Socom 1 and 2 Private Server Development

Discussion in 'SOCOM: U.S. Navy SEALs' started by Turbo, Feb 22, 2016.

  1. Turbo

    Turbo iDub Scrub

    I'm creating this thread to have an official place for everyone to share and post their research or progress. I want to keep this thread about the actual development. Please don't post why or why not you think this should or shouldn't happen. This is to help the people working on this share and work together more efficiently.
     
  2. Sir Tortis

    Sir Tortis Butterstick

    If you guys do not already know, I am DarkForce from TMA and a member of the TMBO revival server team.


    To address some of the concerns/questions a few of you have...

    Our main goal is to be able to play all server revived games without the need for hacks and codes. This may or may not be possible in the case of Socom or Socom II (and other "newer" Medius based titles), due to packet encryption at this time. However, this does not mean all hope is lost....

    The main problem with bringing back a server for Socom and other encrypted traffic titles is, the lack of a usable packet capture. Thank your lucky stars though, Twisted Metal Black: Online and Twisted Metal Head-On PSP have saved the day, because both titles for some reason did not use encryption.

    While we can't just drag and drop packets from the above two titles and use them for Socom and Socom II, we can however modify them to fit our needs. The team has done this for SC I/II and we're able to make it to GetUniverseInformation for Socom II and CreateChannelRequest in Socom I. Now, you may be wondering what this means exactly... when I say we've made it to these areas, I am referring to commands in the question/answer system the above two games use.

    There is however a problem with the above method. Not all questions/answers were used by TMBO/TMHO that Socom and Socom II require. This is where advanced knowledge of MIPS is required. In all honesty, what we really need is to determine how packets/commands are created by the game and what kind of information the game expects to receive in response to the said packet. I can point people in the right direction for this one.


    It has been asked a few times if we can go open source. I do not know if any of you have been following other open source projects of this nature, but from what members of our group have seen (and dealt with)... the majority of people end up running their own home server and nothing is centralized. So in the end... multiple people are running multiple servers and the community is further fractured, because there is no one central server for people to play on. This further hurts what little player base the title still has and confuses anyone interested in playing the revived title.

    Another issue some of us have run into is, people will work on your project for a little bit, run off and take all of your code, and then start up a competing project and claim everything as their own. So having said that, I can't share our source code with you, but I can help you get started so that you don't need to start from scratch.


    Now, a few of you guys seem to have some skills which our team lacks/doesn't have the time for at this moment, so I think we can work together on bringing back Socom I, Socom II and further enhancing TMBO. Working on one title has the side-effect of enhancing/reviving the other Medius based titles.

    Here is what I propose:

    • A bitbucket repo will be created for the purpose of reviving the Socom I/II servers.
    • I will help get you guys started.
    • I also offer to host the future Socom I/II server on the already setup and compatible TMBO server.

    What we require:

    • Someone with the abilities to create a nice modern looking server website that can easily be used for both Socom I/II and other Medius title lobby information. This site must be easily interchangeable/compatible with multiple Socom titles and other Medius based titles. The site must also have a moderation section which allows us to ban troublemakers and a nice chat box for match organization. Knowledge of PHP, SQL, HTML5 and jQuery will be required for this position.
    • Someone that knows their way around MIPS. This is required if we hope to make it past the first few initial commands for Socom II and the other missing response packets for both Socom I and II. This position requires a pretty decent understanding of MIPS (obviously), your ability to obtain the IDA Pro Disassembler (depends on if you need it), PS2dis and other tools which code hackers use. You must also document your findings so that multiple people are able to replicate your methods. There are around 250 commands (about 1/3 of which we have captures for) and another packet command type which has not been documented (newly discovered), so you'll want help from the team on this one.
    • Someone that knows the Python programming language.
     
  3. Harry62

    Harry62 hacker

    A few questions:
    - What kind of latency are we looking at with your server? As of now SOCOM 2 played via xlink is anywhere between 80-150ms which is unplayable IMO.
    - After speaking with another hacker we believe that the encryption may not be an issue if we simply bypass the encryption and decryption functions in the game. It would only be temporary to get us going until we can encrypt and decrypt server side. Do you think this would work yourself?

    I'd say I'm the most knowledgeable of MIPs that frequents this site. There are better hackers than me but they don't have a flexible schedule like me.
     
