Code:
SUMMARY
author: sku/thesku
description: parses diablo3 tcp streams and
maps the packets to their respective
protobuf messages, simulates client
and server behaviour and keeps track
of bound services / responses etc.
credits: shadow^dancer, TOM_RUS, #d3.dev
legal: code posted to public domain by sku, no copyright
use at your own risk
DATA FILE FORMAT
1) open wireshark
2) filter for tcp.srcport==1119||tcp.dstport==1119
3) rightclick any packet -> Follow TCP stream
4) save all bytes to all.dat
5) save client->server bytes to c2s.dat
6) save server->client bytes to s2c.dat
7) place these 3 files in the ./data folder
OMG
yes, this is a poc, it's ugly, get over it
Capturing a (failed) login attempt and then replaying it:
Code:
D3 client<->server protocol simulator
replaying real login protocol
*** server received packet ***
> this is total packet 0x0001
> this is server's 0x0001-th received packet
> packet header: [service=0x0] [method=0x1] [request=0x0] [unknown=0x0] [size=0x0]
> packet payload/protobuffer:
no payload!
> packet received on service id 0x00 with hash 0x00000000
handler 0x00000000 called, method: 0x1 (service id: 0x00)
>>> ConnectRequest
*** client received packet ***
> this is total packet 0x0002
> this is client's 0x0001-th received packet
> packet header: Answer [service=0xfe] [method=0x0] [request=0x0] [size=0x1a]
> packet payload/protobuffer:
00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
-----------------------------------------------
0000 0a 0c 08 dd e9 8e bb 0e 10 85 a8 c9 f3 04 12 0a
0010 08 c3 f2 02 10 df b5 cf f3 04
> packet received on service id 0xfe with hash 0xfffffffe
handler 0xfffffffe called, method: 0x0, request:0x0000 (service id: 0xfe)
>>> ConnectResponse
server_id {
label: 3882071261
epoch: 1316115461
}
client_id {
label: 47427
epoch: 1316215519
}
*** server received packet ***
> this is total packet 0x0003
> this is server's 0x0002-th received packet
> packet header: [service=0x0] [method=0x2] [request=0x1] [unknown=0x0] [size=0x13]
> packet payload/protobuffer:
00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
-----------------------------------------------
0000 0a 08 32 db 32 b7 ff 96 07 fa 12 07 0d 94 80 8c
0010 bf 10 02
> packet received on service id 0x00 with hash 0x00000000
handler 0x00000000 called, method: 0x2 (service id: 0x00)
>>> BindRequest
imported_service_hash: 3073563442
imported_service_hash: 4194801407
exported_service {
hash: 3213656212
id: 2
}
*** client received packet ***
> this is total packet 0x0004
> this is client's 0x0002-th received packet
> packet header: Answer [service=0xfe] [method=0x0] [request=0x1] [size=0x4]
> packet payload/protobuffer:
00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
-----------------------------------------------
0000 0a 02 04 03
> packet received on service id 0xfe with hash 0xfffffffe
handler 0xfffffffe called, method: 0x0, request:0x0001 (service id: 0xfe)
>>> BindResponse
imported_service_id: 4
imported_service_id: 3
*** server received packet ***
> this is total packet 0x0005
> this is server's 0x0003-th received packet
> packet header: [service=0x0] [method=0x2] [request=0x2] [unknown=0x0] [size=0xf]
> packet payload/protobuffer:
00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
-----------------------------------------------
0000 0a 04 01 fc ec 0d 12 07 0d 35 0e 24 71 10 03
> packet received on service id 0x00 with hash 0x00000000
handler 0x00000000 called, method: 0x2 (service id: 0x00)
>>> BindRequest
imported_service_hash: 233634817
exported_service {
hash: 1898188341
id: 3
}
*** client received packet ***
> this is total packet 0x0006
> this is client's 0x0003-th received packet
> packet header: Answer [service=0xfe] [method=0x0] [request=0x2] [size=0x3]
> packet payload/protobuffer:
00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
-----------------------------------------------
0000 0a 01 01
> packet received on service id 0xfe with hash 0xfffffffe
handler 0xfffffffe called, method: 0x0, request:0x0002 (service id: 0xfe)
>>> BindResponse
imported_service_id: 1
*** server received packet ***
> this is total packet 0x0007
> this is server's 0x0004-th received packet
> packet header: [service=0x1] [method=0x1] [request=0x3] [unknown=0x0] [size=0x53]
> packet payload/protobuffer:
00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
-----------------------------------------------
0000 0a 02 44 33 12 03 57 69 6e 1a 04 65 6e 55 53 22
0010 0b 73 6b 75 40 73 6b 75 2e 73 6b 75 28 02 32 33
0020 41 75 72 6f 72 61 20 33 39 36 62 38 36 33 32 61
0030 37 5f 70 75 62 6c 69 63 2f 31 38 38 20 28 41 75
0040 67 20 33 31 20 32 30 31 31 20 32 30 3a 32 35 3a
0050 30 37 29
> packet received on service id 0x01 with hash 0x0decfc01
handler 0x0decfc01 called, method: 0x1 (service id: 0x01)
>>> LogonRequest
program: "D3"
platform: "Win"
locale: "enUS"
email: "[email protected]"
listener_id: 2
version: "Aurora 396b8632a7_public/188 (Aug 31 2011 20:25:07)"
*** client received packet ***
> this is total packet 0x0008
> this is client's 0x0004-th received packet
> packet header: Answer [service=0xfe] [method=0x3] [request=0x3] [size=0x0]
> packet payload/protobuffer:
no payload!
> packet received on service id 0xfe with hash 0xfffffffe
handler 0xfffffffe called, method: 0x3, request:0x0003 (service id: 0xfe)
>>> LogonResponse
*** client received packet ***
> this is total packet 0x0009
> this is client's 0x0005-th received packet
> packet header: [service=0x0] [method=0x4] [request=0x0] [unknown=0x0] [size=0x2]
> packet payload/protobuffer:
00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
-----------------------------------------------
0000 08 03
> packet received on service id 0x00 with hash 0x00000000
handler 0x00000000 called, method: 0x4 (service id: 0x00)
>>> DisconnectNotification
error_code: 3