Does anyone know how to enable ShowEQ to add debug messages to the source code? I can't find any information on how to do this and have been looking for hours... Any help or direction would be awesome.
Printable View
Does anyone know how to enable ShowEQ to add debug messages to the source code? I can't find any information on how to do this and have been looking for hours... Any help or direction would be awesome.
I'm trying to understand what is being said here (https://medium.com/@Packet99/decrypt...s-7248acb1797b)
One method that immensely helped with the understanding of the protocol was using ShowEQ’s built-in debug handler for tracking execution. The following code below is the original ShowEQ code with added debug messages to explain program flow. Combing this option with the ability to run ShowEQ against already pre-captured sessions (pcaps) allowed us to rapidly iterate through code branches.
I was able to figure out that ShowEQ is capable of playing and recording packets - but this isn't obvious. There is no option in the GUI for this that I could find. You had to go into the seqdef.xml under the "VPacket" section and define a few settings. So that's neat, I can play a pre-recorded capture without actually being in-game. But if I'm understanding the post above, you can actually step through the code as a packet is being decoded? Am I barking up the wrong tree here?
Thanks,
I'm thinking I understand this a little better - there must be a debug mode you can enable in ShowEQ to see the verbose messaging of what is happening with the processing of the packets. I just don't know how to enable this. Does anyone out there know how to enable this level of debug??
Strictly speaking you don't need to use the xml file, as there are command line flags (see "showeq --help") to specify the capture/playback files. If by step through you mean step through using a debugger, yes, you can step through the decode process for either a recorded stream or a live stream. But showeq itself will not show you that level of detail.
General debug is enabled by default, unless you pass --disable-debug=yes to configure. But that won't get you the level you're asking about.
If you look at the various net-related files there are ifdefs to add additional debug output. In particular:
In those files there are #define statements that have been commented out that you can uncomment, or you can pass in the defines to configure as CPPFLAGS, e.g., -DDEBUG_PACKET=1. Either way, you'll need to recompile to get the debug info you're asking about.Code:packetcapture.cpp:#ifdef PCAP_DEBUG
packet.cpp:#ifdef DEBUG_PACKET
packetlog.cpp:#ifdef DEBUG_PACKET
vpacket.cpp:#ifdef DEBUG_VPACKET
Awesome, thank you for the quick reply!! I will certainly try that out. Yes funny shortly after my last post I found the --help command from someone else's post on something entirely different (duh!). Never even thought of trying to see if there was a help command lol. Again, really appreciate the assistance here!
cn187,
Do you know how you would step through a different cpp file in a debugger other than main.cpp?? I'm trying to step through the part of the program that decodes the UDP stream from the game. I'm more interested in packetformat.cpp...
Thanks,
As I go through the main.cpp file I'm just lost how this segways to other parts of the program like the packet decode process.
Decryption routines used to be in libeq.cpp. I guess it was reincorporated in the source when it went to version 4.0. Shows how long it is been since I tried to do anything with it...
You know it might be easier to just use SEQ on a free account on live and then once you are familiar with the code, go to p99 and maybe it will help.
I'm trying to just walk through the process on how ShowEQ just decodes (not unencrypts) the packets, as I'm going to try and write something that will decrypt the P99 game stream with the xor key. I just need to understand how I can debug this with live/recorded game data to test... I have never debugged a running program before until now. I think that's why it's been so difficult getting to this point as it's all new to me. But I'm definitely learning things daily. As a side quest, I'm trying to get my Dad to get his old PCs out of storage to try and find old ShowEQ files. Maybe he's got an old copy with the decryption stuff in it (I know it was a little different, but anything would help).
Not a bad idea either on the live side just to see how it works without dealing with this xor crap.
Yup. That way you can get familiar with how it works and then apply it to p99. The live still has the xor, it may be a little different than p99 but at least you will know what to expect when you see seq fully working.
Whatever debugger you're using will support breakpoints. You can set a breakpoint on a given file/line/function, and the debugger will stop program execution when it hits that point. So for example, you could set a breakpoint on EQProtocolPacket::decode and it would stop every time that function gets called, letting you view stack variables, step into/over parts, etc.
Also, as a tip - if you're not already, I'd suggest passing --disable-optimization and --disable-inlines to configure and recompiling. That will help reduce some of the jumping/skipping/backtracking that you get when you try to step through optimized code.
Wanted to say THANK YOU! This was exactly what I was trying to do. I didn't realize I could choose a function instead of a file. Been watching videos on functions and header files today =). This is sooooooooooooooo cool!
They switched to something stronger, which led to showeq using an in-memory key sniffer in order to keep working. But due to various issues they decided to roll back that change, so it went back to the way it was before (XOR).
Originally the stream was with no protection for the first couple of month. Then they xored it. When they "Upped the Ante" and started a rotating encryption (or something like that) PoP era. Then just as suddenly, they switched back to the old xor. I dont think they have changed it since. I could be wrong. I never worked on decrypting the packets. I just took it for granted.
I take back my statement... maybe it isnt xored. I saw this line in the code.
// structure (ie. encryption) changes. It is checked by the VPacket feature
// nothing is compressed or encrypted at this point...
I am not sure if that is post decryption or if it refers to that there is no encryption now.
I still see the player and spawn backfill but not sure why they would need to do that if it wasnt still encrypted.
Cant get my original upload to go away...