[Development] Priston Tale 2 Sniffer

[SheenBR]

I recently just finished the sniffer for PT2 so we can try to make an emulator for it. I still dont have the encryption/decryption methods, so I hope someone will help me here if interested.

What do I need to help?


1 - Download the game: Priston Tale 2 - Free MMORPG - Download (Both client full and the patch)
2 - Then create an account
3 - Download OllyDbg (ollydbg.de)
4 - Download the unpacked PT2 "game" executable with NoXtrap from here: PT2
(the game is already edited to load my dll to sniff the packets.)


It will only run with olly, so you need to run it from there. I don't know why but it gives a lot of exceptions that you should add to the ignore exceptions list of Olly so it can run just fine.

Also, you need to set the command line arguments to: -CONNECT="70.28.13.108:7300" -LE , there is also a -SEED parameter, but if omitted I still can login fine, so IDK if it is really necessary.

My dll can be downloaded here: PT2Hook

Also, the original unpacked client can be found in this thread: https://forum.ragezone.com/f860/unpacking-themida-v2-1086426/ (many thanks : )

It will create a folder called "PT2_Packets" inside your C:\ directory, so be sure to run it with enough privileges. If you think my dll is a virus, you can compile it yourself. (in the spoiler tags you can find the source, im sorry but Im not used to GitHub : )

Spoiler

DllMain.cpp

Spoiler

[C++] PT2Hook - dllmain - Pastebin.com

Logging.cpp

Spoiler

http://pastebin.com/BV6qjZjA

Stdafx.cpp

Spoiler

there is nothing in this file, only an #include for the stdafx.h

Stdafx.h

Spoiler

http://pastebin.com/tPZYW2iE

Logging.h

Spoiler

http://pastebin.com/R31ufc4k

Here is a screenshot of it doing its job:

So thats it, I just needed some help to understand the packet structures and where are the encryption/decryption methods in this game. If anyone is interested, please post here! Let's share the work ^_^

 

[SheenBR]

Me and my friend managed to decrypt some client files already. Text files for translation and what I think is some Unreal Engine class files, they have the *.p extension and was encrypted with somekind of XOR encryption based on a Key array. We are still looking for the packets encryption, if ayone out there wants to help us...

Engine.p

Spoiler

simulated function ClientWeaponSet(bool bPossiblySwitch)

{

local int Mode;



Instigator = Pawn(Owner);



bPendingSwitch = bPossiblySwitch;



if( Instigator == None )

{

GotoState('PendingClientWeaponSet');

return;

}



for( Mode = 0; Mode < NUM_FIRE_MODES; Mode++ )

{

if( FireModeClass[Mode] != None )

{

// laurent -- added check for vehicles (ammo not replicated but unlimited)

if( ( FireMode[Mode] == None ) || ( FireMode[Mode].AmmoClass != None ) && !bNoAmmoInstances && Ammo[Mode] == None && FireMode[Mode].AmmoPerFire > 0 )

{

GotoState('PendingClientWeaponSet');

return;

}

}



FireMode[Mode].Instigator = Instigator;

FireMode[Mode].Level = Level;

}



ClientState = WS_Hidden;

GotoState('Hidden');



if( Level.NetMode == NM_DedicatedServer || !Instigator.IsHumanControlled() )

return;



if( Instigator.Weapon == self || Instigator.PendingWeapon == self ) // this weapon was switched to while waiting for replication, switch to it now

{

if (Instigator.PendingWeapon != None)

Instigator.ChangedWeapon();

else

BringUp();

return;

}



if( Instigator.PendingWeapon != None && Instigator.PendingWeapon.bForceSwitch )

return;



if( Instigator.Weapon == None )

{

Instigator.PendingWeapon = self;

Instigator.ChangedWeapon();

}

else if ( bPossiblySwitch && !Instigator.Weapon.IsFiring() )

{

if ( PlayerController(Instigator.Controller) != None && PlayerController(Instigator.Controller).bNeverSwitchOnPickup )

return;

if ( Instigator.PendingWeapon != None )

{

if ( RateSelf() > Instigator.PendingWeapon.RateSelf() )

{

Instigator.PendingWeapon = self;

Instigator.Weapon.PutDown();

}

}

else if ( RateSelf() > Instigator.Weapon.RateSelf() )

{

Instigator.PendingWeapon = self;

Instigator.Weapon.PutDown();

}

}

}



// jdf ---

simulated function ClientPlayForceFeedback( String EffectName )

{

local PlayerController PC;



PC = PlayerController(Instigator.Controller);

if ( PC != None && PC.bEnableWeaponForceFeedback )

{

PC.ClientPlayForceFeedback( EffectName );

}

}



simulated function StopForceFeedback( String EffectName )

{

local PlayerController PC;



PC = PlayerController(Instigator.Controller);

if ( PC != None && PC.bEnableWeaponForceFeedback )

{

PC.StopForceFeedback( EffectName );

}

}

If you have any idea what this is... let me know : I wont be releasing anything for now since I still have no feedback from anyone...

 

[Jose Lucas]

Glad to see someone working on a game so good, however it was abandoned by the developer :/ , but if we have the files, we can create our own content, since it uses the Unreal engine

 

[SheenBR]

I am not familiar with this engine, if you can help us find those methods it would be nice