Last active
December 22, 2020 17:38
-
-
Save x1nixmzeng/3c562b96a811bf5f833bbcf53ab82bd5 to your computer and use it in GitHub Desktop.
Soul Worker Wireshark Dissector (packet analyser)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- Soul Worker Wireshark Dissector rev 1 | |
| -- Written by WRS/x1nixmzeng (forum.xentax.com) | |
| -- Usage: wireshark.exe -X lua_script:ws_soulworker.lua | |
| local sw_port = 27017 | |
| sw_proto = Proto("sw_proto","Soul Worker Protocol") | |
| local sw_method = | |
| { | |
| [6] = "Set New Packet", | |
| [7] = "No Change", | |
| } | |
| local sw_keys = | |
| { | |
| -- Const1 if game client packet, otherwise Const2 | |
| [0x001AE000] = "Client", | |
| -- Const1 if server packet, otherwise Const2 | |
| [0xD4758100] = "Server", | |
| } | |
| local sw = sw_proto.fields | |
| sw.magic = ProtoField.string("sw_proto.magic", "Magic") | |
| sw.len = ProtoField.uint16("sw_proto.len","Length") | |
| sw.type = ProtoField.uint8("sw_proto.type","Packet", base.DEC, sw_method) | |
| sw.ver = ProtoField.uint8("sw_proto.ver","Version") | |
| sw.const1 = ProtoField.uint32("sw_proto.const1","Const1", base.DEC, sw_keys) | |
| sw.const2 = ProtoField.uint32("sw_proto.const2","Const2", base.DEC, sw_keys) | |
| sw.pktno_next = ProtoField.uint32("sw_proto.pktno_next","Next Packet Number") | |
| sw.pktno = ProtoField.uint32("sw_proto.pktno","Packet Number") | |
| sw.dataflag = ProtoField.uint32("sw_proto.data","Data Flag") | |
| sw.pktno_next2 = ProtoField.uint32("sw_proto.pktno_next2","Next Packet Number (dupe)") | |
| sw.size = ProtoField.uint32("sw_proto.size","Size") | |
| function sw_proto.dissector(buffer,pinfo,tree) | |
| pinfo.cols.protocol = "SOUL_WORKER" | |
| local t = tree:add(sw_proto, buffer) | |
| -- Magic string "VS01" | |
| t:add( sw.magic, buffer(0,4)) | |
| -- Packet size (can be 0) | |
| t:add_le( sw.len, buffer(4,2) ) | |
| -- Value of 6 when the packet number changes | |
| t:add( sw.type, buffer(6,1) ) | |
| -- Currently 4 | |
| t:add( sw.ver, buffer(7,1) ) | |
| -- Constant number 1 | |
| t:add_le( sw.const1, buffer(8,4)) | |
| -- Constant number 2 | |
| t:add_le( sw.const2, buffer(12,4)) | |
| -- Next packet number to send (or 0) | |
| t:add_le( sw.pktno_next, buffer(16,4) ) | |
| -- Current agreed packet number | |
| t:add_le( sw.pktno, buffer(20,4) ) | |
| -- Value 1 when packet data is sent, otherwise 0 | |
| t:add_le( sw.dataflag, buffer(24,4)) | |
| -- Duplicate next packet number | |
| t:add_le( sw.pktno_next2, buffer(28,4) ) | |
| -- Packet size duplicate | |
| t:add_le( sw.size, buffer(32,4) ) | |
| if buffer(4,2):uint() > 0 then | |
| -- Remaining packet data (unknown format) | |
| t:add( buffer(36), "Packet Data (" .. tostring(buffer(36,10)) .. "..)" ) | |
| end | |
| end | |
| udp_table = DissectorTable.get("udp.port") | |
| udp_table:add(sw_port, sw_proto) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment