UO Protocol Help!

Open discussion forum. For topics that do not fit anywhere else.

Moderator: POL Developer

Post Reply
Aidis
New User
Posts: 6
Joined: Sun Mar 11, 2007 5:41 pm

UO Protocol Help!

Post by Aidis » Sun Mar 11, 2007 5:50 pm

Hello ^_^,

I am a student playing around with making an Open Source UO Server Emulator in C++, everything went well, until i reached the packet after the client sends the second authentication (after it reconnects to the game server) i think thats 0x91, the server should reply with (optionaly) the feature packet 0xB9 and the character list 0xA9, but instead i get this:

Code: Select all

unsigned char PackA9[429] = 
				{	0xb3, 0x32, 0x8d, 0xc6, 0x80, 0x81, 0x5a, 0x3c, 0x7e, 0xd1, 0x3d, 0x30, 0x60, 0x80, 0x00, 0x00, 
					0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
					0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
					0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
					0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
					0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
					0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x56, 0x11, 0xbe, 0x6f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
					0x00, 0x5e, 0x40, 0xf3, 0x6a, 0x3f, 0x06, 0xc7, 0xa6, 0x64, 0x0b, 0x65, 0xb3, 0xf9, 0xff, 0x2c, 
					0xe0, 0x00, 0x00, 0x00, 0x3e, 0x8c, 0x83, 0xc7, 0xc4, 0x68, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
					0x2f, 0x20, 0x79, 0xb6, 0x73, 0xa4, 0x3e, 0x3d, 0x23, 0x5a, 0xbc, 0x80, 0x00, 0x00, 0x00, 0x01, 
					0x14, 0xe4, 0x38, 0x39, 0xba, 0x41, 0xe2, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xcd, 0xbf, 0xcf, 
					0x9c, 0xd6, 0xe7, 0x21, 0xf9, 0xe9, 0x82, 0xed, 0x6b, 0x1b, 0x8f, 0x10, 0x00, 0x00, 0x00, 0x1a, 
					0x23, 0x3c, 0x78, 0xe2, 0xe1, 0x6a, 0xf1, 0x78, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0xc8, 0x1e, 
					0x6d, 0xe6, 0xc6, 0xa0, 0x78, 0x6a, 0xe9, 0x0d, 0xda, 0xd6, 0x37, 0x1e, 0x20, 0x00, 0x00, 0x00, 
					0x75, 0x5e, 0x87, 0x07, 0x8b, 0xb4, 0x18, 0xd0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0xe4, 0x0f, 
					0x36, 0xaf, 0x43, 0xe8, 0x8a, 0xf2, 0xd5, 0xe6, 0x1b, 0x80, 0xed, 0x6b, 0x1b, 0x8f, 0x10, 0x00, 
					0x00, 0x02, 0x84, 0x67, 0x47, 0x0c, 0x1e, 0x31, 0xb0, 0x7a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
					0xbc, 0x81, 0xe6, 0xd4, 0x8c, 0x3f, 0x3d, 0x33, 0x5a, 0x87, 0xf1, 0x0f, 0x8b, 0xb5, 0xab, 0xdd, 
					0x11, 0x5e, 0x61, 0xf1, 0x00, 0x00, 0x3b, 0xbb, 0xa0, 0x79, 0x6a, 0xf1, 0x82, 0x00, 0x00, 0x00,	
					0x00, 0x00, 0x00, 0x2f, 0x20, 0x79, 0xb5, 0x19, 0xe6, 0x1c, 0x6f, 0x9e, 0x3d, 0x21, 0xb3, 0xad, 
					0x63, 0x71, 0xe2, 0x00, 0x00, 0x00, 0x0c, 0xb9, 0xab, 0x0e, 0x90, 0xfa, 0x5b, 0x39, 0x0f, 0xa7, 
					0x90, 0x00, 0x00, 0x00, 0x00, 0x01, 0x79, 0x03, 0xcd, 0xb8, 0xfe, 0x8d, 0x51, 0xbe, 0x38, 0xf9, 
					0x86, 0xe0, 0x3b, 0x5a, 0xc6, 0xe3, 0xc4, 0x00, 0x00, 0x00, 0xe0, 0x95, 0xf9, 0x76, 0xb1, 0xf3, 
					0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x5e, 0x40, 0xf3, 0x6b, 0x1a, 0x1f, 0x8e, 0x37, 0xf8, 
					0xf1, 0xc9, 0x6b, 0x1b, 0x8f, 0x10, 0x00, 0x00, 0x00, 0x18, 0x90, 0xfd, 0x11, 0x5e, 0x78, 0x80, 
					0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x22, 0x93, 0xe6, 0x1f, 0x4e, 0x9c, 0x5c, 0x07, 0x6b, 0x51, 
					0x9d, 0x38, 0xbb, 0x41, 0xf1, 0xc4, 0x00, 0x00, 0x00, 0x03, 0xf3, 0xbe, 0x80 };
I read somewhere the server employs compression, i also saw some Zlib dlls in some source, but when i tried inflating it with Zlib i go "Z_DATA_ERROR" (meaning it couldnt find the header) even when i did inflateSync();. So uhh, my question is, whats going on? lol

