Dreamcast-Talk.com

pcwzrd13 wrote:

dude2207 wrote: Oh, also created a web portal and PERL script for generating the VMS/VMI of NET files for people when the time comes. You will need to manually find your dreamcast's unique flash ID to create your NET file.

How was this done back in the day? I would assume the game would have done all this for you.

Without a NET file you'd register in the game. Then the game dials to KDDI's network and does.... something. Finally it dials to your ISP and connects to the server over PPP; sending a special character to signify a new account.

The issue is that first dial, as it's trying to PPP into their network. Normal servers don't work (tried on DreamPi and a PortMaster3) but I found out it DID work on a WinXP machine doing a share connection server.

Didn't do a deep dive but it's prob using Microsoft encryption the other stuff doesn't support. Most of the PPP packets looked the same. It just connects and then immediately disconnects but is satisfied with the result. After connecting you'd have a NET file.

@ioncannon Ah ok, gotcha.

Can you edit the NET file manually? I found what looks like an ID in hex but it's 14 characters long and my console ID is 12 characters.

pcwzrd13 wrote:@ioncannon Ah ok, gotcha.

Can you edit the NET file manually? I found what looks like an ID in hex but it's 14 characters long and my console ID is 12 characters.

Yes we mapped out the NET file back at the end of June.

On the lobby engine front, not getting hopes up; but I was able to backtrace from the confirmed `avetcp_send` function for the Access TCP lib in the NetSDK, to the confirmed "send gate server" function.

Using the reference graph I found it was 2-3 funcs distance between each other.

Tried then with `avetcp_receive` and found matching functions.... and 2-3 funcs away was this:



BIGSWITCH was a function I found earlier that looked like a giant opcode switch. Seems I was right! Time to confirm if those params sent in (they are in the heap, not static memory) contain the receive buffer!

If this is a opcode switch for the entire game then basically we cracked this thing open like the KDDI server was.

This is BIGSWITCH; like I said a giant opcode switch (or as Ghidra disassembles it, if statement list):

Alright, found the receive buffer using that nice Flycast Debugger, and it's filled with my dummy data. Using Daytona as Aero Dancer breaks up the binary when you load the broadband version of the game and the ISP dialer seems to break for me /shrug. Same code tho.

Now to just follow that recv buffer up the path til we are back at BIGSWITCH (hopefully).

Nice work!

Wooo, got the code going to the BIGSWITCH. So packets are so far [size (2b)][opcode (2b)][data?].

More progress:





I assume goodcow is the name of the person who got their key generated? Or is it dummy data?

ioncannon wrote:More progress:





I assume goodcow is the name of the person who got their key generated? Or is it dummy data?

Goodcow is the name, he had his key saved. The key needs to be mapped out so we can generate others

Great job lads some pretty significant progress thanks for grinding away at this.