GOM + client replication

[polimorfic]

Anyone have info about how data from packet client replication transaction changes GOM-nodes in memory?

[Mikanor]

It would be interesting to know how packet structure looks like. After a quick review, it seemed that there is encryption, so it is difficult to make conclusions.

If there is an entry point to the encryption method, please - share address. OllyDBg work under 64 bit systems is very peculiar.

[Apoc]

The replication stuff is just how HeroEngine sends data from the server, to the client. (In essence, the server has a full client-view. The server updates values, etc, and the engine automatically sends the modified values to the client. Sort of like WoW's object update packet, but in a more "easy to use" way.)

[polimorfic]

i know what is replication, i need concrete info about it. Where is changed node fqn, where are changes, etc ...


>It would be interesting to know how packet structure looks like. After a quick review, it seemed that there is encryption, so it is difficult to make conclusions

no encryption, FQNs and additional info. You can find Frame reading address with 0x34287945 constant, it is easy. Search cmp ..., 34287945h jz ...

Format for numbers:
first byte - size marker: 0C9 - 2 bytes, 0CC - 5 bytes, 0CD - 6 bytes, 0CF - 8 bytes.
second byte...secondbyte+(sizeMarker-0xC7) - number

CC 17 F0 50 4D AF = 0x00000017f0504daf
CF 40 00 00 AD DA C0 35 E1 = 0x400000addac035e1


btw in server emu section you can find sniff dumps decryptor/depacker.