Jump to content


[Problem] L4D v1.0.1.5 + Rev Patcher + SETTI = Fail


  • Please log in to reply
30 replies to this topic

#21 Guest_

Guest_
  • Guests

Posted 16 November 2009 - 04:35 PM

No problem, requested to reopen the task with that info.

Digging a bit just for curisity found this API description. steam API , looks like the ticket is the STEAM ID + more auth data SSL/TLS payload.

I'll post here what they have to say about.

Btw, any chance to have player list working also for the updated L4D servers?

#22 Ghost

Ghost

    Admin

  • Moderators - Admin
  • 3,639 posts
274

Posted 16 November 2009 - 08:18 PM

Thanks for the link.

The client, when it wants to connect to a game, needs to call SteamUser()->InitiateGameConnection() to get it's auth blob. This blob of binary data is a securely signed ticket contains the user's SteamID and game rights information. This needs to be sent to the server for it to do validation.

This seems to make sense. The first packet sent to the server is actually some sort of authentication stuff (from ClientRegistry.blob?).

Rev Crew probably send the userauth quite unknowningly to the authentication server where they receive neatly formatted answer which contains information about SteamID etc.

Btw, any chance to have player list working also for the updated L4D servers?

Yes. Network dump would be great ;). I don't remember any of the previous dumps would have had player list there, did they?

It's quite funny if the query for player list has changed. It's been quite static for ever. It might be that the reply packet has changed, though.

#23 Guest_

Guest_
  • Guests

Posted 17 November 2009 - 10:42 AM

Attached capture with players and rules queries. No news from rev-crew, probably busy with l4d2 :)

updated: added some perl scripts someone posted at srcds mail list.

Attached Files



#24 Guest_shmelle

Guest_shmelle
  • Guests

Posted 04 January 2010 - 08:04 AM

...
Maybe someone from Rev Crew (who doesn't use someone else's API but actually knows what he's talking about)
...

Actually we make our own API, and don't use someone else's.

About this dumped auth packet, I see no userid ticket in it or it's most probably encrypted. The problem here is that revEmu DLLs receive tickets which are already decrypted by the game. The ticket is in a well readable format me and Ghost discussed once.

There are 2 versions of STEAM UserID tickets, I think setti sends (or at least was sending the last time I checked) the newer ticket, which should look like this:


VERSION (32 bit)

TIMESTAMP (64 bit)

STEAMID (64 bit)

APPSUBSCRIPTIONS (32 bit + variable length) (usually 0x0 in setti's case)



#25 Ghost

Ghost

    Admin

  • Moderators - Admin
  • 3,639 posts
274

Posted 04 January 2010 - 03:03 PM

About this dumped auth packet, I see no userid ticket in it or it's most probably encrypted. The problem here is that revEmu DLLs receive tickets which are already decrypted by the game. The ticket is in a well readable format me and Ghost discussed once.

It's encrypted or packed somehow at least. That's the "problem" because apparently nobody knows what the contents are in the packed form.


VERSION (32 bit)

TIMESTAMP (64 bit)

STEAMID (64 bit)

APPSUBSCRIPTIONS (32 bit + variable length) (usually 0x0 in setti's case)

There's at least timestamp which will be either static of generated to the ticket by the game server engine itself.

In the post viewtopic.php?p=2695#p2695 there's the capture and in the end of the capture there are those 00's and one 01 and one 08, which might be the appsubscriptions.

Setti uses the newer ticket, which is the same as in the post linked.

It's probably noteworthy to say that Setti doesn't need to know anything about the decrypted packets as long as it's possible to do the verification with pretty much repeating the once observed packets. Nevertheless it's been possible to "decode" some parts of the packets because version numbers go up all the time and once in a while there are these weird cases with incompatible tickets.

#26 Guest_shmelle

Guest_shmelle
  • Guests

Posted 04 January 2010 - 10:25 PM

This is the userid ticket sent by setti scanner (game TF2):

00000000 00 01 02 03 04 05 06 07 08 09 0D 0A 0B 0C 0D 0E 0F 10 11 12 13 .....................

