sub esp,0000002Ch 005128E6 A140CA8300 mov eax,[L0083CA40] 005128EB 56 push esi 005128EC 57 push edi 005128ED 8D4DE0 lea ecx,[ebp-20h] 005128F0 8945FC mov [ebp-04h],eax 005128F3 FF1554B37800 call [MSVCP71.dll!??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ] 005128F9 8B750C mov esi,[ebp+0Ch] 005128FC 8D45E0 lea eax,[ebp-20h] 005128FF 50 push eax 00512900 BA02000000 mov edx,00000002h 00512905 8BCE mov ecx,esi 00512907 E86425F1FF call SUB_L00424E70 0051290C 8D4DDC lea ecx,[ebp-24h] 0051290F 51 push ecx 00512910 BA03000000 mov edx,00000003h 00512915 8BCE mov ecx,esi 00512917 8BF8 mov edi,eax 00512919 E8B225F1FF call SUB_L00424ED0 0051291E 8D55D8 lea edx,[ebp-28h] 00512921 52 push edx 00512922 BA01000000 mov edx,00000001h 00512927 8BCE mov ecx,esi 00512929 03F8 add edi,eax 0051292B E8A025F1FF call SUB_L00424ED0 00512930 03F8 add edi,eax 00512932 8D45D4 lea eax,[ebp-2Ch] 00512935 50 push eax 00512936 33D2 xor edx,edx 00512938 8BCE mov ecx,esi 0051293A E89125F1FF call SUB_L00424ED0 0051293F 03F8 add edi,eax 00512941 7530 jnz L00512973 00512943 8B45D4 mov eax,[ebp-2Ch] 00512946 3D00010000 cmp eax,00000100h 0051294B 7D49 jge L00512996 0051294D 8B0D809B8900 mov ecx,[L00899B80] 00512953 8B11 mov edx,[ecx] 00512955 50 push eax 00512956 FF5220 call [edx+20h] 00512959 85C0 test eax,eax 0051295B 752F jnz L0051298C 0051295D A150B67800 mov eax,[dice_py.dll!PyExc_RuntimeError] 00512962 8B08 mov ecx,[eax] 00512964 6888BE7C00 push SSZ007CBE88_no_such_player 00512969 51 push ecx 0051296A FF15E4B67800 call [dice_py.dll!PyErr_SetString] 00512970 83C408 add esp,00000008h 00512973 L00512973: 00512973 8D4DE0 lea ecx,[ebp-20h] 00512976 FF1584B27800 call [MSVCP71.dll!??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ] 0051297C 5F pop edi 0051297D 33C0 xor eax,eax 0051297F 5E pop esi 00512980 8B4DFC mov ecx,[ebp-04h] 00512983 E817B72400 call SUB_L0075E09F 00512988 8BE5 mov esp,ebp 0051298A 5D pop ebp 0051298B C3 retn ;---------------------------------------------------------------------------------------------------- ;---------------------------------------------------------------------------------------------------- 00512A2F CC Align 4 00512A30 L00512A30: 00512A30 55 push ebp 00512A31 8BEC mov ebp,esp 00512A33 83EC28 sub esp,00000028h 00512A36 A140CA8300 mov eax,[L0083CA40] 00512A3B 56 push esi 00512A3C 57 push edi 00512A3D 8D4DE0 lea ecx,[ebp-20h] 00512A40 8945FC mov [ebp-04h],eax 00512A43 FF1554B37800 call [MSVCP71.dll!??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ] 00512A49 8B750C mov esi,[ebp+0Ch] 00512A4C 8D45E0 lea eax,[ebp-20h] 00512A4F 50 push eax 00512A50 BA02000000 mov edx,00000002h 00512A55 8BCE mov ecx,esi 00512A57 E81424F1FF call SUB_L00424E70 00512A5C 8D4DDC lea ecx,[ebp-24h] 00512A5F 51 push ecx 00512A60 BA01000000 mov edx,00000001h 00512A65 8BCE mov ecx,esi 00512A67 8BF8 mov edi,eax 00512A69 E86224F1FF call SUB_L00424ED0 00512A6E 8D55D8 lea edx,[ebp-28h] 00512A71 52 push edx 00512A72 33D2 xor edx,edx 00512A74 8BCE mov ecx,esi 00512A76 03F8 add edi,eax 00512A78 E85324F1FF call SUB_L00424ED0 00512A7D 03F8 add edi,eax 00512A7F 7530 jnz L00512AB1 00512A81 8B45D8 mov eax,[ebp-28h] 00512A84 3D00010000 cmp eax,00000100h 00512A89 7D49 jge L00512AD4 00512A8B 8B0D809B8900 mov ecx,[L00899B80] 00512A91 8B11 mov edx,[ecx] 00512A93 50 push eax 00512A94 FF5220 call [edx+20h] 00512A97 85C0 test eax,eax 00512A99 752F jnz L00512ACA 00512A9B A150B67800 mov eax,[dice_py.dll!PyExc_RuntimeError] 00512AA0 8B08 mov ecx,[eax] 00512AA2 6888BE7C00 push SSZ007CBE88_no_such_player 00512AA7 51 push ecx 00512AA8 FF15E4B67800 call [dice_py.dll!PyErr_SetString] 00512AAE 83C408 add esp,00000008h 00512AB1 L00512AB1: 00512AB1 8D4DE0 lea ecx,[ebp-20h] 00512AB4 FF1584B27800 call [MSVCP71.dll!??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ] 00512ABA 5F pop edi 00512ABB 33C0 xor eax,eax 00512ABD 5E pop esi 00512ABE 8B4DFC mov ecx,[ebp-04h] 00512AC1 E8D9B52400 call SUB_L0075E09F 00512AC6 8BE5 mov esp,ebp 00512AC8 5D pop ebp 00512AC9 C3 retn ;----------------------------------------------------------------------------------------------------
Offline
#60 02 Nov 2006 1:18 am
Re: bf2142 stat query protocol
This data I got only by join to server, I thing are for rank and unlock.Craigins :
is the middle int always 100 and are the first 2 bytes of the last int always 1? Are you trying multiple pages? maybe the 100 refers to the type of query. Or maybe the 1 does. if those are all auths to the same page, then they wouldn't change at all.Tubar :
Some data for testing:
Sample1: 8B 66 48 45 64 00 00 00 F9 6A E2 04 01 00 2B 24
Sample2: 63 69 48 45 64 00 00 00 F9 6A E2 04 01 00 1C EF
Sample3: B7 69 48 45 64 00 00 00 F9 6A E2 04 01 00 8F A8
Sample4: C0 6C 48 45 64 00 00 00 F9 6A E2 04 01 00 C0 E8
Sample5: CB 6F 48 45 64 00 00 00 F9 6A E2 04 01 00 AD 41
Today I finish DECODER for auth key, which give me this 16 bytes from Base64 Auth string.
After that we can watch if are these bytes changed for other ask or are same.
Offline
#61 02 Nov 2006 6:08 am
Re: bf2142 stat query protocol
fyi i did ever permutation of bytes for the first 12 bytes in the first 2 samples, and the crc16 didn't match any of them.
I'm trying the first 14 bytes but I don't think that will run. 495 million permutations for 12 bytes took 1.25 hrs, 14 bytes has a possible 87 billon permutations so i think i will end it when i get home whether it is finished or not.
Offline
#62 02 Nov 2006 12:08 pm
Re: bf2142 stat query protocol
Ok, coding and encoding 16 bytes is done.
You can try that here:
http://bf2142.bfstats.info/auth.php
CODE - is 16 bytes in hex format, so 32 characters 0..F -> encode to AUTH
AUTH - is auth base64 string -> decode to CODE
Tomorow I post here PHP code.
