Closed inada-s closed 4 years ago
inada-s
commented
4 years ago handshake correctly and the connection is established successfully. Then the game is waiting for the initial data from the server, timed out, and close the connection (reset the modem)
It seems this is not true.
The game seems to be waiting for a call from KDDI. I don't know much about modem and dreamcast registers, it will likely take some time...
vkedwardli
commented
4 years ago I'm not sure if I describe it correctly, but I think the modem dialing + modem connection handshake are done properly by the emulator, so that the modem can report the connected state.
Once the modem is connected, flycast will print all values from its register (modem_regs xx = xx)
But then it is waiting for the server reply to proceed to next step.
If we can reply the correct thing into read_pppd (which is mapped to read_pico), then I guess it will start sending some real request.
Since the PS2 version is more debug friendly, may be it would be easier to trace what the game is expecting as the first response from the server, right after the modem has enter the connected state.
Here is the full documentation for the modem register (basically flycast had finished near all the implementation already): https://dcemulation.org/1-newsdump/QRandom/DC%20stuff/info/RP56LD_RP336LD_DesignersGuide.pdf
inada-s
commented
4 years ago Before the client connects to the game server, the client makes a DNS query for ca1203.mmcp6. It doesn't seem to be done in the Dreamcast emulator now.
The game seems to be waiting for a call from KDDI.
That means I think it is necessary to emulate the connection by Callback (something like rfc1570).
I will concentrate on the PS2 version for a while.
inada-s
commented
4 years ago If you want to investigate yourself, that is the first packet sent from the server.
~12 21 00 00 00 00 08 00 54 14 00 00 (hex)~
If succeeded, the client will send a similar sequence of bytes.
vkedwardli
commented
4 years ago the client makes a DNS query for ca1203.mmcp6
That would be ca1202.mmcp6 for the DC version.
Thanks for the info, this first packet should be sent by the ca120X.mmcp6 server once the client open the connection?
inada-s
commented
4 years ago Sorry, the value was wrong.
The right value is:
180161020000000200ffffff
this first packet should be sent by the ca120X.mmcp6 server once the client open the connection?
Exactly.(at least in the ps2 version.)
vkedwardli
commented
4 years ago Found out why the modem reset right after the the connected state, the game is checking the connection speed. Since flycast is using V23 by default, after setting the connection speed from V23 to V34 modem_regs.reg12 = 0xce; //any values from C0 to CE in modem.cpp. The game seems tried to start some traffic. No DNS query is found so far.
Traffic log after connected: log.txt
inada-s
commented
4 years ago That sounds good progress!
grep the text 'TBUFFER = XX'
45 14 59 44 91
... (same pattern)
45 14 59 44 91
45 14 59 44 91
45 14 59 44 45
14 59 44 91 45
14 59 44 91 45
... (same pattern)
14 59 44 91 45
14 59 44 91 45
14 59 44 45 14
59 44 91 45 14
59 44 91 45 14
59 44 91 45 14
... (same pattern)
59 44 91 45 14
59 44 91 45 14
59 44 91
FF FF FF FF F9 F5 5F 5F 23 01 17 52 5F 21 F5 05
52 5F 20 F5 45 53 5F 21 F5 45 52 5F 25 71 D7 97
48 7D 99 D4 17 48 7D A9 D4 17 48 7D 81 D4 57 49
7D 99 D4 97 4C 34 E9 85 9D 76 82 F9 FD FF FF FFI also tried to log ppp packets. (in modem_read, modem_write)
replaced: 7d xx => xx ^ 0x20 (ppp escape)
[ modem_write ]
