Website/docs/md/development/dump_data.md

# Dumping game data from Escape From Tarkov

By Senko-san, 20/11/2020

## Preface

This guide covers everything you need to know to dump all the data you need from Escape From Tarkov.  
It is highly recommended that you read the guide at least once before executing what's written here.  
For dumping server data, see 1-3.  
For dumping asset data, see 4.  

## Theory

The game uses HTTP-secured (TLS 1.2) protocol to obtain data (mostly not related to a match) from the server.  
While the game's security is lacking, it does block conventional tools for packet capturing.  
Of course, we cannot just simply run with altered assembly either, because the launcher does an integrity check.  
The game however does not check for integrity.  

We patch the assembly to bypass the security mechanisms in place to dump our data.  
To be specific, we make the checks of battleye and certificate checking always return successfully.  
We also add logic for saving received data from the server to save data obtained.  
We use the "swap exploit" by quickly replacing the assembly when the game starts to load our custom assembly.  

## Legenda

```markdown
**path**       **what**                      | **example**
------------ | ----------------------------- | ----------------------
`%gamedir%`  | Escape From Tarkov (Live)     | `C:/games/EFT (Live)`
```

## Requirements

- Escape From Tarkov (Live)
- [dnSpy-net472](https://github.com/dnSpy/dnSpy/releases/latest)
- [de4dot](https://dev.offline-tarkov.com/innohurrytocode/de4dot/releases)
- [AssetStudio](https://github.com/Perfare/AssetStudio/releases/latest)

## 1. Assembly deobfuscation

1. Go to `%gamedir%/EscapeFromTarkov_Data/Managed/`
2. Copy-paste `Assembly-CSharp.dll` to your de4dot folder
3. Drag `Assembly-CSharp.dll` on top of `de4ot-x64.exe`
4. Open `Assembly-CSharp-cleaned.dll` from the de4dot folder in dnSpy
5. Find the deobfuscation method (appendix 1.1)
6. Run the specialized cleaning command using the token from the deobfuscation method (appendix 1.2)
7. Cut-paste `Assembly-CSharp-cleaned-cleaned.dll` into `%gamedir%/EscapeFromTarkov_Data/Managed/`
8. Open `Assembly-CSharp-cleaned-cleaned.dll` from Managed in dnSpy
9. dnSpy > File > Save Module

## 2. Create dumper

1. Create `%gamedir%/EscapeFromTarkov_Data/Managed/backup/`
2. Copy-paste `Assembly-CSharp.dll` to `%gamedir%/EscapeFromTarkov_Data/Managed/backup/`
3. Rename `Assembly-CSharp.dll` in backup to `Assembly-CSharp.dll.bak`
4. Open `Assembly-CSharp-cleaned-cleaned.dll` from Managed in dnSpy
5. Apply dumper patch (appendix 1.3)
6. Apply ssl patch (appendix 1.4)
7. Apply battleye patch (appendix 1.5)
8. dnSpy > File > Save Module
9. Cut-paste `Assembly-CSharp-cleaned-cleaned.dll` to `%gamedir%/EscapeFromTarkov_Data/Managed/backup/`
10. Rename `Assembly-CSharp-cleaned-cleaned.dll` in backup to `Assembly-CSharp.dll`

## 3. Dumping server data

1. Open Battlestate Games Launcher
2. Battlestate Games Launcher > settings > close launcher when game starts
3. Copy-paste (wait when prompted to override) `Assembly-CSharp.dll` from backup into `%gamedir%/EscapeFromTarkov_Data/Managed/`
4. Start the game
5. As soon as the launcher closes, override the file
6. When you reached the main menu, the folder `%gamedir%/HTTP_DATA/` will appear
7. Dump the data you need (appendix 2)
8. When the game closed, replace `Assembly-CSharp.dll` with `Assembly-CSharp.dll.bak`

## 4. Dumping asset data

1. Open AssetStudio
2. AssetStudio > File > Load File > `%gamedir%/EscapeFromTarkov_Data/sharedassets2.assets`
3. Switch from Scene Hierarchy to Asset List
4. AssetStudio > Filter Type > what you look for (example: `TextAsset`)
5. Select the map files you want (example: `bigmap2`, `RezervBase6`)
6. AssetStudio > Export > Selected Assets

## Conclusion

Congratulations, you've succesfully dumped Escape From Tarkov's data.  
In order to use it in Aki's database, you have 2 options:

- Manually convert the data
- Use a tool like `aki-analyzer` to convert the data into the format the server accepts

The data does contain sensitive information such as you account id, so be careful whom you share it with.  
`aki-analyzer` strips out the sensitive information when it converts the data to the right format.  
And no, the data dumped from the game server cannot be uploaded back to the game server. 