Decode is now without problem. But for Encode we need these last two bytes generate. How? I dont know at this time.
Offline
#63 02 Nov 2006 1:43 pm
Re: bf2142 stat query protocol
very nice!
this gives us a starting point for test data at least.
here's the dump of my auth requests posted on the second post of this thread:
it goes:
Code:
querypage
auth token bytes (any additional parameters in the query)Code:
getbackendinfo
iXZI3e9NRrcK6mkHY2YkNg__ 400040456400000000000000000006DD
Tz[wyu88es8eq3P22aB9wQ__ 7D43404564000000000000000000E47E
getplayerinfo
hsAYJAG[dgkSiQfkKhF[fA__ 430040456400000011BAD7040000FF42 (mode=base)
CsJwQ9RPk46kmWxa9CTeYA__ 570040456400000011BAD7040000AD79 (mode=ovr)
xU2qDk[zXk]BWGehdT4y4w__ 590040456400000011BAD7040000A199 (mode=ply)
HoEwn2lJbn0bvp6bDh]wjQ__ 9C434045640000006F17E6040000AD62 (mode=base)
getunlocksinfo
WMPGObVgmQFOUigYZyNnRw__ 460040456400000011BAD70400003BC4
2d3SIIXPHH40QC6w9DrR6w__ 9E434045640000006F17E60400006F94
getawardsinfo.aspx
WMPGObVgmQFOUigYZyNnRw__ 460040456400000011BAD70400003BC4 (pid=81246737)
2d3SIIXPHH40QC6w9DrR6w__ 9E434045640000006F17E60400006F94 (pid=82188143)
getplayerprogress
8e26HVmZGRthTzwBLMcrFw__ 4E0040456400000011BAD7040000502F (mode=point)
OwLTkf3YNNKSyoHbDP3KZQ__ 510040456400000011BAD7040000CA72 (mode=score)
Un0OVwDuqpANkLtdDtHw2A__ 520040456400000011BAD704000069FF (mode=ttp)
Un0OVwDuqpANkLtdDtHw2A__ 520040456400000011BAD704000069FF (mode=kills)
3CR[CIClsFA6bIEPqghpKQ__ 530040456400000011BAD70400000884 (mode=spm)
3CR[CIClsFA6bIEPqghpKQ__ 530040456400000011BAD70400000884 (mode=role)
Wq[wb1fQGAnWp]KoQ4etxA__ 540040456400000011BAD70400000EF4 (mode=flag)
Wq[wb1fQGAnWp]KoQ4etxA__ 540040456400000011BAD70400000EF4 (mode=waccu)
p5UWGglGAsln9Sb36S9oZQ__ 550040456400000011BAD70400006F8F (mode=wl)
p5UWGglGAsln9Sb36S9oZQ__ 550040456400000011BAD70400006F8F (mode=twsc)
RM0orxS6feg[L[qXDREYug__ 560040456400000011BAD7040000CC02 (mode=sup)
q6D3E5nkRF1]OnmOU8W7Yg__ AC434045640000006F17E60400009539 (mode=point)
getleaderboard
yY6RhSt3AI[gBtRkc67Ulw__ 650040456400000011BAD704000057D4
XxfEcvG2RYQ0J5V6mLnTng__ 670040456400000011BAD70400009522 (dogTagFilter=1)
rtXtz6QGp[ufCxJWMrYS5w__ 680040456400000011BAD7040000F8B9 (type=overallscore)
IA65[l5DqWS]khmcwMcfKQ__ 690040456400000011BAD704000099C2 (type=overallscore&ccFilter=US)
6swGutaWIeRWF]MUK8rRzw__ 6A0040456400000011BAD70400003A4F (type=overallscore)
Ok2ca63[qDe142so3B0ZzQ__ 6B0040456400000011BAD70400005B34 (type=overallscore&buddiesFilter=81168298,81242994,81306093,81465904)
NHFg9sIAp5Z[euaT6CA7KA__ 6C0040456400000011BAD70400005D44 (type=overallscore)
UCdBNgv2uDFFMTrq0HLQxA__ 6D0040456400000011BAD70400003C3F (type=overallscore&buddiesFilter=81168298,81242994,81306093,81465904)
OambPiPNcGuCzsSlnZRF6w__ 6E0040456400000011BAD70400009FB2 (type=overallscore&buddiesFilter=81168298,81242994,81306093,81465904&dogTagFilter=1)
apr3cK9vZGLV[SjCz[7ikg__ 6F0040456400000011BAD7040000FEC9 (type=overallscore&ccFilter=US&buddiesFilter=81168298,81242994,81306093,81465904&dogTagFilter=1)
K5N9nf4JQdQ8L3cb[BVnpg__ BD434045640000006F17E60400000384 (type=overallscore)about the only thing that came out at a glance is that there is no PID in the getbackendinfo query, and the last 4 bytes of my auth token dont contain the same thing as Tubar's did (whcih when I drilled into the string data from inside PE Explorer last night, what I end up with here looks a lot like what they had there, so it looks like there's another hashing algorithm to understand).
Offline
#64 02 Nov 2006 1:54 pm
Re: bf2142 stat query protocol
well it is only 2 bytes. Try the same query over and over again so the time stamp changes to see if those 2 bytes change.
If they don't change, then the 2 bytes are dependant on the query. This means that we can just run a brute force algorithm testing each byte to see which values correspond to which queries on which pages. Might take awhile though. Couple hours per auth depending on how fast we set the query interval(don't want to burden the server).
Offline
#65 02 Nov 2006 2:05 pm
Re: bf2142 stat query protocol
i think these two bytes have not to do with query tyme.
when i got auth key, i use this auth key for getplayerinfo and for getunlockinfo and both work fine on stella gamespy request.
Offline
#66 02 Nov 2006 2:09 pm
Re: bf2142 stat query protocol
it makes sense to me now, because I think that when I got the odd results it was when I took the auth token from get backend info (which doesnt have a PID).
but odd that the last 4 bytes of mine (both accounts that I tried) differ from yours Tubar (there is no 01 00 XX XX, just 00 00 XX XX). Is the account you're testing a BF2 Vet account (this may be the difference... both ones I tested are bf2 vet users)?
It will be interesting to see what the last 4 bytes of Craigins token show up as.
Offline
#67 02 Nov 2006 4:31 pm
Re: bf2142 stat query protocol
Maybe the 0100 is a location code of sorts.
