pso_gc_tools/decrypt_packets/README.md

# Packet Capture Decryption and Display

This tool is intended for learning and development purposes. It was originally written by me to help myself be able
to gain a better understanding of the PSO network communication protocol by being able to analyze the packets from
existing sessions with various different private servers. This was with the end goal of being able to write a new
minimal server implementation specifically and only to serve up download quests.

Unfortunately, with PSO being a fairly niche and old game, there is not exactly a burgeoning community of developers
with tons of comprehensive documentation, so writing tools to help myself and supplement the dearth of documentation
on PSO's network protocol was an important first step.

### Further Reading on PSO's Network Protocol

* http://web.archive.org/web/20171201191537/http://sharnoth.com/psodevwiki/
* http://www.fuzziqersoftware.com/files/psoprotocol.rtf

## Usage

This tool reads `.pcap` or `.pcapng` files produced by a capture tool, such as [Wireshark](https://www.wireshark.org/).

```text
decrypt_packets /path/to/capture.pcapng
```

### Caveats

It is _probably_ unlikely that you can just throw **any** capture file at this tool and expect it to work.

For best results, you should try to limit your capture so that it includes PSO client/server communication only. This 
tool does internally apply a `"tcp"` [pcap filter](https://biot.com/capstats/bpf.html) (meaning that it will ignore any
UDP packets present in a capture, for example), but afterwards it will look at every TCP packet it finds and try to
find the start of two peers communicating using the PSO network protocol. It does this by inspecting each TCP packet
and checking for one that contains a 0x02 or 0x17 packet. When found, those two peers get marked as a PSO client and
server and then all subsequent packets sent from either of them are interpreted as PSO network communication and packets
between them will be decrypted using the key information from that first 0x02 or 0x17 packet.

With this in mind, this tool _might_ be able to work with captures containing PSO network communication as well as a
bunch of other intermingled TCP packets for other things all jumbled together. But this is not a scenario I have
tested at all, so I make no promises!

This tool is also probably not properly dealing with a bunch of different TCP packet/connection scenarios. Noteably,
it does not handle retransmissions and a capture containing these will cause this tool to mess up. In such a scenario,
you could easily filter the retransmissions out via Wireshark by applying this filter `!(tcp.analysis.retransmission or tcp.analysis.fast_retransmission)`
and then re-exporting the capture.

### Capturing Packets from PSO

This is probably easiest if you already have Dolphin set up to run PSO with a working network configuration. Setting up
Dolphin in this way is not actually easy itself. But if you can overcome that obstacle, then you can begin capturing
packets from your local computer right away.

I do not personally have such a setup configured because I am lazy and cannot be bothered to figure out the janky "Tap"
set up that Dolphin requires. This is also because my home router runs [OpenWrt](https://openwrt.org/) which allows me
to install and use the [iptables-mod-tee](https://openwrt.org/packages/pkgdata/iptables-mod-tee) iptables extension
and then I can configure packet mirroring through my router's iptables configuration for any device on my network 
(such as my Gamecube running PSO) and capture Gamecube traffic from my PC.

Alternatively, if you are running the PSO server yourself, then you can capture PSO traffic from the same computer that
runs the PSO server, as that would be far easier than setting something up to capture from your Gamecube directly.

In any event, the point of this section is not to provide a full how-to to set this up but just to get you pointed in
the right direction if you were unsure. If you're knowledgeable enough to be considering doing packet capture analysis 
of any sort in the first place, then you should be able to set up one of these methods to enable you to capture that 
traffic without too much fuss. If you are not knowledgeable like this, please do not contact me for assistance. This
kind of stuff is far too difficult and frustrating to remote troubleshoot with someone not well versed in this area!
add a bunch of README files 2021-11-25 18:37:21 -05:00			`# Packet Capture Decryption and Display`