7e ff 03 23 c0 21 01 21 7e 5e 00 20 12 32 07 27 02 22 01 21 04 24 05 25 ea 08 28 02 22 02 22 06 26 00 20 00 20 00 20 00 20 c4 0a 2a 7e
7e ff 03 23 c0 21 01 21 7f 00 20 12 32 07 27 02 22 01 21 04 24 05 25 ea 08 28 02 22 02 22 06 26 00 20 00 20 00 20 00 20 cb 1a 3a 7e
[ modem_read ]
45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 45 14 59 44 91 ff ff ff ff
[ modem_write ]
7e ff 03 23 c0 21 01 21 80 00 20 12 32 07 27 02 22 01 21 04 24 05 25 ea 08 28 02 22 02 22 06 26 00 20 00 20 00 20 00 20 31 97 7e
[ modem_read ]
f9 f5 5f 5f 23 01 17 52 5f 21 f5 05 52 5f 20 f5 45 53 5f 21 f5 45 52 5f 25 71 d7 97 48 b9 99 d4 17 48 89 a9 d4 17 48 a1 81 d4 57 49 b9 99 d4 97 4c 34 e9 85 1f 76 a3 f9 fd ff ff ff
[ modem_write ]
7e ff 03 23 c0 21 01 21 81 00 20 12 32 07 27 02 22 01 21 04 24 05 25 ea 08 28 02 22 02 22 06 26 00 20 00 20 00 20 00 20 3e 87 7e
7e ff 03 23 c0 21 01 21 82 00 20 12 32 07 27 02 22 01 21 04 24 05 25 ea 08 28 02 22 02 22 06 26 00 20 00 20 00 20 00 20 2f b7 7e
7e ff 03 23 c0 21 01 21 83 00 20 12 32 07 27 02 22 01 21 04 24 05 25 ea 08 28 02 22 02 22 06 26 00 20 00 20 00 20 00 20 20 a7 7e
7e ff 03 23 c0 21 01 21 84 00 20 12 32 07 27 02 22 01 21 04 24 05 25 ea 08 28 02 22 02 22 06 26 00 20 00 20 00 20 00 20 0d 2d d7 7e
7e ff 03 23 c0 21 01 21 85 00 20 12 32 07 27 02 22 01 21 04 24 05 25 ea 08 28 02 22 02 22 06 26 00 20 00 20 00 20 00 20 02 22 c7 7e
7e ff 03 23 c0 21 01 21 86 00 20 12 32 07 27 02 22 01 21 04 24 05 25 ea 08 28 02 22 02 22 06 26 00 20 00 20 00 20 00 20 13 33 f7 7e
7e ff 03 23 c0 21 01 21 87 00 20 12 32 07 27 02 22 01 21 04 24 05 25 ea 08 28 02 22 02 22 06 26 00 20 00 20 00 20 00 20 1c 3c e7 7e
7e ff 03 23 c0 21 01 21 88 00 20 12 32 07 27 02 22 01 21 04 24 05 25 ea 08 28 02 22 02 22 06 26 00 20 00 20 00 20 00 20 49 17 37 7e
2b 2b 2b 41 54 48 0d 0a 41 54 5a 0d 0a 41 54 5a 0d 0a 41 54 5a 0d 0a 41 54 5a 0d 0a 41 54 5a 0d 0a 41 54 5a 0d 0a 41 54 5a 0d 0a 41 54 5a 0d 0a 41 54 5a 0d 0a 41 54 5a 0d 0aI'm not familiar with modems and ppp, but dc doesn't seem to be talking in ppp protocol.
45 14 59 44 91 45 ...
Is this correct data to pass pppd ? ..
vkedwardli
commented
4 years ago Seems when using V.34 connection mode, the data is encoded/compressed, but in the V.23 mode, everything is just raw data.
So the picoppp is always sending a valid raw ppp frame (prefix with 7e ff 7d 23 c0 21) to the modem, but the modem is sending some unrecognised data (not a ppp frame without extra handling) to the picoppp.
Flycast Is using V.23 because it doesn’t need to handle the additional encoding/decoding.
Could that be V.42bis or MNP 5? No idea yet
But data must be encoded before sending to modem and decoded before sending to picoppp.
inada-s
commented
4 years ago grep 'send' track03.bin.strings
send"ATZ\r"
send"AT&F\r"
send"AT&F\r"
send"ATM1\r"
send"ATN3+MS=V34,1,14400,33600,14400,33600
send"ATX3&C1&D2\r"
send"ATZ\r"
send"AT&F\r"
send"AT&F\r"
send"ATM1\r"
send"ATX3&C1&D2\r"
send "ATS46=136\r"
send "AT&Q0\r"
send "AT+MS=V34,1,33600,33600,33600,33600\r"
send "AT+MS=V34,1,28800,33600,28800,33600\r"
send "AT+MS=V34,1,14400,33600,14400,33600\r"
sendWell, as you say, it seems we have to identify this encoding and convert it appropriately.
inada-s
commented
4 years ago or replace these AT commands to use V.23 mode?
inada-s
commented
4 years ago The client configures the modem with AT commands before connecting. If it fails along the way, reset and try a few times.
It might be possible to rewrite these AT commands with binary editor and connect with V23. It's just a guess.
