Update packet sniffer code

2023-03-02 21:11:24 -05:00 · 2023-03-02 21:11:24 -05:00 · cb344ac1c1
commit cb344ac1c1
parent a98f46a60f
1 changed files with 43 additions and 21 deletions
--- a/docs/md/development/dump_data.md
+++ b/docs/md/development/dump_data.md
@ -46,10 +46,11 @@ To be able to make patches, we deobfuscate the assembly. But since [de4dot](http
 6. Cut-paste `Assembly-CSharp-cleaned-cleaned.dll` to `%gamedir%/EscapeFromTarkov_Data/Managed/`.
 7. Open `Assembly-CSharp-cleaned-cleaned.dll` in dnSpy.
 8. dnSpy > File > Save Module.
-9. Apply dumper patch (appendix 1.3).
+9. Apply request dumper patch (appendix 1.3).
-10. Apply ssl patch (appendix 1.4).
+10. Apply response dumper patch (appendix 1.4).
-11. Apply battleye patch (appendix 1.5).
+11. Apply ssl patch (appendix 1.5).
-12. dnSpy > File > Save Module.
+12. Apply battleye patch (appendix 1.6).
 13. dnSpy > File > Save Module.
 ## Backup
@ -92,53 +93,74 @@ The data does contain sensitive information such as you account id, so be carefu
 ## Appendix 1: Code
-All code is based on Escape From Tarkov 0.12.8.9819.
+All code is based on Escape From Tarkov 0.12.9.10519.
-### Deobfuscation method in assembly
+### 1.1. Deobfuscation method in assembly
 ```csharp
-// Token: 0x0600C93A RID: 51514 RVA: 0x0012038D File Offset: 0x0011E58D
+// Token: 0x0600CDDD RID: 52701 RVA: 0x00400CD0 File Offset: 0x003FEED0
-Class2019.smethod_0()
+Class2045.smethod_0()
 {
    return (string)((Hashtable)AppDomain.CurrentDomain.GetData(Class2019.string_0))[int_0];
 }
 ```
-### Deobfuscation command
+### 1.2. Deobfuscation command
 ```powershell
-de4dot-x64.exe --un-name "!^<>[a-z0-9]$&!^<>[a-z0-9]__.$&![A-Z][A-Z]\$<>.$&^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$" "Assembly-CSharp-cleaned.dll" --strtyp delegate --strtok 0x0600C93A
+de4dot-x64.exe --un-name "!^<>[a-z0-9]$&!^<>[a-z0-9]__.*$&![A-Z][A-Z]\$<>.*$&^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$" "Assembly-CSharp-cleaned.dll" --strtyp delegate --strtok 0x0600CDD7
 ```
-### Dumper patch
+### 1.3. Request dumper patch
 ```csharp
-Class157.method_10()
+Class160.method_1()
 {
-    // add this at the end, before the method returns
+    // add this at the end
-    Uri urlUri = new Uri(url);
+    var uri = new Uri(url);
-    string path = (System.IO.Directory.GetCurrentDirectory() + "\\HTTP_DATA\\").Replace("\\\\", "\\");
+    var path = (System.IO.Directory.GetCurrentDirectory() + "\\HTTP_DATA\\").Replace("\\\\", "\\");
-    if (System.IO.Directory.CreateDirectory(path).Exists)
+    var file = uri.LocalPath.Replace('/', '.').Remove(0, 1);
    var time = DateTime.Now.ToString("yyyy-MM-dd_HH-mm-ss");
    if (System.IO.Directory.CreateDirectory(path).Exists && obj != null)
    {
-        System.IO.File.WriteAllText(path + urlUri.LocalPath.Replace('/', '.') + ".json", value);
+        System.IO.File.WriteAllText($@"{path}req.{file}_{time}.json", text);
    }
 }
 ```
-### SSL cert patch
+### 1.4. Response dumper patch
 ```csharp
-Class505.ValidateCertificate()
+Class160.method_10()
 {
    // add this at the end, before "return value;"
    var uri = new Uri(url);
    var path = (System.IO.Directory.GetCurrentDirectory() + "\\HTTP_DATA\\").Replace("\\\\", "\\");
    var file = uri.LocalPath.Replace('/', '.').Remove(0, 1);
    var time = DateTime.Now.ToString("yyyy-MM-dd_HH-mm-ss");
    if (System.IO.Directory.CreateDirectory(path).Exists)
    {
        System.IO.File.WriteAllText($@"{path}resp.{file}_{time}.json", value);
    }
 }
 ```
 ### 1.5. SSL cert patch
 ```csharp
 Class511.ValidateCertificate()
 {
    // replace the method body content with this
    return true;
 }
 ```
-### Battleye patch
+### 1.6. Battleye patch
 ```csharp
-Class784.RunValidation()
+Class797.RunValidation()
 {
    // replace the method body content with this
    this.Succeed = true;