## Appendix 1: Code

All code is based on Escape From Tarkov 0.12.8.9819  

### 1.1. Deobfuscation method in assembly

```csharp
// Token: 0x0600C93A RID: 51514 RVA: 0x0012038D File Offset: 0x0011E58D
Class2019.smethod_0()
{
    return (string)((Hashtable)AppDomain.CurrentDomain.GetData(Class2019.string_0))[int_0];
}
```

### 1.2. Specialized deobfuscation command

```powershell
de4dot-x64.exe --un-name "!^<>[a-z0-9]$&!^<>[a-z0-9]__.$&![A-Z][A-Z]\$<>.$&^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$" "Assembly-CSharp-cleaned.dll" --strtyp delegate --strtok 0x0600C93A
```

### 1.3. Dumper patch

```csharp
Class157.method_10()
{
    // add this at the end, before the method returns
    Uri urlUri = new Uri(url);
    string path = (System.IO.Directory.GetCurrentDirectory() + "\\HTTP_DATA\\").Replace("\\\\", "\\");
    if (System.IO.Directory.CreateDirectory(path).Exists)
    {
        System.IO.File.WriteAllText(path + urlUri.LocalPath.Replace('/', '.') + ".json", value);
    }
}
```

### 1.4. Ssl cert patch

```csharp
Class505.ValidateCertificate()
{
    // replace the method body content with this
    return true;
}
```

### 1.5. Battleye patch

```csharp
Class784.RunValidation()
{
    // replace the method body content with this
    this.Succeed = true;
}
```

## Appendix 2: Obtaining specific data

This discusses how you can obtain certain data with the dumper installed.  

```markdown
**Type**        |  **How**
--------------- | ----------------------------------------------------------------------------------------------------
Startup locales | Start the game in the locale you want to dump
Game locales    | Select the locale in game settings
Common data     | Start the game
Assort          | Open the trader you want to dump from
Bots            | Do an offline raid on a map containing that bot
Item events     | Do the specifiic item event
Images          | Open the menu containing the image, it's dumped to `%TEMP%\Battlestate Games\EscapeFromTarkov\files`
Location (loot) | Rip from game files
Models          | Rip from game files
Textures        | Rip from game files
Audio           | Rip from game files
```
Add dumping data tutorial 2020-11-20 00:16:14 +01:00			`# Dumping game data from Escape From Tarkov`

Add dev setup 2020-11-20 02:26:41 +01:00			`By Senko-san, 20/11/2020`

Add dumping data tutorial 2020-11-20 00:16:14 +01:00			`## Preface`

			`This guide covers everything you need to know to dump all the data you need from Escape From Tarkov.`
			`It is highly recommended that you read the guide at least once before executing what's written here.`
			`For dumping server data, see 1-3.`
			`For dumping asset data, see 4.`

			`## Theory`

			`The game uses HTTP-secured (TLS 1.2) protocol to obtain data (mostly not related to a match) from the server.`
Improve dump guide readability 2020-11-20 02:46:09 +01:00			`While the game's security is lacking, it does block conventional tools for packet capturing.`
Add dumping data tutorial 2020-11-20 00:16:14 +01:00			`Of course, we cannot just simply run with altered assembly either, because the launcher does an integrity check.`
			`The game however does not check for integrity.`

Improve dump guide readability 2020-11-20 02:46:09 +01:00			`We patch the assembly to bypass the security mechanisms in place to dump our data.`
Add dumping data tutorial 2020-11-20 00:16:14 +01:00			`To be specific, we make the checks of battleye and certificate checking always return successfully.`
Improve dump guide readability 2020-11-20 02:46:09 +01:00			`We also add logic for saving received data from the server to save data obtained.`
			`We use the "swap exploit" by quickly replacing the assembly when the game starts to load our custom assembly.`
Add dumping data tutorial 2020-11-20 00:16:14 +01:00
Add dev setup 2020-11-20 02:26:41 +01:00			`## Legenda`