User avatar
tekproxy
Forum Regular
Posts: 352
Joined: Thu Apr 06, 2006 5:11 pm
Location: Nederland, Texas

Post by tekproxy » Mon Mar 12, 2007 6:01 am

Are you using a client with the encryption removed?

Aidis
New User
Posts: 6
Joined: Sun Mar 11, 2007 5:41 pm

Post by Aidis » Mon Mar 12, 2007 12:16 pm

I am using a test client to see how the server should reply and stuff.

Just to recap:

(I am trying to connect to an existing emu with a test client to see the protocol)

My client connects, sends the 4 bytes that are used for encryption and are ignored,

-> UINT (inet_addr(localip))

Then i send the first auth.

-> 0x80 (62 Bytes)

I get the server list.

<- 0xa8 (46 Bytes)

I select server id 1.

-> 0xa0 (3 Bytes)

I get the gameserver info.

<- 0x8c (11 Bytes)

I reconnect to the game server. And resend the 4 enc bytes.

-> UINT (inet_addr(localip))

Now i send the second authentication.

-> 0x91 (65 Bytes)

And i receive that strange packet instead of the character list.

Now that i think of it, should i like skip the initial encryption key thing? Ill try that when i get home. Maybe i shouldnt send them the second time or something...

User avatar
tekproxy
Forum Regular
Posts: 352
Joined: Thu Apr 06, 2006 5:11 pm
Location: Nederland, Texas

Post by tekproxy » Mon Mar 12, 2007 2:04 pm

Try getting UO Packet Log and using a normal client to connect to the server, that'll sort things out:
http://forums.polserver.com/viewtopic.php?t=407

This may also help:
http://www.koders.com/perl/fid43F8A7C80 ... def%3Atree

It's some code for a Perl text-based UO client. It was useful to me when I was making a ruby version.

That 4-byte encryption seed is the IP address in reverse order. Not all guides agree but that's how it works. I only had 4 hours sleep last night and my memory is foggy but I believe it's used by the server to test latency, some UDP commuication. If you don't send it right it wont really matter.

What packet guides are you using? I like this one:
http://kec.cz/tartaros/steamengine/uplo ... m/uo/info/

Aidis
New User
Posts: 6
Joined: Sun Mar 11, 2007 5:41 pm

Post by Aidis » Mon Mar 12, 2007 2:34 pm

When i tried using the offical client to connect to my test emu, if i sent the correctly formatted (0xA9 - Character List) it wouldnt accept it, but if i sent the weird one that i got from an existing emu, it displayed the character list normally in the client, and the client then responded with a normal NON compressed NON encrypted packet, it was driving me nuts for days :P Ill try the packet logger to see whats up ...

