https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13959
Bug ID: 13959
Summary: Add Tibia dissector
Product: Wireshark
Version: Git
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: Enhancement
Priority: Low
Component: Dissection engine (libwireshark)
Assignee: bugzilla-ad...@wireshark.org
Reporter: ah...@a3f.at
Target Milestone: ---
Created attachment 15753
--> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=15753&action=edit
Tibia 11.0
Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
The Tibia dissector seeks compatibility with Tibia's login protocol from
version 7.0 (Dec. 2001) till 11.54 (Aug 2017) and hopefully beyond.
Nearly all attached captures follow the same scheme:
- Failed login with non-existing credentials
- Successful login with password "wireshark" to get character and game server
list
- Game server login with a character called "Wireshark"
- The character says "Hello World" or similar
- The character logs out
Other game interaction in the capture file is only partially decoded. All
encrypted interaction can be decrypted with the hardcoded OTServ RSA key. The
key in PEM format is attached here. To try out decryption with XTEA key
(similar to Premaster secret in SSL dissector), decrypt first with RSA, copy
the XTEA key and then add a UAT entry linking a packet in the conversation with
the extracted key and remove "Try OTServ RSA key" option.
Login data in the capture files weren't sanitized, because the accounts were
created just for this purpose.
There are more captures available at https://github.com/a3f/tibia-pcaps
The ones here were chosen, because they highlight changes in the Tibia login
protocol (See get_version_traits() in the dissector for further details):
- Tibia 7.40: Couldn't find a server to connect against. This just shows a
failed account login
- Tibia 7.60: Login data wasn't encrypted yet
- Tibia 7.92: Login data now encrypted with RSA. Game data with XTEA
- Tibia 8.40: Account names (strings) instead of 32-bit account numbers.
Adler32 checksum
- Tibia 8.60: Nonce sent from game server upon TCP connection
- Tibia 10.00: Separate client and protocol version field
- Tibia 10.41: world list now separate from character list (still same packet).
IP addresses now in string form
- Tibia 10.77: Login server provides session key, which is used for game server
login
- Tibia 11.00: Login protocol should be compatible with current Tibia 11.54
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
