Jump to content

Morrighan - Client proxy


exec
 Share

Recommended Posts

Morrighan acts as a kind of proxy, it makes the client connect to a special local server that forwards all packets from the client to the actual server. This way it's able to read every single packet that gets sent or received. These packets are then passed to other applications, so they can work with them, e.g. loggers like Pale.

Not only is this way of logging much more reliable than the packet sniffing in MabiPale 1, it also allows to log local traffic without jumping through hoops, so you can log the traffic to your own local Aura server if you so desire. It should work with any official server and it's unlikely to break.

The look and feel is similar to Pake+mod_Alissa, but without the hacks^^ It's even compatible to Alissa Analyzer, if anyone would want to use it.

Download

How to log

Let's assume you want to log packets from NA. Instead of launching the client through the patcher you would create a link/bat, like you would to connect to a local server, but with the NA IPs. And instead of client.exe you would use Morrighan.exe (which you have to put into your Mabi folder), that's it.

Morrighan.exe code:1622 ver:143 logip:208.85.109.35 logport:11000 chatip:208.85.109.37 chatport:8002 setting:"file://data/features.xml=Regular, USA"

What will happen here is that Morrighan reads the parameters, replaces the logip and port with the ones to a new local server it started, and finally starts the client. You will see a little window in the upper left, to let you know that Morrighan is running. Once you see that window you can use a tool like Pale to connect to it and log packets.

The window closes automatically when the client gets closed. You can also double click it to quickly close Morrighan and the client.

How to connect to Morrighan

Morrighan uses the same API as the tool it was inspired by, "Alissa". It uses WM_COPY messages to communicate between Morrighan's and the subscriber's window. To subscribe to Morrighan, to receive packets, you send the "op" (dwData) 100 to Morrighan's window (window name: "mod_Alissa"), to unsubscribe, you send 101. While you're subscribed, you receive all incoming (op 0x10101012) and outgoing (op 0x10101011) packets via the same method.

For an actual example on how this works, I suggest looking at the corrosponding functions in Pale. Alternatively you can also create a plug-in for Pale, which will be easier.

Nexon Launcher

With the removal of direct launch in NA and possibly other regions, the NX hash login has to be used to start Morrighan for officials now, which uses the /P parameter to pass the login information to the client directly. Morrighan can assist you in retrieving that parameter, so you can still easily start the client with it.

Starting with Morrighan 1.5.11 you can add the parameter nxlauncher to your normal NA start up parameters. If you do so, Morrighan temporarily replaces your Client.exe with itself. Then you click Play in the Nexon Launcher, which doesn't start the client, but Morrighan instead, which now doesn't start the game, but just notes down the NX hash. Afterwards you click OK in the window of the original Morrighan, which reverts the Client.exe back to normal, retrieves the hash from a temporary file, and then starts the client as it normally would.

Example: Morrighan.exe code:1622 ver:143 logip:208.85.109.35 logport:11000 chatip:208.85.109.37 chatport:8002 setting:"file://data/features.xml=Regular, USA" nxlauncher

Restrictions

Right now Morrighan only supports the Login and Channel servers, you won't get any messenger packets, it lets the client connect directly there. It was easier to code it like this and we don't really need the messenger packets anymore.

Link to comment
Share on other sites

  • exec pinned this topic
  • 1 month later...

Update 1.4.6

  • Fixed a bug where packets weren't decrypted, which made them useless for subscribed applications. This fixes the problem several people had with Morrighan lately, where Pale and other applications that use it didn't get any or limited data.

Click on Download in the opening post to get the latest version if you had problems.

  • Like 2
Link to comment
Share on other sites

  • 2 months later...

이 프로그램에 듣는 ip와 포트를 변경할 수 있는 설정이 필요합니다.

The settings that you can change the ip and port to listen to the program required.

 

'Kor-serv' such cases, the communication from the given ip and port than anywhere else in the argument.

'Kor-serv'같은 경우에는 인자값으로 준 ip와 port와는 다른 곳에서 통신을 합니다.

 

위에서 말한 설정을 추가하는 것이 가능합니까?

Is it possible to add the settings mentioned above?

Link to comment
Share on other sites

13 minutes ago, exec said:

I'm afraid Google is bad at translating Korean =/ Are you saying the Korean client has different required arguments? If so, could you show me the arguments required to launch the Korean client?

 

Orininal Kor-Serv args:

code:1622 ver:863 logip:211.218.233.101 logport:11000 chatip:211.218.233.193 chatport:8002 resourcesvr:http://mabi.dn.nexoncdn.co.kr/data/ setting:"file://data/features.xml=Regular, Korea" dumpip:211.218.233.28:9999

However, the client is actually the ip range that communication is 211.218.233.101~111.

 

my args for packet analyse(morrighan):

Morrighan.exe code:1622 ver:863 logip:211.218.233.101 logport:11000 chatip:211.218.233.193 chatport:8002 setting:"file://data/features.xml=Regular, Korea"

 

 

sorry, push report post to my mistake..

