Analysis on the connection principle of warcraft LAN across CIDR blocks

Research (to be accurate, we should use "tossing") when the World of Warcraft LAN was online, it was initially a fierce analysis of their own packets, probably figured out the meaning of the data, but I do not believe in myself, I tried to search for information on the Internet, and finally found that many people are studying this thing...

Xinyu Column

Http://blog.csdn.net/xinrui5577/archive/2009/09/16/4560590.aspx

When I saw his article, I was quite certain and admired by my predecessors (who enlightened me all of them). I used Java to implement it ~ In fact, as long as you understand Java, it is easy to learn C ++, and there is no limit to programming languages ......

My understanding of his article is as follows:

 

First, when the World of Warcraft enters the LAN, it starts to enable socket and bind UDP socket to the local port 6112 (default port), and starts to broadcast to the same CIDR block to 255.255.255.255Query Information

Content: F7 2f 10 00 50 58 33 57 14 00 00 00 00 00 00
My Warcraft version is 1.20e, so the ninth byte is 0x14. From the capture of wc3 game searcher, 1.21 is 15, 1.22 is 16...

 

War3.exe only sends the UDP packet to the IP address of the same network segment. Therefore, if you want to search for IP addresses of different network segments, you only need to send the packet to port 6112...

Handler will process...

In this case, it is very simple to implement online...

 

And when you have created a token, war3.exe will broadcastMaster Information

Content: F7 32 10 00 01 00 00 00 00 00 04 00 00 00 00

Tell someone that I have built the master ......

After the producer receives this message, the following link war3 will be handled by itself...

 

Therefore, if you write a program to sendCreate master information packageThen you can add hosts of different network segments to your host and sendInquiry Information PackageThen you can add hosts of different network segments...

 

Of course, to implement the powerful functions like wc3 game searcher, we will continue to analyze the World of Warcraft data package...

Listen to the local port 6112 and forward the packet to different network segments when sending the UDP packet. This requires the original socket ......

You can also use UDP protocol, but you need to use the so_reuseaddr attribute and port reuse. However, the problem is that when you rebind the socket to port 6112, Warcraft will exit the LAN, when Warcraft is about to enter the LAN again, it will be unable to connect to the network. Because the port is bound to your socket, the socket of warcraft is not set with the so_reuseaddr attribute...

 

Then there is a detailed host information package, including host name, MAP information, current number of players, etc. I will not continue to analyze it. If I am interested, I will read the article ......

 

Here is an idea:

When you play warcraft on the combat platform, you won't know that there is a tool called T-man hanging. The principle is that when you are a host, you disconnect the TCP connection with the player, at present, most T-players cannot specify T-players. They can only be determined by looking at the corresponding port size according to the order of incoming hosts. Except for a tool, is the w3xcustomkick of shadow French.

He reads the memory Of Warcraft to get the ing between the player ID and the port number (juniu B). If you are interested, you can take the smart check to track it slowly, but I promise you will cry when you see it ...... If you start with a TCP connection, you can easily get the ing between the player ID and the port number, but the premise is that you have to start listening before creating the host ......

The following is a TCP packet sent from my host.

00000000 F7 1E 32 00 02 00 00 00 C4 D4 85 03 00 E0 17 01 ...... 2 .............
00000010 00 00 00 57 6f 72 6C 64 43 72 65 61 74 65 72 00... world creater.
00000020 01 00 02 00 17 E0 3A 14 58 21 00 00 00 00 00 00 ......:. X !......
00000030 00 00 ..
The user name is world creater.

 

Very evil. If you are interested, study it ......

Download the tool mentioned in this article:

Packet capture tool:

Wsockexpert

Http://download.csdn.net/source/1820067

Smartsniff

Http://download.csdn.net/source/1820078

 

Attached I wrote a sample lancraft, which integrates the simple MH Function

Wc3tool

Http://download.csdn.net/source/1819854