2020-11-20 00:16:14 +01:00
# Dumping game data from Escape From Tarkov
## Preface
2020-11-26 10:51:24 +01:00
This guide covers everything you need to know to dump all the data you need from Escape From Tarkov.
**It is highly recommended that you read the guide at least once before executing what's written here.**
* For sections related to dumping server data, see:
1. [Dumper ](./#development/dump_data.md#dumper )
2. [Backup ](./#development/dump_data.md#backup )
3. [Dumping server data ](./#development/dump_data.md#dumping-server-data )
* For sections related to dumping asset data, see:
4. [Dumping asset data ](./#development/dump_data.md#dumping-asset-data )
2020-11-20 00:16:14 +01:00
## Theory
2020-11-26 10:51:24 +01:00
The game uses HTTP-secured protocol (TLS 1.2) to obtain data from the server (mostly of it not related to a raid). While the game's security is lacking, it does still block conventional tools for packet capturing.
We also cannot just simply use altered assembly either, because the launcher does an integrity check.
The game, however, does not check for integrity.
2020-11-20 00:16:14 +01:00
2020-11-26 10:51:24 +01:00
As such, we can patch the assembly to bypass the security mechanisms in place to dump our data. To be more specific, we alter the BattleEye and certificate checking always return successfully. We also add logic for saving the data received from the server. We use the "swap exploit" by quickly replacing the assembly when the game starts to load our custom assembly.
2020-11-20 00:16:14 +01:00
2020-11-26 10:51:24 +01:00
To be able to make patches, we deobfuscate the assembly. But since [de4dot ](https://github.com/de4dot/de4dot ) isn't capable of understanding the obfuscation algorithm fully, we use an additional specialized deobfuscator command. In addition, we save the assembly in the gamefiles before making modifications to fix a resolutionscope error.
2020-11-20 03:09:48 +01:00
2020-11-26 10:51:24 +01:00
## Legend
2020-11-20 02:26:41 +01:00
2020-11-20 08:59:37 +01:00
**path** | **what** | **example**
2020-11-20 02:26:41 +01:00
------------ | ----------------------------- | ----------------------
2020-11-20 03:09:48 +01:00
`%gamedir%` | Escape From Tarkov (Live) | `C:/games/EFT/ (Live)`
2020-11-20 02:26:41 +01:00
2020-11-20 00:16:14 +01:00
## Requirements
2020-11-26 10:51:24 +01:00
* Escape From Tarkov (Live)
* [dnSpy-net472 ](https://github.com/dnSpy/dnSpy/releases/latest )
* [de4dot ](https://dev.offline-tarkov.com/innohurrytocode/de4dot/releases )
* [AssetStudio ](https://github.com/Perfare/AssetStudio/releases/latest )
2020-11-20 00:16:14 +01:00
2020-11-26 10:51:24 +01:00
## Dumper
2020-11-20 03:09:48 +01:00
2020-11-20 08:59:37 +01:00
1. Copy-paste `%gamedir%/EscapeFromTarkov_Data/Managed/Assembly-CSharp.dll` to your de4dot folder.
2. Drag `Assembly-CSharp.dll` on top of `de4ot-x64.exe` .
3. Open `Assembly-CSharp-cleaned.dll` in dnSpy.
4. Find the deobfuscation method (appendix 1.1).
5. Run the deobfuscate command with the token from the deobfuscation method (appendix 1.2).
6. Cut-paste `Assembly-CSharp-cleaned-cleaned.dll` to `%gamedir%/EscapeFromTarkov_Data/Managed/` .
7. Open `Assembly-CSharp-cleaned-cleaned.dll` in dnSpy.
2020-11-20 03:09:48 +01:00
8. dnSpy > File > Save Module.
2020-11-20 08:59:37 +01:00
9. Apply dumper patch (appendix 1.3).
10. Apply ssl patch (appendix 1.4).
11. Apply battleye patch (appendix 1.5).
12. dnSpy > File > Save Module.
2020-11-20 03:09:48 +01:00
2020-11-26 10:51:24 +01:00
## Backup
2020-11-20 03:09:48 +01:00
2020-11-20 08:59:37 +01:00
1. Create `%gamedir%/backup/` .
2. Copy-paste `Assembly-CSharp.dll` to `%gamedir%/backup/` .
3. Rename `Assembly-CSharp.dll` in `%gamedir%/backup/` to `Assembly-CSharp.dll.bak` .
4. Cut-paste `Assembly-CSharp-cleaned-cleaned.dll` to `%gamedir%/backup/` .
5. Rename `Assembly-CSharp-cleaned-cleaned.dll` in `%gamedir%/backup/` to `Assembly-CSharp.dll` .
2020-11-20 00:16:14 +01:00
2020-11-26 10:51:24 +01:00
## Dumping server data
2020-11-20 00:16:14 +01:00
2020-11-20 08:59:37 +01:00
1. Open Battlestate Games Launcher.
2. Battlestate Games Launcher > settings > close launcher when game starts.
3. Start the game.
4. Copy-paste `%gamedir%/backup/Assembly-CSharp.dll` to `%gamedir%/EscapeFromTarkov_Data/Managed/` when the launcher closes.
