Add dumping data tutorial
This commit is contained in:
Merijn Hendriks
parent
4edccb3ca2
commit
0a8d43a049
160
docs/md/development/dump_data.md
Normal file
160
docs/md/development/dump_data.md
Normal file
@ -0,0 +1,160 @@
|
|||||||
|
# Dumping game data from Escape From Tarkov
|
||||||
|
|
||||||
|
## Preface
|
||||||
|
|
||||||
|
This guide covers everything you need to know to dump all the data you need from Escape From Tarkov.
|
||||||
|
It is highly recommended that you read the guide at least once before executing what's written here.
|
||||||
|
For dumping server data, see 1-3.
|
||||||
|
For dumping asset data, see 4.
|
||||||
|
|
||||||
|
## Theory
|
||||||
|
|
||||||
|
The game uses HTTP-secured (TLS 1.2) protocol to obtain data (mostly not related to a match) from the server.
|
||||||
|
While the game's security is lacking, it does block conventional tools to obtain this data.
|
||||||
|
Of course, we cannot just simply run with altered assembly either, because the launcher does an integrity check.
|
||||||
|
The game however does not check for integrity.
|
||||||
|
|
||||||
|
We write a specialized assembly to bypass the security mechanisms in place to dump our data.
|
||||||
|
The way we do this is by injecting custom logic into the assembly.
|
||||||
|
To be specific, we make the checks of battleye and certificate checking always return successfully.
|
||||||
|
We also add logic for saving received data from the server so we won't require addional tools for packet capturing.
|
||||||
|
We use the "swap exploit" by quickly replacing the assembly when the game starts.
|
||||||
|
|
||||||
|
## Requirements
|
||||||
|
|
||||||
|
- Escape From Tarkov (Live)
|
||||||
|
- [dnSpy-net472](https://github.com/dnSpy/dnSpy/releases/latest)
|
||||||
|
- [de4dot](https://dev.offline-tarkov.com/innohurrytocode/de4dot/releases)
|
||||||
|
- [AssetStudio](https://github.com/Perfare/AssetStudio/releases/latest)
|
||||||
|
|
||||||
|
## 1. Assembly deobfuscation
|
||||||
|
|
||||||
|
1. Go to `<gamedir>/EscapeFromTarkov_Data/Managed/`
|
||||||
|
2. Copy-paste `Assembly-CSharp.dll` to your de4dot folder
|
||||||
|
3. Drag `Assembly-CSharp.dll` on top of `de4ot-x64.exe`
|
||||||
|
4. Open `Assembly-CSharp-cleaned.dll` from the de4dot folder in dnSpy
|
||||||
|
5. Find the deobfuscation method (see appendix 1.1)
|
||||||
|
6. Run the specialized cleaning command using the token from the deobfuscation method (see appendix 1.2)
|
||||||
|
7. Cut-paste `Assembly-CSharp-cleaned-cleaned.dll` into `<gamedir>/EscapeFromTarkov_Data/Managed/`
|
||||||
|
8. Open `Assembly-CSharp-cleaned-cleaned.dll` from Managed in dnSpy
|
||||||
|
9. dnSpy > File > Save Module
|
||||||
|
|
||||||
|
## 2. Create dumper
|
||||||
|
|
||||||
|
1. Create `<gamedir>/EscapeFromTarkov_Data/Managed/backup/`
|
||||||
|
2. Copy-paste `Assembly-CSharp.dll` to `<gamedir>/EscapeFromTarkov_Data/Managed/backup/`
|
||||||
|
3. Rename `Assembly-CSharp.dll` in backup to `Assembly-CSharp.dll.bak`
|
||||||
|
4. Open `Assembly-CSharp-cleaned-cleaned.dll` from Managed in dnSpy
|
||||||
|
5. Apply dumper patch (see appendix 1.3)
|
||||||
|
6. Apply ssl patch (see appendix 1.4)
|
||||||
|
7. Apply battleye patch (see appendix 1.5)
|
||||||
|
8. dnSpy > File > Save Module
|
||||||
|
9. Cut-paste `Assembly-CSharp-cleaned-cleaned.dll` to `<gamedir>/EscapeFromTarkov_Data/Managed/backup/`
|
||||||
|
10. Rename `Assembly-CSharp-cleaned-cleaned.dll` in backup to `Assembly-CSharp.dll`
|
||||||
|
|
||||||
|
## 3. Dumping server data
|
||||||
|
|
||||||
|
1. Open Battlestate Games Launcher
|
||||||
|
2. Battlestate Games Launcher > settings > close launcher when game starts
|
||||||
|
3. Copy-paste (wait when prompted to override) `Assembly-CSharp.dll` from backup into `<gamedir>/EscapeFromTarkov_Data/Managed/`
|
||||||
|
4. Start the game
|
||||||
|
5. As soon as the launcher closes, override the file
|
||||||
|
6. When you reached the main menu, the folder `<gamedir>/HTTP_DATA/` will appear
|
||||||
|
7. Dump the data you need (see appendix)
|
||||||
|
8. When the game closed, replace `Assembly-CSharp.dll` with `Assembly-CSharp.dll.bak`
|
||||||
|
|
||||||
|
## 4. Dumping asset data
|
||||||
|
|
||||||
|
1. Open AssetStudio
|
||||||
|
2. AssetStudio > File > Load File > `<gamedir>/EscapeFromTarkov_Data/sharedassets2.assets`
|
||||||
|
3. Switch from Scene Hierarchy to Asset List
|
||||||
|
4. AssetStudio > Filter Type > what you look for (example: `TextAsset`)
|
||||||
|
5. Select the map files you want (example: `bigmap2`, `RezervBase6`)
|
||||||
|
6. AssetStudio > Export > Selected Assets
|
||||||
|
|
||||||
|
## Conclusion
|
||||||
|
|
||||||
|
Congratulations, you've succesfully dumped Escape From Tarkov's data.
