Announcement

Collapse
No announcement yet.

Resurrecting an online server

Collapse
X
Collapse
 
  • Page of 3
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
  • #1

    Resurrecting an online server

    Game
    SOCOM II : US NAVY SEALS

    Contributors
    Fatality team
    - Cronotrigga
    - Harry
    - XAN

    Goals
    Create an online server that has most if not all functionality of the original

    Why?
    After spending many nights looking for information on this topic, it has come to my realization that information on resurrecting an online server is almost inexistent. This post will be an on going discussion explaining the problems associated and the process in which to solve these issues. I would also like to have an open discussion with any developers that have possibly had some experience working with ps2 networking and or any other experience that could help on this topic. Anyone that is interested in helping with this project is more then welcome. The server will be developed with C#, it will be fully open source and hopefully the fatality team can inspire others to do the same with other games.

    I have several memory dumps from when the game was online on patch r0004 and several dumps with crazy amounts of labels available for anyone that is interested. The following codes in this post are from no patch r0001.

    Status
    So far this project has been worked on by me and Harry, we have managed to find several useful codes in order to aid in debugging server code. Many hacks have been used to bypass the dnas screen, populate the universe screen and even get to the online menu without a server connection. We have also successfully disabled the packet encryption so all packets sent can be viewed in raw form using wireshark. This was originally done on SOCOM CA by GTLCPimp, which can be found in his vgate release. We have been able to force the ip addresses that SOCOM II originally used to point to our local network. From here I was able to construct a small C# program that would connect using a tcp socket on port 10071. I have so far been capable of receiving the initial connection packet and have been able to send data back to the ps2. This server will run the universe server that finds lobby servers and displays them in the gui. I have yet to construct a proper packet that will allow for the game to fully connect. After doing some research it seems that when the servers are populated in the universe screen that a person may select one to connect to, this then decides to open a separate socket. At this point using hacks to bypass the previous issue, the game's session state becomes invalid and will not allow for the connection to be sent. This could be forced however i believe it is important to take it step by step. Figuring out the first socket connection will be very useful later on.



    Discussion
    Anyone interested in helping or offering advice is more then willing to post and give possible new insight.

    Codes

    Code:
    Kill dnas lookup
202cc670 03e00008
202cc674 00000000
    Code:
    Update universe ips
address $203F6920
print "192.168.1.7"
nop

address $203F6940
print "192.168.1.7"
nop

address $2044FCA8
print "192.168.1.7"
nop
    Code:
    Disable packet encryption
Authors TMBO team(ported from socom 1)
2062a79c 00000000
2062a838 00000000
    Code:
    /*
Author Harry
Populate universe screen with a fatality server
*/

address $202FB1AC
j $000A1000

// universe create
address $200A1000
addiu sp, sp, $ff80
sw ra, $0000(sp)

setreg a0, $ffffffff
addiu a1, zero, $1
addiu a2, zero, $1
setreg a3, $000B0000
jal $002FDAF0
nop

lw ra, $0000(sp)
jr ra
addiu sp, sp, $80

// server name
address $200B001C
print "Fatality Server"

// server URL
address $200B009C
print "192.168.1.101"

// server port
address $200B011C
hexcode $275B

// server description
address $200B0120
print "The official Fatality server!"

// status
address $200B0220
hexcode $1
// users
address $200B0224
hexcode $2
// max users
address $200B0228
hexcode $270F
// universe is active
address $200B022C
hexcode $1

// -------------------????????????????
address $200B023C
hexcode $00001001

address $200B0240
hexcode $00462228

address $200B0248
hexcode $1

address $200B024C
hexcode $80800051

address $200B02B4 // needed for server to display
hexcode $1

address $202cc670
jr ra
nop
    Code:
    /*
Change lan gui to online gui
Author Harry
*/

address $2027EA64
jal $000A6000

address $200A6000
addiu sp, sp, $ff80
sw ra, $0000(sp)
sw a0, $0004(sp)
sw a1, $0008(sp)
sw a2, $000C(sp)
sw v0, $0010(sp)

// check if correct menu
daddu a0, a2, zero
setreg a1, $000A6F00
jal $00198f18 //strcmp
nop
bne v0, zero :__skip
nop