FactoryRest
send"ATZ\r"
wait"OK\r\n"Reset Profile
send"AT&F\r"
wait"OK\r\n"speaker config
send"ATM1\r"
wait"OK\r\n"Set connection mode N3: Auto-reliable or MNP auto-reliable mode ? MS: Modulation Selection, V34
send"ATN3+MS=V34,1,14400,33600,14400,33600
"
wait"OK\r\n"Data compression control
send"AT%C1
"
wait"OK\r\n"X3: Result code reporting option (3) C1: Carrier Detect signal config D2: terminate any call when DTR changes from TRUE to FALSE.
send"ATX3&C1&D2\r"
wait"OK\r\n"turns off data compression ?
send "ATS46=136\r"
wait "OK\r\n"Asynchronous operation
send "AT&Q0\r"
wait "OK\r\n"MS: Modulation Selection, V34
send "AT+MS=V34,1,33600,33600,33600,33600\r"
wait "OK\r\n"On my mac, flycasting stops by BADACCESS many times when started in debug mode, so breakpoints cannot be used. I can't debug.
In what environment are you working?
vkedwardli
commented
4 years ago I'm on macOS also
Seems BADACCESS is triggered by the memory protection, I can skip it without recompiling the LLDB debugserver by adding the following code into osx-main.mm's os_CreateWindow()
#include <mach/task.h>
#include <mach/mach_init.h>
#include <mach/mach_port.h>
void os_CreateWindow() {
int ret = task_set_exception_ports(
mach_task_self(),
EXC_MASK_BAD_ACCESS,
MACH_PORT_NULL,
EXCEPTION_DEFAULT,
0);
if (ret != KERN_SUCCESS) {
printf("task_set_exception_ports: %s\n", mach_error_string(ret));
}
}
Then on macOS 10.15 you will also need to skip SIGBUS inside LLDB by running pro hand -p true -s false SIGBUS right after you load the game (if SIGBUS is triggered), then you can continue the exception and start debugging properly
vkedwardli
commented
4 years ago 
also you may find this Save/Load State shortcut useful (open by Menu button)
inada-s
commented
4 years ago Thank you for the information, now I can debug.
inada-s
commented
4 years ago with replacing send"ATN3+MS=V34,1,14400,33600,14400,33600 to send"ATM1¥r
the game try to connect server.
inada-s
commented
4 years ago YES!!!!!!!! Successfully connected to the lobby server! But we have to deal with some DNS server issues for picoppp.
inada-s
commented
4 years ago send"ATN3+MS=V34,1,14400,33600,14400,33600 to send"ATM1¥r (don't change the original length fill with 0A instead)ca1203.mmcp6 to server ipv4 adress (hostname doesn't work)It seems that the connection is slow. We may need to tune the modem code.
also worked on flycast windows version. https://flyinghead.github.io/flycast-builds/
The current version of the server will disconnect if there is no login key, I'll fix it
vkedwardli
commented
4 years ago The flycast supports adding custom DNS server in the emu.cfg
[network]
DNS = 127.0.0.1So that we can use a custom DNS server to resolve ca1203.mmcp6, would be useful in the future
The CheatManager (original for widescreen hacks) may be applicable to the hex patching
Some feedback for the server:
I'm getting Got signal: urgent I/O condition on mac immediately if run with -dump.
Without -dump I can run the server for a while and then the same error would appear.
And running lobby cannot create the gdxsv.db sqlite file, I must run initdb manually once.
Using go1.14.1
p.s. still cannot understand why editing the MS= mode won't work, but switching it to a irrelevant command can work LOL
inada-s
commented
4 years ago DNS
Yes that's good. But when a host name set, this game try to use specific dns server internally and that will fail, so we have to manage it.
CheatManager
That's good.
urgent I/O condition
Oops, I'll fix it.
I must run initdb manually once.
Yes, this is the expected operation. It's I'm sorry it's hard to understand.
inada-s
commented
4 years ago Now that we got the way to connect lobby server, we have reached the goal of this issue.
Let's go on to the next stage :)
goal
@vkedwardli said at https://github.com/inada-s/gdxsv/issues/2#issuecomment-608364296
From my investigation, as long as we can emulate the correct server response, it is better to use https://github.com/flyinghead/flycast with the DC version.
Attached is the MODEM log (I've added the
modem reg writelog myself)When the modem is going into the ringing state, it reads + dial the number from the
010register.So the DC version is using the MODEM to dial to
186-0053-63-13-1203, which matches the KDDI ISDN回線, also according to the KDDI call menu0053-63is out of service.From the PS2 MIPS code, I also found the game is dialing to a very similar number:
186-0053-63-13-1202Finally the below is the full modem log, you can find that the game instructed the modem to dial a number, handshake correctly and the connection is established successfully. (all by modem emulation, no connection is made actually) Then the game is waiting for the initial data from the server, timed out, and close the connection (reset the modem)