spt/Website
spt/Website
2
2
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Added back senko's dev doc

Browse Source
This commit is contained in:
SPT-dev 2023-03-02 21:10:42 -05:00
parent 17f11e9ef3
commit 678a2d7d48
3 changed files with 46 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
docs/assets/data/routes.json
View File

@ -92,6 +92,19 @@
} }
] ]
}, },
{
"name": "DEVELOPMENT",
"routes": [
{
"name": "Data dumping",
"filepath": "development/dump_data.md"
},
{
"name": "Environment setup",
"filepath": "development/setup.md"
}
]
},
{ {
"name": "API REFERENCE", "name": "API REFERENCE",
"hidden": true, "hidden": true,

69
docs/md/_DO_NOT_DELETE_(yet)/development/dump_data.md → docs/md/development/dump_data.md
View File

@ -1,31 +1,30 @@
# Dumping game data from Escape From Tarkov # Dumping game data from Escape From Tarkov
By Senko-san, 20/11/2020
## Preface ## Preface
This guide covers everything you need to know to dump all the data you need from Escape From Tarkov.\ This guide covers everything you need to know to dump all the data you need from Escape From Tarkov.
It is highly recommended that you read the guide at least once before executing what's written here.\
For dumping server data, see 1-3.\ **It is highly recommended that you read the guide at least once before executing what's written here.**
For dumping asset data, see 4.
* For sections related to dumping server data, see:
1. [Dumper](./#development/dump_data.md#dumper)
2. [Backup](./#development/dump_data.md#backup)
3. [Dumping server data](./#development/dump_data.md#dumping-server-data)
* For sections related to dumping asset data, see:
4. [Dumping asset data](./#development/dump_data.md#dumping-asset-data)
## Theory ## Theory
The game uses HTTP-secured (TLS 1.2) protocol to obtain data (mostly not related to a match) from the server. The game uses HTTP-secured protocol (TLS 1.2) to obtain data from the server (mostly of it not related to a raid). While the game's security is lacking, it does still block conventional tools for packet capturing.
While the game's security is lacking, it does block conventional tools for packet capturing. We also cannot just simply use altered assembly either, because the launcher does an integrity check.
Of course, we cannot just simply run with altered assembly either, because the launcher does an integrity check.
The game however does not check for integrity.
We patch the assembly to bypass the security mechanisms in place to dump our data. The game, however, does not check for integrity.
To be specific, we make the checks of battleye and certificate checking always return successfully.
We also add logic for saving received data from the server to save data obtained.
We use the "swap exploit" by quickly replacing the assembly when the game starts to load our custom assembly.
To be able to make patches, we deobfuscate the assembly. As such, we can patch the assembly to bypass the security mechanisms in place to dump our data. To be more specific, we alter the BattleEye and certificate checking always return successfully. We also add logic for saving the data received from the server. We use the "swap exploit" by quickly replacing the assembly when the game starts to load our custom assembly.
But since de4dot isn't capable of understanding the obfuscation algorithm fully, we use an additional specialized deobfuscator command.
In addition, we save the assembly in the gamefiles before making modifications to fix the resolutionscope error.
## Legenda To be able to make patches, we deobfuscate the assembly. But since [de4dot](https://github.com/de4dot/de4dot) isn't capable of understanding the obfuscation algorithm fully, we use an additional specialized deobfuscator command. In addition, we save the assembly in the gamefiles before making modifications to fix a resolutionscope error.
## Legend
**path** | **what** | **example** **path** | **what** | **example**
------------ | ----------------------------- | ---------------------- ------------ | ----------------------------- | ----------------------
@ -33,12 +32,12 @@ In addition, we save the assembly in the gamefiles before making modifications t
## Requirements ## Requirements
- Escape From Tarkov (Live) * Escape From Tarkov (Live)
- [dnSpy-net472](https://github.com/dnSpy/dnSpy/releases/latest) * [dnSpy-net472](https://github.com/dnSpy/dnSpy/releases/latest)
- [de4dot](https://dev.offline-tarkov.com/innohurrytocode/de4dot/releases) * [de4dot](https://dev.offline-tarkov.com/innohurrytocode/de4dot/releases)