			```markdown
			`path what \| example`
			`------------ \| ----------------------------- \| ----------------------`
			`%gamedir%` \| Escape From Tarkov (Live) \| `C:/games/EFT (Live)`
			```

Add dumping data tutorial 2020-11-20 00:16:14 +01:00			`## Requirements`

			`- Escape From Tarkov (Live)`
			`- [dnSpy-net472](https://github.com/dnSpy/dnSpy/releases/latest)`
			`- [de4dot](https://dev.offline-tarkov.com/innohurrytocode/de4dot/releases)`
			`- [AssetStudio](https://github.com/Perfare/AssetStudio/releases/latest)`

			`## 1. Assembly deobfuscation`

Add dev setup 2020-11-20 02:26:41 +01:00			1. Go to `%gamedir%/EscapeFromTarkov_Data/Managed/`
Add dumping data tutorial 2020-11-20 00:16:14 +01:00			2. Copy-paste `Assembly-CSharp.dll` to your de4dot folder
			3. Drag `Assembly-CSharp.dll` on top of `de4ot-x64.exe`
			4. Open `Assembly-CSharp-cleaned.dll` from the de4dot folder in dnSpy
Improve dump guide readability 2020-11-20 02:46:09 +01:00			`5. Find the deobfuscation method (appendix 1.1)`
			`6. Run the specialized cleaning command using the token from the deobfuscation method (appendix 1.2)`
Add dev setup 2020-11-20 02:26:41 +01:00			7. Cut-paste `Assembly-CSharp-cleaned-cleaned.dll` into `%gamedir%/EscapeFromTarkov_Data/Managed/`
Add dumping data tutorial 2020-11-20 00:16:14 +01:00			8. Open `Assembly-CSharp-cleaned-cleaned.dll` from Managed in dnSpy
			`9. dnSpy > File > Save Module`

			`## 2. Create dumper`

Add dev setup 2020-11-20 02:26:41 +01:00			1. Create `%gamedir%/EscapeFromTarkov_Data/Managed/backup/`
			2. Copy-paste `Assembly-CSharp.dll` to `%gamedir%/EscapeFromTarkov_Data/Managed/backup/`
Add dumping data tutorial 2020-11-20 00:16:14 +01:00			3. Rename `Assembly-CSharp.dll` in backup to `Assembly-CSharp.dll.bak`
			4. Open `Assembly-CSharp-cleaned-cleaned.dll` from Managed in dnSpy
Improve dump guide readability 2020-11-20 02:46:09 +01:00			`5. Apply dumper patch (appendix 1.3)`
			`6. Apply ssl patch (appendix 1.4)`
			`7. Apply battleye patch (appendix 1.5)`
Add dumping data tutorial 2020-11-20 00:16:14 +01:00			`8. dnSpy > File > Save Module`
Add dev setup 2020-11-20 02:26:41 +01:00			9. Cut-paste `Assembly-CSharp-cleaned-cleaned.dll` to `%gamedir%/EscapeFromTarkov_Data/Managed/backup/`
Add dumping data tutorial 2020-11-20 00:16:14 +01:00			10. Rename `Assembly-CSharp-cleaned-cleaned.dll` in backup to `Assembly-CSharp.dll`

			`## 3. Dumping server data`

			`1. Open Battlestate Games Launcher`
			`2. Battlestate Games Launcher > settings > close launcher when game starts`
Add dev setup 2020-11-20 02:26:41 +01:00			3. Copy-paste (wait when prompted to override) `Assembly-CSharp.dll` from backup into `%gamedir%/EscapeFromTarkov_Data/Managed/`
Add dumping data tutorial 2020-11-20 00:16:14 +01:00			`4. Start the game`
			`5. As soon as the launcher closes, override the file`
Add dev setup 2020-11-20 02:26:41 +01:00			6. When you reached the main menu, the folder `%gamedir%/HTTP_DATA/` will appear
Improve dump guide readability 2020-11-20 02:46:09 +01:00			`7. Dump the data you need (appendix 2)`
Add dumping data tutorial 2020-11-20 00:16:14 +01:00			8. When the game closed, replace `Assembly-CSharp.dll` with `Assembly-CSharp.dll.bak`