I threw up my packet capture program, grabbed the pages and query string for each request and then fed the auth codes through Tubar's page. Here they are:
Code:
Page: getplayerprogress.aspx
AuthCode: =mEt8kpDnJVLundp1ZWK42w__
Bytes: 88884A4564000000E986D80400009B34
mode: point
scale: game
Page: getplayerprogress.aspx
AuthCode: =0sIoSzoQcihpqUgm083n5w__
Bytes: 8B884A4564000000E986D804000038B9
mode: score
scale: game
Page: getplayerprogress.aspx
AuthCode: =A8YZ5oHdixMBagM[hFU1Yg__
Bytes: 8C884A4564000000E986D80400003EC9
mode: ttp
scale: game
Page: getplayerprogress.aspx
AuthCode: =A8YZ5oHdixMBagM[hFU1Yg__
Bytes: 8C884A4564000000E986D80400003EC9
mode: kills
scale: game
Page: getplayerprogress.aspx
AuthCode: =4fEBDwo5k68r2racrIPptg__
Bytes: 8D884A4564000000E986D80400005FB2
mode: spm
scale: game
Page: getplayerprogress.aspx
AuthCode: =hCqB28pYW0MMRAbCAY9W4g__
Bytes: 8E884A4564000000E986D8040000FC3F
mode: role
scale: game
Page: getplayerprogress.aspx
AuthCode: =hCqB28pYW0MMRAbCAY9W4g__
Bytes: 8E884A4564000000E986D8040000FC3F
mode: flag
scale: game
Page: getplayerprogress.aspx
AuthCode: =t28MLsFZJOQYLSvFlHvxww__
Bytes: 8F884A4564000000E986D80400009D44
mode: waccu
scale: game
Page: getplayerprogress.aspx
AuthCode: =t28MLsFZJOQYLSvFlHvxww__
Bytes: 8F884A4564000000E986D80400009D44
mode: wl
scale: game
Page: getplayerprogress.aspx
AuthCode: =VXh]SNTKZcyolyzXQ9cKfQ__
Bytes: 90884A4564000000E986D80400000719
mode: twsc
scale: game
Page: getplayerprogress.aspx
AuthCode: =VXh]SNTKZcyolyzXQ9cKfQ__
Bytes: 90884A4564000000E986D80400000719
mode: sup
scale: game
Page: getplayerinfo.aspx
AuthCode: =2]TKpMmglzZ8TLNqjwbo]Q__
Bytes: A8884A4564000000E986D804000054A9
mode: ovr
Page: getplayerinfo.aspx
AuthCode: =I[AVk[4VK5J5OMzH0NpozQ__
Bytes: AA884A4564000000E986D8040000965F
mode: ply
Page: getplayerinfo.aspx
AuthCode: =PMx7iqTEG9ZUO8rWeErJ0g__
Bytes: AD884A4564000000E986D8040000902F
mode: titan
Page: getplayerinfo.aspx
AuthCode: =oggxXuy4v2]bE7oRHIee6g__
Bytes: AF884A4564000000E986D804000052D9
mode: wrk
Page: getplayerinfo.aspx
AuthCode: =lFf7vXmsl5RxbxIhS7IZjw__
Bytes: B1884A4564000000E986D8040000A9FF
mode: com
Page: getplayerinfo.aspx
AuthCode: =1yfkOjsV72gPz9tOELFiHw__
Bytes: B4884A4564000000E986D80400006D79
mode: wep
Page: getplayerinfo.aspx
AuthCode: =Z2W5Qzn2PEmKJuQkVMj8Tg__
Bytes: B6884A4564000000E986D8040000AF8F
mode: veh
Page: getplayerinfo.aspx
AuthCode: =QUXJFsQKyysYCVuH3QvV]Q__
Bytes: B8884A4564000000E986D8040000A36F
mode: map
Page: getleaderboard.aspx
AuthCode: =ZI[USzdOZs[HqUs9CWuzNw__
Bytes: C7884A4564000000E986D80400004984
pos: 1
after: 17
type: overallscore
Page: getleaderboard.aspx
AuthCode: =[dXsnBeejVJZ7Ik9urZ3og__
Bytes: C8884A4564000000E986D8040000241F
pos: 1
after: 17
type: weapon
id: 0
Page: getleaderboard.aspx
AuthCode: =yvr8B2wdNmE[FxqUbgqIdQ__
Bytes: C9884A4564000000E986D80400004564
pos: 1
after: 17
type: vehicle
id: 0
Page: getleaderboard.aspx
AuthCode: =DbQwerDlLFIGQkwnS9kNJw__
Bytes: CA884A4564000000E986D8040000E6E9
pos: 1
after: 16
type: supremecommander
Page: getleaderboard.aspx
AuthCode: =YexuXME20sAhGzzFFgTdsg__
Bytes: CC884A4564000000E986D804000081E2
pos: 1
after: 17
type: vehicle
id: 0
Page: getleaderboard.aspx
AuthCode: =iYUcz6nzXXfaLoUMuUmjZw__
Bytes: CE884A4564000000E986D80400004314
pos: 1
after: 17
type: vehicle
id: 0
buddiesFilter: 81273635,81283179,81291832,81304838,81428658,82375860
Page: getleaderboard.aspx
AuthCode: =O8nc2Yhtuur]VUIanykJoA__
Bytes: CF884A4564000000E986D8040000226F
pos: 1
after: 17
type: vehicle
id: 0
ccFilter: US
buddiesFilter: 81273635,81283179,81291832,81304838,81428658,82375860
Page: getleaderboard.aspx
AuthCode: =UytJU17z2O]TDlDfQ9HGsg__
Bytes: D0884A4564000000E986D8040000B832
pos: 1
after: 17
type: vehicle
id: 0
ccFilter: US
Page: getleaderboard.aspx
AuthCode: =aEugYAOrEOSsQzhz6fUH1g__
Bytes: D1884A4564000000E986D8040000D949
pos: 1
after: 17
type: vehicle
id: 0
ccFilter: US
dogTagFilter: 1
Page: getleaderboard.aspx
AuthCode: =5]sIPWtND6ygN0hLT4RTtw__
Bytes: D3884A4564000000E986D80400001BBF
pos: 1
after: 17
type: vehicle
id: 0
dogTagFilter: 1
Page: getleaderboard.aspx
AuthCode: =iW3E6N70EqhEAJhoc9tffg__
Bytes: D4884A4564000000E986D80400001DCF
pos: 1
after: 17
type: vehicle
id: 0
buddiesFilter: 81273635,81283179,81291832,81304838,81428658,82375860
dogTagFilter: 1
Page: getleaderboard.aspx
AuthCode: =wI64fNyBo]LZx4K0Q8pwoA__
Bytes: D7884A4564000000E986D8040000BE42
pos: 1
after: 17
type: weapon
id: 0
buddiesFilter: 81273635,81283179,81291832,81304838,81428658,82375860
dogTagFilter: 1
Page: getleaderboard.aspx
AuthCode: =lfMcFVv5zQndGL6fTn5OWA__
Bytes: D8884A4564000000E986D8040000D3D9
pos: 1
after: 17
type: weapon
id: 0
dogTagFilter: 1
Page: getleaderboard.aspx
AuthCode: =6Zz69Y27kK2ndxrV4CuZMg__
Bytes: D9884A4564000000E986D8040000B2A2
pos: 1
after: 17
type: weapon
id: 0
Page: getleaderboard.aspx
AuthCode: =GfG8J0pbskUMJdRgR9dw[w__
Bytes: DA884A4564000000E986D8040000112F
pos: 1
after: 17
type: weapon
id: 0
ccFilter: US
Page: getleaderboard.aspx
AuthCode: =OgcQDcZ0t30eJY62KBavOw__
Bytes: DB884A4564000000E986D80400007054
pos: 1
after: 17
type: weapon
id: 0
Page: getleaderboard.aspx
AuthCode: =3ZrRQyVAGAvIlmOk4E7J4g__
Bytes: DC884A4564000000E986D80400007624
pos: 1
after: 17
type: weapon
id: 0
buddiesFilter: 81273635,81283179,81291832,81304838,81428658,82375860
Page: getleaderboard.aspx
AuthCode: =3ZrRQyVAGAvIlmOk4E7J4g__
Bytes: DC884A4564000000E986D80400007624
pos: 1
after: 17
type: weapon
id: 0
Page: getleaderboard.aspx
AuthCode: =hEeYdpzK5rnLdEbV]J1GhQ__
Bytes: E0884A4564000000E986D80400008069
pos: 1
after: 17
type: combatscore
Page: getleaderboard.aspx
AuthCode: =jdV3JIFh1u]Wxxi]fMsLLg__
Bytes: E4884A4564000000E986D80400002594
pos: 1
after: 17
type: risingstar
Page: getleaderboard.aspx
AuthCode: =16bssWU4VjFINTwPGYmw1A__
Bytes: E8884A4564000000E986D8040000EB82
pos: 1
after: 17
type: commanderscore
Page: getleaderboard.aspx
AuthCode: =G3kchhw3s8jZNdjcqlEOsg__
Bytes: EA884A4564000000E986D80400002974
pos: 1
after: 17
type: teamworkscore
Page: getleaderboard.aspx
AuthCode: =i9AL8v8TAm0FlI0GvDtRsw__
Bytes: ED884A4564000000E986D80400002F04
pos: 1
after: 17
type: efficiency
Page: getleaderboard.aspx
AuthCode: =bqSWPpR09BWRQdK[jstoBg__
Bytes: F2884A4564000000E986D8040000B559
pos: 1
after: 17
type: efficiency
buddiesFilter: 81273635,81283179,81291832,81304838,81428658,82375860
Page: getleaderboard.aspx
AuthCode: =YGcfuim40euyIGIl4OcPjw__
Bytes: F3884A4564000000E986D8040000D422
pos: 1
after: 17
type: efficiency
buddiesFilter: 81273635,81283179,81291832,81304838,81428658,82375860
dogTagFilter: 1
Page: getleaderboard.aspx
AuthCode: =8MPmH1RhhhOxIX1NcH[nvA__
Bytes: F5884A4564000000E986D8040000B329
pos: 1
after: 17
type: efficiency
dogTagFilter: 1I guess i'm out of ideas on what to do next.
