Reverse Engineering EQ Protocol: Thoughts and Tips ?

[unficyp]

Hi all,

i'm following this project for a long time now and i tried to run my own server to look around and visit zones i wasn't able to visit in EQ Live.

But there is one thing i wanted to know since i first tried eqemu:

How do you approach to reverse engineer the network protocol ?
I'm an programmer myself,i have clue about C/C++/networking but i never got in touch with reverse engineering so i always wanted to know how this is done ...
What tools do you use (except for a packet sniffer) or did you write your own ?
What difficulties did you expect ? Where do you start ?

thanks for your thoughts (and for reading) !

[fathernitwit]

the protocol is pretty much fully known, its the content of the data stream that keeps changing.

We write our own tools to help us understand, we start with raw packets (ethereal/tcpdump), and work on writting tools to reassemble the packet stream, then we use those tools to understand the contents, etc.

[unficyp]

Thanks for your answer,i thought that this is done like the way you described.

I know that the EQ Protocol is pretty much known and i don't want to re-reverse
engineer it myself just for fun.

The reason i created this Thread was,that i wanted to hear the techniques,tricks,tips,thoughts for RE a network protocol from people that actually have done this in the past so they can share their 'knowledge'.

[gottasummer]

If what you are looking for is a document which outlines the protocol, you can try looking at ethernalquest, ethernalquest is no longer functional, but if the protocol has stayed the same, then you should be able to use that information to get protocol info.

[fathernitwit]

protocol changed last year to be basically what eq2 is using, theres no real docs except the code.

[gottasummer]

Ah.

I recall on the eq2emulator forum, someone had posted a link to a page which had documentation on the EQ2 protocol.

So now it uses eq2 protocol, that sounds... interesting.