| 11-25-2007, 04:12 PM | #1 |
I'm trying to figure out what the bytes in some warcraft packets are. I am hoping to make an auto refresher that refreshes by sending the "Slots are full" and then "Slots are not full" packets, so it operates silently without spamming the room with join and leave messages. So far I've only found a few. This is the "Game Created" packet. It was sent when I created a new custom game: 0000 00 18 4d 2f 57 58 00 0c f1 79 c4 bb 08 00 45 00 ..M/WX...y....E. 0010 00 9b f1 6a 40 00 80 06 f3 7a 0a 03 01 06 3f f0 [email protected]....?. 0020 ca 7e 08 5d 17 e0 77 b9 f9 55 90 8e 75 50 50 18 .~.]..w..U..uPP. 0030 fa ec 16 05 00 00 ff 1c 73 00 10 00 00 00 00 00 ........s....... 0040 00 00 01 20 45 00 ff 03 00 00 00 00 00 00 54 65 ... E.........Te 0050 73 74 69 6e 67 20 44 6f 6e 74 20 4a 6f 69 6e 00 sting Dont Join. 0060 00 35 36 30 30 30 30 30 30 30 01 03 49 07 01 01 .560000000..I... 0070 b5 01 d9 b5 01 cd e3 4f d1 4d cb 61 71 73 5d 45 .......O.M.aqs]E 0080 6f 77 99 6f 6d 6f 61 65 5d 47 53 6f 6d 67 63 73 ow.omoae]GSomgcs 0090 61 67 19 75 2f 77 33 79 01 55 bd 69 65 5f 4b 69 ag.u/w3y.U.ie_Ki 00a0 6f 67 05 71 69 6f 01 01 00 og.qio... The grey is ethernet and tcp/ip headers. Pink is the header. It always seems to be ff 1c (0x1c). Dark red is the length. This one is 115. Blue section is the game's name. However I cannot find anything else. The rest changes or stays the same. This is the "Slots are full" packet. It was sent when I closed all the slots. 0000 00 18 4d 2f 57 58 00 0c f1 79 c4 bb 08 00 45 00 ..M/WX...y....E. 0010 00 9b fd 61 40 00 80 06 e7 83 0a 03 01 06 3f f0 ...a@.........?. 0020 ca 7e 08 5d 17 e0 77 ba 00 19 90 8e 82 c4 50 18 .~.]..w.......P. 0030 fb 71 16 05 00 00 ff 1c 73 00 12 00 00 00 76 00 .q......s.....v. 0040 00 00 01 20 45 00 ff 03 00 00 00 00 00 00 54 65 ... E.........Te 0050 73 74 69 6e 67 20 44 6f 6e 74 20 4a 6f 69 6e 00 sting Dont Join. 0060 00 35 37 30 30 30 30 30 30 30 01 03 49 07 01 01 .570000000..I... 0070 b5 01 d9 b5 01 cd e3 4f d1 4d cb 61 71 73 5d 45 .......O.M.aqs]E 0080 6f 77 99 6f 6d 6f 61 65 5d 47 53 6f 6d 67 63 73 ow.omoae]GSomgcs 0090 61 67 19 75 2f 77 33 79 01 55 bd 69 65 5f 4b 69 ag.u/w3y.U.ie_Ki 00a0 6f 67 05 71 69 6f 01 01 00 og.qio... It's nearly the same as the creating packet. I suspect the clump of gibberish near the end might be map information. The long number after the map name might be time maybe? This is the slots available packet. It was sent when I opened a slot when they were all closed: 0000 00 18 4d 2f 57 58 00 0c f1 79 c4 bb 08 00 45 00 ..M/WX...y....E. 0010 00 9b 01 2e 40 00 80 06 e3 b7 0a 03 01 06 3f f0 ....@.........?. 0020 ca 7e 08 5d 17 e0 77 ba 01 2c 90 8e 83 6c 50 18 .~.]..w..,...lP. 0030 fa c9 16 05 00 00 ff 1c 73 00 10 00 00 00 17 02 ........s....... 0040 00 00 01 20 45 00 ff 03 00 00 00 00 00 00 54 65 ... E.........Te 0050 73 74 69 6e 67 20 44 6f 6e 74 20 4a 6f 69 6e 00 sting Dont Join. 0060 00 35 37 30 30 30 30 30 30 30 01 03 49 07 01 01 .570000000..I... 0070 b5 01 d9 b5 01 cd e3 4f d1 4d cb 61 71 73 5d 45 .......O.M.aqs]E 0080 6f 77 99 6f 6d 6f 61 65 5d 47 53 6f 6d 67 63 73 ow.omoae]GSomgcs 0090 61 67 19 75 2f 77 33 79 01 55 bd 69 65 5f 4b 69 ag.u/w3y.U.ie_Ki 00a0 6f 67 05 71 69 6f 01 01 00 og.qio... Same length... Anyone have any ideas as to what other bytes may be? |
