Page 1 of 1

Dev Chat: 01/30/2014 - Reused Opcodes/Collector

Posted: Thu Jan 30, 2014 8:06 pm
by John Adams
This was an important discovery about what we're calling "re-useable opcodes", in that the same opcode coming into the client from different "servers". Also some experimenting with chat - and the birth of LogSearch.exe

[quote]Session Start: Thu Jan 30 00:18:00 2014
[14:53] <@Xinux_Work> i think the same opcode can be used for differnt things depending on the server
[14:53] <@Xinux_Work> –- OP_Unknown_111 --
[14:53] <@Xinux_Work> 1/29/2014 11:38:25
[14:53] <@Xinux_Work> 10.15.155.168 -> 69.174.203.28
[14:53] <@Xinux_Work> 0000: 00 09 00 01 02 00 6F 00 00 00 61 00 00 00 0C 00 ......o...a.....
[14:53] <@Xinux_Work> 0010: 1A 00 00 00 43 6C 69 65 6E 74 4C 6F 67 69 6E 43 ....ClientLoginC
[14:53] <@Xinux_Work> 0020: 6F 6E 6E 65 63 74 69 6F 6E 73 2E 6C 6F 67 3D 00 onnections.log=.
[14:53] <@Xinux_Work> 0030: 00 00 4C 6F 67 69 6E 20 73 75 63 63 65 73 73 66 ..Login successf
[14:53] <@Xinux_Work> 0040: 75 6C 20 74 6F 20 4C 6F 67 69 6E 20 53 65 72 76 ul to Login Serv
[14:53] <@Xinux_Work> 0050: 65 72 3A 20 76 61 6E 67 75 61 72 64 6C 6F 67 69 er: vanguardlogi
[14:53] <@Xinux_Work> 0060 6E 31 2E 73 6F 65 2E 73 6F 6E 79 2E 63 6F 6D n1.soe.sony.com
[14:53] <@Scatman> yeah i noticed that 6f
[14:55] <@Xinux_Work> again
[14:56] <@Xinux_Work> appears to be a list of everything in the marketplace
[14:56] <@Xinux_Work> first few lines
[14:56] <@Xinux_Work> –- OP_Unknown_111 --
[14:56] <@Xinux_Work> 1/29/2014 11:38:58
[14:56] <@Xinux_Work> 69.174.203.8 -> 10.15.155.168
[14:56] <@Xinux_Work> 0000: 02 00 6F 00 00 00 DF 9B 00 00 04 00 05 00 01 00 ..o.............
[14:56] <@Xinux_Work> well first line lol
[14:57] <@Xinux_Work> that is going to suck for the collector cause no way to split it apart
[14:57] <@Xinux_Work> would have to name it xxx/xxxx/xxxx =/
[14:57] <@Xinux_Work> OP_xxx/xxx/xxx
[14:58] <@Xinux_Work> since it depends on which server it comes from
[14:58] <~john> i think i'm missing why.
[14:58] <@Xinux_Work> opcode 111 is not the same thing depending on which server it is coming to and from
[14:58] <~john> oh, crap.
[14:59] <@Xinux_Work> notice all the ip's are different in the pastes
[14:59] <@Xinux_Work> well 2 of them anyway
[15:00] <~john> this is just a problem with mapping opcode to a reasonable name? maybe it doesn't matter.
[15:01] <@Xinux_Work> we will need seperate opcode lists
[15:01] <@Xinux_Work> unless Scat has a better idea

