Parsing packets without active connection

[Retsim]

Hi everyone,

Can I use NMP to parse already saved packets using a tool like: https://github.com/barneygale/rex

In fact I'm looking to save some packets from a game session using a sniffer. Rex is a good example, but maybe NMP itself. I like the idea of rex because I can clear it to the maximum, then just doing raw dumps, very lightweight, without a bunch of classes I will never use. Or maybe just a scapy one-liner to dump needed packets traffic.

I want to be able to create a software that may use NMP to decode/parse those saved packets, with no connection to the server. For ex, to get x y z infos from a "player position & look" packet dump, without needing to instanciate a connection object and proxying again the game to listen to fresh packets as I already have it and just want to get packet fields fast and simple.

Can I currently achieve that ? Thanks !

[plexigras]

yes you can, this is how npm creates its parser.

https://github.com/PrismarineJS/node-minecraft-protocol/blob/master/src/transforms/serializer.js

but using npm itself as a proxy might be easier

// a simple proxy example
const nmp = require('minecraft-protocol')
const server = nmp.createServer({ port:25565, version: '...' })
const options = { username: '...', password: 'or session', version: '...' }
server.on('login', client => {
  const remote = nmp.createClient({
    ...options,
    keepAlive: false
  })
  remote.on('raw', (buffer, metadata) => {
    if (metadata.state !== 'play') return
    client.writeRaw(buffer)
  })
  client.on('raw', buffer => remode.writeRaw(buffer))
})

[Retsim]

Thanks for the parser ! I'm not interested in proxy mode as it will require to be connected through it. 🤔 I'm looking to sniff normal traffic packets instead and parse/decode them, during the full gameplay experience. Like sniffing packets, parse them, and generate stuff based on available data ! But I lack a proper way to decode packets without intensive recoding, however there it a lot of existing stuff on github. That would be awesome to be able to start NMP like a sniffer on an existing server port then start a minecraft client and see packets coming in and out.

[rom1504]

If you don't modify the client or the server it is not possible to decode packets you sniffed in online mode. The minecraft protocol is encrypted. If you want to decode the packets you need to modify the client or server to gives you the key.

On Sat, May 12, 2018, 00:22 Retsim notifications@github.com wrote:

Thanks for the parser ! I'm not interested in proxy mode as it will require to be connected through it. 🤔 I'm looking to sniff normal traffic packets instead and parse/decode them, during the full gameplay experience. Like sniffing packets, parse them, and generate stuff based on available data ! But I lack a proper way to decode packets without intensive recoding of existing stuff on github. That would be awesome to be able to start NMP like a sniffer on an existing server port then start a minecraft client and see packets coming in and out.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/PrismarineJS/node-minecraft-protocol/issues/557#issuecomment-388500246, or mute the thread https://github.com/notifications/unsubscribe-auth/ACPN_tXl-2kt4I0-aV2N73gNnuC5tE51ks5txg8ygaJpZM4T7hBl .

[Retsim]

@rom1504 I'm looking to work on online-mode false first then check for the true mode. I guess we can find a trick for that later, like reading key from client memory offsets before starting sniffing. (still without touching / modding client)

(Also, what happens if i use proxy mode on a bungeecord server ?)

[rom1504]

Ok then you can just use the compressor, the slitter and the parser from nmp.

I guess it would be useful to have an example showing how to do that.

On Sat, May 12, 2018, 10:47 Retsim notifications@github.com wrote:

@rom1504 https://github.com/rom1504 I'm looking to work on online-mode false first then check for the true mode. I guess we can find a trick for that later, like reading key from client memory offsets before starting sniffing. (still without touching / modding client)

(Also, what happens if i use proxy mode on a bungeecord server ?)

— You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub https://github.com/PrismarineJS/node-minecraft-protocol/issues/557#issuecomment-388540570, or mute the thread https://github.com/notifications/unsubscribe-auth/ACPN_r7rv0x37wyM0Khrto2N0UHPXlQHks5txqGxgaJpZM4T7hBl .

[plexigras]

or just use the proxy as it will give you "the full gameplay experience".

[rom1504]

doesn't work if he wants to spy on somebody else playing minecraft on his network though.

(what's your use case @Retsim ?)

[Retsim]

Don't want to spy on somebody else. @rom1504 But looking to read data from whatever server/situation. (Then draw a live-map as playing, get statistics, any type of further dev should be possible - without encryption -)

Take the example of a custom hardcoded minecraft launcher with mods for a unique server: @plexigras In the proxy case, we would need to: -> Find the IP/Port of the server (netcat, decompiling, whatever...) -> Setup the proxy based on those -> Find a way to use/edit the client/replicate ALL client mods to connect using proxy instead of direct server IP/Port. (As there is no "Multiplayer" menu in a lot of server specific launchers) (Maybe editing hosts file is the easiest to redirect server IP to your IP, but that would break also proxy I guess) -> Pray for NMP to be capable of handling all custom packets of the server if there is, or it will just crash/prevent normal gameplay Or implement all of them, needing to reverse all that stuff, but only for a specific server. So much pain.

Versus Sniffing:

-> Use the game launcher as intended -> Decode interested packets as they come -> Gameplay is still fully functional and transparent Need to implement some logic for states / compression stuff and such but it doesn't seems as hardcore as above tasks.

Except... I lack of understanding about all protocol elements ATM, is this even possible ?

[roblabla]

FWIW, nmp can handle custom packets just fine (discarding unknown packets) since they are length-prefixed.