			`## 4. Dumping asset data`

			`1. Open AssetStudio`
Add dev setup 2020-11-20 02:26:41 +01:00			2. AssetStudio > File > Load File > `%gamedir%/EscapeFromTarkov_Data/sharedassets2.assets`
Add dumping data tutorial 2020-11-20 00:16:14 +01:00			`3. Switch from Scene Hierarchy to Asset List`
			4. AssetStudio > Filter Type > what you look for (example: `TextAsset`)
			5. Select the map files you want (example: `bigmap2`, `RezervBase6`)
			`6. AssetStudio > Export > Selected Assets`

			`## Conclusion`

			`Congratulations, you've succesfully dumped Escape From Tarkov's data.`
			`In order to use it in Aki's database, you have 2 options:`

			`- Manually convert the data`
			- Use a tool like `aki-analyzer` to convert the data into the format the server accepts

			`The data does contain sensitive information such as you account id, so be careful whom you share it with.`
			`aki-analyzer` strips out the sensitive information when it converts the data to the right format.
			`And no, the data dumped from the game server cannot be uploaded back to the game server.`

Improve dump guide readability 2020-11-20 02:46:09 +01:00			`## Appendix 1: Code`
Add dumping data tutorial 2020-11-20 00:16:14 +01:00
			`All code is based on Escape From Tarkov 0.12.8.9819`

Improve dump guide readability 2020-11-20 02:46:09 +01:00			`### 1.1. Deobfuscation method in assembly`
Add dumping data tutorial 2020-11-20 00:16:14 +01:00
			```csharp
			`// Token: 0x0600C93A RID: 51514 RVA: 0x0012038D File Offset: 0x0011E58D`
			`Class2019.smethod_0()`
			`{`
			`return (string)((Hashtable)AppDomain.CurrentDomain.GetData(Class2019.string_0))[int_0];`
			`}`
			```

Improve dump guide readability 2020-11-20 02:46:09 +01:00			`### 1.2. Specialized deobfuscation command`
Add dumping data tutorial 2020-11-20 00:16:14 +01:00
			```powershell
			de4dot-x64.exe --un-name "!^<>[a-z0-9]$&!^<>[a-z0-9]__.$&![A-Z][A-Z]\$<>.$&^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$" "Assembly-CSharp-cleaned.dll" --strtyp delegate --strtok 0x0600C93A
			```

Improve dump guide readability 2020-11-20 02:46:09 +01:00			`### 1.3. Dumper patch`
Add dumping data tutorial 2020-11-20 00:16:14 +01:00
			```csharp
			`Class157.method_10()`
			`{`
			`// add this at the end, before the method returns`
			`Uri urlUri = new Uri(url);`
			`string path = (System.IO.Directory.GetCurrentDirectory() + "\\HTTP_DATA\\").Replace("\\\\", "\\");`
			`if (System.IO.Directory.CreateDirectory(path).Exists)`
			`{`
			`System.IO.File.WriteAllText(path + urlUri.LocalPath.Replace('/', '.') + ".json", value);`
			`}`
			`}`
			```

Improve dump guide readability 2020-11-20 02:46:09 +01:00			`### 1.4. Ssl cert patch`
Add dumping data tutorial 2020-11-20 00:16:14 +01:00
			```csharp
			`Class505.ValidateCertificate()`
			`{`
			`// replace the method body content with this`
			`return true;`
			`}`
			```

Improve dump guide readability 2020-11-20 02:46:09 +01:00			`### 1.5. Battleye patch`
Add dumping data tutorial 2020-11-20 00:16:14 +01:00
			```csharp
			`Class784.RunValidation()`
			`{`
			`// replace the method body content with this`
			`this.Succeed = true;`
			`}`
			```

			`## Appendix 2: Obtaining specific data`

			`This discusses how you can obtain certain data with the dumper installed.`

			```markdown
			`Type \| How`
			`--------------- \| ----------------------------------------------------------------------------------------------------`
			`Startup locales \| Start the game in the locale you want to dump`
			`Game locales \| Select the locale in game settings`
			`Common data \| Start the game`
			`Assort \| Open the trader you want to dump from`
			`Bots \| Do an offline raid on a map containing that bot`
			`Item events \| Do the specifiic item event`
			Images \| Open the menu containing the image, it's dumped to `%TEMP%\Battlestate Games\EscapeFromTarkov\files`
			`Location (loot) \| Rip from game files`
			`Models \| Rip from game files`
			`Textures \| Rip from game files`
			`Audio \| Rip from game files`
			```