You are not logged in.

#1 17 Oct 2007 3:02 pm

winsr
Extreme Member
Registered: Mar 2007
Posts: 90

Research to understand the buddy search for BF2142

Ok guys, this is what i have to start, the guy that did the gslist to query for gamespy servers, has made this app... (by my request) to sniff data sent between the bf2142 client and server, and dump it into a txt.

Help me out. Ill try my best.


http://aluigi.altervista.org/papers/bf2_sniff.zip

Here are the instructions.

experimental tool/hooker for monitoring the reading and the writing of the network protocol used in the BF2 and BF2142 games.
In short there is a loader for the clients and one for the servers which are compatible with both the two games and seems also with almost any known version.
All you need to do is placing bf2_sniff_client.exe, bf2_sniff_server.exe and bf2_sniff.dll in the folder of your game and launching the needed bf2_sniff_* executable which will inject the dll in the loaded process (the loaders allow you to decide also the command and the dll to load in case you want to customize them without recompiling).
All the bits read and wrote (received and sent) by your game will be automatically dumped in a text file which can be viewed in any moment.
If you want to understand the network protocol of this game engine, bf2_sniff will help you a lot

Offline

 

#2 02 Nov 2007 3:15 pm

TheRussian
New Member
Registered: Dec 2006
Posts: 2

Re: Research to understand the buddy search for BF2142

The site http://aluigi.altervista.org/papers/bf2_sniff.zip requires registration to download.

Do you have a link to the bf2_sniff.zip that does not require any registration?

Offline

 

#3 03 Nov 2007 7:31 pm

MadHatter
Administrator
From: Dallas TX
Registered: Jun 2006
Posts: 529
Website

Re: Research to understand the buddy search for BF2142

http://sanity-free.org/binary/bf2_sniff.zip  though it didn't require me to register to download it.

Offline

 

#4 05 Nov 2007 7:42 pm

TheRussian
New Member
Registered: Dec 2006
Posts: 2

Re: Research to understand the buddy search for BF2142

Thanks for the link

Offline

 

#5 08 Nov 2007 6:53 am

winsr
Extreme Member
Registered: Mar 2007
Posts: 90

Re: Research to understand the buddy search for BF2142

so have any of you guys found anything?, i just cant figure out anything of the info i retrive...

Offline

 

#6 08 Nov 2007 9:26 am

MadHatter
Administrator
From: Dallas TX
Registered: Jun 2006
Posts: 529
Website

Re: Research to understand the buddy search for BF2142

its part of the login / session protocol. 

you basically have to emulate the client logging in, and communicating with the account servers. 

if you want to implement this in your app, you're going to have to crack the login / session initiation & maintenance process.

I can tell you the process, what you'll need to figure out is how to implement the hard parts.

this is from a really old packet dump.

Account / session protocol:

  • Client: connects to account server
  • Server: sends a challenge message

    \lc\1\challenge\SWRJLYCZHN\id\1\final\

  • Client: sends a login message:

    \login\\challenge\V21CDSB2vtHFY0GyutWJvNlzOXT9n3tG\authtoken\B2Bc0...(shortened)...CAQTk=\response\09...(shortened)...24\port\9926\productid\10709\gamename\stella\namespaceid\20\sdkrevision\3\id\1\final\

  • Server: sends session information

    \lc\2\sesskey\131701165\proof\b0740366d97d647f7632af53611938d2\userid\68781086\profileid\81246737\uniquenick\MadHatter2142\lt\rrPePfqBdPzOAuw0yzwbDR__\id\1\final\

  • Server: sends a list of buddy messages you may have received:

    \bm\1\f\82188143\date\1175876059\msg\asdfasdf\final\

    then sends a successive list of your buddies and their status:

    \bm\100\f\82533347\msg\|s|0|ss|Offline\final\
    \bm\100\f\81437920\msg\|s|0|ss|Offline\final\
    \bm\100\f\81306093\msg\|s|0|ss|Offline\final\
    \bm\100\f\81168298\msg\|s|0|ss|Offline\final\
    \bm\100\f\81242994\msg\|s|0|ss|Offline\final\
    \bm\100\f\82260954\msg\|s|0|ss|Offline\final\
    \bm\100\f\95467242\msg\|s|0|ss|Offline\final\
    \bm\100\f\82188143\msg\|s|0|ss|Offline\final\
    \bm\100\f\81465904\msg\|s|0|ss|Offline\final\

  • it does some other things which aren't related to the buddy system, then
  • Client: sends the log off message when it shuts down / when you quit

    \logout\\sesskey\131701165\final\



  • so once you get the login stuff figured out, getting the buddy list is pretty simple as its just  a matter of parsing the \bm\100\f\81465904\msg\|s|0|ss|Offline\final\ line for each buddy.  and since none of my buddies were online when I did this, I'm assuming that |s|0|ss|Offline would contain some sort of useful information regarding what server they're on.

    just like the auth stuff, I'm sure figuring out the challenge / response encryption stuff will involve disassembling the game client to track down what its doing to generate those encryption values. 

    here's what I see just off the top of my head on the login request:

    1. the challenge key is a 24 byte base64 encoded string.
    2. the authtoken looks like a base 64 encoded byte array, but is consistently the wrong length for base 64 decoding
    3. the response key is a 16 byte hex encoded string

    and as usual I'm sure the challenge key is used to generate one or more of those values.  I'm sure you're familiar with the byte swap they do with the server query using the challenge key, so I'm sure something similar is being employed here as well.


    so anyway... I've had so little spare time that I haven't even fired up bf2142 in over a month now.  I'm sure with the help of someone versed in x86 assembler, finding out how to generate those values from the game binary should be fairly straight forward.

