Decode/Work with existing dumps using quarry as an API about quarry HOT 8 CLOSED

Yes, you can absolutely do this! If you have a chunk_data packet saved to disk, you can do something like:

from quarry.types.buffer import Buffer
with open("packet.bin", "rb") as fd:
    buff = Buffer(fd.read())
x, z, contiguous = buff.unpack('ii?')
# etc

There's an example of unpacking a chunk data packet using quarry here: https://github.com/barneygale/minebnc/blob/master/plugins/world.py#L73-L107

from quarry.

Thanks Barney, I'm using scapy to debug it while packet sniffing:

def sniffPackets(packet):
    if packet.haslayer(IP):
        pckt_src=packet[IP].src
        if '192' not in pckt_src: # Only incoming packets !
            pckt_dst=packet[IP].dst
            pckt_ttl=packet[IP].ttl
            payload=packet[IP].payload
            hex_dump = hexdump(packet)
            bytesd = bytes(packet)
            
            from quarry.types.buffer import Buffer
            # Do something with quarry...
            buff = Buffer(bytesd)
            x, y, z = buff.unpack_position()

def main():
    print('custom packet sniffer')
    sniff(prn=sniffPackets, filter="port 25565")

How can I use quarry unpack to get packet ID and such directly from packet bytes ?
Also, will quarry detect gzip compression and help to deal with that ?

Thanks for your work !

from quarry.

So a couple of things to note:

1. Minecraft packets will fragment across multiple TCP/IP packets. You can't receive a TCP packet and expect that a minecraft packet is right at the beginning
2. If you're connecting to an online-mode server, your connection will be encrypted pretty soon, making sniffing impossible.

You can work around issue 1 by keeping a single global Buffer object and adding data to it every time you receive a TCP packet. You can then attempt to decode a packet by calling buff.unpack_packet() - this method handles gzip compression and will give you another Buffer object back that contains the packet's payload, starting with its ID. Note that you might not have enough data in your buffer, or conversely you might have enough data for multiple packets! You can see how quarry handles that here.

You can work around 2 by running the server in offline mode. If that's not possible, you won't be able to passively sniff connections (for the same reasons you can't sniff HTTPS connections), but you can write a proxy that does online-mode authentication with the remote server (the proxy will need to know a genuine minecraft.net account). The logic here is a little complex so I'd suggest using quarry's proxy infrastructure if you go this route.

from quarry.

I was planning to treat packets using a Bufffer.
But yes, random aspect of incoming packets is not an easiest part.
Also , i'm not concerned by encryption as I want to sniff non online-mode servers.

I will give a look to how quarry handles it, thanks for the link.
If I plan to use quarry proxy (or rex directly maybe ?), how will it handle unknow packets ?
For example for a server that added few customs packets (not using the dedicated custom packet or plugins channels !) :
Will we need to implement them to allow proper gameplay / don't crash the client (or quarry "client") or will they pass through, be ignored, and still redirected client-->proxy-->server / server-->proxy-->client without problem ?

from quarry.

If you're using a quarry proxy (such as rex) at the moment you'll get a protocol exception for unknown packets - I'll look into making this hookable.

from quarry.

Using your indications I got my 'real' sniffer to work:
Listening to chat messages: http://puu.sh/Almac/83c47b69a9.png
(Russian server,I took it from a server list around the web, whatever...)

Here is the current code (using global and ugly vars):
https://pastebin.com/s9h1s3Cb

Really simple, and no need to use a proxy, thanks for your advices !

Can you show me an example to decode more packets like the "Entity Look And Relative Move", using your Buffer and unpacks ?
For ex, format is Entity ID (varint), X (short), Y (short), Z (short), Yaw (angle), Pitch (angle), On Ground (bool)
I don't know how to unpack those types, but I suppose quarry can help me on that too.

Also, how should I know which compression treshold I'm currently in ?
I'm getting random errors while decompressing the buffer.
(Listening for set compression packet and unpack it to get a value ?)

from quarry.

Great to hear that you've got something working!

There's an example of unpacking "Entity Look And Relative Move" here: https://github.com/barneygale/minebnc/blob/master/plugins/entities.py#L294-L301. You may find the rest of the code in that repository quite useful.

For compression, you'll need to hook the login_set_compression packet and store the new value.

from quarry.

Those examples are quite complete, I got everything I needed, thanks for taking the time to give some directions, this is actually very useful.
No need to keep this issue opened anymore.

from quarry.