Hi everybody,
I'm looking for some information and direction for something I'm trying to do, I'm NOT looking for somebody to do all the work for me, I would just like advice on where I should start in order to achieve what I want to achieve. Any help whatsoever, even if it's a comment like "Go back to whatever grave you crawled out of"
, would be greatly appreciated.
In simple terms, I'm trying to create a Server Emulator for Toontown Online, now I realize, I will probably never achieve this goal, as I've found a few posts with people wanting to do the same, (see here, here, and here) however they all vanish never to be heard from again, :blink: I can only assume they gave up, and I probably will too, but since I'm so darn stubborn, I must at the very least attempt this goal.
:
Now what I'm trying to do is log packets from Toontown (toontown.exe) and the Toontown game servers (h-t-t-p-s://gameserver-lv.toontown.c-o-m). I can log these packets in Wireshark, and I can filter them just find to only get the packets I want for Toontown, however these packets are encrypted (who knew right?) [sarcasm]Gee, I wonder if it has anything to do with the fact that it's using HTTPS[/sarcasm]
I know that it uses OpenSSL, and HTTPClient as this game runs ontt1: I can even type find "HTTPClient" and find a few things of interest, so not much work in that area, the engine is Panda3D which is completely open sourced, if your not familiar with it, it's just a mixture of python with a C++ wrapper from I understand, so you get the easy to use python, with the speed of C++, or so the tagline claims.
The startup process for Toontown is pretty simple, You just start the TT Launcher, the launcher downloads news, checks to see if a file is present on the server that would describe the servers being closed, if not found, it decides TT is live, and allows you to login. You input your username and password, launcher goes to (h-t-t-p-s://toontown.go.com/launcher/login?n=YOUR_USERNAME&p=YOUR_PASSWORD), it will give you a login token only valid for a couple of days. The launcher then hands this information off to "toontown.exe" and then Toontown starts.
You can start this toontown.exe manually once you get a login token.
This is not my info, this is found off google, to start Toontown manually you just open up notepad and past the following.
You just replace "zzz" with your username, and replace "vvv" with your login token, now just name your file "runtt.bat", then just run the bat file in the same folder as "toontown.exe".
Toontown will then start, it will check if all files are updated, and update if necessary.
Then it will proceed to log you in, while downloading ToonNews files (just simple image files that contain weekly news). When it logs in, it starts communicating with the game server, which currently points to IP "68.71.220.197", however that is via https, and that is where I'm stuck at.
Now all the data is stored as a
This is "certificates.txt"
This is "gameserver.txt"
Why do I think they don't use them anymore? Toontown's log file keeps saying it cannot read "gameserver.txt", and if it can't read that, how is it communicating with the server?
Anyway to make a long story short, instead of messing with finding these SSL keys, and decrypting, I thought maybe I should just go straight to the source, and intercept calls to "HTTPClient", I would assume I write a bit of code that intercepts calls and sends packets to my own logger so I can inspect them without needing to decrypt anything.
Problem is, I don't know the first thing about trying to do that, any advice on where to start would be greatly appreciated, I'm currently trying to learn python, (by trying, I mean I know nothing except the very basic, "Hello World") I do not know C++, but I'm willing to learn.
Sorry for the long post, but I just wanted to provide as much information as I could.
Any advice would be sweet, Thanks for reading.
Anything related to my actual question is in bold, so you can just skim through the rest.
I'm looking for some information and direction for something I'm trying to do, I'm NOT looking for somebody to do all the work for me, I would just like advice on where I should start in order to achieve what I want to achieve. Any help whatsoever, even if it's a comment like "Go back to whatever grave you crawled out of"
, would be greatly appreciated.In simple terms, I'm trying to create a Server Emulator for Toontown Online, now I realize, I will probably never achieve this goal, as I've found a few posts with people wanting to do the same, (see here, here, and here) however they all vanish never to be heard from again, :blink: I can only assume they gave up, and I probably will too, but since I'm so darn stubborn, I must at the very least attempt this goal.