[15:12] <@Xinux_Work> maybe in OpcodeList.cpp down at the bottom where it calls const char* GetOpcodeString(BYTE *pData)
[15:12] <@Scatman> i'd to be 100% sure that's the case first xin
[15:12] <@Xinux_Work> add a check in to where if src or dst IP is x.x.x.x
[15:13] <@Xinux_Work> if so call a different list
[15:13] <@Xinux_Work> yea
[15:21] <~john> are specific types of packets coming from the different IPs? Like, zone stuff from one, chat stuff from another, auth stuff, etc?
[15:22] <~john> Looking at my log, everything was from 69.174.203.28 until the connect, then it was 69.174.203.8, and back and forth between them. Never noticed that before.
[15:23] <~john> i almost see no pattern.
[15:27] <@Xinux_Work> yes
[15:29] <@Xinux_Work> the one log is where i got this info from
[15:29] <@Xinux_Work> [11:32] <@Xinux_Work> lvsvgo-login-01.vanguardsoh.net [69.174.203.28] LoginServer 2
[15:29] <@Xinux_Work> [11:32] <@Xinux_Work> lvsvgo-01-01.vanguardsoh.net [69.174.203.8] WorldServer/Chunk 2 3 5 6
[15:29] <@Xinux_Work> [11:32] <@Xinux_Work> lvsvgo-01-13.vanguardsoh.net [69.174.203.20] ZoneServer 1 2
[15:32] <@Scatman> new system is working like a CHAMP and it's BEAUTIFUL
[15:32] <@Scatman> i just wanna stare at it
[15:33] <@Xinux_Work> lol
[17:46] <@Xinux_Work> –- OP_Unknown_102 --
[17:46] <@Xinux_Work> 1/30/2014 16:38:00
[17:46] <@Xinux_Work> 69.174.203.13 -> 10.15.155.168
[17:46] <@Xinux_Work> 0000: 01 00 66 00 00 00 01 00 02 20 00 C1 97 AE 80 AA ..f...... ......
[17:46] <@Xinux_Work> 0010: A9 A2 29 90 A3 AA 24 A2 9E 9A 18 A2 1A A1 1A A1 ..)...$.........
[17:46] <@Xinux_Work> 0020: 19 9A A2 98 20 1A 98 1B 1B 98 21 9B 99 18 9C 20 .... .....!....
[17:46] <@Xinux_Work> 0030: 98 98 1B 23 9A 9B 20 A3 22 10 23 A6 A0 A3 A9 9E ...#.. .".#.....
[17:46] <@Xinux_Work> 0040: 18 90 A9 24 AD A2 9E 18 1B 9C 1B 1A 98 9A 1A 90 ...$............
[17:46] <@Xinux_Work> 0050: A3 22 A7 9E 18 10 23 A7 A0 A6 A2 9E 31 B4 3A B7 ."....#.....1.:.
[17:46] <@Xinux_Work> 0060 B5 2F 37 19 9B AF 18 17 BB 33 39 80 ./7......39.
[17:46] <@Xinux_Work> doesn't match our breakdown
[17:47] <@Xinux_Work> 66 00 00 00 is the size
[17:47] <@Xinux_Work> 01 00 is a sequence
[17:48] <Zcoretri> hey xinux
[17:48] <@Xinux_Work> 02 20 00 is a seperate sequence
[17:48] <@Xinux_Work> heya

[17:50] <@Xinux_Work> need to find a spot in vanguard with nothing around
[17:51] <~john> that should be pretty easy lol

[17:52] <~john> hey Z
[17:54] <Zcoretri> hello john
[17:54] <Zcoretri> you got a working collector?
[17:56] <~john> he did. i think he's just panicking about the opcode names now
[17:57] <Zcoretri> haha
[18:11] <@Xinux_Work> it's more then names
[18:13] <~john> you in the world right now?
[18:14] <@Xinux_Work> on live no i just logged off one sec and i will be
[18:14] <~john> i'm standing in the exact same /loc I was in when I logged out in 2008 lol
[18:15] <@Xinux_Work> i'm in now Valisxx
[18:17] <~john> you are 15km away
[18:18] <@Xinux_Work> that is 45k

