41307fd88d
Added gitignore and fixed packets not decrypting |
||
---|---|---|
backend | ||
cert | ||
data | ||
frontend | ||
plugins/good-transform | ||
util | ||
www | ||
.gitignore | ||
config.js | ||
index.js | ||
package.json | ||
README.md | ||
test.js |
Iridium
A KCP packet sniffer + visualizer in one.
Usage
- Bring
GenshinData
from Grasscutter's resource folder.
½. npm i
-
node . main
ornpm run main
From there, you can either start a proxy or read a .pcap file filtered with udp.port == 22101 or udp.port == 22102
.
Proxy captures will be saved to captures
folder in a .gcap format and can also be read with this tool.
Using with Grasscutter on Localhost
-
Set Grasscutter's GameServer port to an available port and set
PublicPort
to 22102. -
Open config.js and set
useDispatchServer
to false,UdpTargetIP
to127.0.0.1
andUdpTargetPort
to the port that you specified. -
Start Iridium and enable UDP Proxy from Frontend, then you can start Grasscutter.
Node module API for your own packets
startFrontend
: launches the frontend on http://localhost:1984/index.html
displayPacket
: sends an abstract packet to frontend
iridium.displayPacket({
source: 0=server, 1=client
packetID: numerical ID,
protoName: name of the proto,
object: decoded packet contents/any info to display in the frontend
})
decodePacket
: queues a packet to be decoded by mtxor -> protobuf
iridium.decodePacket({
ip: {
address: src_addr,
address_dst: dst_addr,
port: port_src,
port_dst: port_dst
} - this is used to construct the kcp ingest object and determine direction
crypt: if "uncrypt" is missing: the buffer containing only the data bytes of the raw udp packet (usually offset 28),
overrideKey: if crypt is used, you can supply your own key to XOR with, per-packet.
uncrypt: if "crypt" is missing: a buffer containing the already-dexored datagram to feed into protobuf decoder, must start with packet id at offset 2,
})
If uncrypt
is supplied, ip
object only needs either port
or port_dst
set to 22101
to determine direction.
updateProxyIP(ip, port)
: Set remote IP and port of the server the proxy should connect to. This is usually determined automatically when the client makes the request to the cur.
How the proxy works
While you can just drop in a sniffed pcap, the proxy allows you to see traffic realtime. You will need to reach logged-in state, point the dispatch hosts to localhost and activate the Iridium frontend along with the proxy. The dispatch will be running on localhost:80 and localhost:443 - make sure the ports are succesfully bound, you usually need admin access to do that and if there's svchost taking those up, it won't work and you need to kill it first.
After that, you click into the client and it should request the cur - the response cur will point the client to 127.0.0.1 in terms of UDP. If you are using Fiddler to redirect the hosts, you will have to put your own cur.json
into www
folder, as it becomes impossible to make a request for the real cur. It will work if you're just using the hosts file.
After you click again (the door), the UDP connection should start being monitored.
- Alg