Edit: Ok i read through you perl file and you seem to compress the packet 0xA9 i was reffering too, what kind of compression is this? lol

$client->send(compress($packet),0);

is there an uncompression algorithm? :P

Edit2: I rewrote the compression algorithm in the perl file to C, ill try it when i get home and see if it works :P

Here it is :D:

Code: Select all

int UOCompress(char *in, char *out, int len) {

	char outP	= 0;
	int outI	= 0;
	int offset	= 0;
	int bit;

	int bits;
	int byte;
	int value;

	while (len--) {
		byte	=	in[offset];
		offset++;
		bits	=	bitTable[byte*2];
		value	=	bitTable[(byte*2)+1];

	    while (bits--){
			outP <<= 1;
			outP |= (value>>bits)&1;
			bit=(bit+1)&7;
			if (!bit) { out[outI] = outP; outI++; outP=0; }
	    }
	}

	bits = bitTable[256*2];
	value = bitTable[(256*2)+1];
	while (bits--) {
		outP <<= 1;
		outP |= (value>>bits)&1;
		bit=(bit+1)&7;
		if (!bit) { out[outI]  = outP; outI++; outP=0; }
	}
	if (bit) {
	    while (bit < 8) {
			outP <<= 1;
			bit++;
		}
	    out[outI] = outP; outI++;
	}
  
  return outI;
}

User avatar
tekproxy
Forum Regular
Posts: 352
Joined: Thu Apr 06, 2006 5:11 pm
Location: Nederland, Texas

Post by tekproxy » Tue Mar 13, 2007 6:56 am

The Perl script isn't mine and I only borrowed a few pieces of it to make a ruby UO password cracker :D. For testing how strong my own passwords were, of course.

What emulator are you using?

Aidis
New User
Posts: 6
Joined: Sun Mar 11, 2007 5:41 pm

Post by Aidis » Tue Mar 13, 2007 2:14 pm

I testing it on all the current ones, i extracted the algorithm from the uox source for the "packing" and compared it to the perl one, very similar, but i still cant find any "unpacking" algorithm, and the packing doesnt work for some reason :(

Aidis
New User
Posts: 6
Joined: Sun Mar 11, 2007 5:41 pm

Post by Aidis » Tue Mar 13, 2007 2:58 pm

The packet logger shows all the packets uncompressed, and it doesn't show what the client sends, and i cant packet sniff local host or wifi, this is crazy hehe .. :(

User avatar
CWO
POL Expert
Posts: 1151
Joined: Sat Feb 04, 2006 5:49 pm
Location: Chicago, IL USA

Post by CWO » Tue Mar 13, 2007 8:15 pm

Folko's packet logger sure does show what packets are sent too. Make sure you're using a client thats supported fully in clients.cfg and that the settings are correctly set to show all packets.

User avatar
tekproxy
Forum Regular
Posts: 352
Joined: Thu Apr 06, 2006 5:11 pm
Location: Nederland, Texas

Post by tekproxy » Wed Mar 14, 2007 6:18 am

CWO is right, it should show you all packets regardless of it being on localhost or wifi. I'd reckon to say the overwhelming majority of UO emulators out there are ran without encryption and I've never compressed anything I've sent.

What information is the packet logger giving you?

What emulator are you using, anyway?

Aidis
New User
Posts: 6
Joined: Sun Mar 11, 2007 5:41 pm

Post by Aidis » Wed Apr 18, 2007 6:03 am

The open source emulators out there have references to ZLib and compression on certain packets, the code you sent me earlier also compresses certain packets. :P

tartaros
New User
Posts: 28
Joined: Tue Mar 27, 2007 6:30 am
Contact:

Post by tartaros » Wed Apr 18, 2007 9:23 am

Server-sent packets are compressed by a form of huffman compression.

Zlib is, I think, only used for 0xDD packet (http://packets.polserver.com/index.php? ... acket=0xDD)

The only actual explanation of the UO compression I know of was the one produced by a person known as Kair. The web is no more on it's original location (just like some other valuable UO protocol resources :( ), but it can still be retrieved from Archive.org: http://web.archive.org/web/200410100901 ... ession.htm

I happen to be a developer of an UO emu too (known as Steamengine), I among other things often use and collect various resources about UO protocol, so feel free to ask me if you need help ;)

MuadDib
Former Developer
Posts: 1090
Joined: Sun Feb 12, 2006 9:50 pm
Location: Cross Lanes, WV

Post by MuadDib » Wed Apr 18, 2007 9:44 am

A nice thing is, we have a packet list (although incomplete) with the 096+ cores now since we support packet hooking. Luckily, it's one of the most verbose listings out there. Really helps on packet hooking when you know what you are hooking :)

Post Reply