Edit:
after playing for a few hours i captured the packets again just to see if the last 2 bytes matched at all:
Code:
Page: getplayerprogress.aspx
AuthCode: =ycV6VToOYsBYtNRQTUMVfQ__
Bytes: 7FC04A4564000000E986D8040000EE32
mode: point
scale: game
Page: getplayerprogress.aspx
AuthCode: =5mdU9llSQWRENGoIwvriQg__
Bytes: 83C04A4564000000E986D8040000D903
mode: point
scale: game
Page: getleaderboard.aspx
AuthCode: =eFZG7ThcjiNbZCPBHisA8w__
Bytes: 8DC04A4564000000E986D8040000D5E3
pos: 1
after: 17
type: overallscore
Page: getplayerprogress.aspx
AuthCode: =PUi3D7mb1A3Je]q496ehqw__
Bytes: 8FC04A4564000000E986D80400001715
mode: point
scale: game
Page: getplayerprogress.aspx
AuthCode: =3cj84xBXa[XWSeF7Hx]5qw__
Bytes: 90C04A4564000000E986D80400008D48
mode: score
scale: game
Page: getplayerprogress.aspx
AuthCode: =3cj84xBXa[XWSeF7Hx]5qw__
Bytes: 90C04A4564000000E986D80400008D48
mode: ttp
scale: game
Page: getplayerprogress.aspx
AuthCode: =2GF1QcPfURipI246TBTITA__
Bytes: 91C04A4564000000E986D8040000EC33
mode: kills
scale: game
Page: getplayerprogress.aspx
AuthCode: =2GF1QcPfURipI246TBTITA__
Bytes: 91C04A4564000000E986D8040000EC33
mode: spm
scale: game
Page: getplayerprogress.aspx
AuthCode: =WHr0i1uaw]1EDl2PKJB1[Q__
Bytes: 92C04A4564000000E986D80400004FBE
mode: role
scale: game
Page: getplayerprogress.aspx
AuthCode: =WHr0i1uaw]1EDl2PKJB1[Q__
Bytes: 92C04A4564000000E986D80400004FBE
mode: flag
scale: game
Page: getplayerprogress.aspx
AuthCode: =EpkEe3sxla35ClTnzUgsuQ__
Bytes: 93C04A4564000000E986D80400002EC5
mode: waccu
scale: game
Page: getplayerprogress.aspx
AuthCode: =e7jhklDkxFAfFSQfSX0W5A__
Bytes: 95C04A4564000000E986D804000049CE
mode: wl
scale: game
Page: getplayerprogress.aspx
AuthCode: =bLaQgnS1zdUfaEPb2d1j4w__
Bytes: 96C04A4564000000E986D8040000EA43
mode: twsc
scale: game
Page: getplayerprogress.aspx
AuthCode: =f415wjcPQ2UjFWOpef6Xig__
Bytes: 98C04A4564000000E986D8040000E6A3
mode: sup
scale: game
Page: getplayerprogress.aspx
AuthCode: =Y8DnY6VKCIEMvC2oHDZqoQ__
Bytes: 9BC04A4564000000E986D8040000452E
mode: role
scale: game
Page: getplayerprogress.aspx
AuthCode: =3zLD185Jg2YAoRg0l]VNRw__
Bytes: A3C04A4564000000E986D8040000169E
mode: spm
scale: game
Page: getplayerprogress.aspx
AuthCode: =pivRs83uPSwvwWkrEXrltA__
Bytes: ACC04A4564000000E986D80400007B05
mode: kills
scale: game
Page: getplayerprogress.aspx
AuthCode: =]gi8lwcqtTz0a]X5uiLz8Q__
Bytes: B4C04A4564000000E986D8040000E728
mode: ttp
scale: game
Page: getplayerprogress.aspx
AuthCode: =SU8iLDLw4HLA5jkfrPAqjQ__
Bytes: B5C04A4564000000E986D80400008653
mode: score
scale: game
Page: getplayerprogress.aspx
AuthCode: =3jLi93LzHDA1haaLLjljfQ__
Bytes: B7C04A4564000000E986D804000044A5
mode: ttp
scale: game
Page: getplayerprogress.aspx
AuthCode: =xM[pLn]qum9Ta2N]7kJFNw__
Bytes: C3C04A4564000000E986D80400006628
mode: ttp
scale: game
Page: getplayerprogress.aspx
AuthCode: =xM[pLn]qum9Ta2N]7kJFNw__
Bytes: C3C04A4564000000E986D80400006628
mode: score
scale: game
Page: getplayerprogress.aspx
AuthCode: =1JEDRniXeEPhYBu3Z9sKNA__
Bytes: C4C04A4564000000E986D80400006058
mode: point
scale: game
Page: getplayerinfo.aspx
AuthCode: =FNBTXhzvmk]PV22gxIk1mw__
Bytes: C5C04A4564000000E986D80400000123
mode: ovr
Page: getplayerinfo.aspx
AuthCode: =bHdwMtmfjUnxMSkCIzlKhQ__
Bytes: C7C04A4564000000E986D8040000C3D5
mode: ply
Page: getplayerinfo.aspx
AuthCode: =tLLQZndZTkXsDrgaLJpC5g__
Bytes: C9C04A4564000000E986D8040000CF35
mode: titan
Page: getplayerinfo.aspx
AuthCode: =fJ8EB1U2pFai444O2km0Yw__
Bytes: CBC04A4564000000E986D80400000DC3
mode: wrk
Page: getplayerinfo.aspx
AuthCode: =xQLIwG6pjlZH[AdaIcYcJQ__
Bytes: CDC04A4564000000E986D80400006AC8
mode: com
Page: getplayerinfo.aspx
AuthCode: =KlBpvzBXh1h6gJt8JIQaCA__
Bytes: CEC04A4564000000E986D8040000C945
mode: wep
Page: getplayerinfo.aspx
AuthCode: =bZiH2]YoeT54stO2ooY8kg__
Bytes: D1C04A4564000000E986D80400005318
mode: veh
Page: getplayerinfo.aspx
AuthCode: =TzsQYvmWbasnQnUuKe7BrA__
Bytes: D4C04A4564000000E986D8040000979E
mode: map
Page: getleaderboard.aspx
AuthCode: =70AIsYIRRdQAEGoXrySZVQ__
Bytes: D8C04A4564000000E986D80400005988
pos: 1
after: 17
type: weapon
id: 0
Page: getleaderboard.aspx
AuthCode: =r71UdPhwOKndE6zlq3IbtQ__
Bytes: D9C04A4564000000E986D804000038F3
pos: 1
after: 17
type: vehicle
id: 0
Page: getleaderboard.aspx
AuthCode: =r71UdPhwOKndE6zlq3IbtQ__
Bytes: D9C04A4564000000E986D804000038F3
pos: 1
after: 16
type: supremecommander
Page: getleaderboard.aspx
AuthCode: =573slAANsYkWWfHSZ]3nRQ__
Bytes: DDC04A4564000000E986D80400009D0E
pos: 1
after: 17
type: overallscore
Page: getleaderboard.aspx
AuthCode: =xwvSSrv4jWRODAJoOYUyWg__
Bytes: DEC04A4564000000E986D80400003E83
pos: 1
after: 17
type: overallscore
dogTagFilter: 1
Page: getleaderboard.aspx
AuthCode: =HXhCZHo65c5AXXuM60N3Uw__
Bytes: DFC04A4564000000E986D80400005FF8
pos: 1
after: 17
type: overallscore
ccFilter: US
dogTagFilter: 1
Page: getleaderboard.aspx
AuthCode: =HXhCZHo65c5AXXuM60N3Uw__
Bytes: DFC04A4564000000E986D80400005FF8
pos: 1
after: 17
type: overallscore
ccFilter: US
buddiesFilter: 81273635,81283179,81291832,81304838,81428658,82375860
dogTagFilter: 1
Page: getleaderboard.aspx
AuthCode: =uTjYQsrJoCkvQLylEqjcDg__
Bytes: E0C04A4564000000E986D80400000A38
pos: 1
after: 17
type: overallscore
buddiesFilter: 81273635,81283179,81291832,81304838,81428658,82375860
dogTagFilter: 1
Page: getleaderboard.aspx
AuthCode: =8BD9spBro62fZmqYINs1mA__
Bytes: E1C04A4564000000E986D80400006B43
pos: 1
after: 17
type: overallscore
buddiesFilter: 81273635,81283179,81291832,81304838,81428658,82375860
Page: getleaderboard.aspx
AuthCode: =j9W06ypdAE0fFCQZfUTKvw__
Bytes: E2C04A4564000000E986D8040000C8CE
pos: 1
after: 17
type: overallscore
buddiesFilter: 81273635,81283179,81291832,81304838,81428658,82375860
dogTagFilter: 1
Page: getleaderboard.aspx
AuthCode: =pKMbGGOafUqAmlXfxDqjSg__