:Now what I'm trying to do is log packets from Toontown (toontown.exe) and the Toontown game servers (h-t-t-p-s://gameserver-lv.toontown.c-o-m). I can log these packets in Wireshark, and I can filter them just find to only get the packets I want for Toontown, however these packets are encrypted (who knew right?) [sarcasm]Gee, I wonder if it has anything to do with the fact that it's using HTTPS[/sarcasm]
I know that it uses OpenSSL, and HTTPClient as this game runs on
You must be registered to see links
and
You must be registered to see links
is well documented, also you can find "HTTPClient" on "toontown.exe" while viewing with a hex editor, and OpenSSL is listed on their
You must be registered to see links
page. I've found that (toontown.exe) has no encryption, you can easily view it in HxD or any other hex editor, infact I'm looking at it right now! tt1: I can even type find "HTTPClient" and find a few things of interest, so not much work in that area, the engine is Panda3D which is completely open sourced, if your not familiar with it, it's just a mixture of python with a C++ wrapper from I understand, so you get the easy to use python, with the speed of C++, or so the tagline claims.The startup process for Toontown is pretty simple, You just start the TT Launcher, the launcher downloads news, checks to see if a file is present on the server that would describe the servers being closed, if not found, it decides TT is live, and allows you to login. You input your username and password, launcher goes to (h-t-t-p-s://toontown.go.com/launcher/login?n=YOUR_USERNAME&p=YOUR_PASSWORD), it will give you a login token only valid for a couple of days. The launcher then hands this information off to "toontown.exe" and then Toontown starts.
You can start this toontown.exe manually once you get a login token.
This is not my info, this is found off google, to start Toontown manually you just open up notepad and past the following.
Code:
@echo off
set DOWNLOAD_SERVER=http://download.toontown.com/english/currentVersionWIN/content
set WEB_ACCT_PARAMS=None
set GAME_USERNAME=zzz
set GAME_SERVER=https://gameserver-lv.toontown.com
set LOGIN_TOKEN=vvv
set GAME_CHAT_ELIGIBLE=1
set ACCOUNT_SERVER=http://toontown.go.com
Toontown.exe
pauseToontown will then start, it will check if all files are updated, and update if necessary.
Then it will proceed to log you in, while downloading ToonNews files (just simple image files that contain weekly news). When it logs in, it starts communicating with the game server, which currently points to IP "68.71.220.197", however that is via https, and that is where I'm stuck at.
Now all the data is stored as a
You must be registered to see links
, and these multifiles are named "Phase_3.mf, Phase_5.mf, ext." very easy to extract (as the engine is opensourced), as such I have found a few certificates, but I don't think TT uses them anymore.This is "certificates.txt"
Code:
This file contains SSL public-key certificates to allow the client to
confirm the identify of our various account servers when logging in.
This one is for VeriSign. We are no longer using VeriSign to sign our
certificate.
subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
notBefore=Nov 9 00:00:00 1994 GMT
notAfter=Jan 7 23:59:59 2010 GMT
-----BEGIN CERTIFICATE-----
MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
-----END CERTIFICATE-----
This is the old authority we are using at the moment.
GTE CyberTrust Root CA
======================
