Maple, for those not familiar with it, is an extremely sophisticated application for doing all things mathematical. The product has an amazing list of capabilities for mathematical analysis, graphing, and programming. It is however primarily a mathematical tool, competing with the likes of Mathematica and Matlab. I use all three, Mathematica being my personal favorite. For quick and dirty, however, I find the 'Document Mode' in Maple to be ideal for rapid exploration. I often do proof of concepts there, and when the ideas are fleshed out, move them to Matlab or Mathematica.
So how hard would it be to get to the Electronic Arts centralized server, using a tool completely out of its domain (kind of like using a champagne bottle for a baseball bat), without any of the raw socket nonsense that the game developers used? See for yourself - seven lines of Maple gets you the initial connection and response. A handful more lines would get you a complete server browser. Without the hassles the game introduces by using raw sockets. Pretty powerful tool, doing things out of its real domain. It makes me wonder even more: what were the game developers thinking when they chose to use raw sockets?
Maple Code:
with(Sockets);
sid := Open("159.153.235.12", 18395);
reply := Array(1 .. 65, datatype = integer[1]);
WriteBinary(sid, Array([67, 79, 78, 78, 64, 0, 0, 0, 0, 0, 0, 91, 80, 82, 79, 84, 61, 50, 10, 80, 82, 79, 68, 61, 98, 102, 98, 99, 50, 45, 112, 99, 10, 86, 69, 82, 83, 61, 49, 46, 48, 10, 80, 76, 65, 84, 61, 80, 67, 10, 76, 79, 67, 65, 76, 69, 61, 101, 110, 95, 85, 83, 10, 83, 68, 75, 86, 69, 82, 83, 73, 79, 78, 61, 53, 46, 49, 46, 50, 46, 48, 46, 48, 10, 84, 73, 68, 61, 49, 10, 0], datatype = integer[1]));
ReadBinary(reply, sid);
Close(sid);
convert(subs(0 = 32, 10 = 32, convert(reply, list)), bytes);
EA Server Response:
"CONN ATIME=1272627041 TID=1 activityTimeoutSecs=240 PROT=2"
Hello, EA! All your base are belong to us!
Posts
What the heck is the Magic Sauce you used for the hello part? How did you figure that out? Would you consider making a post with a tutorial for that kind of thing? There are some games I would like to build some stat tools for.
ReplyDeleteThanks!
@Anonymous 4/30/10 12:30:
ReplyDeleteJust the bytes for the initial hello. I used a sniffer to figure this out. The stuff I used is a couple of Fluke (Etherscope/Optiview), not usually in consumer hands. You can do the same with something like Wireshark for free, just can be more work piecing 'conversations' together when things get deep. That's why the hardware analyzers are priced like cars...they make those kinds of things much less tedious, plus they can capture at wire speed without losing traffic.
Not sure a tutorial is likely - each case is different, it's really just grabbing traffic, putting together the 'conversations', and then decoding the meaning. Kind of like crossword / anagram / crypto puzzles rolled into one.