Black Desert Emulator

[InCube]

Black Desert Emulator


​

Black Desert Emulator. Working on EU client. KR client also might work if you wanted to.
We are currently in progress of making an emulator which will get us into the world of Black Desert. Soon we will see some action.

Project website:
-

You must be registered to see links

* I'm not working on this project anymore therefore please don't message me regarding it.

 

[djbadboys38]

Re: [Development] BDjServer => Black Desert Server

I'am happy to see your new project mate...

 

[InCube]

Re: [Development] BDjServer => Black Desert Server

I have found that current JAVA environment is not good for the project. I mean, if we do java we will have to convert byte buffers to byte array and then again but in reverse constantly which will HOG the memory until nothing is left and it's really difficult to manage BD crypto with it.


I've chosen C# for this particular reason and will be updating the github link and project name shortly.

 

[Bruno Peinado]

Re: [Development] DesertProject (Black Desert Emulator)

Good Luck.

i'm just a programmer javaweb(servlet,scrum,rest,iJasper,php,sql) and this game dont come to my contry:thumbdown:.

How did you learn reverse engine?

 

[InCube]

Re: [Development] DesertProject (Black Desert Emulator)

Bruno, its reletively simple to understand everything when you hook the main functions, dump the themida packet exe and then search what you need by that address, convert to Objective C source and keep looking until what you need I will be writing a packet dumper aka dump all packets and their opcodes with function address after i finish writing the new socket server






I have just updated the sent packet headers, I will put encryption part once I get my hands on first packet received from client to server.

The basic idea of BD encryption is that the key is always generated on the server-side, which is being sent when user connects to the server.
I will have to update some things right now to receive the packets, because it's quite buggy at the moment, but once sorted out, it will work fine. I would also like to mention that on each server patch only the actual header changes and there might be a slight chance for change in opcode. Crypto is mixed using AES keys and Rijindael 128-bit.

 

[InCube]

Re: [Development] DesertProject (Black Desert Emulator)

New patch just came out.

I will be writing a sniffer so we could dump the login data for different crypto. I have no idea what changed, but looking forward to it.

 

[HiGaming]

Re: [Development] DesertProject (Black Desert Emulator)

hi, im a general coder C++,C# .NET, java, php, html, javascript,...i have a little knowleged about hooking with C++, can i working with you on this project ?

 

[InCube]

Re: [Development] DesertProject (Black Desert Emulator)

hi, im a general coder C++,C# .NET, java, php, html, javascript,...i have a little knowleged about hooking with C++, can i working with you on this project ?

Sure, soon I will make it in C++/Lua, for now it is in C# for some people whom want to start right away.

Currently it would be helpful if there were some reverse engineerers to get the exact crypto, maybe @DNC / @CodeDragon / @MentaL know ?

Last patch 675 (version.dat) has updated the packet headers again, including one more packet to the initialization.
Here's the dump:

00 until 07 is the packet header.
00 is packet size
01 is unknown
02 is possibly the flag to know if the packet is encrypted
03-04 is unknown
05-06 is packet id
07-end is the content of the packet.

Note:
Server packet id never changes, only client id
--

As far as I know, 0x03EB (1003 in DEC) sends the key which is used to "Hello World" the client and give the key for encrypting further packets.
0xB720 (46880 in DEC) on other hands is a new packet id introduced with 675 client patch.

If there are some reversers, please don't be afraid to talk.

 

[DNC]

Re: [Development] DesertProject (Black Desert Emulator)

I will be looking into this,but I'm still finishing the previous project while sick as a dog.
Perhaps I'll get an opportunity next week to review this.
If I were feeling better, I'd jump in now. lastfun would had been a really good choice for reviewing packets, but is temporarily infraction banned.

 

[whhacker93]

Re: [Development] DesertProject (Black Desert Emulator)

this looks promising, i wish i could take part in it but i'm a nub with C# compared to all of you guys.

 

[InCube]

Re: [Development] DesertProject (Black Desert Emulator)

Crypto has changed since last patch.. Trying to analyse what changed since then.