5. `%gamedir%/HTTP_DATA/` appears when you reached the main menu.
6. Dump the data (appendix 2).
7. Close the game.
8. Replace `Assembly-CSharp.dll` with the original assembly.
2020-11-20 00:16:14 +01:00
2020-11-26 10:51:24 +01:00
## Dumping asset data
2020-11-20 00:16:14 +01:00
2020-11-20 03:09:48 +01:00
1. Open AssetStudio.
2020-11-20 08:59:37 +01:00
2. AssetStudio > File > Load File > `%gamedir%/EscapeFromTarkov_Data/sharedassets2.assets` .
3. Switch from Scene Hierarchy to Asset List.
4. AssetStudio > Filter Type > what you look for (example: `TextAsset` ).
5. Select the map files you want (example: `bigmap2` , `RezervBase6` ).
6. AssetStudio > Export > Selected Assets.
2020-11-20 00:16:14 +01:00
## Conclusion
2020-11-20 08:59:37 +01:00
Congratulations, you've succesfully dumped Escape From Tarkov's data.
2020-11-20 00:16:14 +01:00
In order to use it in Aki's database, you have 2 options:
2020-11-26 10:51:24 +01:00
* Manually convert the data.
* Use a tool like `aki-analyzer` to convert the data into a format the server accepts.
2020-11-20 00:16:14 +01:00
2020-11-26 10:51:24 +01:00
The data does contain sensitive information such as you account id, so be careful whom you share it with. `aki-analyzer` strips out the sensitive information when it converts the data to the right format. And no, the data dumped from the game server cannot be uploaded back to the game server.
2020-11-20 00:16:14 +01:00
2020-11-20 02:46:09 +01:00
## Appendix 1: Code
2020-11-20 00:16:14 +01:00
2020-11-20 08:59:37 +01:00
All code is based on Escape From Tarkov 0.12.8.9819.
2020-11-20 00:16:14 +01:00
2020-11-26 10:51:24 +01:00
### Deobfuscation method in assembly
2020-11-20 00:16:14 +01:00
```csharp
// Token: 0x0600C93A RID: 51514 RVA: 0x0012038D File Offset: 0x0011E58D
Class2019.smethod_0()
{
return (string)((Hashtable)AppDomain.CurrentDomain.GetData(Class2019.string_0))[int_0];
}
```
2020-11-26 10:51:24 +01:00
### Deobfuscation command
2020-11-20 00:16:14 +01:00
```powershell
de4dot-x64.exe --un-name "!^< >[a-z0-9]$& !^< >[a-z0-9]__.$& ![A-Z][A-Z]\$< >.$& ^[a-zA-Z_< {$][a-zA-Z_0-9< >{}$.`-]*$" "Assembly-CSharp-cleaned.dll" --strtyp delegate --strtok 0x0600C93A
```
2020-11-26 10:51:24 +01:00
### Dumper patch
2020-11-20 00:16:14 +01:00
```csharp
Class157.method_10()
{
// add this at the end, before the method returns
Uri urlUri = new Uri(url);
string path = (System.IO.Directory.GetCurrentDirectory() + "\\HTTP_DATA\\").Replace("\\\\", "\\");
if (System.IO.Directory.CreateDirectory(path).Exists)
{
System.IO.File.WriteAllText(path + urlUri.LocalPath.Replace('/', '.') + ".json", value);
}
}
```
2020-11-26 10:51:24 +01:00
### SSL cert patch
2020-11-20 00:16:14 +01:00
```csharp
Class505.ValidateCertificate()
{
// replace the method body content with this
return true;
}
```
2020-11-26 10:51:24 +01:00
### Battleye patch
2020-11-20 00:16:14 +01:00
```csharp
Class784.RunValidation()
{
// replace the method body content with this
this.Succeed = true;
}
```
## Appendix 2: Obtaining specific data
2020-11-20 08:59:37 +01:00
This discusses how you can obtain certain data with the dumper installed.
2020-11-20 00:16:14 +01:00
2020-11-20 08:59:37 +01:00
**Type** | **How**
2020-11-20 03:09:48 +01:00
--------------- | -----------------------------------------------------------------------------------------------------
Startup locales | Start the game in the locale you want to dump.
Game locales | Select the locale in game settings.
Common data | Start the game.
Assort | Open the trader you want to dump from.
Bots | Do an offline raid on a map containing that bot.
Item events | Do the specifiic item event.
Images | Open the menu containing the image, it's dumped to `%TEMP%\Battlestate Games\EscapeFromTarkov\files` .
Location (loot) | Rip from game files.
Models | Rip from game files.
Textures | Rip from game files.
Audio | Rip from game files.