00000015 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28 ............ !"#$%&'(

0000002A 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37 38 39 3A 3B 3C 3D )*+,-./0123456789:;<=

0000003F 3E 3F 40 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F 50 51 52 >?@ABCDEFGHIJKLMNOPQR

00000054 53 54 55 56 57 58 59 5A 5B 5C 5D 5E 5F 60 61 62 63 64 65 66 67 STUVWXYZ[]^_`abcdefg

00000069 68 69 6A 6B 6C 6D 6E 6F 70 71 72 73 74 75 76 77 78 79 7A 7B 7C hijklmnopqrstuvwxyz{|

0000007E 7D 7E 7F 80 81 82 83 84 85 86 87 88 89 8A 8B 8C 8D 8E 8F 90 91 }~...................

00000093 92 93 94 95 96 97 98 99 9A 9B 9C 9D 9E 9F A0 A1 A2 A3 A4 A5 A6 .....................

000000A8 A7 A8 A9 AA AB AC AD AE AF B0 B1 B2 B3 B4 B5 B6 B7 B8 B9 BA BB .....................

000000BD BC BD BE BF C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 CA CB CC CD CE CF D0 .....................

000000D2 D1 D2 D3 D4 D5 D6 D7 D8 D9 DA DB DC DD DE DF E0 E1 E2 E3 E4 E5 .....................

000000E7 E6 E7 E8 E9 EA EB EC ED EE EF F0 F1 F2 F3 F4 F5 F6 F7 F8 F9 FA .....................

000000FC FB FC FD FE FF 00 01 02 03 04 05 06 07 08 09 0D 0A 0B 0C 0D 0E .....................

00000111 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 ................. !"#

00000126 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37 38 $%&'()*+,-./012345678

0000013B 39 3A 3B 3C 3D 3E 3F 40 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 9:;?@ABCDEFGHIJKLM

00000150 4E 4F 50 51 52 53 54 55 56 57 58 59 5A 5B 5C 5D 5E 5F 60 61 62 NOPQRSTUVWXYZ[]^_`ab

00000165 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70 71 72 73 74 75 76 77 cdefghijklmnopqrstuvw

0000017A 78 79 7A 7B 7C 7D 7E 7F 80 81 82 83 84 85 86 87 88 89 8A 8B 8C xyz{|}~..............

0000018F 8D 8E 8F 90 91 92 93 94 95 96 97 98 99 9A 9B 9C 9D 9E 9F A0 A1 .....................

000001A4 A2 A3 A4 A5 A6 A7 A8 A9 AA AB AC AD AE AF B0 B1 B2 B3 B4 B5 B6 .....................

000001B9 B7 B8 B9 BA BB BC BD BE BF C0 C1 C2 C3 C4 C5 C6 C7 C8 C9 CA CB .....................

000001CE CC CD CE CF D0 D1 D2 D3 D4 D5 D6 D7 D8 D9 DA DB DC DD DE DF E0 .....................

000001E3 E1 E2 E3 E4 E5 E6 E7 E8 E9 EA EB EC ED EE EF F0 F1 F2 F3 F4 F5 .....................

000001F8 F6 F7 F8 F9 FA FB FC FD FE FF 00 01 02 03 04 05 06 07 08 09 0D .....................

0000020D 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E .....................

00000222 1F 20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 . !"#$%&'()*+,-./0123

00000237 34 35 36 37 38 39 3A 3B 3C 3D 3E 3F 40 41 42 43 44 45 46 47 48 456789:;?@ABCDEFGH

0000024C 49 4A 4B 4C 4D 4E 4F 50 51 52 53 54 55 56 57 58 59 5A 5B 5C 5D IJKLMNOPQRSTUVWXYZ[]

00000261 5E 5F 60 61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70 71 72 ^_`abcdefghijklmnopqr

00000276 73 74 75 76 77 78 79 7A 7B 7C 7D 7E 7F 80 81 82 83 84 85 86 87 stuvwxyz{|}~.........

