Packet Structure & Example Of Crashing

ThePhailure772

ThePhailure772

Mako is insane.
500 Posts
Joined
Sep 10, 2007
Messages
970
Reaction score
815
So, since basically no one here understands the structure Gunz uses for it's packets I decided I would post a basic example.

Outline:

[header]
char - Version
short - Size + Header (8)
short - Checksum
short - Size of data
[/header]

[Data]
short - CommandID
char - PacketID
[Params]
[/Data]


So an example of a login packet would be:
[header]
char - 0x65 (Encrypted)
short - Size
short - Checksum
short - Size of data
[/header]
[Data]
short - 0x3E9
char - 0x1
short - 0x6 - UserName Len +0x0
string - "Phail" + 0x0
short - 0x4 - Password Len +0x0
string - "asd" + 0x0
DWORD - 0x56 - Cleitn Version
DWORD - 0x0 - FileList
struct *MD5 - MD5 of client
[/data]


Now, the crash Kore does is it makes the string len 0xFFFF(65535) which ends up crashing MatchServer because the length is too big. ;3

Also: 0x64 = Decrypted. 0x65 = Encrypted.
 
00niels00 said:
Wow. I call this spaghetti. I still don't mean the meaning of it like the most here.
Click to expand...

Well, I'll try to explain it. It's one of the basics in every programmning language you learn.

for exampe I have an unsigned variable (piece of storage for the program), which can use up to 65535 bytes of memory. The variable ofcourse isn't able to use more than the 65534 bytes.
If the variable should contain 65535 + 1 (65535) than the variable would lose it's value, because it can no longer contain it. It's called overflow.
Every program uses these variables. So does the matchserver.

So basicly what you do is send an "overflow" package (or several) to the matchserver. The matchserver released 3 years ago, which we are still using today, does not have additional security against these packets. So unless somebody writes a new set of server files (which I'm too lazy to do), every server is fucked if a leecher actually learns how to use this. (which I doubt though).
 
CobraCom said:
Well, I'll try to explain it. It's one of the basics in every programmning language you learn.

for exampe I have an unsigned variable (piece of storage for the program), which can use up to 65535 bytes of memory. The variable ofcourse isn't able to use more than the 65534 bytes.
If the variable should contain 65535 + 1 (65535) than the variable would lose it's value, because it can no longer contain it. It's called overflow.
Every program uses these variables. So does the matchserver.

So basicly what you do is send an "overflow" package (or several) to the matchserver. The matchserver released 3 years ago, which we are still using today, does not have additional security against these packets. So unless somebody writes a new set of server files (which I'm too lazy to do), every server is fucked if a leecher actually learns how to use this. (which I doubt though).
Click to expand...

Packet structure is not something that's "basic" across every programming language; it has an indirect relationship to programming, if any at all.

Anyways, the current matchserver suffers a vulnerability from a specific byte being sent, it doesn't have anything to do with the length of the packet.
 
gWX0 said:
Packet structure is not something that's "basic" across every programming language; it has an indirect relationship to programming, if any at all.

Anyways, the current matchserver suffers a vulnerability from a specific byte being sent, it doesn't have anything to do with the length of the packet.
Click to expand...

I didnt even talk about packet structures. Learn to read before going on an ego-boost
 
It's all "documented" in veldi. Even the packet structures for "blobs" or packets carrying game structures.

The enumeration GunZ uses for packet data types.

Code: 
// hex
0: int
1: uint
2: float
3: bool
4: string
5: vector
6: pos
7: dir
8: color
9: uid
A: blob
B: char
C: uchar
D: short
E: ushort
F: int64
10: uint64
 
Zander said:
It's all "documented" in veldi. Even the packet structures for "blobs" or packets carrying game structures.

The enumeration GunZ uses for packet data types.

Code: 
// hex
0: int
1: uint
2: float
3: bool
4: string
5: vector
6: pos
7: dir
8: color
9: uid
A: blob
B: char
C: uchar
D: short
E: ushort
F: int64
10: uint64
Click to expand...

Not everything is described in Veldi. Yes, some of the packets that contain structures (they're not called blobs) are documented but not the server sided ones.
 
gWX0 said:
That's what the OP's subject was about - it's assumed your post would somehow relate to that topic; your post did nothing to answer the posters question.
Click to expand...

The poster did not ask a question, he clearly showed us the use of the structure packets GunZ uses.
 
You must log in or register to reply here.

RaGEZONE Sponsor

    HyperFilter

About RaGEZONE

RaGEZONE® is the top forum for MMO, MMORPG, and mobile game development. We provide binaries, source codes, and tutorials for your favorite games, making it the go-to resource for developers and fans. You can also find and share private servers, fostering a vibrant gamer community.

Forum Statistics

Members online
884
Guests online
2,884
Total visitors
3,768
Totals may include hidden visitors.

RaGEZONE Partners

    nongamstopbets.com UK sites not on GamStop Casino Deps NZ
Back