Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Member
    Join Date
    Feb 2012
    Posts
    146
    Points
    757
         User Info     Contact     Gamer ID
    Join Date
    Feb 2012
    Posts
    146
    Points
    757

    Default [Release] Jordams demonware debugger (mw3)

    I realized I should probably do this in an official release format as well as put it on the thread.

    The demonware debugger prints information about peer to peer demonware packets passing through your machine.

    Here is some sample output:

    Code:
    [email protected]:~/demonbugger# python demon-debug.py --help
    usage: demon-debug.py [-h] [-p PORT] [-v V] [-sm] [-Xmac] [-dp] [-dpr] [-dc]
    [-dd] [-dC CMDHEX]
    
    Sniff the demonware protocol and display information.
    
    optional arguments:
    -h, --help show this help message and exit
    -p PORT Sniffing Port
    -v V Verbosity, 0 (default, display ip's matching packets once) 1
    (display all matching ips), 2 (dump packet payload), 3 (dump
    full packet)
    -sm set ip matching to source rather then destination
    -Xmac dont filter the mac address of this computer from packets
    -dp display ping requests
    -dpr display ping responses
    -dc display first connection packet
    -dd display data packets
    -dC CMDHEX display packets with command (CMDHEX)
    Code:
    [email protected]:~/demonbugger# python demon-debug.py -dp -dpr -dc -dd -dC 03 -v1
    ping request (S)192.168.1.104 (T)50.135.131.199 {
    (T)MAGIC: 49c6f67c
    (S)ID: d8d01de358f130c8a319
    (S)INTERNAL IP: 192.168.1.104
    (t)EXTERNAL IP: 50.135.131.199
    }
    ping response (S)108.176.219.186 (T)192.168.1.104 {
    (T)MAGIC: 8da239f4
    (S)ID: 29496953ed393ce9f136
    (S)INTERNAL IP: 192.168.1.104
    (t)EXTERNAL IP: 108.176.219.186
    }
    connect1 (S)192.168.1.104 (T)97.71.39.80
    connect1 (S)192.168.1.104 (T)97.71.39.80
    connect1 (S)192.168.1.104 (T)173.60.78.129
    connect1 (S)192.168.1.104 (T)173.60.78.129
    data (S)192.168.1.104 (T)67.183.61.16
    data (S)192.168.1.104 (T)67.183.61.16
    connect1 (S)192.168.1.104 (T)67.168.31.228
    connect1 (S)192.168.1.104 (T)67.168.31.228
    Cx02 (S)173.60.78.129 (T)192.168.1.104
    Cx02 (S)173.60.78.129 (T)192.168.1.104
    Cx02 (S)97.71.39.80 (T)192.168.1.104
    Cx02 (S)97.71.39.80 (T)192.168.1.104
    ping response (S)50.135.131.199 (T)192.168.1.104 {
    (T)MAGIC: 49c6f67c
    (S)ID: d8d01de358f130c8a319
    (S)INTERNAL IP: 192.168.1.104
    (t)EXTERNAL IP: 50.135.131.199
    }
    ping response (S)50.135.131.199 (T)192.168.1.104 {
    (T)MAGIC: 49c6f67c
    (S)ID: d8d01de358f130c8a319
    (S)INTERNAL IP: 192.168.1.104
    (t)EXTERNAL IP: 50.135.131.199
    }
    connect1 (S)67.168.31.228 (T)192.168.1.104
    connect1 (S)67.168.31.228 (T)192.168.1.104
    ping response (S)67.237.251.183 (T)192.168.1.104 {
    (T)MAGIC: 557ee5f0
    (S)ID: 0fbdd5d5d51d79d3a22d
    (S)INTERNAL IP: 192.168.1.104
    (t)EXTERNAL IP: 67.237.251.183
    }
    ping response (S)67.237.251.183 (T)192.168.1.104 {
    (T)MAGIC: 557ee5f0
    (S)ID: 0fbdd5d5d51d79d3a22d
    (S)INTERNAL IP: 192.168.1.104
    (t)EXTERNAL IP: 67.237.251.183
    }
    There is a bit more info in the original thread thread http://www.codeleakers.com/showthrea...W3-packet-bits

    And a link.
    https://github.com/jordam/demonbugger/

    -2 Not allowed! Not allowed!
    Last edited by jordam; 08-15-2013 at 10:04 AM. Reason: Clarification
    Running on rocket fuel.

