Hello dear community,
is there any chance that there will be a private server for the new game Genshin Imapact?It is a great single player game but the Gacha system is terrible.
Many greetings
Genshin Impact Private Server
Hello dear community,
is there any chance that there will be a private server for the new game Genshin Imapact?It is a great single player game but the Gacha system is terrible.
Many greetings
xxxxxxx
Last edited by rafi441; 06-05-21 at 10:03 PM. Reason: xxx
If you can get around the cert pining of the application (possible). Then the game sends limited information to a HTTP based API over TLS. As long as the data is not encrypted in some way after that. It is complete possible to have a private server for this.
Collection of URLs I've observed being used by game engine
genshin.mihoyo.com
webstatic.mihoyo.com
api-static.mihoyo.com
api-static.mihoyo.com.w.cdngslb.com
genshin.mihoyo.com.w.kunlunsl.com
log-upload-os.mihoyo.com
sdk-os-static.mihoyo.com
config.uca.cloud.unity3d.com
cdp.cloud.unity3d.com
oseurodispatch.yuanshen.com
dispatchosglobal.yuanshen.com
webstatic-sea.mihoyo.com
hk4e-sdk-os.mihoyo.com
TLDR looked into it a bit. Cert Pinning on the Windows client can be ignored. As long as root CA you sign TLS traffic is in your OS Certs list all is good.
So here is the hard part. When you start the client the following happens.
Client first connects to dispatchosglobal.yuanshen.com it will then connect to one of the following.
- osusadispatch.yuanshen.com
- oseurodispatch.yuanshen.com
- osasiadispatch.yuanshen.com
The following packet is sent.
If automatic version detection is not successful then the next packet will be.GET /query_cur_region HTTP/1.1
Host: oseurodispatch.yuanshen.com
User-Agent: UnityPlayer/2017.4.30f1 (UnityWebRequest/1.0, libcurl/7.51.0-DEV)
Accept: */*
Accept-Encoding: gzip, deflate
X-Unity-Version: 2017.4.30f1
Connection: close
From which it will receive base64 encoded data that contains an IP and URLs for the next segment of the login. and other locations.GET /query_cur_region?version=OSRELWin1.0.0&lang=1&platform=3&binary=1&time=48&channel_id=1&sub_channel_id=0&account_type=1 HTTP/1.1
Connection: close
Host: oseurodispatch.yuanshen.com
So I've not done much more but as long as the base64 encoded data doesn't have a CRC, then it is possible to capture/intercept the next leg of information. Looking at the amount of information that is transferred suspect all info going forward remains at TLS traffic to an API.https://oseurooaserver.yuanshen.com/recharge:.euro
https://autopatchhk.yuanshen.com/cli...e_res/1.0_live
https://autopatchhk.yuanshen.com/cli..._data/1.0_live
https://webstatic-sea.mihoyo.com/ys/...ction=portrait
https://webstatic-sea.mihoyo.com/ys/...y/index.html#/
https://account.mihoyo.com
https://hk4e-api-os.mihoyo.com/commo...&authkey_ver=1
https://account.mihoyo.com/#/about/p...iz=hk4e_global
Impressive stuff KuroSaru, I understood some but not all of what you explained.However, I am wondering if we could change the game in order to make it solo, wouldn't it be easier this way ?The only issue is for updates, how do we get the new content that will be (I hope) regularly delivered by mihoyo ?
I need to spend more time to confirm if spawns, drops etc... are all client side or not. Suspect they are as can't see a reason for them not to be, apart from fact you can play in a team.
TLDR; Will need a full private server, sadly although the game acts like single player 99% it still communicates with a server like any online game.
Game data is sent via UDP and is encrypted with a XOR encryption. All validation checks are handled client side. So Skill cooldowns are clientside etc..
Gacha and co-op modes are the servers side. That's why it needs instant internet connection.
Then to get the xor key i guess we need to reverse the client, i checked it and both cbt2 client and release client are protected with VMProtectOriginally Posted by KuroSaru
nice to see some ppl that already looked into the game & encryption stuff.
but the idea isnt bad. private server without the bad rates of the gacha. +1
Out of curiosity, how did you figure out that it was an XOR encryption?
Updated reasoning for XOR to be provided at a later date.
