Hi, I want to learn how to write an emulator but I need a little bit help first.
Does someone know what the GunZ Handshake key is for and how to find it, or maybe a little information about it.
Thanks for your time.
Hi, I want to learn how to write an emulator but I need a little bit help first.
Does someone know what the GunZ Handshake key is for and how to find it, or maybe a little information about it.
Thanks for your time.
You can use this as a reference : http://forum.ragezone.com/f496/wip-b...ulator-735369/
The handshake is the packet sent from the server right after a connection is established. It basically says "I'm here and I'm real, let's do it". If you look into the source of CSCommon, in MServer.cpp, you'll find a function called OnLocalLogin. In that function has another function called InitCryptCommObject, where the handshake is created. If you look into that same file, you'll see the function, which has the actual handshake creation function MMakeSeedKey which is located in MMatchUtil.cpp.
Pretty much, when you connect, MatchServer gets a LOCAL_LOGIN packet, which gets routed to the OnLocalLogin function. Then, when it goes to send the packet confirming, it calls SendMsgReplyConnect.
The handshake is basically a set of your personal information used to encrypt and decrypt the packets. MUID and IP are the two essential things, as well as 2 sets of keys used. Need any more information, just ask.
Handshake keys of my emulator (To be precise, It is not mine codes.) is...
Those things are brought from Gunz.exe. In Jan 5 2012's case is...Code:const unsigned char HSKey1[] = {0x37, 0x04, 0x5D, 0x2E, 0x43, 0x3A, 0x49, 0x53, 0x50, 0x05, 0x13, 0xC9, 0x28, 0xA4, 0x4D, 0x05}, HSKey2[] = {0x57, 0x02, 0x5B, 0x04, 0x34, 0x06, 0x01, 0x08, 0x37, 0x0A, 0x12, 0x69, 0x41, 0x38, 0x0F, 0x78};
Code:005B1418 |. C64424 14 57 MOV BYTE PTR SS:[ESP+14],57 005B141D |. C64424 15 02 MOV BYTE PTR SS:[ESP+15],2 005B1422 |. C64424 16 5B MOV BYTE PTR SS:[ESP+16],5B 005B1427 |. C64424 17 04 MOV BYTE PTR SS:[ESP+17],4 005B142C |. C64424 18 34 MOV BYTE PTR SS:[ESP+18],34 005B1431 |. C64424 19 06 MOV BYTE PTR SS:[ESP+19],6 005B1436 |. C64424 1A 01 MOV BYTE PTR SS:[ESP+1A],1 005B143B |. C64424 1B 08 MOV BYTE PTR SS:[ESP+1B],8 005B1440 |. C64424 1C 37 MOV BYTE PTR SS:[ESP+1C],37 005B1445 |. C64424 1D 0A MOV BYTE PTR SS:[ESP+1D],0A 005B144A |. C64424 1E 12 MOV BYTE PTR SS:[ESP+1E],12 005B144F |. C64424 1F 69 MOV BYTE PTR SS:[ESP+1F],69 005B1454 |. C64424 20 41 MOV BYTE PTR SS:[ESP+20],41 005B1459 |. C64424 21 38 MOV BYTE PTR SS:[ESP+21],38 005B145E |. C64424 22 0F MOV BYTE PTR SS:[ESP+22],0F 005B1463 |. C64424 23 78 MOV BYTE PTR SS:[ESP+23],78 005B149B |. B0 05 MOV AL,5 005B149D |. C641 10 37 MOV BYTE PTR DS:[ECX+10],37 005B14A1 |. C641 17 53 MOV BYTE PTR DS:[ECX+17],53 005B14A5 |. C641 11 04 MOV BYTE PTR DS:[ECX+11],4 005B14A9 |. C641 12 5D MOV BYTE PTR DS:[ECX+12],5D 005B14AD |. C641 13 2E MOV BYTE PTR DS:[ECX+13],2E 005B14B1 |. C641 14 43 MOV BYTE PTR DS:[ECX+14],43 005B14B5 |. C641 15 3A MOV BYTE PTR DS:[ECX+15],3A 005B14B9 |. C641 1B C9 MOV BYTE PTR DS:[ECX+1B],0C9 005B14BD |. C641 16 49 MOV BYTE PTR DS:[ECX+16],49 005B14C1 |. C641 18 50 MOV BYTE PTR DS:[ECX+18],50 005B14C5 |. 8841 19 MOV BYTE PTR DS:[ECX+19],AL (5) 005B14C8 |. C641 1A 13 MOV BYTE PTR DS:[ECX+1A],13 005B14CC |. C641 1C 28 MOV BYTE PTR DS:[ECX+1C],28 005B14D0 |. C641 1D A4 MOV BYTE PTR DS:[ECX+1D],0A4 005B14D4 |. C641 1E 4D MOV BYTE PTR DS:[ECX+1E],4D 005B14D8 |. 8841 1F MOV BYTE PTR DS:[ECX+1F],AL (5)
Thanks a lot PenguinGuy & Delpa, this is very useful ^^
Isn't there anyway to do maps like MatchAgent, Locator put it in the Matchserver folder and just replace everything. Example: Matchagent/Matchagent.cpp to Matchagent.cpp and then happy editing
I didn't really start working on an emulator but that just was upcoming in my mind
Just realized I wrote that kinda badly x_x.
@ForceGFX, I can't understand you, reword you sentences so I can understand what you mean.
He probaly means to change the path from Matchagent/Locator to 1 folder, And then edit some things and have everything in 1 at Matchserver.exeOriginally Posted by PenguinGuy
He basically wants write a 3-in-1 (Locator, MatchAgent, MatchServer) emulator.
The good part of that would be the compactness, but that means you can't have multiple servers (you can't have multiple locators binding to the same port, and building one 3-in-1 runnable then another standalone server would be ridiculous).
I suppose you CAN use threading, but that would be much harder than just writing a single emulator and binding multiple instances to different ports.
If you're interested in writing an emulator, maybe a bunch of developers should bunch up and start a public repository, pick a common language, and start working on it? If anyone's interested in cross-platformability, I'd love to sign up.
Reply With Quote