Newbie Spellweaver
- Joined
- Oct 7, 2018
- Messages
- 30
- Reaction score
- 4
Hello guys.
I've written a bot for Sherwood Dungeon in Node.js. This should be the very first ever bot for Sherwood Dungeon (pretty sure). The reason why I decided to make this thread is because the protocol for this amazing MMO is very interesting.
Source: https://github.com/Zaseth/SherwoodClient
The protocol of Sherwood contains some specific elements:
Action Message Format 3 (AMF3) and ByteArray
Sherwood makes use of this protocol as all packets contain objects. AMF3 is used to serialize objects and write markers with them. As you may know, the ByteArray class is not supported in Node.js, resulting into a rewrite of the class. After I made the ByteArray class for Node.js, I found an AMF3 library for Node.js and I modified it slighty for Sherwood's uses.
Encrypted and XOR'd stream
Sherwood encrypts 32768 zeros using DES with a custom key and IV. After the zeros are encrypted, they're never changed. The purpose is that the incoming packet (the bot receives) must be XOR'd with the encrypted zeros after they're read using the ByteArray class.
Packet structure
Sherwood's way of deserializing packets is by using bytesAvailable. Every packet has the same header, which is 26880. The bot receives an encrypted packet in Buffer form. Using writeBytes from my own made ByteArray class, we can turn that Buffer into a ByteArray with the valid amount of bytesAvailable. This function basically writes the data from the incoming packet onto a constructed variable in my class called receiveBuffer. When this is done, we can access bytesAvailable and start unwrapping the packet. Sherwood writes the packet size, so we make another ByteArray constructor and set the size as the packet size that we read with readInt. After that, we can use readBytes to transfer the right amount of bytes from receiveBuffer onto the ByteArray constructor with the correct size. After that, we must XOR those bytes so we can deserialize them using readObject from AMF3. This is just a small part of how it works.
I've written a bot for Sherwood Dungeon in Node.js. This should be the very first ever bot for Sherwood Dungeon (pretty sure). The reason why I decided to make this thread is because the protocol for this amazing MMO is very interesting.
Source: https://github.com/Zaseth/SherwoodClient
The protocol of Sherwood contains some specific elements:
- Action Message Format 3 (Made by Adobe) using the ByteArray class
- 32768 zeros that are encrypted in DES and XOR'd
- Sherwood's packet structure
Action Message Format 3 (AMF3) and ByteArray
Sherwood makes use of this protocol as all packets contain objects. AMF3 is used to serialize objects and write markers with them. As you may know, the ByteArray class is not supported in Node.js, resulting into a rewrite of the class. After I made the ByteArray class for Node.js, I found an AMF3 library for Node.js and I modified it slighty for Sherwood's uses.
Encrypted and XOR'd stream
Sherwood encrypts 32768 zeros using DES with a custom key and IV. After the zeros are encrypted, they're never changed. The purpose is that the incoming packet (the bot receives) must be XOR'd with the encrypted zeros after they're read using the ByteArray class.
Packet structure
Sherwood's way of deserializing packets is by using bytesAvailable. Every packet has the same header, which is 26880. The bot receives an encrypted packet in Buffer form. Using writeBytes from my own made ByteArray class, we can turn that Buffer into a ByteArray with the valid amount of bytesAvailable. This function basically writes the data from the incoming packet onto a constructed variable in my class called receiveBuffer. When this is done, we can access bytesAvailable and start unwrapping the packet. Sherwood writes the packet size, so we make another ByteArray constructor and set the size as the packet size that we read with readInt. After that, we can use readBytes to transfer the right amount of bytes from receiveBuffer onto the ByteArray constructor with the correct size. After that, we must XOR those bytes so we can deserialize them using readObject from AMF3. This is just a small part of how it works.