Bytes: E3C04A4564000000E986D8040000A9B5
pos: 1
after: 17
type: overallscore
dogTagFilter: 1
Page: getleaderboard.aspx
AuthCode: =Vf]rIlm47PuyWHA5pblz3A__
Bytes: E4C04A4564000000E986D8040000AFC5
pos: 1
after: 17
type: overallscore
ccFilter: US
dogTagFilter: 1
Page: getleaderboard.aspx
AuthCode: =D[Cerf]W5e6LKgHnQj[d7g__
Bytes: E5C04A4564000000E986D8040000CEBE
pos: 1
after: 17
type: overallscore
ccFilter: US
Page: getleaderboard.aspx
AuthCode: =l7PlctPECa5[VvW743D9QA__
Bytes: E6C04A4564000000E986D80400006D33
pos: 1
after: 17
type: overallscore
ccFilter: US
buddiesFilter: 81273635,81283179,81291832,81304838,81428658,82375860Last edited by Craigins (02 Nov 2006 8:19 pm)
Offline
#68 02 Nov 2006 10:50 pm
Re: bf2142 stat query protocol
Hi again, so here are class source-code and one example (same as on web) for coding and decoding auth key.
http://bf2142.bfstats.info/files/ea_support.zip
Now just one last think, what are these last two bytes 
Offline
#69 02 Nov 2006 10:56 pm
Re: bf2142 stat query protocol
One ask, all yours request was captured from client? When yes, than this last 4 bytes, these number 0100xxyy, so "01" by me, an "00" by you is I think just only flag if is client or server. My request are from server, so than "01".
Offline
#70 03 Nov 2006 1:04 am
Re: bf2142 stat query protocol
Yes, I believe you are right. 00 from client 01 from server. now for the last 2 bytes.
here are the functions that build up the query string that is used in the query (I think I got the whole function, IDA builds out an call tree, so the code here was taken from each node in the call tree, assuming they represent a subroutine or function). perhaps yall can make better sense of this than I (this is generated from IDA Pro, so it looks a little different, but the addresses should let you step through it).
getawardsinfo: address 005AF988
Code:
005AF988 005AF988 loc_5AF988: 005AF988 lea ecx, [esi+44h] 005AF98B call sub_6037E0 005AF990 push offset aGamespyauth ; "GameSpyAuth" 005AF995 lea ecx, [ebp+var_58] 005AF998 call ds:??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>>(char const *) 005AF99E mov ecx, dword_892F60 005AF9A4 mov edx, [ecx] 005AF9A6 lea eax, [ebp+var_58] 005AF9A9 push eax 005AF9AA call dword ptr [edx+48h] 005AF9AD lea ecx, [ebp+var_58] 005AF9B0 mov esi, eax 005AF9B2 call ds:__imp_??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::~basic_string<char,std::char_traits<char>,std::allocator<char>>(void) 005AF9B8 lea ecx, [ebp+var_3C] 005AF9BB push ecx 005AF9BC mov ecx, edi 005AF9BE call sub_542F00 005AF9C3 push offset aGetawardsinfo_ ; "getawardsinfo.aspx?pid=" 005AF9C8 push eax 005AF9C9 lea ecx, [ebp+var_74] 005AF9CC call ds:??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>>(basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>> const &) 005AF9D2 mov ecx, eax 005AF9D4 call ds:??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::operator+=(char const *) 005AF9DA push eax 005AF9DB lea ecx, [ebp+var_20] 005AF9DE call ds:??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>>(basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>> const &) 005AF9E4 lea ecx, [ebp+var_74] 005AF9E7 call ds:__imp_??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::~basic_string<char,std::char_traits<char>,std::allocator<char>>(void) 005AF9ED lea ecx, [ebp+var_3C] 005AF9F0 call ds:__imp_??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::~basic_string<char,std::char_traits<char>,std::allocator<char>>(void) 005AF9F6 mov eax, dword ptr [ebp+arg_C] 005AF9F9 mov edx, [esi] 005AF9FB push eax 005AF9FC push ebx 005AF9FD mov ecx, esi 005AF9FF call dword ptr [edx+10h] 005AFA02 push eax 005AFA03 push offset aAuth ; "&auth=" 005AFA08 push ebx ; char 005AFA09 lea ecx, [ebp+var_3C] 005AFA0C push offset aD_4 ; "%d" 005AFA11 push ecx ; int 005AFA12 call sub_61E1A0 005AFA17 add esp, 0Ch 005AFA1A push eax 005AFA1B lea ecx, [ebp+var_20] 005AFA1E call ds:?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::append(std::basic_string<char,std::char_traits<char>,std::allocator<char>> const &) 005AFA24 mov ecx, eax 005AFA26 call ds:?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::append(char const *) 005AFA2C mov ecx, eax 005AFA2E call ds:?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::append(std::basic_string<char,std::char_traits<char>,std::allocator<char>> const &) 005AFA34 lea ecx, [ebp+var_3C] 005AFA37 call ds:__imp_??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::~basic_string<char,std::char_traits<char>,std::allocator<char>>(void) 005AFA3D mov edx, [ebp+arg_8] 005AFA40 push edx 005AFA41 lea eax, [ebp+var_20] 005AFA44 push eax 005AFA45 mov ecx, edi 005AFA47 call sub_542AB0 005AFA4C test al, al 005AFA4E pop edi 005AFA4F lea ecx, [ebp+var_20] 005AFA52 jnz short loc_5AFA6C
getunlocksinfo: address 005B4B3A
Code:
005B4B3A 005B4B3A loc_5B4B3A: 005B4B3A lea ecx, [ebp+var_74] 005B4B3D push ecx 005B4B3E mov ecx, esi 005B4B40 call sub_542F00 005B4B45 push offset aGetunlocksinfo ; "getunlocksinfo.aspx?" 005B4B4A push eax 005B4B4B lea ecx, [ebp+var_58] 005B4B4E call ds:??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>>(basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>> const &) 005B4B54 mov ecx, eax 005B4B56 call ds:??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::operator+=(char const *) 005B4B5C push eax 005B4B5D lea ecx, [ebp+var_20] 005B4B60 call ds:??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>>(basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>> const &) 005B4B66 lea ecx, [ebp+var_58] 005B4B69 call ds:__imp_??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::~basic_string<char,std::char_traits<char>,std::allocator<char>>(void) 005B4B6F lea ecx, [ebp+var_74] 005B4B72 call ds:__imp_??