Edited by Nerguri
Link to comment
Share on other sites

7 minutes ago, exec said:

Sorry, I don't see the problem, the arguments look just like the ones for NA. What exactly isn't working, are you getting an error message?

no. not error.

just... MabiPale can't receiving any packet from morrighan.

 

but, local args(127.0.0.1 using aura), received packet.

Edited by Nerguri
Link to comment
Share on other sites

1 minute ago, Nerguri said:

no. not error.

just... MabiPale can't receiving any packet from morrighan.

 

but, local args(127.0.0.1 using aura), received packet.

Ah~ Do you get no packets at all? Or do you only get packets on the character selection? Can you show me the Morrighan.log file?

Link to comment
Share on other sites

5 minutes ago, exec said:

Ah~ Do you get no packets at all? Or do you only get packets on the character selection? Can you show me the Morrighan.log file?

 

here.

2015-12-11 오전 9:11:40 [Info] - Morrighan 1.0.5747.17813
2015-12-11 오전 9:11:40 [Info] - Starting server...
2015-12-11 오전 9:11:40 [Info] - Server listening on '127.0.0.1:5169'
2015-12-11 오전 9:11:40 [Info] - Starting Alissa communicator...
2015-12-11 오전 9:11:40 [Info] - Starting client...
2015-12-11 오전 9:11:41 [Info] - Started client: Client.exe code:1622 ver:863 chatip:211.218.233.193 chatport:8002 setting:"file://data/features.xml=Regular, Korea" logip:127.0.0.1 logport:5169
2015-12-11 오전 9:11:41 [Info] - Morrighan is ready to serve you
2015-12-11 오전 9:12:33 [Info] - Client connected from 127.0.0.1:5214
2015-12-11 오전 9:12:33 [Info] - Tunneling connection to '211.218.233.101:11000' through '127.0.0.1:5169'
2015-12-11 오전 9:12:39 [Info] - Server closed connection
2015-12-11 오전 9:12:39 [Info] - Server listening on '127.0.0.1:5169'

 

오전 is AM.(YYYY-MM-DD AM/PM h:mm:ss)

Link to comment
Share on other sites

15 minutes ago, exec said:

In the log file above I don't see the message that Pale subscribed, you are clicking on "Connect" in Pale, right? And the Morrighan symbol "lights up"?

symbol is "lights up" and clicked "Connect" in Pale.

 

korsv3.jpg

 

morrighan launch -> engine all loaded -> mabipale2 connect -> login -> character select -> move -> warp -> move

Edited by Nerguri
Link to comment
Share on other sites

You said you're receiving packets when you use Aura, is that using the KR client? Or are you using the NA client for that?

I've attached a Debug build of Morrighan, that writes more information to the log file. Could you do the above again, start with Morrighan, connect, login, select, move, warp, etc, but with the attached Morrighan.exe, and then post the log file? Since that log file will potentially include data like your character id, you can also send it to me via PM if you don't feel comfortable posting that.

I'll review the new log tomorrow.

Morrighan.exe

Link to comment
Share on other sites

3 minutes ago, exec said:

You said you're receiving packets when you use Aura, is that using the KR client? Or are you using the NA client for that?

I've attached a Debug build of Morrighan, that writes more information to the log file. Could you do the above again, start with Morrighan, connect, login, select, move, warp, etc, but with the attached Morrighan.exe, and then post the log file? Since that log file will potentially include data like your character id, you can also send it to me via PM if you don't feel comfortable posting that.

I'll review the new log tomorrow.

Morrighan.exe

mabi KRServer, using KR client... not Aura.

Edited by Nerguri
Link to comment
Share on other sites

8 hours ago, Nerguri said:

mabi KRServer, using KR client... not Aura.

What I meant was: Are you using the KR client with Aura? If you're using the NA client with Aura, it would make sense for you to get packets. If it's a general problem with the KR client that is.

Link to comment
Share on other sites

9 hours ago, exec said:

You said you're receiving packets when you use Aura, is that using the KR client? Or are you using the NA client for that?

I've attached a Debug build of Morrighan, that writes more information to the log file. Could you do the above again, start with Morrighan, connect, login, select, move, warp, etc, but with the attached Morrighan.exe, and then post the log file? Since that log file will potentially include data like your character id, you can also send it to me via PM if you don't feel comfortable posting that.

I'll review the new log tomorrow.

Morrighan.exe

mabi KRServer, using KR client... not Aura..

 

41 minutes ago, exec said:

What I meant was: Are you using the KR client with Aura? If you're using the NA client with Aura, it would make sense for you to get packets. If it's a general problem with the KR client that is.

 

 

No... I use the KR client with KR Server for analyse the pet mount packet.

because NA client can't KR Server. my KR Server account have pet..