MD5 Fingerprint: C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
PEM Data:
-----BEGIN CERTIFICATE-----
MIIB+jCCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD
VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv
b3QwHhcNOTYwMjIzMjMwMTAwWhcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV
UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
cnVzdCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC45k+625h8cXyv
RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5
1KiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABKz
dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46WXTeorKeDWanOB5sCJo9Px4KWl
IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy
bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
-----END CERTIFICATE-----
This is the new authority
-----BEGIN CERTIFICATE-----
MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYD
VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv
bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJv
b3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1OTAwWjB1MQswCQYDVQQGEwJV
UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU
cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds
b2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrH
iM3dFw4usJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTS
r41tiGeA5u2ylc9yMcqlHHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X4
04Wqk2kmhXBIgD8SFcd5tB8FLztimQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG3r
GwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017l9
3PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OFNMQkpw0P
lZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/
-----END CERTIFICATE-----
This is the old intermediary
-----BEGIN CERTIFICATE-----
MIID8TCCA1qgAwIBAgIEBAADaTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJV
UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
cnVzdCBSb290MB4XDTA0MDIxMzIwMTQwMFoXDTA2MDIxNDIzNTkwMFowWTELMAkG
A1UEBhMCVVMxGzAZBgNVBAoTEkRpc25leSBFbnRlcnByaXNlczENMAsGA1UECxME
V0RJRzEeMBwGA1UEAxMVRGlzbmV5IEVudGVycHJpc2VzIENBMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1HrbfLhJJiEh08clD4p7ImZwXJGkSCLiMjhy
W2ZqG+4F31NI5IRuGvi6bYS0JHLGrZlwzOwVYPNJRkw456V9ySiGkn7asYA6UpeX
BKcpvEHzhMECcerASfJkRJGt8LTBMKj+j1Ba6tRFTGJB5ltImTWu8dUK4zmyCIKG
t5ncNQZ9b4okwUepcm066puW+ZdBwVz3mc1QLJd/tqWk+3pG7jXpwe57hOzm8bzc
WN1++Auj3ul5ixO/vSWdcaYcUGZfSIv9cxd4t+ZX+a1416HNbOaWWEDQZL5zdKPv
7+8VMFOHbc4T+uHbTlypq7MQ2N6yQ+Jc0aKFBcbXzSBLtCsDnwIDAQABo4IBVDCC
AVAwRQYDVR0fBD4wPDA6oDigNoY0aHR0cDovL3d3dy5wdWJsaWMtdHJ1c3QuY29t
L2NnaS1iaW4vQ1JMLzIwMDYvY2RwLmNybDAdBgNVHQ4EFgQUFWzskgNWiGGCVe0x
XzI+hfB446UwVAYDVR0gBE0wSzBJBgoqhkiG+GMBAgEFMDswOQYIKwYBBQUHAgEW
LWh0dHA6Ly93d3cucHVibGljLXRydXN0LmNvbS9DUFMvT21uaVJvb3QuaHRtbDBu
BgNVHSMEZzBlgBRYpN7jZfL+IfQC8xexeClpZIuW2qFJpEcwRTELMAkGA1UEBhMC
VVMxGDAWBgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEcMBoGA1UEAxMTR1RFIEN5YmVy
VHJ1c3QgUm9vdIICAaMwDgYDVR0PAQH/BAQDAgHGMBIGA1UdEwEB/wQIMAYBAf8C
AQAwDQYJKoZIhvcNAQEFBQADgYEAjMKpK/cOEY8Jefw6jp1BOPvzLDpfKV8Yk3jh
M+o2xG/0Hqfj6A5+EsZOtkZbBLo+btB+RWtdcb5OY+5TWJ/I4TLvAspcwJK4uAvO
U1zRB5fsB62g/EqMVD2YSMxWjj4OPXC/ylzzSBXblZh8kG/S6xdOZ0joMqdNAwti
XLyzTjI=
-----END CERTIFICATE-----
This is the new intermediary
-----BEGIN CERTIFICATE-----
MIIEXTCCA8agAwIBAgIEBAADyTANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJV
UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU
cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds
b2JhbCBSb290MB4XDTA1MDIxMDIwMTUwMFoXDTEwMDIxMDIzNTkwMFowYzELMAkG