Possible new crypto:

signed int __userpurge sub_B363D0<eax>(int a1<eax>, int a2, int a3)
{
  int v3; // edx@1
  signed int v4; // eax@3
  int v5; // ecx@3
  int v6; // ebx@3
  int v7; // ebp@3
  int v8; // edi@3
  int v9; // esi@3
  int v10; // ebp@3
  int v11; // ebx@4
  int v12; // eax@5
  int v13; // ST18_4@5
  int v14; // edx@5
  char v15; // zf@5
  signed int result; // eax@7
  int v17; // eax@7
  signed int v18; // eax@7
  signed int v19; // eax@7
  signed int v20; // eax@7
  int v21; // [sp+Ch] [bp-1Ch]@4
  int v22; // [sp+10h] [bp-18h]@4
  signed int v23; // [sp+18h] [bp-10h]@3
  char v24; // [sp+1Ch] [bp-Ch]@2
  signed int v25; // [sp+2Ch] [bp+4h]@7
  signed int v26; // [sp+2Ch] [bp+4h]@7
  signed int v27; // [sp+2Ch] [bp+4h]@7
  int v28; // [sp+30h] [bp+8h]@7


  v3 = a3;
  if ( !*(_BYTE *)(a2 + 4) )
  {
    v65a82e52(&v24, a3, &off_1C75CEC);
    a1 = sub_11FF3AE(&v24, &dword_18B9578);
  }
  v5 = *(_DWORD *)(a2 + 8) ^ (*(_BYTE *)(a1 + 3) | (*(_BYTE *)(a1 + 2) << 8) | (*(_BYTE *)(a1 + 1) << 16) | (*(_BYTE *)a1 << 24));
  v9 = *(_DWORD *)(a2 + 12) ^ (*(_BYTE *)(a1 + 7) | (*(_BYTE *)(a1 + 6) << 8) | (*(_BYTE *)(a1 + 5) << 16) | (*(_BYTE *)(a1 + 4) << 24));
  v8 = *(_DWORD *)(a2 + 16) ^ (*(_BYTE *)(a1 + 11) | (*(_BYTE *)(a1 + 10) << 8) | (*(_BYTE *)(a1 + 9) << 16) | (*(_BYTE *)(a1 + 8) << 24));
  v10 = (*(_BYTE *)(a1 + 13) << 16) | (*(_BYTE *)(a1 + 12) << 24) | *(_BYTE *)(a1 + 15) | (*(_BYTE *)(a1 + 14) << 8);
  v6 = a2;
  v4 = *(_DWORD *)(a2 + 976);
  v7 = *(_DWORD *)(a2 + 20) ^ v10;
  v23 = v4;
  if ( v4 > 1 )
  {
    v11 = a2 + 48;
    v21 = a2 + 48;
    v22 = v4 - 1;
    do
    {
      v12 = *(_DWORD *)(v11 - 4) ^ Rijndael_Te3[(unsigned __int8)v5] ^ Rijndael_Te0[(v9 >> 24) & 0xFF] ^ Rijndael_Te1[(v8 >> 16) & 0xFF] ^ Rijndael_Te2[(v7 >> 8) & 0xFF];
      v13 = *(_DWORD *)v21 ^ Rijndael_Te3[(unsigned __int8)v9] ^ Rijndael_Te2[(v5 >> 8) & 0xFF] ^ Rijndael_Te0[(v8 >> 24) & 0xFF] ^ Rijndael_Te1[(v7 >> 16) & 0xFF];
      v14 = *(_DWORD *)(v21 + 4) ^ Rijndael_Te3[(unsigned __int8)v8] ^ Rijndael_Te1[(v5 >> 16) & 0xFF] ^ Rijndael_Te2[(v9 >> 8) & 0xFF] ^ Rijndael_Te0[(v7 >> 24) & 0xFF];
      v11 = v21 + 32;
      v15 = v22-- == 1;
      v5 = *(_DWORD *)(v21 - 8) ^ Rijndael_Te3[(unsigned __int8)v7] ^ Rijndael_Te0[(v5 >> 24) & 0xFF] ^ Rijndael_Te1[(v9 >> 16) & 0xFF] ^ Rijndael_Te2[(v8 >> 8) & 0xFF];
      v8 = v13;
      v9 = v12;
      v7 = v14;
      v21 += 32;
    }
    while ( !v15 );
    v3 = a3;
    v6 = a2;
    v4 = v23;
  }
  v17 = 32 * v4 + v6 + 8;
  v28 = v17;
  v18 = *(_DWORD *)v17;
  v25 = v18;
  *(_BYTE *)v3 = byte_1790F50[(v5 >> 24) & 0xFF] ^ (v18 >> 24);
  *(_BYTE *)(v3 + 1) = byte_1790F50[(v9 >> 16) & 0xFF] ^ (v18 >> 16);
  *(_BYTE *)(v3 + 2) = byte_1790F50[(v8 >> 8) & 0xFF] ^ BYTE1(v25);
  *(_BYTE *)(v3 + 3) = v18 ^ byte_1790F50[(unsigned __int8)v7];
  v19 = *(_DWORD *)(v28 + 4);
  v26 = v19;
  *(_BYTE *)(v3 + 4) = byte_1790F50[(v9 >> 24) & 0xFF] ^ (v19 >> 24);
  *(_BYTE *)(v3 + 5) = byte_1790F50[(v8 >> 16) & 0xFF] ^ (v19 >> 16);
  *(_BYTE *)(v3 + 6) = byte_1790F50[(v7 >> 8) & 0xFF] ^ BYTE1(v26);
  *(_BYTE *)(v3 + 7) = v19 ^ byte_1790F50[(unsigned __int8)v5];
  v20 = *(_DWORD *)(v28 + 8);
  v27 = v20;
  *(_BYTE *)(v3 + 8) = byte_1790F50[(v8 >> 24) & 0xFF] ^ (v20 >> 24);
  *(_BYTE *)(v3 + 9) = byte_1790F50[(v7 >> 16) & 0xFF] ^ (v20 >> 16);
  *(_BYTE *)(v3 + 10) = byte_1790F50[(v5 >> 8) & 0xFF] ^ BYTE1(v27);
  *(_BYTE *)(v3 + 11) = v20 ^ byte_1790F50[(unsigned __int8)v9];
  result = *(_DWORD *)(v28 + 12);
  *(_BYTE *)(v3 + 12) = byte_1790F50[(v7 >> 24) & 0xFF] ^ (*(_DWORD *)(v28 + 12) >> 24);
  *(_BYTE *)(v3 + 13) = byte_1790F50[(v5 >> 16) & 0xFF] ^ (result >> 16);
  *(_BYTE *)(v3 + 14) = byte_1790F50[(v9 >> 8) & 0xFF] ^ BYTE1(result);
  *(_BYTE *)(v3 + 15) = result ^ byte_1790F50[(unsigned __int8)v8];
  return result;
}

