Main Menu

SC UDP Game Research

Started by Myst, March 06, 2008, 03:35:10 PM

Previous topic - Next topic

Myst

Thought I'd share some of my research now that I have no more time to fully concentrate on this project :(
Feel free to Use what you wish/release what you wish, just give me credit ;)


[Sequence for Creating Game]

[Intial Creation of Game]
SEND-> 0000   FF 1C 52 00 00 00 00 00 00 00 00 00 02 00 01 00    ..R.............
SEND-> 0010   FF 00 00 00 00 00 00 00 34 76 34 20 48 75 6E 74    ........4v4 Hunt
SEND-> 0020   65 72 73 00 00 2C 34 34 2C 2C 36 2C 31 2C 32 2C    ers..,44,,6,1,2,
SEND-> 0030   2C 31 2C 33 34 65 61 62 30 32 66 2C 34 2C 2C 74    ,1,34eab02f,4,,t
SEND-> 0040   68 69 65 66 0D 54 68 65 20 48 75 6E 74 65 72 73    hief.The Hunters
SEND-> 0050   0D 00                                              ..

[Host Leaves Chat]
SEND-> 0000   FF 10 04 00                                        ....

[Server Responds if Game was created succesful or not]
RECV-> 0000   FF 1C 08 00 00 00 00 00                            ........



[Joiner sends 3 query packets] UDPPKT_JOINQUERY(0x01) S -> C
RECV-> 0000   00 00 00 00 28 C4 10 00 00 00 01 00 00 01 FF 00    ....(...........
RECV-> 0010   01 00 00 00                                        ....
RECV-> 0000   00 00 00 00 28 C4 10 00 00 00 01 00 00 01 FF 00    ....(...........
RECV-> 0010   01 00 00 00                                        ....
RECV-> 0000   00 00 00 00 28 C4 10 00 00 00 01 00 00 01 FF 00    ....(...........
RECV-> 0010   01 00 00 00                                        ....


[Host responds back] UDPPKT_HOSTQUERYRESPONSE(0x02) C -> S
SEND-> 0000   00 00 00 00 33 B7 10 00 01 00 01 00 00 02 00 00    ....3...........
SEND-> 0010   01 00 00 00



[?]UDPPKT_Unknown(0x03) S -> C
RECV-> 0000   00 00 00 00 40 A8 10 00 01 00 02 00 00 03 FF 00    ....@...........
RECV-> 0010   01 00 00 00                                        ....


[Joiner is in the GameRoom and you gets its name and stats]
UDPPKT_JOINERSINFO(0x07) S -> C
RECV-> 0000   00 00 00 00 1F 81 30 00 02 00 02 00 00 07 FF 00    ......0.........
RECV-> 0010   62 61 62 79 62 61 63 00 50 58 45 53 20 30 20 30    babybac.PXES 0 0
RECV-> 0020   20 32 36 20 30 20 30 20 30 20 30 20 30 20 50 58     26 0 0 0 0 0 PX
RECV-> 0030   45 53 00 00                                        ES..


[Host sends 0x1C again saying there is another person in game other than Host]
SEND-> 0000   FF 1C 52 00 04 00 00 00 0A 00 00 00 02 00 01 00    ..R.............
SEND-> 0010   FF 00 00 00 00 00 00 00 34 76 34 20 48 75 6E 74    ........4v4 Hunt
SEND-> 0020   65 72 73 00 00 2C 34 34 2C 2C 36 2C 31 2C 32 2C    ers..,44,,6,1,2,
SEND-> 0030   2C 31 2C 33 34 65 61 62 30 32 66 2C 34 2C 2C 74    ,1,34eab02f,4,,t
SEND-> 0040   68 69 65 66 0D 54 68 65 20 48 75 6E 74 65 72 73    hief.The Hunters
SEND-> 0050   0D 00