|
||||||
|
In order to use it in Aki's database, you have 2 options:
|
||||||
|
|
||||||
|
- Manually convert the data
|
||||||
|
- Use a tool like `aki-analyzer` to convert the data into the format the server accepts
|
||||||
|
|
||||||
|
The data does contain sensitive information such as you account id, so be careful whom you share it with.
|
||||||
|
`aki-analyzer` strips out the sensitive information when it converts the data to the right format.
|
||||||
|
And no, the data dumped from the game server cannot be uploaded back to the game server.
|
||||||
|
|
||||||
|
## Appendix 1: code
|
||||||
|
|
||||||
|
All code is based on Escape From Tarkov 0.12.8.9819
|
||||||
|
|
||||||
|
### 1. Deobfuscation method in assembly
|
||||||
|
|
||||||
|
```csharp
|
||||||
|
// Token: 0x0600C93A RID: 51514 RVA: 0x0012038D File Offset: 0x0011E58D
|
||||||
|
Class2019.smethod_0()
|
||||||
|
{
|
||||||
|
return (string)((Hashtable)AppDomain.CurrentDomain.GetData(Class2019.string_0))[int_0];
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
### 2. Specialized deobfuscation command
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
de4dot-x64.exe --un-name "!^<>[a-z0-9]$&!^<>[a-z0-9]__.$&![A-Z][A-Z]\$<>.$&^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$" "Assembly-CSharp-cleaned.dll" --strtyp delegate --strtok 0x0600C93A
|
||||||
|
```
|
||||||
|
|
||||||
|
### 3. Dumper patch
|
||||||
|
|
||||||
|
```csharp
|
||||||
|
Class157.method_10()
|
||||||
|
{
|
||||||
|
// add this at the end, before the method returns
|
||||||
|
Uri urlUri = new Uri(url);
|
||||||
|
string path = (System.IO.Directory.GetCurrentDirectory() + "\\HTTP_DATA\\").Replace("\\\\", "\\");
|
||||||
|
if (System.IO.Directory.CreateDirectory(path).Exists)
|
||||||
|
{
|
||||||
|
System.IO.File.WriteAllText(path + urlUri.LocalPath.Replace('/', '.') + ".json", value);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
### 4. Ssl cert patch
|
||||||
|
|
||||||
|
```csharp
|
||||||
|
Class505.ValidateCertificate()
|
||||||
|
{
|
||||||
|
// replace the method body content with this
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
### 5. Battleye patch
|
||||||
|
|
||||||
|
```csharp
|
||||||
|
Class784.RunValidation()
|
||||||
|
{
|
||||||
|
// replace the method body content with this
|
||||||
|
this.Succeed = true;
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
## Appendix 2: Obtaining specific data
|
||||||
|
|
||||||
|
This discusses how you can obtain certain data with the dumper installed.
|
||||||
|
|
||||||
|
```markdown
|
||||||
|
**Type** | **How**
|
||||||
|
--------------- | ----------------------------------------------------------------------------------------------------
|
||||||
|
Startup locales | Start the game in the locale you want to dump
|
||||||
|
Game locales | Select the locale in game settings
|
||||||
|
Common data | Start the game
|
||||||
|
Assort | Open the trader you want to dump from
|
||||||
|
Bots | Do an offline raid on a map containing that bot
|
||||||
|
Item events | Do the specifiic item event
|
||||||
|
Images | Open the menu containing the image, it's dumped to `%TEMP%\Battlestate Games\EscapeFromTarkov\files`
|
||||||
|
Location (loot) | Rip from game files
|
||||||
|
Models | Rip from game files
|
||||||
|
Textures | Rip from game files
|
||||||
|
Audio | Rip from game files
|
||||||
|
```
|
||||||
Loading…
x
Reference in New Issue
Block a user