Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

SRO Module Sniffer

Initiate Mage
Jan 2, 2012
Reaction score
I am working with Mr. Florian0 trying to spoof packets from AgentServer to Gameserver. So far, we are able to make Gameserver start listening on a different port, so we can then bind the original port with an analyzer and redirect it to the new port.

With it, we can tap into the communication between AgentServer and Gameserver, but this concept applies to any other module in Silkroad that receives its certification from another module (ehem, all of 'em).

Now, there are two big issues to attend:

1) The code is working, but messy, so, to organize it and make it easier we must refactorate it. But the "hard part" it's completed already, which was tricking the modules to bind another port

2) The second issue it's the packet parsing which I don't know if it is either malfunctioning or the packets from AS to GS are somethimes huge and repetitives.

It says VSRO, but it can be applied to any silkroad files
Due the fact that it modifies cert packet A003 on the fly to change the desired ports



Please, your help is needed since this is a whole new approach, we don't know yet what can we accomplish with this, but based on logic, we can be able to make the Gameserver do desired work's without needing to do a lot of ASM.
Last edited:
Initiate Mage
Oct 14, 2021
Reaction score
from the client:

004B1AF1   .  56                            push esi
004B1AF2   .  8BE9                        mov ebp,ecx
004B1AF4   .  FF15 B801D800         call dword ptr ds:[<&KERNEL32.GetTickCount>]               ; [GetTickCount
004B1AFA   .  33F6                  xor esi,esi
004B1AFC   .  39B5 50010000         cmp dword ptr ss:[ebp+0x150],esi
004B1B02   .  8985 2C010000         mov dword ptr ss:[ebp+0x12C],eax
004B1B08   .  75 0A                       jnz short sro_clie.004B1B14
004B1B0A   .  5E                            pop esi
004B1B0B   .  B8 07800000            mov eax,0x8007
004B1BE7   .  53                            push ebx
004B1BE8   .  03CA                        add ecx,edx
004B1BEA   .  51                            push ecx
004B1BEB   .  50                            push eax
004B1BEC   .  E8 1F206900             call sro_clie.00B43C10                                     ;  <<<<<<<<<<<< JMP Patch