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::~basic_string<char,std::char_traits<char>,std::allocator<char>>(void) 005B4B78 mov ecx, [ebp+arg_0] 005B4B7B mov edx, [edi] 005B4B7D test ebx, ebx 005B4B7F setnz al 005B4B82 push eax 005B4B83 push ecx 005B4B84 mov ecx, edi 005B4B86 call dword ptr [edx+10h] 005B4B89 push eax 005B4B8A push offset aAuth ; "&auth=" 005B4B8F lea ecx, [ebp+var_20] 005B4B92 call ds:?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::append(char const *) 005B4B98 mov ecx, eax 005B4B9A call ds:?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::append(std::basic_string<char,std::char_traits<char>,std::allocator<char>> const &) 005B4BA0 mov edx, [ebp+arg_4] 005B4BA3 push edx 005B4BA4 lea eax, [ebp+var_20] 005B4BA7 push eax 005B4BA8 mov ecx, esi 005B4BAA call sub_542AB0 005B4BAF test al, al 005B4BB1 pop esi 005B4BB2 lea ecx, [ebp+var_20] 005B4BB5 jnz short loc_5B4BCF
getunlocksinfo: address 005B4C41
Code:
005B4C41 005B4C41 loc_5B4C41: 005B4C41 lea ecx, [esi+4Ch] 005B4C44 mov byte ptr [esi+64h], 1 005B4C48 call sub_6037E0 005B4C4D push offset aGamespyauth ; "GameSpyAuth" 005B4C52 lea ecx, [ebp+var_3C] 005B4C55 call ds:??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>>(char const *) 005B4C5B mov ecx, dword_892F60 005B4C61 mov eax, [ecx] 005B4C63 lea edx, [ebp+var_3C] 005B4C66 push edx 005B4C67 call dword ptr [eax+48h] 005B4C6A lea ecx, [ebp+var_3C] 005B4C6D mov esi, eax 005B4C6F call ds:__imp_??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::~basic_string<char,std::char_traits<char>,std::allocator<char>>(void) 005B4C75 lea eax, [ebp+var_74] 005B4C78 push eax 005B4C79 mov ecx, edi 005B4C7B call sub_542F00 005B4C80 push offset aGetunlocksinfo ; "getunlocksinfo.aspx?" 005B4C85 push eax 005B4C86 lea ecx, [ebp+var_58] 005B4C89 call ds:??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>>(basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>> const &) 005B4C8F mov ecx, eax 005B4C91 call ds:??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::operator+=(char const *) 005B4C97 push eax 005B4C98 lea ecx, [ebp+var_20] 005B4C9B call ds:??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>>(basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>> const &) 005B4CA1 lea ecx, [ebp+var_58] 005B4CA4 call ds:__imp_??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::~basic_string<char,std::char_traits<char>,std::allocator<char>>(void) 005B4CAA lea ecx, [ebp+var_74] 005B4CAD call ds:__imp_??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::~basic_string<char,std::char_traits<char>,std::allocator<char>>(void) 005B4CB3 mov eax, [ebp+arg_0] 005B4CB6 mov edx, [esi] 005B4CB8 push 0 005B4CBA push eax 005B4CBB mov ecx, esi 005B4CBD call dword ptr [edx+10h] 005B4CC0 push eax 005B4CC1 push offset aAuth ; "&auth=" 005B4CC6 lea ecx, [ebp+var_20] 005B4CC9 call ds:?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::append(char const *) 005B4CCF mov ecx, eax 005B4CD1 call ds:?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::append(std::basic_string<char,std::char_traits<char>,std::allocator<char>> const &) 005B4CD7 push ebx 005B4CD8 lea ecx, [ebp+var_20] 005B4CDB push ecx 005B4CDC mov ecx, edi 005B4CDE call sub_542AB0 005B4CE3 test al, al 005B4CE5 pop edi 005B4CE6 pop esi 005B4CE7 pop ebx 005B4CE8 lea ecx, [ebp+var_20] 005B4CEB jnz short loc_5B4D03
playersearch address 005B6648
Code:
005B6648 005B6648 loc_5B6648: 005B6648 lea ecx, [esi+44h] 005B664B call sub_6037E0 005B6650 push offset aGamespyauth ; "GameSpyAuth" 005B6655 lea ecx, [ebp+var_58] 005B6658 call ds:??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>>(char const *) 005B665E mov ecx, dword_892F60 005B6664 mov eax, [ecx] 005B6666 lea edx, [ebp+var_58] 005B6669 push edx 005B666A call dword ptr [eax+48h] 005B666D lea ecx, [ebp+var_58] 005B6670 mov esi, eax 005B6672 call ds:__imp_??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::~basic_string<char,std::char_traits<char>,std::allocator<char>>(void) 005B6678 lea eax, [ebp+var_3C] 005B667B push eax 005B667C mov ecx, edi 005B667E call sub_542F00 005B6683 push offset aPlayersearch_a ; "playersearch.aspx?nick=" 005B6688 push eax 005B6689 lea ecx, [ebp+var_74] 005B668C call ds:??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>>(basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>> const &) 005B6692 mov ecx, eax 005B6694 call ds:??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::operator+=(char const *) 005B669A push eax 005B669B lea ecx, [ebp+var_20] 005B669E call ds:??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>>(basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>> const &) 005B66A4 lea ecx, [ebp+var_74] 005B66A7 call ds:__imp_??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::~basic_string<char,std::char_traits<char>,std::allocator<char>>(void) 005B66AD lea ecx, [ebp+var_3C] 005B66B0 call ds:__imp_??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::~basic_string<char,std::char_traits<char>,std::allocator<char>>(void) 005B66B6 mov edx, [esi] 005B66B8 push 0 005B66BA push 0 005B66BC mov ecx, esi 005B66BE call dword ptr [edx+10h] 005B66C1 mov ebx, [ebp+arg_0] 005B66C4 push eax 005B66C5 push offset aAuth ; "&auth=" 005B66CA lea eax, [ebp+var_3C] 005B66CD push eax 005B66CE call sub_5B64F0 005B66D3 push eax 005B66D4 lea ecx, [ebp+var_20] 005B66D7 call ds:?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::append(std::basic_string<char,std::char_traits<char>,std::allocator<char>> const &) 005B66DD mov ecx, eax 005B66DF call ds:?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::append(char const *) 005B66E5 mov ecx, eax 005B66E7 call ds:?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::append(std::basic_string<char,std::char_traits<char>,std::allocator<char>> const &) 005B66ED lea ecx, [ebp+var_3C] 005B66F0 call ds:__imp_??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::~basic_string<char,std::char_traits<char>,std::allocator<char>>(void) 005B66F6 mov ecx, [ebp+arg_8] 005B66F9 push ecx 005B66FA lea edx, [ebp+var_20] 005B66FD push edx 005B66FE mov ecx, edi 005B6700 call sub_542AB0 005B6705 test al, al 005B6707 pop edi 005B6708 pop esi 005B6709 pop ebx 005B670A lea ecx, [ebp+var_20] 005B670D jnz short loc_5B6725
