/* Client->Server // Login Server $CS_LOGIN = Chr(0x0).Chr(0x0).Chr(0x0); $CS_SERVERLIST = Chr(0x0).Chr(0x4).Chr(0x0); $CS_LOGIN_GO_SERVER = Chr(0x0).Chr(0xF).Chr(0x0); $CS_LOGIN_GO_SERVER_STEP_2 = Chr(0x0).Chr(0x11).Chr(0x0); //MMServer $CS_MMSERVER = Chr(0x1).Chr(0x0).Chr(0x0); $CS_CHANNEL_LIST = Chr(0x1).Chr(0x1E).Chr(0x0); $CS_CURRENCY = Chr(0x1).Chr(0x80).Chr(0x0); //Channel $CS_CHANNEL_JOIN = Chr(0x1).Chr(0x1F).Chr(0x0); $CS_CHANNEL_DATA = Chr(0x1).Chr(0x32).Chr(0x0); $CS_ROOM_LIST = Chr(0x1).Chr(0x33).Chr(0x0); $CS_PLAYERBUNCH = Chr(0x1).Chr(0x21).Chr(0x0); //Heartbeat $CS_HEARTBEAT = Chr(0x1).Chr(0xab).Chr(0x0); //Leave? $CS_QUIT = Chr(0xd).Chr(0x1).Chr(0x0); /**********************/ /*Server->Client // Login Server $SC_LOGIN_SUCCESS = Chr(0x0).Chr(0x19).Chr(0x0); $SC_LOGIN_SERVERLIST = Chr(0x0).Chr(0x1).Chr(0x0); $SC_SERVERLIST = Chr(0x0).Chr(0x3).Chr(0x0); $SC_LOGIN_GO_SERVER = Chr(0x0).Chr(0x10).Chr(0x0); $SC_LOGIN_GO_SERVER_STEP_2 = Chr(0x0).Chr(0x12).Chr(0x0); //MMServer $SC_1_UINT32_1 = Chr(0x1).Chr(0x9).Chr(0x0); $SC_PLAYER_DATA = Chr(0x1).Chr(0x1).Chr(0x0); $SC_CURRENCY = Chr(0x1).Chr(0x81).Chr(0x0); $SC_CHANNEL_LIST = Chr(0x1).Chr(0x25).Chr(0x0); //Channel $SC_CHANNEL_DATA = Chr(0x1).Chr(0x51).Chr(0x0); $SC_CHANNEL_JOIN = Chr(0x1).Chr(0x20).Chr(0x0); $SC_PLAYERBUNCH = Chr(0x1).Chr(0x22).Chr(0x0); //Rooms $SC_ROOM_UPDATE = Chr(0x1).Chr(0x52).Chr(0x0); /*0 uint32 action - 4 roomchunk - e4 unk4byte unknown ---- action is 00 for new room, 01 for delete room, 02 for room update // Broadcast $SC_ANNOUNCEMENT = Chr(0x4).Chr(0x2).Chr(0x0); //Heartbeat 1/min $SC_HEARTBEAT = Chr(0x1).Chr(0xac).Chr(0x0); /********************* Cross Fire Packet Documentation (C) 2010-2012 UVB-76 You can use this for whatever you want as long as you include my name in the credits, and as long as you do not create cheats or exploits. This file describes various types of packets sent to/received by Cross Fire. Only game packets were analyzed -- I have not done any work on HGWC/XTrap packets, nor do I have any interest in doing so. === All TCP messages conform to this format: F1 (dataLength uint16) (id1 uint8) (id2 uint8) (id3 uint8) (dataSection) F2 Thus, the whole message length is dataLength + 7 Minimum message length (no dataSection) is 7 bytes Generally each type of message has its own format for inside the dataSection. Since TCP is by nature a stream, you can get multiple messages, or even just parts of messages, mashed together in one packet, or split into multiple packets. DO NOT ASSUME EACH CHUNK OF DATA YOU RECEIVE IS A MESSAGE ***Example: Here's a chat message "beep boop" sent from "Khaak" to me: F1 18 00 02 01 00 00 4B 68 61 61 6B 00 00 00 00 00 00 00 00 62 65 65 70 20 62 6F 6F 70 00 F2 . . . . . . . K h a a k . . . . . . . . b e e p b o o p . . F1 and F2 are beginning and end of message markers, so they can be ignored. "18 00" is a uint16, which is length of the dataSection. In this case, it's 24 bytes. "02 01 00" is three uint8s, which make up the message ID. The first byte would appear to be a sort of message "class", but I just treat all three bytes as the ID... so the ID in this case would be 020100. Here's the dataSection of that message split out: 00 4B 68 61 61 6B 00 00 00 00 00 00 00 00 62 65 65 70 20 62 6F 6F 70 00 . K h a a k . . . . . . . . b e e p b o o p . For whatever reason, it starts out with a 00. Next is the sender's name, padded out to 12 bytes with 00s. (Names, when padded at all, seem to always be padded to 12 bytes) Then there's another 00. Then there's the chat message text. This message can be read either by reading until the 00, or by calculating the length of the text based on the dataSection length. I prefer, in this case, to just read until a 00. */