[Host sends Data about the game to joiner]
UDPPKT_GAMEDATA(0x08) C -> S

(DWORD) Null
(WORD)  UDP Checksum of Packet
(WORD)  Length
(WORD)  Sent (Always &H2)
(WORD)  Recv (Always &H3)
(BYTE)  Command (Always &H0)
(BYTE)  ID      (&H8)
(WORD)  Host ID (&H0)
(DWORD) ID of Joiner you're sending Data to
(DWORD) Max # of players for Map
(DWORD) Command 2 SEQ Counter
(DWORD) Unknown (Always &H4)
(DWORD) Time since creation (Same used for 0x1C)
(STRING) Game Name
(STRING) Game Pass
(STRING) Game Options
(STRING) Game Host Name
(STRING) Map Name
(WORD) Null


SEND-> 0000   00 00 00 00 28 46 5A 00 02 00 03 00 00 08 00 00    ....(FZ.........
SEND-> 0010   01 00 00 00 08 00 00 00 27 00 00 00 04 00 00 00    ........'.......
SEND-> 0020   0A 00 00 00 34 76 34 20 48 75 6E 74 65 72 73 00    ....4v4 Hunters.
SEND-> 0030   2C 34 34 2C 2C 36 2C 31 2C 32 2C 2C 31 2C 33 34    ,44,,6,1,2,,1,34
SEND-> 0040   65 61 62 30 32 66 2C 34 2C 2C 74 68 69 65 66 0D    eab02f,4,,thief.
SEND-> 0050   54 68 65 20 48 75 6E 74 65 72 73 0D 00 00          The Hunters...

SEND-> 0000   00 00 00 00 22 96 5B 00 02 00 03 00 00 08 00 00    ....".[.........
SEND-> 0010   01 00 00 00 04 00 00 00 35 00 00 00 04 00 00 00    ........5.......
SEND-> 0020   11 00 00 00 32 76 32 7E 4C 54 00 2C 34 34 2C 31    ....2v2~LT.,44,1
SEND-> 0030   34 2C 36 2C 32 2C 32 2C 2C 31 2C 33 34 65 61 62    4,6,2,2,,1,34eab
SEND-> 0040   30 32 66 2C 34 2C 2C 53 74 65 65 6C 0D 54 68 65    02f,4,,Steel.The
SEND-> 0050   20 4C 6F 73 74 20 54 65 6D 70 6C 65 0D 00 00        Lost Temple...

SEND-> 0000   00 00 00 00 D4 62 5A 00 02 00 03 00 00 08 00 00    .....bZ.........
SEND-> 0010   01 00 00 00 04 00 00 00 12 00 00 00 04 00 00 00    ................
SEND-> 0020   07 00 00 00 32 76 32 7E 4C 54 00 2C 34 34 2C 31    ....2v2~LT.,44,1
SEND-> 0030   34 2C 36 2C 32 2C 32 2C 2C 31 2C 33 34 65 61 62    4,6,2,2,,1,34eab
SEND-> 0040   30 32 66 2C 34 2C 2C 4D 79 73 74 0D 54 68 65 20    02f,4,,Myst.The
SEND-> 0050   4C 6F 73 74 20 54 65 6D 70 6C 65 0D 00 00          Lost Temple...

SEND-> 0000   00 00 00 00 4C 7D 5B 00 02 00 03 00 00 08 00 00    ....L}[.........
SEND-> 0010   01 00 00 00 04 00 00 00 33 00 00 00 04 00 00 00    ........3.......
SEND-> 0020   0F 00 00 00 32 76 32 7E 4C 54 00 2C 34 34 2C 31    ....2v2~LT.,44,1
SEND-> 0030   34 2C 36 2C 32 2C 32 2C 2C 31 2C 33 34 65 61 62    4,6,2,2,,1,34eab
SEND-> 0040   30 32 66 2C 34 2C 2C 54 68 69 65 66 0D 54 68 65    02f,4,,Thief.The
SEND-> 0050   20 4C 6F 73 74 20 54 65 6D 70 6C 65 0D 00 00        Lost Temple...