// change menu state
setreg a2, $000A7000
beq zero, zero, :__online
nop

__skip:
lw a2, $000C(sp)
__online:
lw ra, $0000(sp)
lw a0, $0004(sp)
lw a1, $0008(sp)
lw v0, $0010(sp)
j $001988D0 //sprintf
addiu sp, sp, $80

address $200A6F00
print "dlgLANBriefingRoom.rdr"

address $200A7000
print "dlgWorldOfSOCOM.rdr"
    Notes
    Code:
    Pointer to decrypted packet: 00656034
Packet to be sent(before encryption): 0066BEF8
    Code:
    CREATE UNIVERSE FUNCTION: 002FDAF0
a0 = FFFFFFFF
a1 = 1
a2 = 1
a3 = high memory pointer with the following offsets:
1C: Universe display name string
9C: Universe URL string
11C: Universe port
120: Universe description string
--- Several unknown values below.
220: status dot (1 = green, 0 = red) 
224: user count (FFFFFFFF = -1)
228: max user count
22C: is universe active? (0 disconnects instantly, 1 constantly connects)
23C: 00001001
240: 00462228 (points to random place in another function)
248: 1
24C: 80800051
2B4: Server enabled BOOL? (set to FFFFFFFF in beta)
    Code:
    UDP packet receive function call
0063cac4
    Code:
    TCP Packet fnc list
00665510
    Code:
    Session master each byte displays a different state of the game
0045a0c0
    The game is using this library for packet cryption ""rt_crypt version: 1.01.0023""

    Code:
    KM_SHA1 Fnc
0062eec0
    Code:
    Account ID
Author Cronotrogga
0066a4f0

Account username
0066a4f4
    Code:
    Game lobby/ Server lobby ID
0066a5f0
    Code:
    Some text key that was associated with your account. Changing all matches of this would stop a disc ban
0066a4d0
    Code:
    Server lobby name "US EAST" pointer
0044f430

Game name pointer
0044f434
    Code:
    Player rank
0066a754
    Code:
    Clan id
0040a460

Clan leader account id or clan account id
00452984

Clan leader account id or clan account id
0045295c
    Code:
    Sets the session value on a valid connection to the main socket
002fe168
    Attached Files
    Last edited by Cronotrigga; 10-28-2016, 01:51:07 PM.
    Tags: None
  • #2
    Continuing from the OP:

    We are currently using any method required in order to create the server(ie: hacks). The first version of the server will undoubtedly require a modded disc or codes via a cheat device(I believe the saveMGO team did something similar). The ultimate goal, as stated in the OP, is to create the server without the need of hacks.

    Comment

    • #3
      Originally posted by Cronotrigga View Post
      Game
      SOCOM II : US NAVY SEALS
      Could you post or send me the online dumps?


      Originally posted by Harry62 View Post
      Continuing from the OP:

      We are currently using any method required in order to create the server(ie: hacks). The first version of the server will undoubtedly require a modded disc or codes via a cheat device(I believe the saveMGO team did something similar). The ultimate goal, as stated in the OP, is to create the server without the need of hacks.
      I messaged you on steam but you haven't been on in a day or so. Do you happen to still have that S1 code I sent you that allowed you to step through the connection states?
      Last edited by 1UP; 10-28-2016, 10:34:25 AM.

      Comment

      • #4
        Originally posted by 1UP View Post
        I messaged you on steam but you haven't been on in a day or so. Do you happen to still have that S1 code I sent you that allowed you to step through the connection states?
        SOCOM 1 Code:
        Code:
        /*

Online State Connected
005D744C 

States
00010001 -- Connected
-00010003 -- Account registration
-00010004 -- User Registration
-00010005 -- Screen Name Registration
-00010006 -- Registration Failure (not required, just one I ran into)
00010007 -- Account Login
00010008 -- User Login
00010009 -- Screen Name Login
-0001000A -- prompts Login registration
0001000B -- Logged In
0001000C -- Session Begin

*/

address $2030FC34
j $000a0000

address $200a0000
// timer
lui t7, $000a
lw t8, $0200(t7)
addiu t9, zero, $10 //max time
bne t9, t8, :__end
nop

// reset timer
sw zero, $0200(t7)

// get online state
lui t0, $005D
lh t2, $744C(t0)

