PKT 3.0 (English)
Материал из YTDB DataBase
Версия от 17:22, 15 августа 2011; LordJZ (Обсуждение | вклад)
PKT 3.0 is the first universal version of PKT network packet dump file format.
The specification consists of two file formats to contain decrypted and encrypted network packets of World of Warcraft, with .pkt and .raw extensions respectively.
Содержание |
PKT Spec
First goes the Main Header. The Main Header contains meta data about the packet dump. Fragments of the network stream go afterwards.
For fields longer than 1 byte, little-endian byte order is used by default.
File Naming
Field | Value |
File Name | Any |
File Extension | Mandatory .pkt |
Main Header
Field | Length | Contents |
File Signature | 3 bytes | 'PKT' in ASCII, sequently |
Format Version | 2 bytes | First minor, than major version bytes. For PKT 3.0 it is 0x00, 0x03 |
Sniffer Id | 1 byte | See Sniffer Id in PKT |
Client Build Number | 4 bytes | |
Client Language | 4 bytes | Language code bytes in ASCII, sequently, i.g. 'enGB' |
Session Key | 40 bytes | Optional. Can be filled with zeros. |
Optional Data Length | 4 bytes | |
Optional Data | Length is in previous field. |
Network Stream Fragment
Field | Length | Contents |
Packet Direction | 4 bytes | 4 chars in ASCII sequently, 'SMSG' for server-to-client packets, 'CMSG' for client-to-server packets. |
Packet Arrival Time | 4 bytes | Number of seconds passed since the UTC Unix Epoch |
Packet Arrival Ticks | 4 bytes | Number of milliseconds passed since the system start |
Optional Data Length | 4 bytes | |
Packet Data Length | 4 bytes | At least 4 bytes |
Optional Data | Only the sniffer's developer controls what data is contained in this field. Length is in "Optional Data Length" | |
Packet Data | Data of a single World of Warcraft packet. Length is in "Packet Data Length". First 4 bytes of the field are the opcode. |
RAW Spec
First goes the Main Header. The Main Header contains meta data about the packet dump. Fragments of the network stream go afterwards.
For fields longer than 1 byte, little-endian byte order is used by default.
File Naming
Field | Value |
File Name | Any |
File Extension | Mandatory .raw |
Main Header
Field | Length | Contents |
File Signature | 3 bytes | 'RAW' in ASCII, sequently |
Format Version | 2 bytes | First minor, than major version bytes. For PKT 3.0 it is 0x00, 0x03 |
Sniffer Id | 1 byte | See Sniffer Id in PKT |
Client Build Number | 4 bytes | |
Client Language | 4 bytes | Language code bytes in ASCII, sequently, i.g. 'enGB' |
Session Key | 40 bytes | |
Optional Data Length | 4 bytes | |
Optional Data | Length is in previous field. |
Network Stream Fragment
Field | Length | Contents |
Packet Direction | 4 bytes | 4 chars in ASCII sequently, 'SMSG' for server-to-client packets, 'CMSG' for client-to-server packets. |
Packet Arrival Time | 4 bytes | Number of seconds passed since the UTC Unix Epoch |
Packet Arrival Ticks | 4 bytes | Number of milliseconds passed since the system start |
Optional Data Length | 4 bytes | |
Packet Data Length | 4 bytes | At least 4 bytes |
Optional Data | Only the sniffer's developer controls what data is contained in this field. Length is in "Optional Data Length" | |
Packet Data | Data of a single TCP packet. Length is in "Packet Data Length". |