[Host sends this]
UDPPKT_WhosWho(0x06) C -> S

(DWORD) Null
(WORD)  UDP Checksum of Packet
(WORD)  Length
(WORD)  Sent (Always &H3)
(WORD)  Recv (Always &H3)
(BYTE)  Command (Always &H0)
(BYTE)  ID      (&H6)
(WORD)  Host ID (&H0)
(DWORD) LengthFromHereToStart
(DWORD) Null
(DWORD) ID of Joiner sending data too [?]
(DWORD) Null
(DWORD) Command SEQ Counter (Same from 0x08)
(DWORD) Null
(DWORD) Null
(DWORD) Null
(DWORD) Null
(STRING) Host Account Name
(WORD) Null


SEND-> 0000   00 00 00 00 E4 72 37 00 03 00 03 00 00 06 00 00    .....r7.........
SEND-> 0010   2B 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00    +...............
SEND-> 0020   27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    '...............
SEND-> 0030   00 00 00 00 74 68 69 65 66 00 00                   ....thief..

SEND-> 0000   00 00 00 00 19 B8 36 00 03 00 03 00 00 06 00 00    ......6.........
SEND-> 0010   2A 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00    *...............
SEND-> 0020   12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    ................
SEND-> 0030   00 00 00 00 4D 79 73 74 00 00                      ....Myst..

SEND-> 0000   00 00 00 00 44 27 37 00 03 00 03 00 00 06 00 00    ....D'7.........
SEND-> 0010   2B 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00    +...............
SEND-> 0020   33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    3...............
SEND-> 0030   00 00 00 00 54 68 69 65 66 00 00                   ....Thief..




Command 2 0x00

2 People in Game Host in first slot, Joiner in second slot,
Map Info 6 Player UMS Map , 1 Computer

00 00 00 00 12 D9 4E 00 2F 00 2F 00 02 00 00 00 3D 64
3E 07 FF 00 00 00
3E 06 FF 05 00 02
3E 05 FF 06 00 01
3E 04 FF 06 00 01
3E 03 FF 06 00 01
3E 02 FF 06 00 01
3E 01 01 02 00 01
3E 00 00 02 00 01
3F 01 00 00 01 00 05 00
3F 00 00 00 01 00 05 00

2 People in Game Host in 1 slot Joiner in 3rd slot 2slot was closed

00 00 00 20 A4 4E 00 42 00 41 00 02 00 00 00 3D 64
3E 07 FF 00 00 00
3E 06 FF 05 00 02
3E 05 FF 06 00 01
3E 04 FF 06 00 01
3E 03 FF 06 00 01
3E 02 01 02 00 01
3E 01 FF 08 00 01
3E 00 00 02 00 01
3F 01 00 00 01 00 05 00
3F 00 00 00 01 00 05 00

2 People in Game, Host in 1st Slot, Joiner in 3rd Slot, 2nd slot closed, 4th slot computer
Map Info Lost Temple (Max 4 Players)

00 00 00 00 22 A1 4E 00 44 00 44 00 02 00 00 00 3D 64
3E 07 FF 00 00 00
3E 06 FF 00 01 00
3E 05 FF 00 02 00
3E 04 FF 00 00 00
3E 03 FF 05 01 00
3E 02 01 02 03 00
3E 01 FF 08 06 00
3E 00 00 02 06 00
3F 01 00 00 01 00 05 00
3F 00 00 00 01 00 05 00


Host was in first slot
mAP iNFo - The Hunters
00 00 00 00 3F 24 56 00 C2 00 C4 00 02 00 00 00 3D 64
3E 07 FF 05 01 00
3E 06 FF 05 00 00
3E 05 FF 05 02 00
3E 04 FF 06 06 00
3E 03 FF 06 06 00
3E 02 02 02 06 00
3E 01 01 02 00 00
3E 00 00 02 01 00
3F 02 00 00 01 00 05 00
3F 01 00 00 01 00 05 00
3F 00 00 00 01 00 05 00

00 00 00 00 AE 3D 4E 00 11 01 10 01 02 00 00 00 3D 64
3E 07 01 02 06 00
3E 06 FF 08 06 00
3E 05 FF 08 06 00
3E 04 FF 08 06 00
3E 03 FF 08 06 00
3E 02 FF 08 06 00
3E 02 FF 08 06 00
3E 01 FF 08 06 00
3E 00 00 02 06 00
3F 01 00 00 01 00 05 00
3F 00 00 00 01 00 05 00

fAMILY gUY mADNESS
00 00 00 00 8D C5 66 00 72 00 73 00 02 00 00 00 3D 64
3E 07 02 02 02 03
3E 06 03 02 02 03
3E 05 FF 06 02 02
3E 04 04 02 02 02
3E 03 FF 06 02 04
3E 02 01 02 02 01
3E 01 FF 06 02 04
3E 00 00 02 02 01
3F 04 00 00 01 00 05 00
3F 03 00 00 01 00 05 00
3F 02 00 00 01 00 05 00
3F 01 00 00 01 00 05 00
3F 00 00 00 01 00 05 00

