|Defunct MMO Reverse Engineering - Jumpgate
|Page 1 of 1|
|Author:||Defearum [ Thu Apr 29, 2021 12:38 pm ]|
|Post subject:||Defunct MMO Reverse Engineering - Jumpgate|
Jumpgate is an old MMO from the early 2000s that died in 2012 and got a lucky break in 2013-2015 when a russian fanserver popped up to take the place of the original game.
Information on what the game was can be found here: https://en.wikipedia.org/wiki/Jumpgate: ... Initiative
In the interest of preserving the game in the event the new server disappears, I've been attempting to reverse engineer the server-client exchange so that I can start scraping packets and (hopefully) start documenting the foundation for proper private servers.
Based on my analysis using Ghidra & signsrch, I figured out that the game uses Rijndael/AES encryption. The effort at this point has been determining how the game client performs secure exchange and sets up the encryption channel. I was able to get the client to send unencrypted datagrams by NOPing a Rijndeal-related function.
The game sets up it's encryption after a small acknowledgement chain.
The server starts by sending a 62-byte datagram containing (presumably) a header, 20 bytes of seemingly random data (presumably a SHA-1 hash?), 4 bytes of padding(?), then 32 bytes of static data.
Here is some extract from Wireshark:
Note: The 20-byte block is currently hardcoded. Normally, the data is seemingly random.
0000 00 00 03 20 04 06 00 01 02 03 04 05 06 07 08 09 ... ............
The client will respond with a 58-byte datagram, consisting of:
a replay of the original 20-byte from the previous packet.
32 bytes of random data.
0000 00 80 02 a0 04 07 00 01 02 03 04 05 06 07 08 09 ................
The server then sends a final 13 byte packet to complete the exchange. Afterwards, any communication henceforth is encrypted.
My current guesses as to how this is working are that the game is either performing a PBKDF1 exchange, or a Diffie-Hellmann key exchange.
Does anyone have any ideas on how the client may be using this information to set up its handshake?
Edit: Corrected a small detail.
|Page 1 of 1||All times are UTC|
|Powered by phpBB® Forum Software © phpBB Limited