//check if connected
bne t2, zero :___connected
nop

//connect
addiu t3, zero, $1
beq zero, zero :__end
nop

// is connected
___connected:
addiu t1, zero, $1
bne t2, t1, :__account_login
nop

// account login
addiu t3, t2, $6
beq zero, zero :__end
nop

__account_login:
addiu t1, zero, $7
bne t2, t1, :__user_login
nop

// user login
addiu t3, t2, $1
beq zero, zero :__end
nop

__user_login:
addiu t1, zero, $8
bne t2, t1, :__screen_name_login
nop

// screen name login
addiu t3, t2, $1
beq zero, zero :__end
nop

__screen_name_login:
addiu t1, zero, $9
bne t2, t1, :__logged_in
nop

// logged in
addiu t3, t2, $2
beq zero, zero :__end
nop

__logged_in:

// session start
addiu t3, t2, $1
beq zero, zero :__end
nop

__end:
// store online state
sh t3, $744C(t0)

// increment timer
lw t8, $0200(t7)
addiu t8, t8, $1
sw t8, $0200(t7)
jr ra
        Last edited by Harry62; 10-28-2016, 11:06:47 AM.

        Comment

        • #5
          Originally posted by Harry62 View Post
          SOCOM 1 Code:
          Code:
          /*

Online State Connected
005D744C 

States
00010001 -- Connected
-00010003 -- Account registration
-00010004 -- User Registration
-00010005 -- Screen Name Registration
-00010006 -- Registration Failure (not required, just one I ran into)
00010007 -- Account Login
00010008 -- User Login
00010009 -- Screen Name Login
-0001000A -- prompts Login registration
0001000B -- Logged In
0001000C -- Session Begin

*/

address $2030FC34
j $000a0000

address $200a0000
// timer
lui t7, $000a
lw t8, $0200(t7)
addiu t9, zero, $10 //max time
bne t9, t8, :__end
nop

// reset timer
sw zero, $0200(t7)

// get online state
lui t0, $005D
lh t2, $744C(t0)

//check if connected
bne t2, zero :___connected
nop

//connect
addiu t3, zero, $1
beq zero, zero :__end
nop

// is connected
___connected:
addiu t1, zero, $1
bne t2, t1, :__account_login
nop

// account login
addiu t3, t2, $6
beq zero, zero :__end
nop

__account_login:
addiu t1, zero, $7
bne t2, t1, :__user_login
nop

// user login
addiu t3, t2, $1
beq zero, zero :__end
nop

__user_login:
addiu t1, zero, $8
bne t2, t1, :__screen_name_login
nop

// screen name login
addiu t3, t2, $1
beq zero, zero :__end
nop

__screen_name_login:
addiu t1, zero, $9
bne t2, t1, :__logged_in
nop

// logged in
addiu t3, t2, $2
beq zero, zero :__end
nop

__logged_in:

// session start
addiu t3, t2, $1
beq zero, zero :__end
nop

__end:
// store online state
sh t3, $744C(t0)

// increment timer
lw t8, $0200(t7)
addiu t8, t8, $1
sw t8, $0200(t7)
jr ra
          You are the real MVP. Thanks a bunch. Sucks that I lost my text file with notes in it :/

          Comment

          • #6
            As anyone manage to port the disable packet encryption to Combined Assault? I try doing a simple port, but was not able to.

            Comment

            • #7
              I'm not sure if it even is portable between SOCOM 2 and SOCOM: Combined Assault.

              Here is the Patch 1.4 Combined Assault addresses:
              Code:
              0084a830 = JAL -> Encrypt Packet
00848d30 = JAL -> Decrypt Packet
              Click image for larger version Name: SCA Encrypt and Decrypt Packets.jpg Views: 1 Size: 766.0 KB ID: 162919

              Comment

              • #8
                This is an awesome project, and could serve as a framework for future projects with other games. I don't have the game and I'd be too busy with other projects to pitch in directly, but let me know if I can support the project in any other ways.
                I may be lazy, but I can...zzzZZZzzzZZZzzzZZZ...

                Comment

                • #9
                  Originally posted by Lazy Bastard View Post
                  This is an awesome project, and could serve as a framework for future projects with other games. I don't have the game and I'd be too busy with other projects to pitch in directly, but let me know if I can support the project in any other ways.
                  Thanks for the support Lazy Bastard.

