From cb344ac1c12d48770f712561a58df30bb7c15b48 Mon Sep 17 00:00:00 2001 From: SPT-dev Date: Thu, 2 Mar 2023 21:11:24 -0500 Subject: [PATCH] Update packet sniffer code --- docs/md/development/dump_data.md | 64 +++++++++++++++++++++----------- 1 file changed, 43 insertions(+), 21 deletions(-) diff --git a/docs/md/development/dump_data.md b/docs/md/development/dump_data.md index a9a76f8..62611d2 100644 --- a/docs/md/development/dump_data.md +++ b/docs/md/development/dump_data.md @@ -46,10 +46,11 @@ To be able to make patches, we deobfuscate the assembly. But since [de4dot](http 6. Cut-paste `Assembly-CSharp-cleaned-cleaned.dll` to `%gamedir%/EscapeFromTarkov_Data/Managed/`. 7. Open `Assembly-CSharp-cleaned-cleaned.dll` in dnSpy. 8. dnSpy > File > Save Module. -9. Apply dumper patch (appendix 1.3). -10. Apply ssl patch (appendix 1.4). -11. Apply battleye patch (appendix 1.5). -12. dnSpy > File > Save Module. +9. Apply request dumper patch (appendix 1.3). +10. Apply response dumper patch (appendix 1.4). +11. Apply ssl patch (appendix 1.5). +12. Apply battleye patch (appendix 1.6). +13. dnSpy > File > Save Module. ## Backup @@ -92,53 +93,74 @@ The data does contain sensitive information such as you account id, so be carefu ## Appendix 1: Code -All code is based on Escape From Tarkov 0.12.8.9819. +All code is based on Escape From Tarkov 0.12.9.10519. -### Deobfuscation method in assembly +### 1.1. Deobfuscation method in assembly ```csharp -// Token: 0x0600C93A RID: 51514 RVA: 0x0012038D File Offset: 0x0011E58D -Class2019.smethod_0() +// Token: 0x0600CDDD RID: 52701 RVA: 0x00400CD0 File Offset: 0x003FEED0 +Class2045.smethod_0() { return (string)((Hashtable)AppDomain.CurrentDomain.GetData(Class2019.string_0))[int_0]; } ``` -### Deobfuscation command +### 1.2. Deobfuscation command ```powershell -de4dot-x64.exe --un-name "!^<>[a-z0-9]$&!^<>[a-z0-9]__.$&![A-Z][A-Z]\$<>.$&^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$" "Assembly-CSharp-cleaned.dll" --strtyp delegate --strtok 0x0600C93A +de4dot-x64.exe --un-name "!^<>[a-z0-9]$&!^<>[a-z0-9]__.*$&![A-Z][A-Z]\$<>.*$&^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$" "Assembly-CSharp-cleaned.dll" --strtyp delegate --strtok 0x0600CDD7 ``` -### Dumper patch +### 1.3. Request dumper patch ```csharp -Class157.method_10() +Class160.method_1() { - // add this at the end, before the method returns - Uri urlUri = new Uri(url); - string path = (System.IO.Directory.GetCurrentDirectory() + "\\HTTP_DATA\\").Replace("\\\\", "\\"); - if (System.IO.Directory.CreateDirectory(path).Exists) + // add this at the end + var uri = new Uri(url); + var path = (System.IO.Directory.GetCurrentDirectory() + "\\HTTP_DATA\\").Replace("\\\\", "\\"); + var file = uri.LocalPath.Replace('/', '.').Remove(0, 1); + var time = DateTime.Now.ToString("yyyy-MM-dd_HH-mm-ss"); + + if (System.IO.Directory.CreateDirectory(path).Exists && obj != null) { - System.IO.File.WriteAllText(path + urlUri.LocalPath.Replace('/', '.') + ".json", value); + System.IO.File.WriteAllText($@"{path}req.{file}_{time}.json", text); } } ``` -### SSL cert patch +### 1.4. Response dumper patch ```csharp -Class505.ValidateCertificate() +Class160.method_10() +{ + // add this at the end, before "return value;" + var uri = new Uri(url); + var path = (System.IO.Directory.GetCurrentDirectory() + "\\HTTP_DATA\\").Replace("\\\\", "\\"); + var file = uri.LocalPath.Replace('/', '.').Remove(0, 1); + var time = DateTime.Now.ToString("yyyy-MM-dd_HH-mm-ss"); + + if (System.IO.Directory.CreateDirectory(path).Exists) + { + System.IO.File.WriteAllText($@"{path}resp.{file}_{time}.json", value); + } +} +``` + +### 1.5. SSL cert patch + +```csharp +Class511.ValidateCertificate() { // replace the method body content with this return true; } ``` -### Battleye patch +### 1.6. Battleye patch ```csharp -Class784.RunValidation() +Class797.RunValidation() { // replace the method body content with this this.Succeed = true;