Hello There, Guest! Login Register


Advanced: Read the Protocol of PRO
#1
I made a Lua dissector for Wireshark, an open source protocol analyser.

Link
(I blame lua-mode.el for the absurd extra tabulations)

You can find this tutorial in a better format on the github repository.

What does it mean?

To communicate from the game client to the server and the server to the game client, PRO is sending data via network. Those data contain informations such as "I am moving to the right" (client to server) or "A wild pokemon attacks" (server to client).
The goal of Wireshark is to show the packets of data that PRO sends on your network. The syntax used to write those data is defined in what we call a protocol.

The Protocol

The protocol of PRO is a text protocol (in opposition with a binary protocol), an instruction looks like this:
HEADER|.|PARAMETER1|.|PARAMETER2|.\\r\n
|.| is a separator.
|.\\\r\\n is the end of an instruction.
As defined by the TCP protocol, a packet can contain several concatenated instructions (see the wireshark section).
A move (client->server)
}|.|d|.\\r\n
The header is "}", it means the command is a move.
The parameter d means "down". The others valid parameters are, obviously, u, l and r.
A chat message (server->client)
w|.|(Trade) [n=Floresta][/n]: buy gastly or abra perfect stat wisp|.\
The header is w, it means the command is a chat message.
The 2nd parameter is the message (including the name of the channel and the sender with a silly syntax).
An example of packet without any parameter "2" is asking the server to refresh our player on the map :
2|.\

The protocol is "encrypted", a XOR 1 has been applied on every byte. To decrypt it you simply need to apply the same operation on every byte of the packet.

We could spend this whole tutorial talking about the terrible choices made by the dev of PRO but that is not our goal.

Wireshark
  • Download and install Wireshark.
  • Download pro.lua, the Lua dissector script.
  • Copy the pro.lua file in the plugins directory of Wireshark. Something like: %programfiles%\Wireshark\plugins\2.0.2
  • Open Wireshark.
  • Go in Analyze>Enabled Protocols, search Pokemon, check the box of PRO.
  • Optional: you can also enable different colours for the client packets and server packets, to do so go to View>Coloring Rules, create a new one, call it PRO (the name does not matter), enter
    pro and tcp.srcport==800
    as a filter then define your background and foreground colours. I use black as foreground and #a7c9ca as background.
  • Chose the your network interface. For instance mine is Wireless Network Connection, in "... using filter:" enter
    "port 800"
    , that's the port used by the server of PRO. If you do not enter this filter everything will still work but you will unwillingly capture packets that are not related to the protocol we are interesting in.
    [Image: GgY0tdV.png][/*]
  • Double click your network interface.
  • Enter
    pro
    as a display filter
    [Image: Nw1cOtO.png][/*]
  • On this view you can see all the packet that transited between your client(s) and the server(s) since you started the capture.
  • You can hide the bottom window, it is not going to be of any use since our data are plain text.
  • The packet is shown in the PRO Protocol ProData section, the XOR 1 operation has already been applied to the packet to make it readable.
  • Since this protocol is using TCP, you can find multiple instructions in one packet, all the different instructions and their count are written in the Info column.
 
Reply
#2
what are the benefits / what can be achieved with these new infos?
 
Reply
#3
93simon what are the benefits / what can be achieved with these new infos?
Well you can pretty much do anything you can in game just by pressing send and maybe some other more interesting stuff, if I can get a damn packet sender to work I'd like to test if you can tp by zone transitioning to a completely different area than where you were supposed to go.


Does anyone know a good packet sender?

I'd like to test some stuff out but I haven't used a packet sender since wpe pro and I can't find PRO process even with permedit.

BTW I can't test it out atm but did you find out the packet for using cut ?
 
Reply
#4
arzefolo I'd like to test some stuff out but I haven't used a packet sender since wpe pro and I can't find PRO process even with permedit.

Make sure you are using the 32-bit version of PRO. WPE PRO cannot hook 64-bit processes.

arzefolo BTW I can't test it out atm but did you find out the packet for using cut ?

There is none. The cut action is client-side only.
 
Reply
#5
Silv3r
arzefolo I'd like to test some stuff out but I haven't used a packet sender since wpe pro and I can't find PRO process even with permedit.

Make sure you are using the 32-bit version of PRO. WPE PRO cannot hook 64-bit processes.

arzefolo BTW I can't test it out atm but did you find out the packet for using cut ?

There is none. The cut action is client-side only.


I see thanks.
 
Reply
#6
93simon what are the benefits / what can be achieved with these new infos?

You could do your own bot.

If you are interested in it and want more informations on the different checks and packets, you could decompile the code of Pro with ILSpy by loading: directoryOfPro\PRO64_94_Data\Managed\Assembly-CSharp.dll

My script aims more at being an interactive documentation than a reverse-engineering tool.
 
Reply
#7
Script largely updated.
The 2 first arrays now define for each packet:
  • Header
  • Description
  • Parameters names

The Parameters are in an array of either strings (for simple parameters) or arrays (for sub-parameters).

It is now very easy to add some new parameters names for each packet, you do not have to read any of the code, I would appreciate any pull request simply adding more informations to the array.
 
Reply
#8
Edit: /!\ PROShine can now read and send any kind of message

Hey guys, just a tip.

PROShine cannot actually show the private messages. But you can use Wireshark to print them by filtering the characters of the header of a PM.
A PM header is
pm|.|
|.| being a separator.

The display filter of wireshark only treat the original packet, that means you will have to apply a XOR 1 on every character to obtain its original state.

You can use a website like: http://www.xor.pw/? (I. ASCII with your letter, II. Binary with 1, III. ASCII your result)

pm|.|
gives
ql}/}

Enter in the display filter:
pro contains "ql}/}"

It will likely not show anything on your screen since you did not receive any PM yet. But as soon as you will receive one, the PM will appear in the list.

Another pointless example:
}|.|d|
means move (}) to right (d).

to print only that, enter:
pro contains "|}/}e}"
 
Reply
#9
g0ld Hey guys, just a tip.

PROShine cannot actually show the private messages. But you can use Wireshark to print them by filtering the characters of the header of a PM.

I got it to work and thank you very much. But can you tell me how I can respond?
 
Reply
#10
There is no easy way to send packets through an already established connection. Wait for the next version, coming very soon.
 
Reply
#11
g0ld There is no easy way to send packets through an already established connection. Wait for the next version, coming very soon.


Aww, thats exactly what I wanted to know. (Use the bot to use existing connection from the pro client and use the bot as a packet sender/receiver) Though I thinka packet sender will be much easier to make than a receiver with the pro client in tow.
penguins
 
Reply
  


Forum Jump:


Browsing: 1 Guest(s)