    Offline

     

    #7 25 Nov 2007 10:35 pm

    winsr
    Extreme Member
    Registered: Mar 2007
    Posts: 90

    Re: Research to understand the buddy search for BF2142

    well after a quite some test, i haven't find out the way to do it, but i have come to think that the server returns the status of your in game buddy list, which does not allows me to query it for custom players, so i made it the hard way, app now comes with a routine that queries every and each single server in real time, after cleaning up the code and doing it in a thread pool, it take about a minute to finish all the query, and if you have a fast connection, or are close to much servers, it can take about 40 secs, i know that its still a lot of time, for the 5 secs it takes bf2142 to find players, but this is as best i can offer until there is another way to do it.

    By the way, i didn't know if i told this on this server, but app updates are not coming anymore are new installers. they now all come as updates that can be taken from within the application (the app updater its really great now, with new interface and all). So the installer version is here,

    http://www.crbf-team.com/software/bf214 … /Setup.msi

    If you never used the application before, you'll need all there before you install the app. (you might not need them all)

    http://www.crbf-team.com/software/bf214 … tnetfx.exe
    http://www.crbf-team.com/software/bf214 … stmsia.exe
    http://www.crbf-team.com/software/bf214 … v2-x86.exe
    http://www.crbf-team.com/software/bf214 … ac_typ.exe
    http://www.crbf-team.com/software/bf214 … /owc10.exe

    I'm currently stopped doing bf2142 updates, (last one was adding the unlocks) since I've pretty much added all that could been added, i guess, and started working on bf2 stats on the same app, it will come as application updates, currently its on beta stages, so if something does not displays good (that should display good) or you find any errors let me know.

    Offline

     

    #8 26 Nov 2007 11:46 am

    MadHatter
    Administrator
    From: Dallas TX
    Registered: Jun 2006
    Posts: 529
    Website

    Re: Research to understand the buddy search for BF2142

    I get an unhandled exception in the LoadPlayer_Click event handler (when I try to load up my player stats).

    here's the stack trace

    System.Runtime.InteropServices.COMException (0x80040154): Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG))
       at System.Windows.Forms.UnsafeNativeMethods.CoCreateInstance(Guid& clsid, Object punkOuter, Int32 context, Guid& iid)
       at System.Windows.Forms.AxHost.CreateWithoutLicense(Guid clsid)
       at System.Windows.Forms.AxHost.CreateWithLicense(String license, Guid clsid)
       at System.Windows.Forms.AxHost.CreateInstanceCore(Guid clsid)
       at System.Windows.Forms.AxHost.CreateInstance()
       at System.Windows.Forms.AxHost.GetOcxCreate()
       at System.Windows.Forms.AxHost.TransitionUpTo(Int32 state)
       at System.Windows.Forms.AxHost.CreateHandle()
       at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)
       at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)
       at System.Windows.Forms.AxHost.EndInit()
       at BF2142_PlayerStats.FrmPlayerStats.InitializeComponent()
       at BF2142_PlayerStats.FrmPlayerStats..ctor()
       at BF_Stats.FrmBFMain.LoadPlayer_Click(Object sender, EventArgs e)
       at System.Windows.Forms.ToolStripItem.RaiseEvent(Object key, EventArgs e)
       at System.Windows.Forms.ToolStripButton.OnClick(EventArgs e)
       at System.Windows.Forms.ToolStripItem.HandleClick(EventArgs e)
       at System.Windows.Forms.ToolStripItem.HandleMouseUp(MouseEventArgs e)
       at System.Windows.Forms.ToolStripItem.FireEventInteractive(EventArgs e, ToolStripItemEventType met)
       at System.Windows.Forms.ToolStripItem.FireEvent(EventArgs e, ToolStripItemEventType met)
       at System.Windows.Forms.ToolStrip.OnMouseUp(MouseEventArgs mea)
       at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
       at System.Windows.Forms.Control.WndProc(Message& m)
       at System.Windows.Forms.ScrollableControl.WndProc(Message& m)
       at System.Windows.Forms.ToolStrip.WndProc(Message& m)
       at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
       at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
       at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)

    Offline

     

    #9 27 Nov 2007 4:43 am

    winsr
    Extreme Member
    Registered: Mar 2007
    Posts: 90

    Re: Research to understand the buddy search for BF2142

    since it loads good on both my computers then im guessing you need to install this first, its on the list above

    http://www.crbf-team.com/software/bf214 … /owc10.exe , and try to run the application updates too.

    Last edited by winsr (27 Nov 2007 4:44 am)

    Offline

     



    © 2003 - 2019 NullFX
    Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License