✅Prep: Analyze Network Packets with Wireshark

Motivation

Before solving for any flag, we should inspect client-server packets via Wireshark. GameLogic.dll is used by both game client and game server, it is possible that some functions are implemented exclusively for the game server. If that is the case, we should be able to find some interesting stuff just by capturing the packets between game client and game server.

Wireshark

We are only interested in Pwn3 traffic, so use the following filter:

(ip.src == <game_server_ip> || ip.dst == <game_server_ip>) && tcp.len > 0

tcp.len > 0 means non-empty payload. We are looking for any interesting data so we don't want empty packets.

We see a few "RSL" packets at the very beginning:

"RSL" stands for "Radio Signalling Link (RSL)", which sounds like a wireless mobile thing. Wireshark isn't decoding this correctly, let's go to "Analyze -> Enabled Protocols" and select "Enable All":

Now those "RSL" packets are interpreted as normal TCP packets.

PreviousPrep: Infinite Health and Mana (Locally)NextPrep: Build a Proxy in Python

Last updated 1 year ago