  2. #2
    Active Member ParadoxContra's Avatar

    Badge

    Join Date
    Nov 2012
    Location
    Texas Bitch!!!
    Posts
    826
    Points
    1,347
         User Info     Contact     Gamer ID
    Join Date
    Nov 2012
    Location
    Texas Bitch!!!
    Posts
    826
    Points
    1,347
    Gamer IDs

    PSN ID: NovaGfx

    Default

    i fucking knew it! 2much4u said that this wasn't possible. Demonware is the server provider that blocks mod menus. And i know the owner of github. PIZZA

    -1 Not allowed! Not allowed!
    Quote Originally Posted by T.B.W View Post
    good job nigga

  3. #3
    ~ Hyrule's Savior ~
    link's Avatar
    Join Date
    Jun 2011
    Posts
    3,825
    Points
    2,802
         User Info     Contact     Gamer ID
    Join Date
    Jun 2011
    Posts
    3,825
    Points
    2,802

    Contact info:

    Youtube Channel: http://www.YouTube.Com/ReTrOSlink

    Default

    Quote Originally Posted by NovaGfx14 View Post
    i fucking knew it! 2much4u said that this wasn't possible. Demonware is the server provider that blocks mod menus. And i know the owner of github. PIZZA
    um.
    No.

    The game (due to the patch) checks if the players .ff files are the same as the host. If they aren't, it rejects their connection from joining the game.

    The patch (I forget which one) put this check in place.

    2 Not allowed! Not allowed!
    Last edited by link; 08-15-2013 at 09:23 AM.
    #gamedevelopment


  4. #4
    Member
    Join Date
    Feb 2012
    Posts
    146
    Points
    757
         User Info     Contact     Gamer ID
    Join Date
    Feb 2012
    Posts
    146
    Points
    757

    Default

    Quote Originally Posted by NovaGfx14 View Post
    i fucking knew it! 2much4u said that this wasn't possible. Demonware is the server provider that blocks mod menus. And i know the owner of github. PIZZA
    This isnt made for the client -> command server.
    This is for client -> client over the demonware protocol.
    So wii -> wii in this case.

    You can use it to:
    pinpoint connected ip's while hosting a game
    find out what the hosts ip is when a client
    grab other clients's ips when they ping you when you are a client
    pull in ping data needed to elicit ping responses
    print the ip of every host you can reach on the command server and their ping data
    print all attempted connections when searching for a game
    dump the payload bytes of any command, and more.

    It is largely a research tool.

    Next releases may include mitm support so you arent on your own for getting the packets to your machine.

    0 Not allowed! Not allowed!
    Running on rocket fuel.

  5. #5
    Member
    Join Date
    Feb 2012
    Posts
    146
    Points
    757
         User Info     Contact     Gamer ID
    Join Date
    Feb 2012
    Posts
    146
    Points
    757

    Default

    Quote Originally Posted by Slink View Post
    um.
    No.

    The game (due to the patch) checks if the players .ff files are the same as the host. If they aren't, it rejects their connection from joining the game.

    The patch (I forget which one) put this check in place.
    Now if only we had some way to decrypt packets and replace the .ff checksum during transit...

    0 Not allowed! Not allowed!
    Running on rocket fuel.

  6. #6
    Wii Code Creator
    T.U.F.F. PUPPY
    T.B.W's Avatar

    Badge

    Join Date
    Dec 2012
    Location
    Barcelona Spain
    Posts
    4,212
    Points
    6,669
         User Info     Contact     Gamer ID
    Join Date
    Dec 2012
    Location
    Barcelona Spain
    Posts
    4,212
    Points
    6,669

    Default

    you can get by that error. Its a way around everything

    0 Not allowed! Not allowed!

  7. #7
    ~ Hyrule's Savior ~
    link's Avatar
    Join Date
    Jun 2011
    Posts
    3,825
    Points
    2,802
         User Info     Contact     Gamer ID
    Join Date
    Jun 2011
    Posts
    3,825
    Points
    2,802

    Contact info:

    Youtube Channel: http://www.YouTube.Com/ReTrOSlink

    Default

    Quote Originally Posted by TBW View Post
    you can get by that error. Its a way around everything
    This.

