A KCP packet sniffer + visualizer in one for grasscutter
Go to file
4Benj_ 41307fd88d
Merge pull request #2 from lilmayofuksu/main
Added gitignore and fixed packets not decrypting
2022-04-25 15:32:32 +08:00
backend Added gitignore and fixed packets not decrypting 2022-04-25 10:27:22 +03:00
cert Squash 2022-04-24 16:31:16 +02:00
data Squash 2022-04-24 16:31:16 +02:00
frontend Squash 2022-04-24 16:31:16 +02:00
plugins/good-transform Squash 2022-04-24 16:31:16 +02:00
util Squash 2022-04-24 16:31:16 +02:00
www Squash 2022-04-24 16:31:16 +02:00
.gitignore Added gitignore and fixed packets not decrypting 2022-04-25 10:27:22 +03:00
config.js Squash 2022-04-24 16:31:16 +02:00
index.js Squash 2022-04-24 16:31:16 +02:00
package.json Squash 2022-04-24 16:31:16 +02:00
README.md Squash 2022-04-24 16:31:16 +02:00
test.js Squash 2022-04-24 16:31:16 +02:00

Iridium

A KCP packet sniffer + visualizer in one.

Usage

  1. Bring GenshinData from Grasscutter's resource folder.

½. npm i

  1. node . main or npm run main

  2. http://localhost:1984/index.html

From there, you can either start a proxy or read a .pcap file filtered with udp.port == 22101 or udp.port == 22102. Proxy captures will be saved to captures folder in a .gcap format and can also be read with this tool.

Using with Grasscutter on Localhost

  1. Set Grasscutter's GameServer port to an available port and set PublicPort to 22102.

  2. Open config.js and set useDispatchServer to false, UdpTargetIP to 127.0.0.1 and UdpTargetPort to the port that you specified.

  3. Start Iridium and enable UDP Proxy from Frontend, then you can start Grasscutter.

Node module API for your own packets

startFrontend: launches the frontend on http://localhost:1984/index.html

displayPacket: sends an abstract packet to frontend

iridium.displayPacket({
	source: 0=server, 1=client
	packetID: numerical ID,
	protoName: name of the proto,
	object: decoded packet contents/any info to display in the frontend
})

decodePacket: queues a packet to be decoded by mtxor -> protobuf

iridium.decodePacket({
	ip: {
		address: src_addr,
		address_dst: dst_addr,
		port: port_src,
		port_dst: port_dst
	} - this is used to construct the kcp ingest object and determine direction
	crypt: if "uncrypt" is missing: the buffer containing only the data bytes of the raw udp packet (usually offset 28),
	overrideKey: if crypt is used, you can supply your own key to XOR with, per-packet. 
	uncrypt: if "crypt" is missing: a buffer containing the already-dexored datagram to feed into protobuf decoder, must start with packet id at offset 2,
})

If uncrypt is supplied, ip object only needs either port or port_dst set to 22101 to determine direction.

updateProxyIP(ip, port): Set remote IP and port of the server the proxy should connect to. This is usually determined automatically when the client makes the request to the cur.

How the proxy works

While you can just drop in a sniffed pcap, the proxy allows you to see traffic realtime. You will need to reach logged-in state, point the dispatch hosts to localhost and activate the Iridium frontend along with the proxy. The dispatch will be running on localhost:80 and localhost:443 - make sure the ports are succesfully bound, you usually need admin access to do that and if there's svchost taking those up, it won't work and you need to kill it first.

After that, you click into the client and it should request the cur - the response cur will point the client to 127.0.0.1 in terms of UDP. If you are using Fiddler to redirect the hosts, you will have to put your own cur.json into www folder, as it becomes impossible to make a request for the real cur. It will work if you're just using the hosts file.

After you click again (the door), the UDP connection should start being monitored.

  • Alg