Skip to content

Packet Structure decoding

Jump to bottom Edit New page
Liam Mitchell edited this page Nov 2, 2016 · 1 revision

Firstly understand the packet headers, where the ID is, where the Data is. And understand basic data types.

Know your data, you should probably know something you expect in the packet for the action you want to figure out the structure for. Look for obvious text or values you would expect to be there.

Such as character name guild name etc all 13 in length.

If in doubt and its 4 bytes put integer 32. Short is 2 byte or int16 and byte is int8.

If its a long length, you don't understand split it out into smaller types.

Keep in mind, a lot of actions have a status byte after the packet id if its not dividable by 4, is the (length - 1) dividable by 4? if so, then maybe there is an int8 then the rest of data.

Keep in mind there could be repeating structures, or re-used structures from other things. If the packet is a variable length from multiple captures, then it may have a count of records, or the record count might be size-sizeof(packetID) / sizeof(Record). Or if dealing with a text protocol NULL terminated or new line delimited between packets. (Not the case in this game.)

Guess the data types for unknowns, and put them in as Unknown1, Unknown2, Unknown3 etc...

Another thing to notice is packet length after the packet id. This is the length of data for the parameters of the packet.

If it can be divided by 4 as a whole number then the data types are most likely all 4 byte types. (int, float or two shorts or 4 bytes etc)

Float is likely to be used for x,y,z or x,z and direction or rotation, a percentage such as how far through a tween or position on a line.

The only way to know is to look at the float value in 010 Hex Editor and see if it makes "Sense" as a number you might expect to see used.

If all the floats are numbers like this 7.112851e-41 in scientific notation then its likely not a float?

If it looks like an XYZ its either going to be float or int

If it looks like a direction its between 0 and 360. (Probably)

I think the steps above^ could be generalized into a program to process packets and attempt to guess at the structure but even if it does guess :D it would still need human to confirm and tweak :) would that be helpful if I coded such a program?

its really just a list of various steps I would do....

Good Luck!

Add a custom footer

Donate with PayPal today.

Donate with PayPal Credit or any major credit card.

Donations will be used to further improve the project or for server expenses.

Clone this wiki locally