Packet Structure & Example Of Crashing
So, since basically no one here understands the structure Gunz uses for it's packets I decided I would post a basic example.
Outline:
[header]
char - Version
short - Size + Header (8)
short - Checksum
short - Size of data
[/header]
[Data]
short - CommandID
char - PacketID
[Params]
[/Data]
So an example of a login packet would be:
[header]
char - 0x65 (Encrypted)
short - Size
short - Checksum
short - Size of data
[/header]
[Data]
short - 0x3E9
char - 0x1
short - 0x6 - UserName Len +0x0
string - "Phail" + 0x0
short - 0x4 - Password Len +0x0
string - "asd" + 0x0
DWORD - 0x56 - Cleitn Version
DWORD - 0x0 - FileList
struct *MD5 - MD5 of client
[/data]
Now, the crash Kore does is it makes the string len 0xFFFF(65535) which ends up crashing MatchServer because the length is too big. ;3
Also: 0x64 = Decrypted. 0x65 = Encrypted.
Re: Packet Structure & Example Of Crashing
Wow. I call this spaghetti. I still don't mean the meaning of it like the most here.
Re: Packet Structure & Example Of Crashing
Re: Packet Structure & Example Of Crashing
I wish I still had that log with that someone gave me. ZyZ made a CbWhiz'esque text about packet structure....
Re: Packet Structure & Example Of Crashing
http://www.google.com/search?q=gunz+...-+CommandID%22
Not the first to document the protocol (Another example being Nick's released work).
Re: Packet Structure & Example Of Crashing
Quote:
Originally Posted by
gWX0
I did the packet structure, not the protocol. ;3
Re: Packet Structure & Example Of Crashing
Quote:
Originally Posted by
00niels00
Wow. I call this spaghetti. I still don't mean the meaning of it like the most here.
Well, I'll try to explain it. It's one of the basics in every programmning language you learn.
for exampe I have an unsigned variable (piece of storage for the program), which can use up to 65535 bytes of memory. The variable ofcourse isn't able to use more than the 65534 bytes.
If the variable should contain 65535 + 1 (65535) than the variable would lose it's value, because it can no longer contain it. It's called overflow.
Every program uses these variables. So does the matchserver.
So basicly what you do is send an "overflow" package (or several) to the matchserver. The matchserver released 3 years ago, which we are still using today, does not have additional security against these packets. So unless somebody writes a new set of server files (which I'm too lazy to do), every server is fucked if a leecher actually learns how to use this. (which I doubt though).
Re: Packet Structure & Example Of Crashing
Quote:
Originally Posted by
CobraCom
Well, I'll try to explain it. It's one of the basics in every programmning language you learn.
for exampe I have an unsigned variable (piece of storage for the program), which can use up to 65535 bytes of memory. The variable ofcourse isn't able to use more than the 65534 bytes.
If the variable should contain 65535 + 1 (65535) than the variable would lose it's value, because it can no longer contain it. It's called overflow.
Every program uses these variables. So does the matchserver.
So basicly what you do is send an "overflow" package (or several) to the matchserver. The matchserver released 3 years ago, which we are still using today, does not have additional security against these packets. So unless somebody writes a new set of server files (which I'm too lazy to do), every server is fucked if a leecher actually learns how to use this. (which I doubt though).
Packet structure is not something that's "basic" across every programming language; it has an indirect relationship to programming, if any at all.
Anyways, the current matchserver suffers a vulnerability from a specific byte being sent, it doesn't have anything to do with the length of the packet.
Re: Packet Structure & Example Of Crashing
Quote:
Originally Posted by
ThePhailure772
Get the fuck out of my thread. I'm sharing knowledge and you're spamming. Kthx.
I totaly agree !
Re: Packet Structure & Example Of Crashing
Quote:
Originally Posted by
gWX0
Packet structure is not something that's "basic" across every programming language; it has an indirect relationship to programming, if any at all.
Anyways, the current matchserver suffers a vulnerability from a specific byte being sent, it doesn't have anything to do with the length of the packet.
I didnt even talk about packet structures. Learn to read before going on an ego-boost
Re: Packet Structure & Example Of Crashing
It's all "documented" in veldi. Even the packet structures for "blobs" or packets carrying game structures.
The enumeration GunZ uses for packet data types.
Code:
// hex
0: int
1: uint
2: float
3: bool
4: string
5: vector
6: pos
7: dir
8: color
9: uid
A: blob
B: char
C: uchar
D: short
E: ushort
F: int64
10: uint64
Re: Packet Structure & Example Of Crashing
Quote:
Originally Posted by
Zander
It's all "documented" in veldi. Even the packet structures for "blobs" or packets carrying game structures.
The enumeration GunZ uses for packet data types.
Code:
// hex
0: int
1: uint
2: float
3: bool
4: string
5: vector
6: pos
7: dir
8: color
9: uid
A: blob
B: char
C: uchar
D: short
E: ushort
F: int64
10: uint64
Not everything is described in Veldi. Yes, some of the packets that contain structures (they're not called blobs) are documented but not the server sided ones.
Re: Packet Structure & Example Of Crashing
Quote:
Originally Posted by
CobraCom
I didnt even talk about packet structures. Learn to read before going on an ego-boost
That's what the OP's subject was about - it's assumed your post would somehow relate to that topic; your post did nothing to answer the posters question.
Re: Packet Structure & Example Of Crashing
Quote:
Originally Posted by
gWX0
That's what the OP's subject was about - it's assumed your post would somehow relate to that topic; your post did nothing to answer the posters question.
The poster did not ask a question, he clearly showed us the use of the structure packets GunZ uses.
Re: Packet Structure & Example Of Crashing
Quote:
Originally Posted by
Tman151
The poster did not ask a question, he clearly showed us the use of the structure packets GunZ uses.
Poster referring to the one the being quoted, not the OP.
Re: Packet Structure & Example Of Crashing
Quote:
Originally Posted by
gWX0
Poster referring to the one the being quoted, not the OP.
Oh, my bad.
Anyway, nice Phail, helped me out a bit.
Re: Packet Structure & Example Of Crashing
Quote:
Originally Posted by
ThePhailure772
Not everything is described in Veldi. Yes, some of the packets that contain structures (they're not called blobs) are documented but not the server sided ones.
I meant blobs as an example of a structure, not the name of the packet. Also, what server sided packets?
Re: Packet Structure & Example Of Crashing
He means that packets sent by the server aren't the same as those sent by the client.
Re: Packet Structure & Example Of Crashing
Quote:
Originally Posted by
PaulBub
He means that packets sent by the server aren't the same as those sent by the client.
No shit sherlock, but the same transfer protocol* is used.
*At the application-level, not network.