0000028B 88 89 8A 8B 8C 8D 8E 8F 90 91 92 93 94 95 96 97 98 99 9A 9B 9C .....................

000002A0 9D 9E 9F A0 A1 A2 A3 A4 A5 A6 A7 A8 A9 AA AB AC AD AE AF B0 B1 .....................

000002B5 B2 B3 B4 B5 B6 B7 B8 B9 BA BB BC BD BE BF C0 C1 C2 C3 C4 C5 C6 .....................

000002CA C7 C8 C9 CA CB CC CD CE CF D0 D1 D2 D3 D4 D5 D6 D7 D8 D9 DA DB .....................

000002DF DC DD DE DF E0 E1 E2 E3 E4 E5 E6 E7 E8 E9 EA EB EC ED EE EF F0 .....................

000002F4 F1 F2 F3 F4 F5 F6 F7 F8 F9 FA FB FC FD FE FF                   ...............

Very very weird, and this is the first time I have seen something like that.
Would be cool if you guys could explain this.

#27 Ghost

Ghost

    Admin

  • Moderators - Admin
  • 3,639 posts
274

Posted 05 January 2010 - 10:08 AM

It's the years old ticket that's still being used for some games. It's been in use since forever now, so it's quite surprising that you see it for the first time now. It can be used to validate most servers.

There are separate "userauth packets" (note: we say they're packets instead of tickets because it's just data) for few of the different games. The best would be if there was a single packet/ticket that could be used to test all games.

#28 Guest_shmelle

Guest_shmelle
  • Guests

Posted 05 January 2010 - 10:21 AM

I'm pretty sure I had seen a "normal" (in the format I described above) ticket sent by your scanner in the past. It was probably with CS 1.6. My question is, why don't you use the same userid ticket for all games?

A little note: Term "UserID ticket" refers to the data generated by SteamGetEncryptedUserIDTicket from steam.dll (for older games such as CSS) and InitiateGameConnection from steamclient.dll (for newer games)

#29 Ghost

Ghost

    Admin

  • Moderators - Admin
  • 3,639 posts
274

Posted 05 January 2010 - 11:34 AM

I'm pretty sure I had seen a "normal" (in the format I described above) ticket sent by your scanner in the past. It was probably with CS 1.6. My question is, why don't you use the same userid ticket for all games?

It was probably CS 1.6.

It's possible to test with different kinds of tickets what kind of patches the servers use. Also the packed data in the userid ticket is probably not the same for all games, so the packets should be always generated with the proper engine.

#30 Guest_shmelle

Guest_shmelle
  • Guests

Posted 05 January 2010 - 12:01 PM

Also the packed data in the userid ticket is probably not the same for all games, so the packets should be always generated with the proper engine.


Please note that revEmu is not bound to 1 engine only - it works with all engines. It would be unhandy to develop different tickets for each engine.

Also, STEAM uses 2 types of tickets for all games. Steam2 ticket, which is used for older games, and Steam3 ticket, which is used for newer games. (And they tend to move all games to Steam3). It is good for setti to have a ticket which is different from others (that way we can recognize it), but it it not good at all to have different tickets for different games! The revEmu also generates 1 type of ticket for all games.

#31 Ghost

Ghost

    Admin

  • Moderators - Admin
  • 3,639 posts
274

Posted 05 January 2010 - 01:31 PM

Back in the year x (about 2006) the ascii-table ticket worked even if it was about ~200 bytes long. Some servers accepted it and some not. Some russians and chinese made good patches which allowed just about any 30 bytes long "tickets".

Now we have all kinds of crap floating around so Setti most likely won't start making any changes to the tickets which would differ from a completely normal ticket otherwise. In future it might be even possible that Setti does the testing with a big pool of userid tickets. Then it's more difficult to recognize Setti and make servers behave separately for Setti scanner. Unfortunately nobody knows(?) how to generate the tickets automatically or even what the packed/encoded data in the network dump really contains. Otherwise it'd be possible to neatly generate random tickets for every test.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users