[18:36] <~john> xinux, you getting any idea how big the "proximity" range is for picking up spawns? is it like EQ2, where if YOU see it, so does collector?
[18:38] <@Xinux_Work> that would be my guess
[18:38] <~john> logging Flarney in with collector.
[18:43] <~john> hmm, i am not seeing NPC dialog text in the log.
[18:47] <~john> hmm, the server has to be sending the text to the client. it has my name in it.
[18:47] <@Xinux_Work> you started the collector before starting VG right
[18:47] <~john> yeah, still at LP
[18:47] <~john> send me a /tell Flarney
[18:47] <@Xinux_Work> will show as y.o.o.
[18:48] <@Xinux_Work> i'm watching my log in real time send me a tell
[18:48] <~john> k i got nothin in the log.
[18:48] <@Xinux_Work> -- OP_ReskinCharacterRequestMsg --
[18:48] <@Xinux_Work> 1/30/2014 17:48:47
[18:48] <@Xinux_Work> 69.174.203.8 -> 10.15.155.168
[18:48] <@Xinux_Work> 0000: 00 09 00 97 06 00 0F 00 00 00 20 00 00 00 68 00 .......... ...h.
[18:48] <@Xinux_Work> 0010: 6F 00 77 00 64 00 79 00 00 00 46 00 6C 00 61 00 o.w.d.y...F.l.a.
[18:48] <@Xinux_Work> 0020 72 00 6E 00 65 00 79 00 00 00 0F 00 00 00 r.n.e.y.......
[18:49] <~john> wtf? lol
[18:49] <~john> you watching collector log with Notepad++?
[18:49] <@Xinux_Work> nope a program called Baretail
[18:49] <~john> hmm. maybe I am blocking the log updates.
[18:51] <~john> yeah, notepad++ not ftw on this one. baretail
[18:53] <~john> not even seeing my Hail to the NPC. weird.
[18:53] <@Xinux_Work> -- OP_ReskinCharacterRequestMsg --
[18:53] <@Xinux_Work> 1/30/2014 17:53:33
[18:53] <@Xinux_Work> 69.174.203.8 -> 10.15.155.168
[18:53] <@Xinux_Work> 0000: 00 09 00 9D 06 00 0F 00 00 00 1E 00 00 00 74 00 ..............t.
[18:53] <@Xinux_Work> 0010: 65 00 73 00 74 00 00 00 46 00 6C 00 61 00 72 00 e.s.t...F.l.a.r.
[18:53] <@Xinux_Work> 0020 6E 00 65 00 79 00 00 00 0F 00 00 00 n.e.y.......
[18:54] <@Xinux_Work> -- OP_ReskinCharacterRequestMsg --
[18:54] <@Xinux_Work> 1/30/2014 17:53:28
[18:54] <@Xinux_Work> 69.174.203.8 -> 10.15.155.168
[18:54] <@Xinux_Work> 0000: 00 09 00 9C 06 00 0F 00 00 00 6C 00 00 00 64 00 ..........l...d.
[18:54] <@Xinux_Work> 0010: 6F 00 65 00 73 00 20 00 61 00 6E 00 79 00 6F 00 o.e.s. .a.n.y.o.
[18:54] <@Xinux_Work> 0020: 6E 00 65 00 20 00 6B 00 6E 00 6F 00 77 00 20 00 n.e. .k.n.o.w. .
[18:54] <@Xinux_Work> 0030: 77 00 68 00 65 00 72 00 65 00 20 00 48 00 69 00 w.h.e.r.e. .H.i.
[18:54] <@Xinux_Work> 0040: 72 00 6F 00 20 00 54 00 65 00 6E 00 74 00 72 00 r.o. .T.e.n.t.r.
[18:54] <@Xinux_Work> 0050: 65 00 65 00 73 00 20 00 69 00 73 00 3F 00 00 00 e.e.s. .i.s.?...
[18:54] <@Xinux_Work> 0060: 53 00 69 00 6C 00 6B 00 65 00 6E 00 6D 00 79 00 S.i.l.k.e.n.m.y.
[18:54] <@Xinux_Work> 0070 73 00 74 00 00 00 04 00 00 00 s.t.......
[18:54] <~john> alrighty, logging back in then.
[18:54] <@Xinux_Work> remeber the collector has to be running before you even start the game.
[18:55] <~john> it was running before I even launched launchpad.