getplayerprogress address 005B84D1
Code:
005B84D1 005B84D1 loc_5B84D1: 005B84D1 lea ecx, [edi+44h] 005B84D4 call sub_6037E0 005B84D9 mov eax, [edi+68h] 005B84DC mov ecx, [eax+4] 005B84DF lea esi, [edi+64h] 005B84E2 push ecx 005B84E3 mov ecx, esi 005B84E5 call sub_5B95B0 005B84EA mov eax, [esi+4] 005B84ED mov edx, [ebp+arg_0] 005B84F0 mov [eax+4], eax 005B84F3 mov eax, [esi+4] 005B84F6 mov dword ptr [esi+8], 0 005B84FD mov [eax], eax 005B84FF mov esi, [esi+4] 005B8502 mov eax, [ebp+arg_8] 005B8505 mov [esi+8], esi 005B8508 push offset aGamespyauth ; "GameSpyAuth" 005B850D lea ecx, [ebp+var_3C] 005B8510 mov [edi+54h], edx 005B8513 mov [edi+58h], ebx 005B8516 mov [edi+5Ch], eax 005B8519 mov dword ptr [edi+60h], 0FFFFFFFFh 005B8520 call ds:??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>>(char const *) 005B8526 mov ecx, dword_892F60 005B852C mov edx, [ecx] 005B852E lea eax, [ebp+var_3C] 005B8531 push eax 005B8532 call dword ptr [edx+48h] 005B8535 lea ecx, [ebp+var_3C] 005B8538 mov esi, eax 005B853A call ds:__imp_??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::~basic_string<char,std::char_traits<char>,std::allocator<char>>(void) 005B8540 mov edi, [ebp+arg_4] 005B8543 lea ecx, [ebp+var_74] 005B8546 push ecx 005B8547 mov ecx, edi 005B8549 call sub_542F00 005B854E push offset aGetplayerprogr ; "getplayerprogress.aspx" 005B8553 push eax 005B8554 lea ecx, [ebp+var_58] 005B8557 call ds:??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>>(basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>> const &) 005B855D mov ecx, eax 005B855F call ds:??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::operator+=(char const *) 005B8565 push eax 005B8566 lea ecx, [ebp+var_20] 005B8569 call ds:??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>>(basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>> const &) 005B856F lea ecx, [ebp+var_58] 005B8572 call ds:__imp_??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::~basic_string<char,std::char_traits<char>,std::allocator<char>>(void) 005B8578 lea ecx, [ebp+var_74] 005B857B call ds:__imp_??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::~basic_string<char,std::char_traits<char>,std::allocator<char>>(void) 005B8581 mov eax, [ebp+arg_0] 005B8584 mov edx, [esi] 005B8586 push 0 005B8588 push eax 005B8589 mov ecx, esi 005B858B call dword ptr [edx+10h] 005B858E push eax 005B858F mov eax, [ebp+arg_8] 005B8592 lea ecx, ds:0[eax*8] 005B8599 sub ecx, eax 005B859B push offset aAuth ; "&auth=" 005B85A0 lea edx, unk_88B4D8[ecx*4] 005B85A7 push edx 005B85A8 lea eax, ds:0[ebx*8] 005B85AF sub eax, ebx 005B85B1 push offset aScale_0 ; "&scale=" 005B85B6 lea ecx, unk_88B548[eax*4] 005B85BD push ecx 005B85BE push offset a?mode ; "?mode=" 005B85C3 lea ecx, [ebp+var_20] 005B85C6 call ds:?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::append(char const *) 005B85CC mov ecx, eax 005B85CE call ds:?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::append(std::basic_string<char,std::char_traits<char>,std::allocator<char>> const &) 005B85D4 mov ecx, eax 005B85D6 call ds:?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::append(char const *) 005B85DC mov ecx, eax 005B85DE call ds:?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::append(std::basic_string<char,std::char_traits<char>,std::allocator<char>> const &) 005B85E4 mov ecx, eax 005B85E6 call ds:?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::append(char const *) 005B85EC mov ecx, eax 005B85EE call ds:?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::append(std::basic_string<char,std::char_traits<char>,std::allocator<char>> const &) 005B85F4 push 1 005B85F6 lea edx, [ebp+var_20] 005B85F9 push edx 005B85FA mov ecx, edi 005B85FC call sub_542AB0 005B8601 test al, al 005B8603 pop esi 005B8604 lea ecx, [ebp+var_20] 005B8607 jnz short loc_5B8621
there are a few more, but dont have anything to do w/ stats (they have to do w/ sending info like unlock or rank up and so on).
I'll wander through these functions tomorrow.
NICE WORK ON THE ENCODING / DECODING CODE TUBAR!!!
so I take it from the fact that you coded everything out by hand that the encryption algorithm is not Rijndael?
Offline
#71 03 Nov 2006 1:23 am
Re: bf2142 stat query protocol
No, algorithm IS true RijndaelMadHatter :
so I take it from the fact that you coded everything out by hand that the encryption algorithm is not Rijndael?
But they use self key coding, self Hash coding/encoding table, not standart.
Last edited by Tubar (03 Nov 2006 1:24 am)
Offline
#72 03 Nov 2006 1:27 am
Re: bf2142 stat query protocol
Small offtopic, have somebody table of unlock from stella-gamespy to real unlocks in BF2142?
I mean what number for what unlock is from getunlocksinfo.aspx ?
For example: D\t211\n 211 - what is these unlock (kit, weapon)?
PS: I try over weekend find formula to generate these last two bytes.
Offline
#74 03 Nov 2006 6:59 am
- Dok
- New Member
- Registered: Nov 2006
- Posts: 3
Re: bf2142 stat query protocol
Finally something I can contribute with.Tubar :
Small offtopic, have somebody table of unlock from stella-gamespy to real unlocks in BF2142?
I mean what number for what unlock is from getunlocksinfo.aspx ?
For example: D\t211\n 211 - what is these unlock (kit, weapon)?
PS: I try over weekend find formula to generate these last two bytes.