[Command 2]
UDPPKT_GAMEROOMINFO(0x00) C -> S

(DWORD)Null
(WORD) UDP Checksum
(WORD) Packet Length
(WORD) Sent
(WORD) Recieve
(BYTE) Command
(BYTE) Packet ID
(WORD) Unknown - 00 00
(WORD) Unknown - 3D 64
(BYTE) Slot Packet ID - 3E
(BYTE) GameSlot ID
(BYTE) Player ID*
(BYTE) Slot Status**
(BYTE) Player Race Selection
(BYTE) Force***
(BYTE) Unknown ID - 3F
(BYTE) Player ID
(WORD) Null
(WORD) 0x01
(WORD) 0x05

*
When no player is there it is 0xFF

**
Human 0x02
Closed 0x08
Computer 0x05
Not Used 0x00
Empty 0x06

***
No Force 0x00
Force 1 0x01
Force 2 0x02
etc..




S>C In GameRoom Chat


00 00                                                     ..
00 00 2D 38 11 00 03 00 05 00 01 00 01 00 4C 64 61 6D 00  ..-8..........Ldam.

C>S InGame Chat Outgoing
(DWORD)  Null
(WORD)   UDP Checksum of Packet
(WORD)   Length
(WORD)   Sent
(WORD)   Recv
(BYTE)   Command (Command 1)
(BYTE)   Packet ID (&H0)
(WORD)   Player ID (Person Sending) (&H0 = first slot in gameroom,  &H1 = 2nd Slot, etc)
(WORD)   Unused
(STRING) Message
    00 00 ..
00 00 66 CE 37 00 19 00 23 00 01 00 01 00 00 00 69 74 73 20 70 65 ..f.7...#.......its pe
6F 70 6C 65 20 6C 69 28 65 20 6D 65 20 74 68 61 74 20 67 69 76 65 ople like me that give
20 79 6F 75 20 62 6F 74 73 20 3A 50 00                             you bots :P.

                                                            00 00 ..
00 00 98 69 19 00 1A 00 23 00 01 00 01 00 00 00 62 65 20 74 68 78 ...i....#.......be thx
20 66 75 6C 00    ful.


    00 00 ..
00 00 A8 B3 23 00 12 00 1D 00 01 00 01 00 00 01 6E 65 65 64 20 74 ....#...........need t
6F 20 67 72 61 62 20 75 72 20 74 65 78 74 00   o grab ur text.


S>C InGame Chat Incoming
(DWORD)  Null
(WORD)   UDP Checksum of Packet
(WORD)   Length
(WORD)   Sent
(WORD)   Recv
(BYTE)   Command (Command 1)
(BYTE)   Packet ID (&H0)
(WORD)   Player ID (Person Sending) (&H0 = first slot in gameroom,  &H1 = 2nd Slot, etc)
(WORD)   Unused
(STRING) Message

            00 00 ..
00 00 7F D2 2B 00 23 00 1B 00 01 00 00 00 00 00 57 68 79 20 77 6F ....+.#.........Why wo
75 6C 64 20 49 20 63 61 72 65 20 6F 66 20 62 6F 74 73 20 3C 2E 3C uld I care of bots <.<
00   .


    00 00 ..
00 00 54 9C 1A 00 1D 00 13 00 01 00 00 00 00 B5 4D 79 73 74 20 69 ..T.............Myst i
73 20 65 6D 6F 00   is emo.

Archangel

#1
I posted this like 2 years ago in other forums, maybe it can help:


Packet Format:
   (DWORD) 0x00
   (WORD) Checksum
   (WORD) Length
   (WORD) Sent
   (WORD) Recved
   (BYTE) Command Class
   (BYTE) Command
   (BYTE) Sender ID
   (BYTE) Resend
   (VOID) Packet


Quote from: Skywing
The header you are working with is specific to the Storm UDP protocol
and is ot ever assembled or viewed by the game protocol module itself.  Thus
only ontrol messages for the Storm UDP protocol use the command field.