                  Comment

                  • #10
                    The guys over on X-Link are really excited! Thank you very much for the work guys; any updates?

                    Comment

                    • #11


                      It seems that with the emulator (at least) it could very well be possible to run this patched if map packs were desired. Not entirely sure it would make it any easier in the long run but it could be an option. I need to do more testing with it and see if I am right in that it could just be copied over because I don't think the BIOS that I currently have is from my latest PS2 that I originally had the patch on.

                      Comment

                      • #12
                        1up, antix told me you had pcsx2 working with network connections. Mind hitting me up on skype? I'm having the worlds most difficult time with getting it to successfully access a network...

                        Comment

                        • #13
                          It does work, but I promise you there is no way to get it work without lagging with over 2 people in a match.

                          Comment

                          • #14
                            We discovered the issue. Apparently WinPCap (that is required for the plugin to work) has an issue with connecting back to the same machine. I have to load my server application on a different host in order to make a connection.

                            By the way, if anyone understands this method better, having a bit of a set back with producing an online server for SOCOM: Combined Assault. Looking to see if anyone has any prior knowledge about this packet in particular. It gets sent out when requesting the Universe server listings, and doesn't seem to like me very much if I try to bypass the function that does this...
                            Code:
                            0x00000000   24 D9 02 03 00 6F 00 6E-00 6D 00 03 00 00 06 00   $Ù.o.n.m....
0x00000010   04 01 00 C7 02 30 82 02-C3 30 82 01 AB A0 03 02   .Ç0‚Ã0‚«*
0x00000020   01 02 02 14 01 00 00 00-00 00 00 00 00 00 00 00   ...........
0x00000030   42 00 00 00 00 00 01 3D-30 0D 06 09 2A 86 48 86   B.....=0..*†H†
0x00000040   F7 0D 01 01 05 05 00 30-81 96 31 0B 30 09 06 03   ÷..0–10.
0x00000050   55 04 06 13 02 55 53 31-0B 30 09 06 03 55 04 08   UUS10.U
0x00000060   13 02 43 41 31 12 30 10-06 03 55 04 07 13 09 53   CA10U.S
0x00000070   61 6E 20 44 69 65 67 6F-31 31 30 2F 06 03 55 04   an Diego110/U
0x00000080   0A 13 28 53 4F 4E 59 20-43 6F 6D 70 75 74 65 72   .(SONY Computer
0x00000090   20 45 6E 74 65 72 74 61-69 6E 6D 65 6E 74 20 41    Entertainment A
0x000000A0   6D 65 72 69 63 61 20 49-6E 63 2E 31 14 30 12 06   merica Inc.10
0x000000B0   03 55 04 0B 13 0B 53 43-45 52 54 20 47 72 6F 75   USCERT Grou
0x000000C0   70 31 1D 30 1B 06 03 55-04 03 13 14 53 43 45 52   p10USCER
0x000000D0   54 20 52 6F 6F 74 20 41-75 74 68 6F 72 69 74 79   T Root Authority
0x000000E0   30 1E 17 0D 30 36 30 36-31 36 31 37 35 39 32 35   0.060616175925
0x000000F0   5A 17 0D 33 36 30 36 31-34 32 33 35 39 35 39 5A   Z.360614235959Z
0x00000100   30 68 31 0B 30 09 06 03-55 04 06 13 02 55 53 31   0h10.UUS1
0x00000110   0B 30 09 06 03 55 04 08-13 02 43 41 31 12 30 10   0.UCA10
