gered/pso_gc_tools
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
pso_gc_tools/decrypt_packets/README.md

4.3 KiB
Raw Permalink Blame History

Packet Capture Decryption and Display

This tool is intended for learning and development purposes. It was originally written by me to help myself be able to gain a better understanding of the PSO network communication protocol by being able to analyze the packets from existing sessions with various different private servers. This was with the end goal of being able to write a new minimal server implementation specifically and only to serve up download quests.

Unfortunately, with PSO being a fairly niche and old game, there is not exactly a burgeoning community of developers with tons of comprehensive documentation, so writing tools to help myself and supplement the dearth of documentation on PSO's network protocol was an important first step.

Further Reading on PSO's Network Protocol

Usage

This tool reads .pcap or .pcapng files produced by a capture tool, such as Wireshark.

decrypt_packets /path/to/capture.pcapng

Caveats

It is probably unlikely that you can just throw any capture file at this tool and expect it to work.

For best results, you should try to limit your capture so that it includes PSO client/server communication only. This tool does internally apply a "tcp" pcap filter (meaning that it will ignore any UDP packets present in a capture, for example), but afterwards it will look at every TCP packet it finds and try to find the start of two peers communicating using the PSO network protocol. It does this by inspecting each TCP packet and checking for one that contains a 0x02 or 0x17 packet. When found, those two peers get marked as a PSO client and server and then all subsequent packets sent from either of them are interpreted as PSO network communication and packets between them will be decrypted using the key information from that first 0x02 or 0x17 packet.

With this in mind, this tool might be able to work with captures containing PSO network communication as well as a bunch of other intermingled TCP packets for other things all jumbled together. But this is not a scenario I have tested at all, so I make no promises!

This tool is also probably not properly dealing with a bunch of different TCP packet/connection scenarios. Noteably, it does not handle retransmissions and a capture containing these will cause this tool to mess up. In such a scenario, you could easily filter the retransmissions out via Wireshark by applying this filter !(tcp.analysis.retransmission or tcp.analysis.fast_retransmission) and then re-exporting the capture.

Capturing Packets from PSO

This is probably easiest if you already have Dolphin set up to run PSO with a working network configuration. Setting up Dolphin in this way is not actually easy itself. But if you can overcome that obstacle, then you can begin capturing packets from your local computer right away.

I do not personally have such a setup configured because I am lazy and cannot be bothered to figure out the janky "Tap" set up that Dolphin requires. This is also because my home router runs OpenWrt which allows me to install and use the iptables-mod-tee iptables extension and then I can configure packet mirroring through my router's iptables configuration for any device on my network (such as my Gamecube running PSO) and capture Gamecube traffic from my PC.

Alternatively, if you are running the PSO server yourself, then you can capture PSO traffic from the same computer that runs the PSO server, as that would be far easier than setting something up to capture from your Gamecube directly.

In any event, the point of this section is not to provide a full how-to to set this up but just to get you pointed in the right direction if you were unsure. If you're knowledgeable enough to be considering doing packet capture analysis of any sort in the first place, then you should be able to set up one of these methods to enable you to capture that traffic without too much fuss. If you are not knowledgeable like this, please do not contact me for assistance. This kind of stuff is far too difficult and frustrating to remote troubleshoot with someone not well versed in this area!