 

[InCube]

Re: [Development] DesertProject (Black Desert Emulator)

Almost there... Almost...

 

[HiGaming]

Re: [Development] DesertProject (Black Desert Emulator)

maybe we need to create a team to work for a long time to make it work enough for enjoy ?

 

[InCube]

Re: [Development] DesertProject (Black Desert Emulator)

Crypto done, uploading sniffer and parser when done writing LoginServer (aka able to receive clients and stuff)

00 - 06 Header
07 - XX Body

Header content:
00 - 01 Packet Length
02 - IsEncrypted
03-04 Encryption state
05-06 Packet ID (If IsEncrypted > 0, need to decode packet before we get real packet ID)

maybe we need to create a team to work for a long time to make it work enough for enjoy ?

Hopefully there will be mate, hopefully.
But for now I need to write the login-server for people to begin actually doing something.

 

[InCube]

Re: [Development] Black Desert Emulator

C++ Emulator Day 6. Made the token generation like on official server, couldn't decrypt the packet on the server YET,
this might be because of incorrect use of Rajndael, it's kind of complicated to use it. Tomorrow I will figure it out

 

[Via Nais]

Re: [Development] Black Desert Emulator

Good luck for this project !!

 

[AzumaR2]

Re: [Development] Black Desert Emulator

C++ Emulator Day 6. Made the token generation like on official server, couldn't decrypt the packet on the server YET,
this might be because of incorrect use of Rajndael, it's kind of complicated to use it. Tomorrow I will figure it out

Damn you are good :O I will stay there and watch your project ...

 

[SGA]

Re: [Development] Black Desert Emulator

Hello,

I'm interested in this project.
I believe ragezone must create a section for this game.

I am unable to code VC++ but feel free to ask anything related to MySQL/MSSQL and PHP a decent ASP.
I also have 8 years of experience with Windows Server.
Currently working as a network manager in Datacenter.

IDK if you think I can be usefull with something, I'm here.

Thank you

 

[InCube]

Re: [Development] Black Desert Emulator

Hello,

I'm interested in this project.
I believe ragezone must create a section for this game.

I am unable to code VC++ but feel free to ask anything related to MySQL/MSSQL and PHP a decent ASP.
I also have 8 years of experience with Windows Server.
Currently working as a network manager in Datacenter.

IDK if you think I can be usefull with something, I'm here.

Thank you

I will see. But for now, there's nothing to do until I finish most of the things.



@DNC
I have just bypassed the "PIN" lockup and sent a server-list straight. Works wonders )
I will now parse the server-list and put there custom things and will see how it goes.

Just reversed the "Server list" packet, guess wut?

You will not be able to write English name, unless you use English patch.
Oh well, gonna do GameServer tomorrow.

 

[master_unknown]

Re: [Development] Black Desert Emulator

I hope people will not be greedy duck and steal your project then go dark.