Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 12:37

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 4 posts ] 
Author Message
 Post subject: COD4 Protocol - simulating Server
PostPosted: 15 Aug 2009 00:09 

Joined: 14 Aug 2009 23:55
Posts: 4
I've send the following text via Email to aluigi 30minutes ago. Now I found this very nice forum and I'll paste the Mail-Text cause I think that this medium is more useful to get and discuss an answer:

Quote:
Hey there,

I recently found your code on this link:
http://www.securiteam.com/securitynews/5WP0D0KOAA.html

I'm currently trying to develop a HLTV-like extension for Call of Duty 4. Therefore i'm trying to mirror the network-traffic which is sent by the server to the various clients.
It seems that the protocol is encoded in a way i can't decode. The header of the packets which are used to establish the connection got some values that i cant find out where they stand for.

Besides some little analysis of these packages there isn't anything to find on the web. Except your posting ;)

Could you perhaps give me a hint about the protocol and its encoding? Is there some kind of documentation available? How much is the protocol inherited from the Q3A-protocol?
There is a encoding algorythm called "Adaptive Huffman" at the end of your code. Never heard of it, i'm currently researching. Could this algorythm be used to decode the packets?

Thanks in advance, hope to hear from you!


So in a short form:
I'm trying to sniff the data between COD4-Server and COD4-Client. Than i parse the data into a file (packet = line).
With another application i'm providing a port for a local COD4Client. If the Client connects, i'm sending the lines from the file.
My approach is, to "clone" the communication. I hope that on the second client the user could spectate what is happening on the real Gameserver.

The problem is, that the cloned data is not accepted by the second COD4-Client. He always sends me getChallenge + Data.
I think the ChallengeKey is the problem but i do not know how to simulate this.


Top
 Profile  
 
 
 Post subject: Re: COD4 Protocol - simulating Server
PostPosted: 15 Aug 2009 10:23 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
cod4 is based on the quake3 engine where the first part of the communication (called "handshake") is in clear text with an optional compressione of the "connect" packet (cod4 doesn't compress it so you can see its content with the eyes) but the rest of the in-game communication is all encrypted and compressed and it's not that easy to read/write (obviously depends by how much you are interested to the thing because there are also other things like the differences in the protocol between quake3 and some of the other game which require additional reversing).

anyway the quake3 source code is available on ftp://ftp.idsoftware.com/idstuff/source ... source.zip

now the problem you have there is that the second client receives a different challenge number and so it must use this new number in the "connect" packet so if it sends the same challenge of the first one it gets kicked:
Code:
....getchallenge 0 "0123456789abcdef0123456789abcdef"
....challengeResponse 1431117674
....connect "\cg_predictItems\1\cl_punkbuster\0\cl_voice\1\cl_wwwDownload\1\rate\25000\snaps\20\name\test\protocol\4\challenge\1431117674\qport\24695"


Top
 Profile  
 
 Post subject: Re: COD4 Protocol - simulating Server
PostPosted: 15 Aug 2009 10:44 

Joined: 14 Aug 2009 23:55
Posts: 4
ye, the problem is, that the second client isn't accepting the challengeResponse.
He sends a getChallenge and i'm answering with the original challengeResponse, but after that the client is sending the getChallenge again.

The question is, how would i be able to generate a challengeKey? i think it must be calculated with the pb_guid and sort of a connection to a masterserver/keyserver.

Would it be possible to connect the second client to a real COD4-Server and then copying the challengeKey?
In detail: Let the end-user create a custom dedicated COD4-Server on 127.0.0.1:28960. Let him connect with a client to that server and let those 2 programs do the whole connecting-thing. After connecting is done i would split the connection and send my own data with the sniffed challengeKey.
The COD4-Client would think he is connected to the COD4-server which he connected too and accept the data.
I'll test that this weekend.


Top
 Profile  
 
 Post subject: Re: COD4 Protocol - simulating Server
PostPosted: 15 Aug 2009 11:05 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
the challenge is a random number (seen from the eyes of the client) so a sprintf("\xff\xff\xff\xff" "challengeResponse %i", rand()); (I used my q3ts tool as server emulator and worked perfectly) but from the server's eyes it's a specific ip/port based number.

have you verified with the sniffer if after the challengeresponse the second client sends immediately another getchallenge request without exchanging other data?
anyway in my opinion this thing can't work so easily due to various reasons (in-game encryption which is based on the commands sent by the other endpoint).


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 4 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
cron