A1UEBhMCVVMxGzAZBgNVBAoTEkRpc25leSBFbnRlcnByaXNlczENMAsGA1UECxME
V0RJRzEoMCYGA1UEAxMfRGlzbmV5IEVudGVycHJpc2VzIENBIFZlcnNpb24gMjCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN2n/e7OBIWirj13JFzaSP8h
lT5FBDMtRa0vN8J+lqTXpcRBsp/izfHEC+nXl3dNTTRaQ5UMEpDsK0LzBZJ8mJwV
7Wv0vL6wJJNtzEKJZFrGIUnypMP3Mz4NARl11CSV/Jyi7IrhQYAts4QYj8ASfiim
S/s1soM4tzETxgGY/44I5Fx98+8mMn3vFYW4eDVjxNuTaqEgJ0pXw1GsuI2EbcM2
SvpCDeTgRQkofLsaqxX3Mnddn5yKx24dCYPk+z9kWGbp4OSfk1scGK90J5x7kQOD
G5AiViUoLdv5Nmngbm78AtDwobFhr0Sw+w7up0oIHtp9GN7cNMVvEdSFK05xyTkC
AwEAAaOCAYYwggGCMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly93d3cucHVibGlj
LXRydXN0LmNvbS9jZ2ktYmluL0NSTC8yMDE4L2NkcC5jcmwwHQYDVR0OBBYEFKVz
dBkWpmhHGBrXalZmh3RuKtVRMFMGA1UdIARMMEowSAYJKwYBBAGxPgEAMDswOQYI
KwYBBQUHAgEWLWh0dHA6Ly93d3cucHVibGljLXRydXN0LmNvbS9DUFMvT21uaVJv
b3QuaHRtbDCBoAYDVR0jBIGYMIGVgBSmDB2fYf8HF7W/OEbbQzDVjrBSBqF5pHcw
dTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UE
CxMeR1RFIEN5YmVyVHJ1c3QgU29sdXRpb25zLCBJbmMuMSMwIQYDVQQDExpHVEUg
Q3liZXJUcnVzdCBHbG9iYWwgUm9vdIICAaUwDgYDVR0PAQH/BAQDAgHGMBIGA1Ud
EwEB/wQIMAYBAf8CAQAwDQYJKoZIhvcNAQEFBQADgYEAHs7TTLhrA72ikDGRGEDM
wTimVDcGEn6uTiGZlH96TRa0aWphrgtiHhUKVqK1J0bGtYEu4pOeI6VgAe3NmFkn
I81JT4eaK99MytZLFDTxJBCyto0VvGy2Ha7IWkT9v/3qxNk+15zKiMGBAEV2ojIB
5jCXGdQuHPDvXO3KuRS57s0=
-----END CERTIFICATE-----This is "gameserver.txt"
Code:
-----BEGIN CERTIFICATE-----
MIIC3jCCAkegAwIBAgIBADANBgkqhkiG9w0BAQQFADCBtDELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCkNhbGlmb3JuaWExGDAWBgNVBAcTD05vcnRoIEhvbGx5d29vZDEb
MBkGA1UEChMSRGlzbmV5IEVudGVycHJpc2VzMQ0wCwYDVQQLEwRXRElHMSAwHgYD
VQQDExdnYW1lc2VydmVyLnRvb250b3duLmNvbTEoMCYGCSqGSIb3DQEJARYZdG9v
bnRvd25AZGlzbmV5b25saW5lLmNvbTAeFw0wMzA5MTgwNTMwMjhaFw0wNjA5MTcw
NTMwMjhaMIG0MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEYMBYG
A1UEBxMPTm9ydGggSG9sbHl3b29kMRswGQYDVQQKExJEaXNuZXkgRW50ZXJwcmlz
ZXMxDTALBgNVBAsTBFdESUcxIDAeBgNVBAMTF2dhbWVzZXJ2ZXIudG9vbnRvd24u
Y29tMSgwJgYJKoZIhvcNAQkBFhl0b29udG93bkBkaXNuZXlvbmxpbmUuY29tMIGf
MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCiNKkoSGdeBvMgsHpRWePENUW5ja9w
LTwbyinbDDIyJ8JIEQTPNxYosWvqhZGj+QEI3ya5KJM58LniuGHPbnC+C+XTEwwS
XZXIaMJjNT2GJ3gpJWytgVrk+A6zSaT2PHyE9wAPBF7lbBvLxCFUQ+N0I4QK0tus
k1rqixVGrqGz2wIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAAcgKbTgDY34c881vLrB
o2QqGqauXko9G8surSDbFjZWwbcIyGJyhwMCXzHQCLh9yruMbCMq5S7LZpS4yslX
aH3iboemYE7xT7RoFU4pPU5EQ2hJ+M5v79H81ubnuFrdOhk7pyo67Pn508X62V+j
eic2l1RcbBc5s9iq3+F2Ns5l
-----END CERTIFICATE-----Why do I think they don't use them anymore? Toontown's log file keeps saying it cannot read "gameserver.txt", and if it can't read that, how is it communicating with the server?
Anyway to make a long story short
, instead of messing with finding these SSL keys, and decrypting, I thought maybe I should just go straight to the source, and intercept calls to "HTTPClient", I would assume I write a bit of code that intercepts calls and sends packets to my own logger so I can inspect them without needing to decrypt anything.Problem is, I don't know the first thing about trying to do that, any advice on where to start would be greatly appreciated, I'm currently trying to learn python, (by trying, I mean I know nothing except the very basic, "Hello World") I do not know C++, but I'm willing to learn.
Sorry for the long post, but I just wanted to provide as much information as I could.
Any advice would be sweet, Thanks for reading.
Anything related to my actual question is in bold, so you can just skim through the rest.