- [AssetStudio](https://github.com/Perfare/AssetStudio/releases/latest) * [AssetStudio](https://github.com/Perfare/AssetStudio/releases/latest)
## 1. Dumper ## Dumper
1. Copy-paste `%gamedir%/EscapeFromTarkov_Data/Managed/Assembly-CSharp.dll` to your de4dot folder. 1. Copy-paste `%gamedir%/EscapeFromTarkov_Data/Managed/Assembly-CSharp.dll` to your de4dot folder.
2. Drag `Assembly-CSharp.dll` on top of `de4ot-x64.exe`. 2. Drag `Assembly-CSharp.dll` on top of `de4ot-x64.exe`.
@ -53,7 +52,7 @@ In addition, we save the assembly in the gamefiles before making modifications t
11. Apply battleye patch (appendix 1.5). 11. Apply battleye patch (appendix 1.5).
12. dnSpy > File > Save Module. 12. dnSpy > File > Save Module.
## 2. Backup ## Backup
1. Create `%gamedir%/backup/`. 1. Create `%gamedir%/backup/`.
2. Copy-paste `Assembly-CSharp.dll` to `%gamedir%/backup/`. 2. Copy-paste `Assembly-CSharp.dll` to `%gamedir%/backup/`.
@ -61,7 +60,7 @@ In addition, we save the assembly in the gamefiles before making modifications t
4. Cut-paste `Assembly-CSharp-cleaned-cleaned.dll` to `%gamedir%/backup/`. 4. Cut-paste `Assembly-CSharp-cleaned-cleaned.dll` to `%gamedir%/backup/`.
5. Rename `Assembly-CSharp-cleaned-cleaned.dll` in `%gamedir%/backup/` to `Assembly-CSharp.dll`. 5. Rename `Assembly-CSharp-cleaned-cleaned.dll` in `%gamedir%/backup/` to `Assembly-CSharp.dll`.
## 3. Dumping server data ## Dumping server data
1. Open Battlestate Games Launcher. 1. Open Battlestate Games Launcher.
2. Battlestate Games Launcher > settings > close launcher when game starts. 2. Battlestate Games Launcher > settings > close launcher when game starts.
@ -72,7 +71,7 @@ In addition, we save the assembly in the gamefiles before making modifications t
7. Close the game. 7. Close the game.
8. Replace `Assembly-CSharp.dll` with the original assembly. 8. Replace `Assembly-CSharp.dll` with the original assembly.
## 4. Dumping asset data ## Dumping asset data
1. Open AssetStudio. 1. Open AssetStudio.
2. AssetStudio > File > Load File > `%gamedir%/EscapeFromTarkov_Data/sharedassets2.assets`. 2. AssetStudio > File > Load File > `%gamedir%/EscapeFromTarkov_Data/sharedassets2.assets`.
@ -87,18 +86,16 @@ Congratulations, you've succesfully dumped Escape From Tarkov's data.
In order to use it in Aki's database, you have 2 options: In order to use it in Aki's database, you have 2 options:
- Manually convert the data. * Manually convert the data.
- Use a tool like `aki-analyzer` to convert the data into the format the server accepts. * Use a tool like `aki-analyzer` to convert the data into a format the server accepts.
The data does contain sensitive information such as you account id, so be careful whom you share it with.\ The data does contain sensitive information such as you account id, so be careful whom you share it with. `aki-analyzer` strips out the sensitive information when it converts the data to the right format. And no, the data dumped from the game server cannot be uploaded back to the game server.
`aki-analyzer` strips out the sensitive information when it converts the data to the right format.\
And no, the data dumped from the game server cannot be uploaded back to the game server.
## Appendix 1: Code ## Appendix 1: Code
All code is based on Escape From Tarkov 0.12.8.9819. All code is based on Escape From Tarkov 0.12.8.9819.
### 1.1. Deobfuscation method in assembly ### Deobfuscation method in assembly
```csharp ```csharp
// Token: 0x0600C93A RID: 51514 RVA: 0x0012038D File Offset: 0x0011E58D // Token: 0x0600C93A RID: 51514 RVA: 0x0012038D File Offset: 0x0011E58D
@ -108,13 +105,13 @@ Class2019.smethod_0()
} }
``` ```
### 1.2. Deobfuscation command ### Deobfuscation command
```powershell ```powershell
de4dot-x64.exe --un-name "!^<>[a-z0-9]$&!^<>[a-z0-9]__.$&![A-Z][A-Z]\$<>.$&^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$" "Assembly-CSharp-cleaned.dll" --strtyp delegate --strtok 0x0600C93A de4dot-x64.exe --un-name "!^<>[a-z0-9]$&!^<>[a-z0-9]__.$&![A-Z][A-Z]\$<>.$&^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$" "Assembly-CSharp-cleaned.dll" --strtyp delegate --strtok 0x0600C93A
``` ```
### 1.3. Dumper patch ### Dumper patch
```csharp ```csharp
Class157.method_10() Class157.method_10()
@ -129,7 +126,7 @@ Class157.method_10()
} }
``` ```
### 1.4. Ssl cert patch ### SSL cert patch
```csharp ```csharp
Class505.ValidateCertificate() Class505.ValidateCertificate()
@ -139,7 +136,7 @@ Class505.ValidateCertificate()
} }
``` ```
### 1.5. Battleye patch ### Battleye patch
```csharp ```csharp
Class784.RunValidation() Class784.RunValidation()

0
docs/md/_DO_NOT_DELETE_(yet)/development/setup.md → docs/md/development/setup.md
View File