| 11-25-2007, 04:56 PM | #2 | |
Quote:
Well if they don't change why would you care? |
| 11-25-2007, 05:41 PM | #3 |
I need to know which ones change and what they are. I would like to know however what the ones that don't change do anyway, just because I want to. |
| 11-30-2007, 01:47 PM | #4 |
I just copied some info from my own program. I havent tested all the stuff (because I dont need them all) but its mostly correct. Guess the most interesting part for you would be the GameState ;) Word Packet Header (ff 1c) Word Packet Length DWord gameState * DWord Time since creation (in seconds) DWord GameMode DWord 0x000003ff DWord 0x00000000 String GameName String (Empty for Wc3, just 0x00) Byte (Text-formatted Hex-Number**) Slots DWord (Text-formatted Hex-Number) HostCounter Rest: Encoded GameInfo * Gamestate Bitflags: 0x00 on creation (not for Wc3 seemingly) 0x01 Game is private (should be correct) 0x02 Game is full (confirmed) 0x04 Game contains other players (untested) 0x08 Game is in progress (not for Wc3) 0x10 unknown ** So 0x62 would be 'b' which would be 11 ... Funky, eh? |
| 01-05-2008, 06:12 PM | #5 |
I've been working on this as well. Go check out http://www.bnetdocs.org/?op=packet&pid=265 . FF is put in front of almost all standard messages. 1C is the type of packet. In this case SID_STARTADVEX3. The next two bytes are the size of the data (including the FF 1C SI ZE header). Then the stuff listed on the link I gave comes. The statstring is where all the action happens. The first 9 bytes seem to be a number stored as a hex string (it increments every time you create a game I think, maybe a game ID). Next comes 5 bytes for the game settings (random heroes, observers, etc). Then comes 10 bytes that I have no idea about. Seems to include a hash of the map file. Then comes the coded file name + your user name. They code it by forcing the last bit of every byte to 1 and putting a byte in front with those bits in it. Code:
M.aqs]Eow.omoae]GSomgcsag.u/w3y.U.ie_Kiog.qio...
M*aps\Dow*nload\G*olfcraf*t.w3x.T*he_King*pin...
Maps\Download\Golfcraft.w3x.The_Kingpin...
^null*edit* it turns out you're supposed to decode the settings bytes as well. This is slightly misleading. Code:
settings summary (the 5 bytes after "##0000000") 0 unknown 0 unknown 0 unknown full share 0 unknown hide terrain medium speed 1 keep alive bit 0 unknown 0 unknown 0 unknown (set for map divide and conquer?) 0 unknown 0 unknown 0 unknown fast speed (off = slow speed) 1 keep alive bit 0 unknown allow teams together obs on defeat or full obs full obs default visibility always visible explored 1 keep alive bit 0 unknown 0 unknown 0 unknown 0 unknown 0 unknown team lock team lock (again?) 1 keep alive bit 0 unknown referees 0 unknown 0 unknown 0 unknown random hero random race 1 keep alive bit |