    Just like how every iOS update reveals a new exploit.

    Also, this isn't through packets of data sending it through the game. It's the game itself (and the patch) rejecting your connection. It has nothing to do with the server. It's possible to get around it, but not with messing with the server or the packets of data being sent between the server and the client.






    There's many programs already out there that can fetch players connection information, such as their ip, ping, etc. No need to make a new program, lol.

    1 Not allowed! Not allowed!
    Last edited by link; 08-15-2013 at 10:44 AM.
    #gamedevelopment


  8. #8
    Active Member ParadoxContra's Avatar

    Badge

    Join Date
    Nov 2012
    Location
    Texas Bitch!!!
    Posts
    826
    Points
    1,347
         User Info     Contact     Gamer ID
    Join Date
    Nov 2012
    Location
    Texas Bitch!!!
    Posts
    826
    Points
    1,347
    Gamer IDs

    PSN ID: NovaGfx

    Default

    That's what i tried to do a long time ago. But i failed because i didn't have enough knowledge on this. I still don't know all that i need to know. But maybe there's a way to bypass the .ff blocking port or whatever it is through ASM. Sort of like the mac changer code. Instead it changes the server settings for that one person? Idk. It's just an idea.

    0 Not allowed! Not allowed!
    Quote Originally Posted by T.B.W View Post
    good job nigga

  9. #9
    Member
    Join Date
    Feb 2012
    Posts
    146
    Points
    757
         User Info     Contact     Gamer ID
    Join Date
    Feb 2012
    Posts
    146
    Points
    757

    Default

    Quote Originally Posted by Slink View Post
    This.

    Just like how every iOS update reveals a new exploit.

    Also, this isn't through packets of data sending it through the game. It's the game itself (and the patch) rejecting your connection. It has nothing to do with the server. It's possible to get around it, but not with messing with the server or the packets of data being sent between the server and the client.
    My last simplified understanding of how the patch worked was the person hosting the game generated a checksum representing their .ff, they then request the client wii to generate their own checksum and send it to the host to compare (or alternatively send them the hosts checksum for the client to verify).

    In either case, a checksum is sent over the network.

    The intimidate aversion tactic that presents itself is requiring the entire file to be sent,
    However this is just as vulnerable to having the entire file replaced in transit.

    Would you care to suggest a possible alternative verification method that does not require identifying data to be sent over the network but still allows a host and client with the same hacked .ff to play together?

    Quote Originally Posted by Slink View Post
    There's many programs already out there that can fetch players connection information, such as their ip, ping, etc. No need to make a new program, lol.
    Name one program that lets you pull the internal ip address of another players wii, or display actual connection attempts separate from pings and I will be impressed I missed it.
    This is specific to the demonware protocol, and allows you to filter data down to specific packet types for better targeting.

    Also this program will allow you to grab the data needed to ping someone with a computer via the protocol to see if they are on the game. (And please dont pull that 'you can just run ping IP!!!', that will put you in touch with their router, not their wii...)

    -1 Not allowed! Not allowed!
    Running on rocket fuel.

  10. #10
    ~ Hyrule's Savior ~
    link's Avatar
    Join Date
    Jun 2011
    Posts
    3,825
    Points
    2,802
         User Info     Contact     Gamer ID
    Join Date
    Jun 2011
    Posts
    3,825
    Points
    2,802

    Contact info:

    Youtube Channel: http://www.YouTube.Com/ReTrOSlink

    Default

    Quote Originally Posted by jordam View Post
    pull that 'you can just run ping IP!!!', that will put you in touch with their router, not their wii...)
    Never said that, lol. Pinging with command prompt can't do it.

    There are other sniffers out there.

    0 Not allowed! Not allowed!
    #gamedevelopment


Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -10. The time now is 10:57 PM.
Powered by vBulletin®
Copyright © 2017 vBulletin Solutions, Inc. All rights reserved.