_________________IGNORE BELOW________________
Reason for saying XOR is based on the gameloop that takes place when spawning (you join the world).
Last edited by KuroSaru; 17-11-20 at 03:04 PM.
big brain. ty for the infomations. maybe its time to create a packetsniffer.Reason for saying XOR is based on the gameloop that takes place when spawning (you join the world).
Definitely been keeping an eye on this thread for the past week and I have to say, it's been very interesting to read all this. A lot of it I don't understand but I still am getting the gist of a few things. All in all, I don't want to lose hope and it's absolutely commendable that KuroSaru is deep diving into this and giving us a lot of insight. I hope that something good comes out of this and a private server can happen, I absolutely love this game but jfc the currency/xp scaling is absolutely horrendous! Keeping an eye for your updates KuroSaru, thank you for providing the info and data that may be useful for others as well!
Honestly, I think the better idea would be an offline version of Genshin Impact. A private server might get shut down due to legal reasons, and the multiplayer is very limited as it stands. An offline option where I can just edit my resin, mora and primogems might be the better route. Maybe not as fun to some, but its better than spending $1000s on gacha.
That would take way more time than just emulating the server, if is not impossible, bc it would require recode a lot of stuff in the game, there's no need to make a private server, an open source emulator can be done so everyone can host its own server on its own machine
i hope have offline play, game offline content to much, no need private server first :(
KuroSaru have you figured out what the server name is that is used for UDP ? I did not see any IP being transmitted in the JSON content before it connects. So I wonder where this comes from. Also I noticed that the port number is not always the same.
You're 100% right. I guess I should've explained myself better but that was the same concept I was thinking just poor wording. Having people emulate their own server would be the best route imo. I would hate to see someone put in a ton of work for a multiplayer private server only to be hit with DMCAs and/or potential lawsuits. Maybe a potential feature to have people connect to your server so you can do multiplayer with only people you want to join.
So after all the data transfer via HTTPS has taken place the last transfer contains a BASE64 encoded data chunk. Within this base64 encoded data blob is the IP and port for the UDP traffic and for the game to connect to. There are other aspects that take place here after this point. Spending time looking at traffic game has support for TLS over UDP but not seen proof it is enabled yet.
Here is example of data decoded from the BASE64 packet, you can see the IP and port (hex number, not ascii)
I have been off and on looking into the game, current plan is to redirect login to a simply server I control in a more sensible way, modifying windows HOSTS file feels unreasonable. I have no plan to make a private server but am interested/planning on a local simulation to allow offline playing.
@Kuro,We have a team working at decrypting the release client and the lots for just that, will PM the discord if you are interested in joining and pool skills / ideas.Cheers.
Do you think the local simulation would allow modifying resin, primogems, etc?
very detailed information, holy smokes o,oReason for saying XOR is based on the gameloop that takes place when spawning (you join the world).
If you really serious to reverse engineer this game , you should create a way so people could support you like a patreon or something more crypted like a bitcoin/monero address to avoid legal action in the future if it successful . Create a discord server so we could follow this stuff privately and get more people technical on board. Just an idea you know.So after all the data transfer via HTTPS has taken place the last transfer contains a BASE64 encoded data chunk. Within this base64 encoded data blob is the IP and port for the UDP traffic and for the game to connect to. There are other aspects that take place here after this point. Spending time looking at traffic game has support for TLS over UDP but not seen proof it is enabled yet.
Here is example of data decoded from the BASE64 packet, you can see the IP and port (hex number, not ascii)
I have been off and on looking into the game, current plan is to redirect login to a simply server I control in a more sensible way, modifying windows HOSTS file feels unreasonable. I have no plan to make a private server but am interested/planning on a local simulation to allow offline playing.
Last edited by samuellucy96; 28-10-20 at 12:54 PM. Reason: inserte quote
During the days I had the idea why not build a proxy for Genshin, 1. easier to sniff the packets, 2. easier to redirect the connection to the localserver (soonTM), 3. maybe ppl will learn some things from it.
(there are already other projects out there about how proxy's for games. https://github.com/tera-proxy/tera-proxy here is an example for a other game , i would do something with this but never did something before with UDP & idk how to decrypt the packets correctly currently.)
~
Reply With Quote