As per Battlefield2142\mods\bf2142\Localization\strings.cvs (in all different languages as well, if you'd prefer something non-english)
Also there's a DESCRIPTION_UNLOCK_xxx if you want to read about the unlocks.NAME_UNLOCK_111 APM
NAME_UNLOCK_112 DysTek Hi-Scope x4
NAME_UNLOCK_113 Gruber 5 Stabilizer
NAME_UNLOCK_114 Zeller-H Advanced Sniper Rifle
NAME_UNLOCK_121 RDX DemoPak
NAME_UNLOCK_122 NetBatâ„¢ Fade Delay
NAME_UNLOCK_123 IT-33 Active Camouflage
NAME_UNLOCK_124 Lambert Carbine
NAME_UNLOCK_211 Herzog AR-Shotgun
NAME_UNLOCK_212 NetBatâ„¢ Infantry ID
NAME_UNLOCK_213 PK-74 AR-Rocket
NAME_UNLOCK_214 Baur H-AR
NAME_UNLOCK_221 AED-6 Defibrillator
NAME_UNLOCK_222 Advanced Med Hub
NAME_UNLOCK_223 SG-34 Grenade
NAME_UNLOCK_224 Voss L-AR
NAME_UNLOCK_311 AE Defuser
NAME_UNLOCK_312 NetBatâ„¢ Vehicle ID
NAME_UNLOCK_313 PDS-1
NAME_UNLOCK_314 Pilum H-AVR
NAME_UNLOCK_321 II-14 EMP
NAME_UNLOCK_322 DysTek Repair v2.0
NAME_UNLOCK_323 II-29 Motion Mine
NAME_UNLOCK_324 SAAW 86 Anti-Air
NAME_UNLOCK_411 V5 EMP Grenade
NAME_UNLOCK_412 NetBatâ„¢ Active Camo ID
NAME_UNLOCK_413 A12 Enforcer Sentry Gun
NAME_UNLOCK_414 Ganz HMG
NAME_UNLOCK_421 IPS Shield
NAME_UNLOCK_422 Advanced Ammo Hub
NAME_UNLOCK_423 DysTek Pulse Meter
NAME_UNLOCK_424 Clark 15B Shotgun
NAME_UNLOCK_511 FRG-1 Grenade
NAME_UNLOCK_512 Sprintcor 20 Enhanced Endurance
NAME_UNLOCK_513 Staminar 9 Recovery System
NAME_UNLOCK_514 MaxClip
NAME_UNLOCK_515 Extra Grenade
NAME_UNLOCK_521 SLSB
NAME_UNLOCK_522 RD-4 Otus
NAME_UNLOCK_523 SD-8 Accipiter
As far as the numbering system goes:
NAME_UNLOCK_xyz
x = category (1=Sniper, 2=Assault, 3=Engineer, 4=Support, 5=General)
y = unlock path (1=first unlock path, 2=second unlock path)
z = order (1=first to unlock, etc)
Same file for awards:
And from that, we can determine:AWARD_NAME_100_1 Support Service Badge
AWARD_NAME_101_1 Recon Service Badge
AWARD_NAME_102_1 Assault Service Badge
AWARD_NAME_103_1 Engineer Service Badge
AWARD_NAME_104_1 Squad Leader Badge
AWARD_NAME_105_1 Collectors Badge
AWARD_NAME_106_1 Pistol Commendation Badge
AWARD_NAME_107_1 Explosive Gallantry Badge
AWARD_NAME_108_1 Air Defense Badge
AWARD_NAME_109_1 Commander Excellence Badge
AWARD_NAME_110_1 Titan Commander Badge
AWARD_NAME_111_1 Engineer Excellence Badge
AWARD_NAME_112_1 Medic Excellence Badge
AWARD_NAME_113_1 Resupply Service Badge
AWARD_NAME_114_1 Armor Service Badge
AWARD_NAME_115_1 Aircraft Service Badge
AWARD_NAME_116_1 Transport Service Badge
AWARD_NAME_117_1 Titan Combat Excellence Badge
AWARD_NAME_118_1 Titan Defense Excellence Badge
AWARD_NAME_119_1 Titan Destruction Achievement Badge
AWARD_NAME_200 Bronze Star
AWARD_NAME_201 Silver Star
AWARD_NAME_202 Gold Star
AWARD_NAME_203 Distinguished Service Medal
AWARD_NAME_204 Infantry Combat Medal
AWARD_NAME_205 Meritorious Infantry Combat Medal
AWARD_NAME_206 Infantry Combat of Merit Medal
AWARD_NAME_207 Medal of Gallantry
AWARD_NAME_208 European Honorific Cross
AWARD_NAME_209 Distinguished Pan Asian Star
AWARD_NAME_210 Meritorious Conquest Medal
AWARD_NAME_211 Meritorious Titan Medal
AWARD_NAME_212 Aircraft Combat Medal
AWARD_NAME_213 Armor Service Medal
AWARD_NAME_214 Good Conduct Medal
AWARD_NAME_215 Honorable Service Medal
AWARD_NAME_216 Purple Heart
AWARD_NAME_217 Air Transport Transfer Medal
AWARD_NAME_218 Titan Medallion
AWARD_NAME_219 Ground Base Medallion
AWARD_NAME_300 Air Defense Ribbon
AWARD_NAME_301 Aircraft Service Ribbon
AWARD_NAME_302 HALO Ribbon
AWARD_NAME_303 Infantry Officer Ribbon
AWARD_NAME_304 Combat Commander Ribbon
AWARD_NAME_305 Distinguished Unit Service Ribbon
AWARD_NAME_306 Meritorious Unit Service Ribbon
AWARD_NAME_307 Valorous Unit Service Ribbon
AWARD_NAME_308 War College Ribbon
AWARD_NAME_309 Armored Service Ribbon
AWARD_NAME_310 Crew Service Ribbon
AWARD_NAME_311 Pac Duty Ribbon
AWARD_NAME_312 European Duty Ribbon
AWARD_NAME_313 Soldier Merit Ribbon
AWARD_NAME_314 Good Conduct Ribbon
AWARD_NAME_315 Legion Of Merit Ribbon
AWARD_NAME_316 Ground Base Defense Ribbon
AWARD_NAME_317 Aerial Service Ribbon
AWARD_NAME_318 Titan Aerial Defense Ribbon
AWARD_NAME_319 Titan Commander Ribbon
AWARD_NAME_400 Combat Efficiency Pin
AWARD_NAME_401 Distinguished Combat Efficiency Pin
AWARD_NAME_402 Problem solver Pin
AWARD_NAME_403 Titan Destructor Pin
AWARD_NAME_404 Troop Transporter Pin
AWARD_NAME_406 Titan Defender Pin
AWARD_NAME_407 Infiltrator Pin
AWARD_NAME_408 Wheels of Hazard Pin
AWARD_NAME_409 Collectors Pin
AWARD_NAME_410 Explosive Efficiency Pin
AWARD_NAME_411 Emergency Rescue Pin
AWARD_NAME_412 Titan survival Pin
AWARD_NAME_413 Firearm Efficiency Pin
AWARD_NAME_414 Clear skies Pin
AWARD_NAME_415 Close Combat Pin
AWARD_NAME_xyy_z
x = award type (1=badge, 2=medal, 3=ribbon, 4=pin)
yy = award id
z = badge level (1=basic, 2=veteran, 3=expert)
The Award_Criteria (in the Localization file) matches up with the results from /getbackendinfo.aspx:
awards.setData 106_3 "6,7, ,18" "1,7,wkls-5;wkls-11,300"
106_3 = award name
"6,7, ,18" "1,7,wkls-5;wkls-11,300" = requirements (quote separated)
1 = type of data (see below)
7 = award criteria name (see localization file)
wkls-5;wkls-11 = variable (optional) (; means add values)
300 = requirement
types of data:
1= global number (scores, kills, etc)
3= global number (scores, kills, etc)
5= award requirement (like basic badge)
6= per round number (scores, kills, etc)
9= global time (hours)
10= per round time (minutes)
11= global time (hours)
I still prefer the medal_data file from ranked servers, as its more detailed. http://files.filefront.com//;6126188;;/ (I just barely uploaded it and unsure how fast filefront distributes to its mirrors)
Last edited by Dok (03 Nov 2006 7:53 am)
Offline
#75 03 Nov 2006 8:29 am
Offline