Edited by Nerguri
Link to comment
Share on other sites

On 2015. 12. 11. at 7:31 PM, exec said:

Ah, alright. How about a log from the Debug build I posted yesterday? This problem is a little hard to analyse, since I obviously don't have access to KR. Morrighan was only ever tested with NA.

log file is:

 

2015-12-13 오전 2:07:21 [Info] - Morrighan 1.0.5823.3369
2015-12-13 오전 2:07:21 [Info] - Starting server...
2015-12-13 오전 2:07:21 [Info] - Server listening on '127.0.0.1:49188'
2015-12-13 오전 2:07:21 [Info] - Starting Alissa communicator...
2015-12-13 오전 2:07:21 [Info] - Starting client...
2015-12-13 오전 2:07:23 [Info] - Started client: Client.exe code:1622 ver:863 chatip:211.218.233.193 chatport:8002 resourcesvr:"http://mabi.dn.nexoncdn.co.kr/data/" setting:"file://data/features.xml=Regular, Korea" dumpip:211.218.233.28:9999 logip:127.0.0.1 logport:49188
2015-12-13 오전 2:07:23 [Info] - Morrighan is ready to serve you
2015-12-13 오전 2:08:00 [Info] - Application subscribed: 'MabiPale2'
2015-12-13 오전 2:08:21 [Info] - Client connected from 127.0.0.1:49199
2015-12-13 오전 2:08:21 [Info] - Tunneling connection to '211.218.233.101:11000' through '127.0.0.1:49188'
Seed: 1FA46DB6
From client enc: 88 0B 00 00 00 00 C1 C5 E7 66 4E
From client dec: 88 0B 00 00 00 00 00 C5 E7 66 4E
From server enc: 88 07 00 00 00 00 06
From server dec: 88 07 00 00 00 00 F8
From server enc: 88 07 00 00 00 00 07
From server dec: 88 07 00 00 00 00 F9
From client enc: 88 0E 00 00 00 01 DB 6E E4 1E 14 26 F4 17
From client dec: 88 0E 00 00 00 01 0D 60 02 00 14 26 F4 17
From server enc: 88 0A 00 00 00 01 0D 60 02 00
From server dec: 88 0A 00 00 00 01 F3 BC B8 98
From client enc: 88 57 00 00 00 00 D7 9C C2 8B 05 CC 8D 33 77 B4 0E 36 1B 68 8C E7 44 1E D0 88 E1 79 B5 71 6A 6F 9E 17 F4 EB C3 FB EF 75 F7 C2 46 F8 A0 07 32 80 23 72 61 5B 8C E5 CA 7E 28 96 AC 36 E6 2E 3E 0A EB 07 EE EF D9 B9 AD 3F 80 EF 64 BA E8 41 59 D7 61 5B AB 89 11 C4 47
From client dec: 88 57 00 00 00 00 0F D1 02 0A 00 00 00 00 00 00 00 00 3E 05 00 01 01 06 00 1B 4B 4F 52 5F 52 65 67 75 6C 61 72 2D 37 38 37 43 43 34 2D 34 45 34 2D 44 44 36 00 03 8F 66 F8 05 06 00 01 00 06 00 12 65 76 65 68 6F 75 72 40 6E 61 76 65 72 2E 63 6F 6D 00 89 11 C4 47
From server enc: 00 2B 00 00 00 00 00 00 00 54 10 00 00 00 00 00 00 10 16 02 00 06 00 10 32 31 31 2E 32 31 38 2E 32 33 33 2E 31 30 39 00 02 2A F8
From server dec: 00 2B 00 00 00 00 8B 07 1E 95 90 6D D8 C8 3C 14 5E F9 BB EE 5B 68 C9 05 B4 26 22 C8 EF DA 53 97 36 64 88 5D 49 E8 C7 DC B8 B2 8E
From client enc: 88 0E 00 00 00 01 CF 6C C2 28 F0 84 D1 81
From client dec: 88 0E 00 00 00 01 89 75 02 00 F0 84 D1 81
2015-12-13 오전 2:08:27 [Info] - Server closed connection
2015-12-13 오전 2:08:27 [Info] - Server listening on '127.0.0.1:49188'
 

Link to comment
Share on other sites

Alright, I see two problems here. First, for some reason the server's packets apparently aren't encrypted, that's weird. The other problem is that the login server you initially connect to redirects you to another one, Morrighan currently doesn't support that feature.

Adding the login redirect shouldn't be too much of a problem, but I don't understand why it would not encrypt the packets. Though I guess I could check if it connects to KR for that. I'll look into it later today or tomorrow.

Link to comment
Share on other sites

1 hour ago, exec said:

Alright, I see two problems here. First, for some reason the server's packets apparently aren't encrypted, that's weird. The other problem is that the login server you initially connect to redirects you to another one, Morrighan currently doesn't support that feature.

Adding the login redirect shouldn't be too much of a problem, but I don't understand why it would not encrypt the packets. Though I guess I could check if it connects to KR for that. I'll look into it later today or tomorrow.

Thank you! :)

Link to comment
Share on other sites

2 minutes ago, exec said:

Nice, I honestly didn't expect it to work on the first try^^

I've updated the release in the link in the first post. You can continue to use the Debug version, but the log files will become pretty big then.

 log file has many hex string. but it doesn't matter.

it work!! :)

ps. 'avast!' is discovered virus in this file.

Link to comment
Share on other sites

  • exec unpinned this topic

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...