The way this is laid out can be represented something like this:

-----------------
-- Storm Header--
-----------------
-- Data Payload -
-----------------

Storm.dll receives the data off the wire, and interprets class 0
control messages directly, instead of passing them on to the game (except
perhaps in the form of high level callbacks, such as a "player joined the game"
callback or event).

For non-class0 messages, the data payload is passed uninterpreted on to
the game protocol parser itself, whether that be in Diablo.exe,
Starcraft.exe,
etc:

-----------------
-- Data Payload -
-----------------

Since the main game module never sees the Storm header, command ids for
other than the internal control class can't be stored there.

Note that I am logically equating Storm.dll and the Storm network
service provider (SNP) as the same module.  In reality, the SNP is responsible
for sending and receiving the game data off of the wire, whether that be a
UDP socket or an IPX socket, or just an internal loopback (e.g. standard.snp).

Class 1 is used for messages that do not need to be synchronized with
the game state, such as chat commands.  Thus, class 1 commands can be sent
and received at any time.

Class 2 is used for messages that do need to be synchronized with the
game state, such as unit orders.  Thus, class 2 commands can only be sent
once each game turn (as a result they are typically queued internally inside
the game protocol module until the next turn is transmitted).

At this time I do not have a list of Starcraft game protocol commands
in other than source code form, which I am not prepared to distribute.

And also the UDP Checksum in VB:


Private Function RShift(ByVal pnValue As Long, ByVal pnShift As Long) As Double
On Error Resume Next
    RShift = CDbl(pnValue \ (2 ^ pnShift))
End Function

Private Function LShift(ByVal pnValue As Long, ByVal pnShift As Long) As Double
On Error Resume Next
    LShift = CDbl(pnValue * (2 ^ pnShift))
End Function

Private Function SubCheckSum(ByVal buf As String, ByVal length As Integer) As Long
    Dim sum1, sum2
    Dim i As Integer, iY As Integer
        For iY = 0 To length - 1
            i = length - iY
            sum2 = sum2 + Asc(Mid(buf, i, 1))
            If sum2 > &HFF Then
                sum2 = sum2 - &HFF
            End If
            sum1 = sum1 + sum2
        Next iY
        SubCheckSum = (LShift((sum2 And &HFF), 8)) Or ((sum1 Mod &HFF) And &HFF)
End Function

Private Function UDPCheckSum(buf As String) As Integer
    Dim subsum As Long, length As Integer
    Dim a As Long, b As Long, Ret As Integer
        CopyMemory length, ByVal Mid$(buf, 3, 2), 2
        length = length - 2
        subsum = SubCheckSum(Mid$(buf, 3), length)
        a = &HFF - ((subsum And &HFF) + (RShift(subsum, 8))) Mod &HFF
        b = CLng((((&HFF - (a + RShift(subsum, 8)) Mod &HFF) And &HFF) Or LShift(a, 8)))
        CopyMemory Ret, b, 2
        UDPCheckSum = Ret
End Function


This was from a research i did with Pianka years ago.

xampp

im a noob, whats this project all about?

Myst

emulating Starcrafts game protocol

Myst

Command 0
offset  = 14

Command 1
offset  = 17

Command 2
offset  = 17


Myst

note for change* Command 1 0x4C = chat packet not 0x00

brew

Quote from: Myst on October 26, 2008, 03:20:47 PM
note for change* Command 1 0x4C = chat packet not 0x00
Haha, I thought it was well known that the command 1 packets have no packet id in the header, but instead sticks it in as the first byte of the packet payload.
Command 1 & 2 packets have the header trimmed before being passed to starcraft to parse.

Heinermann

See http://code.google.com/p/vgce/source/browse/trunk/docs/Blizzard/Starcraft/packets2.txt

I know this topic is old, but I recently discovered some "Return codes" that are used internally(0x50 to 0x53).

I believe that the Lobby commands, return codes, and game commands are NOT related, but were initially related in Alpha/Beta, so I have merged them.