From b768722aad7dacb692a89e38db9dbb412efc8d04 Mon Sep 17 00:00:00 2001 From: SPT-dev Date: Thu, 2 Mar 2023 21:09:48 -0500 Subject: [PATCH] Add dumping data tutorial --- docs/md/development/dump_data.md | 160 +++++++++++++++++++++++++++++++ 1 file changed, 160 insertions(+) create mode 100644 docs/md/development/dump_data.md diff --git a/docs/md/development/dump_data.md b/docs/md/development/dump_data.md new file mode 100644 index 0000000..88ecf56 --- /dev/null +++ b/docs/md/development/dump_data.md @@ -0,0 +1,160 @@ +# Dumping game data from Escape From Tarkov + +## Preface + +This guide covers everything you need to know to dump all the data you need from Escape From Tarkov. +It is highly recommended that you read the guide at least once before executing what's written here. +For dumping server data, see 1-3. +For dumping asset data, see 4. + +## Theory + +The game uses HTTP-secured (TLS 1.2) protocol to obtain data (mostly not related to a match) from the server. +While the game's security is lacking, it does block conventional tools to obtain this data. +Of course, we cannot just simply run with altered assembly either, because the launcher does an integrity check. +The game however does not check for integrity. + +We write a specialized assembly to bypass the security mechanisms in place to dump our data. +The way we do this is by injecting custom logic into the assembly. +To be specific, we make the checks of battleye and certificate checking always return successfully. +We also add logic for saving received data from the server so we won't require addional tools for packet capturing. +We use the "swap exploit" by quickly replacing the assembly when the game starts. + +## Requirements + +- Escape From Tarkov (Live) +- [dnSpy-net472](https://github.com/dnSpy/dnSpy/releases/latest) +- [de4dot](https://dev.offline-tarkov.com/innohurrytocode/de4dot/releases) +- [AssetStudio](https://github.com/Perfare/AssetStudio/releases/latest) + +## 1. Assembly deobfuscation + +1. Go to `/EscapeFromTarkov_Data/Managed/` +2. Copy-paste `Assembly-CSharp.dll` to your de4dot folder +3. Drag `Assembly-CSharp.dll` on top of `de4ot-x64.exe` +4. Open `Assembly-CSharp-cleaned.dll` from the de4dot folder in dnSpy +5. Find the deobfuscation method (see appendix 1.1) +6. Run the specialized cleaning command using the token from the deobfuscation method (see appendix 1.2) +7. Cut-paste `Assembly-CSharp-cleaned-cleaned.dll` into `/EscapeFromTarkov_Data/Managed/` +8. Open `Assembly-CSharp-cleaned-cleaned.dll` from Managed in dnSpy +9. dnSpy > File > Save Module + +## 2. Create dumper + +1. Create `/EscapeFromTarkov_Data/Managed/backup/` +2. Copy-paste `Assembly-CSharp.dll` to `/EscapeFromTarkov_Data/Managed/backup/` +3. Rename `Assembly-CSharp.dll` in backup to `Assembly-CSharp.dll.bak` +4. Open `Assembly-CSharp-cleaned-cleaned.dll` from Managed in dnSpy +5. Apply dumper patch (see appendix 1.3) +6. Apply ssl patch (see appendix 1.4) +7. Apply battleye patch (see appendix 1.5) +8. dnSpy > File > Save Module +9. Cut-paste `Assembly-CSharp-cleaned-cleaned.dll` to `/EscapeFromTarkov_Data/Managed/backup/` +10. Rename `Assembly-CSharp-cleaned-cleaned.dll` in backup to `Assembly-CSharp.dll` + +## 3. Dumping server data + +1. Open Battlestate Games Launcher +2. Battlestate Games Launcher > settings > close launcher when game starts +3. Copy-paste (wait when prompted to override) `Assembly-CSharp.dll` from backup into `/EscapeFromTarkov_Data/Managed/` +4. Start the game +5. As soon as the launcher closes, override the file +6. When you reached the main menu, the folder `/HTTP_DATA/` will appear +7. Dump the data you need (see appendix) +8. When the game closed, replace `Assembly-CSharp.dll` with `Assembly-CSharp.dll.bak` + +## 4. Dumping asset data + +1. Open AssetStudio +2. AssetStudio > File > Load File > `/EscapeFromTarkov_Data/sharedassets2.assets` +3. Switch from Scene Hierarchy to Asset List +4. AssetStudio > Filter Type > what you look for (example: `TextAsset`) +5. Select the map files you want (example: `bigmap2`, `RezervBase6`) +6. AssetStudio > Export > Selected Assets + +## Conclusion + +Congratulations, you've succesfully dumped Escape From Tarkov's data. +In order to use it in Aki's database, you have 2 options: + +- Manually convert the data +- Use a tool like `aki-analyzer` to convert the data into the format the server accepts + +The data does contain sensitive information such as you account id, so be careful whom you share it with. +`aki-analyzer` strips out the sensitive information when it converts the data to the right format. +And no, the data dumped from the game server cannot be uploaded back to the game server. + +## Appendix 1: code + +All code is based on Escape From Tarkov 0.12.8.9819 + +### 1. Deobfuscation method in assembly + +```csharp +// Token: 0x0600C93A RID: 51514 RVA: 0x0012038D File Offset: 0x0011E58D +Class2019.smethod_0() +{ + return (string)((Hashtable)AppDomain.CurrentDomain.GetData(Class2019.string_0))[int_0]; +} +``` + +### 2. Specialized deobfuscation command + +```powershell +de4dot-x64.exe --un-name "!^<>[a-z0-9]$&!^<>[a-z0-9]__.$&![A-Z][A-Z]\$<>.$&^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$" "Assembly-CSharp-cleaned.dll" --strtyp delegate --strtok 0x0600C93A +``` + +### 3. Dumper patch + +```csharp +Class157.method_10() +{ + // add this at the end, before the method returns + Uri urlUri = new Uri(url); + string path = (System.IO.Directory.GetCurrentDirectory() + "\\HTTP_DATA\\").Replace("\\\\", "\\"); + if (System.IO.Directory.CreateDirectory(path).Exists) + { + System.IO.File.WriteAllText(path + urlUri.LocalPath.Replace('/', '.') + ".json", value); + } +} +``` + +### 4. Ssl cert patch + +```csharp +Class505.ValidateCertificate() +{ + // replace the method body content with this + return true; +} +``` + +### 5. Battleye patch + +```csharp +Class784.RunValidation() +{ + // replace the method body content with this + this.Succeed = true; +} +``` + +## Appendix 2: Obtaining specific data + +This discusses how you can obtain certain data with the dumper installed. + +```markdown +**Type** | **How** +--------------- | ---------------------------------------------------------------------------------------------------- +Startup locales | Start the game in the locale you want to dump +Game locales | Select the locale in game settings +Common data | Start the game +Assort | Open the trader you want to dump from +Bots | Do an offline raid on a map containing that bot +Item events | Do the specifiic item event +Images | Open the menu containing the image, it's dumped to `%TEMP%\Battlestate Games\EscapeFromTarkov\files` +Location (loot) | Rip from game files +Models | Rip from game files +Textures | Rip from game files +Audio | Rip from game files +```