			`This tool is intended for learning and development purposes. It was originally written by me to help myself be able`
			`to gain a better understanding of the PSO network communication protocol by being able to analyze the packets from`
			`existing sessions with various different private servers. This was with the end goal of being able to write a new`
			`minimal server implementation specifically and only to serve up download quests.`

			`Unfortunately, with PSO being a fairly niche and old game, there is not exactly a burgeoning community of developers`
			`with tons of comprehensive documentation, so writing tools to help myself and supplement the dearth of documentation`
			`on PSO's network protocol was an important first step.`

			`### Further Reading on PSO's Network Protocol`

			`* http://web.archive.org/web/20171201191537/http://sharnoth.com/psodevwiki/`
			`* http://www.fuzziqersoftware.com/files/psoprotocol.rtf`

			`## Usage`

			This tool reads `.pcap` or `.pcapng` files produced by a capture tool, such as [Wireshark](https://www.wireshark.org/).

			```text
			`decrypt_packets /path/to/capture.pcapng`
			```

update decrypt_packets README with some notes on limits/caveats 2021-11-26 12:24:29 -05:00			`### Caveats`

			`It is _probably_ unlikely that you can just throw any capture file at this tool and expect it to work.`

			`For best results, you should try to limit your capture so that it includes PSO client/server communication only. This`
			tool does internally apply a `"tcp"` [pcap filter](https://biot.com/capstats/bpf.html) (meaning that it will ignore any
			`UDP packets present in a capture, for example), but afterwards it will look at every TCP packet it finds and try to`
			`find the start of two peers communicating using the PSO network protocol. It does this by inspecting each TCP packet`
			`and checking for one that contains a 0x02 or 0x17 packet. When found, those two peers get marked as a PSO client and`
			`server and then all subsequent packets sent from either of them are interpreted as PSO network communication and packets`
			`between them will be decrypted using the key information from that first 0x02 or 0x17 packet.`

			`With this in mind, this tool _might_ be able to work with captures containing PSO network communication as well as a`
			`bunch of other intermingled TCP packets for other things all jumbled together. But this is not a scenario I have`
			`tested at all, so I make no promises!`

			`This tool is also probably not properly dealing with a bunch of different TCP packet/connection scenarios. Noteably,`
			`it does not handle retransmissions and a capture containing these will cause this tool to mess up. In such a scenario,`
			you could easily filter the retransmissions out via Wireshark by applying this filter `!(tcp.analysis.retransmission or tcp.analysis.fast_retransmission)`
			`and then re-exporting the capture.`
add a bunch of README files 2021-11-25 18:37:21 -05:00
			`### Capturing Packets from PSO`

			`This is probably easiest if you already have Dolphin set up to run PSO with a working network configuration. Setting up`
			`Dolphin in this way is not actually easy itself. But if you can overcome that obstacle, then you can begin capturing`
			`packets from your local computer right away.`

			`I do not personally have such a setup configured because I am lazy and cannot be bothered to figure out the janky "Tap"`
			`set up that Dolphin requires. This is also because my home router runs [OpenWrt](https://openwrt.org/) which allows me`
			`to install and use the [iptables-mod-tee](https://openwrt.org/packages/pkgdata/iptables-mod-tee) iptables extension`
			`and then I can configure packet mirroring through my router's iptables configuration for any device on my network`
			`(such as my Gamecube running PSO) and capture Gamecube traffic from my PC.`

			`Alternatively, if you are running the PSO server yourself, then you can capture PSO traffic from the same computer that`
			`runs the PSO server, as that would be far easier than setting something up to capture from your Gamecube directly.`

			`In any event, the point of this section is not to provide a full how-to to set this up but just to get you pointed in`
			`the right direction if you were unsure. If you're knowledgeable enough to be considering doing packet capture analysis`
			`of any sort in the first place, then you should be able to set up one of these methods to enable you to capture that`
			`traffic without too much fuss. If you are not knowledgeable like this, please do not contact me for assistance. This`
			`kind of stuff is far too difficult and frustrating to remote troubleshoot with someone not well versed in this area!`