0x00000120   06 03 55 04 07 13 09 53-61 6E 20 44 69 65 67 6F   U.San Diego
0x00000130   31 0D 30 0B 06 03 55 04-0A 13 04 53 43 45 41 31   1.0U.SCEA1
0x00000140   0F 30 0D 06 03 55 04 0B-13 06 5A 69 70 70 65 72   0.UZipper
0x00000150   31 18 30 16 06 03 55 04-03 13 0F 53 4F 43 4F 4D   10USOCOM
0x00000160   20 43 41 32 20 32 30 36-30 34 30 5C 30 0D 06 09    CA2 206040\0..
0x00000170   2A 86 48 86 F7 0D 01 01-01 05 00 03 4B 00 30 48   *†H†÷..K.0H
0x00000180   02 41 00 C3 AF 72 08 96-62 3B 90 DE 4E FD 9D 65   A.ïr–b;ÞNýe
0x00000190   AD 43 A7 FC CB 29 28 8F-F7 13 A3 C4 7F F6 F6 1F   *C§üË)(÷£Äöö
0x000001A0   7D 27 A6 2B 17 EE E6 41-26 DA CA C5 C0 D3 FE 3F   }'¦+îæA&ÚÊÅÀÓþ?
0x000001B0   10 A1 F6 89 C4 34 68 61-F0 BE F0 B7 56 26 5D A3   ¡ö‰Ä4hað¾ð·V&]£
0x000001C0   13 C7 7B 02 03 00 00 11-30 0D 06 09 2A 86 48 86   Ç{..0..*†H†
0x000001D0   F7 0D 01 01 05 05 00 03-82 01 01 00 4C F6 51 AD   ÷..‚.LöQ*
0x000001E0   1E 51 D4 04 AB 35 0B 3B-8E 36 FE 8B 3B E4 2D EF   QÔ«5;Ž6þ‹;ä-ï
0x000001F0   C7 3F 9A 8A D0 A4 0A E0-C6 2C F3 CE 97 4E 5B FF   Ç?šŠÝ¤.àÆ,óΗN[ÿ
0x00000200   DA B3 48 58 99 26 AD E4-71 E1 2A 05 1E 28 24 08   Ú³HX™&*äqá*($
0x00000210   B8 45 10 D5 41 45 16 49-69 36 37 3A 16 08 19 1E   ¸EÕAEIi67:
0x00000220   79 7B 3B B6 62 B6 8D E6-BB 96 AD 28 A3 7A 9B B7   y{;¶b¶æ»–*(£z›·
0x00000230   E7 AB AB CD 9D E4 88 61-06 65 88 16 7E 87 6C F7   竫ݝäˆaeˆ~‡l÷
0x00000240   3D CB 0A 26 E8 84 10 D4-D7 3C 27 9C 52 3B A2 24   =Ë.&è„Ô×<'œR;¢$
0x00000250   1D B8 05 67 09 44 7D 97-40 D0 8A 92 16 83 D8 E8   ¸g.D}—@ÝŠ’ƒØè
0x00000260   B8 7B A6 81 48 E5 5D D2-4D 7B 1A 76 A2 BE 6F 99   ¸{¦Hå]ÒM{v¢¾o™
0x00000270   01 B5 8F 9B EA 29 73 2A-74 78 25 7A AF 99 29 97   µ›ê)s*tx%z¯™)—
0x00000280   38 5F B9 72 03 E2 95 63-98 BB 01 56 F7 82 EC 40   8_¹râ•c˜»V÷‚ì@
0x00000290   28 12 84 62 E6 FB 90 D0-CF 59 00 31 DF 38 6B 0D   („bæûÝÝY.1ß8k.
0x000002A0   78 A7 03 CE 5A 4D F8 CE-3D 86 DB 3A 44 5C 5B 04   x§ÎZMøÎ=†Û:D\[
0x000002B0   35 1F 3D A1 5F F7 40 DE-68 C7 84 74 2C 76 B0 E7   5=¡_÷@ÞhÇ„t,v°ç
0x000002C0   EC 17 C8 73 63 96 83 A7-36 AB 04 97 04 90 3F 12   ìÈsc–ƒ§6«—?
0x000002D0   E6 93 C0 99 7E C1 CE 8D-B0 C7 9C 0B               æ“À™~ÝΝ°Çœ
                            Thankfully I still have my Virtual Gateway application I wrote for the game years ago, which includes the vast majority of the game's packet system mapped out. It would be very easy to build onto it and have a fully functional game server, if I can manage to get around this "SCERT Root Authority" request... Any takers?
                            Last edited by Gtlcpimp; 12-10-2016, 06:30:25 AM.

                            Comment

                            • #15
                              Originally posted by brad2192 View Post
                              It does work, but I promise you there is no way to get it work without lagging with over 2 people in a match.
                              We are well aware of this, plus that's not what the end goal is. The problem he was having was the network plugin just wasn't working.
                              Last edited by 1UP; 12-11-2016, 01:19:46 AM.

                              Comment

                              Previous 1 2 3 template Next
                              Working...
                              X