[18:58] <~john> okay, round 2.
[19:02] <~john> nope, got no text. of course, shit is flying by so fast I cannot tell with the 2-byte bullshit lol
[19:03] <~john> i do see motd.
[19:09] <~john> oh, i think i see it.
[19:09] <~john> –- OP_Unknown_715 --
[19:09] <~john> 1/30/2014 18:59:13
[19:09] <~john> 69.174.203.13 -> 192.168.1.100
[19:09] <~john> 0000: 02 00 CB 02 00 00 65 06 00 00 FF FF FF FF FF FF ......e.........
[19:09] <~john> 0010: FF FF 0A 1F 00 00 57 00 61 00 72 00 6D 00 69 00 ......W.a.r.m.i.
[19:09] <~john> 0020: 6E 00 67 00 20 00 55 00 70 00 00 00 02 00 00 00 n.g. .U.p.......
[19:09] <~john> 0030: 00 22 00 57 00 68 00 69 00 6C 00 65 00 20 00 74 .".W.h.i.l.e. .t
[19:09] <~john> 0040: 00 68 00 65 00 20 00 68 00 6F 00 62 00 67 00 6F .h.e. .h.o.b.g.o
[19:09] <~john> that's in my Quest Journal tho. still looking for the chat dialog.
[19:12] <~john> there it is... whew..
[19:15] <~john> hmm, still cannot find my /say hi anywhere. trying something more creative lol
[19:16] <~john> nope. chatbox text is not in my log. just did xxxyyyzzz and saw nothing simiar
[19:18] <~john> dunno how you are getting mine though... but what else is new? everything always works perfectly for you
[19:51] <@Xinux> send me the log

[19:58] <@Xinux> in your Flamey_chatfail.log
[19:58] <@Xinux> -- OP_ReskinCharacterRequestMsg --
[19:58] <@Xinux> 1/30/2014 18:47:39
[19:58] <@Xinux> 69.174.203.8 -> 192.168.1.100
[19:58] <@Xinux> 0000: 00 09 00 88 06 00 0F 00 00 00 1C 00 00 00 79 00 ..............y.
[19:58] <@Xinux> 0010: 6F 00 6F 00 00 00 56 00 61 00 6C 00 69 00 73 00 o.o...V.a.l.i.s.
[19:58] <@Xinux> 0020 78 00 78 00 00 00 0F 00 00 00 x.x.......
[19:58] <@Xinux> that is my tell to you
[19:58] <@Xinux> you fail at searching sir.
[20:00] <Zcoretri> its past his bed time
[20:00] <@Xinux> yea he is a old man
[20:01] <@Xinux> i stand corrected an old man

[20:04] <@Xinux> Scat this one is for you this appears to be a movement packet but the length is where the opcode is on the other packets and the size changes when you are moving compared to standing still.
[20:04] <@Xinux> –- OP_Unknown_23 --
[20:04] <@Xinux> 1/30/2014 18:46:24
[20:04] <@Xinux> 69.174.203.13 -> 192.168.1.100
[20:04] <@Xinux> 0000: 01 00 17 00 00 00 64 40 C8 B1 08 C7 06 98 30 F0 ......d@......0.
[20:04] <@Xinux> 0010 0B 87 00 B5 40 BD 36 C0 84 81 5F 38 0C ....@.6..._8.
[20:06] <@Xinux> the ones from the client are usually around 30 size
[20:06] <@Xinux> afk[/quote]

After Xinux mocked me for not finding text in the logs, I wrote LogSearch.exe - which is now growing into an untamed beast of an app.