    Medux likes this.
  4. Sir Tortis

    Sir Tortis Butterstick


    I imagine pings will be comparable to the original servers. Do you know if Socom is P2P based? I ask because TMBO is and it runs on the same version of Medius that Socom I does.

    Xlink was always laggy and caused many problems when we played TMBO with it. Xlink seemed to add an extra layer of latency, but nothing is going to help a host with a horrible connection. Anyway, god knows how we managed to put up with Xlink for as long as we did.

    In the case of TMBO, the server only acts as an intermediary for lobby game lists, firewall functions and accounts. Would you say the original Socom I/II servers operated in much the same way, but with clan and stat tracking?

    Encryption is not an issue at this time. I do however recommend that encryption must be maintained if we are to have maximum compatibility with all clients. As for the second part of the question... I can't fully answer until we have determined what the response is supposed to be to the first few initial packets. What I can tell you is that enc/dec functions server side is possible and has been done, but I am unsure at this time if every client will require codes to use the server. We won't know till more work is put into the enc/dec functions of the game/server.
     
  5. Turbo

    Turbo iDub Scrub

    The original servers were just switch boards to get players to a main server ( socom online) to sub servers (us East, us central, etc) where players could host rooms. Everyone connects to the host of the room. The server also logged the clans, accounts, ranks, etc.

    Main server to sub servers to hosted rooms. I'd say very similar to tmbo
     
  6. Sir Tortis

    Sir Tortis Butterstick

    That's what I figured. I guess we would only need a few key packets to be rebuilt from scratch to enable Socom I then.

    I can easily see Socom I running soon without clan and stat tracking features.
     
    Laziness likes this.
  7. Turbo

    Turbo iDub Scrub

    Yeah i would assume socom 1 would be easiest to do. I'd like to see s2 online though. Don't care if the clan, stat, rank features work lol. But it would be nice to get there eventually.
     
    /SS/ PEIPER likes this.
  8. Harry62

    Harry62 hacker

    Do you have an example packet you can post up? I'd like to see how a function interprets a packet and what the packet actually looks like. I'd also like to see how the data is stored client side to get a better understanding. My specialty for this server process is entirely MIPs assembly, anything server related is new to me.
     
  9. Plexus

    Plexus Chopsticks

    I can help with the php and mysql for the site if you like. I have experience with PDO. The design of the site should be done by someone else though. I dont normally work on websites most of the work i have done has been for designing read and write database systems for video games.
     
  10. Sir Tortis

    Sir Tortis Butterstick

    0121 - CreateChannelRequest (Socom I)

    "2115" is the sessionid my home server has assigned to the session (lots of testing since were now at the 2115th session)

    The other stuff you should recognize.

    0000 0B 92 00 01 21 00 00 00 ....!...
    0008 00 00 00 00 00 00 00 00 ........
    0010 00 00 00 00 00 00 00 00 ........
    0018 00 00 32 31 31 35 00 00 ..2115..
    0020 00 00 00 00 00 00 00 00 ........
    0028 00 00 00 00 00 6E 7B 01 .....n{.
    0030 00 00 01 00 00 55 53 20 .....US
    0038 43 45 4E 54 52 41 4C 00 CENTRAL.
    0040 4C 49 4D 49 54 00 47 41 LIMIT.GA
    0048 4D 45 4C 49 53 54 00 47 MELIST.G
    0050 41 4D 45 4E 41 4D 45 00 AMENAME.
    0058 4D 65 64 6C 65 79 00 46 Medley.F
    0060 52 49 45 4E 44 4C 59 46 RIENDLYF
    0068 49 52 45 00 4D 41 58 50 IRE.MAXP
    0070 4C 41 59 45 00 00 00 00 LAYE....
    0078 00 00 00 00 00 00 00 00 ........
    0080 00 00 00 00 00 00 00 00 ........
    0088 00 00 00 00 00 00 00 00 ........
    0090 00 00 00 00 00 .....

    The goal is to determine what 0B 92 are and how the game determines it will use command 01 21, then you also want to figure out what the response is supposed to be for this packet. 0122 - CreateChannelResponse is the response, but we need to know what must be in the response and how its supposed to be structured.

    Socom II 04 command type (unknown at this time, this is the new command type I had mentioned in my first post)
    This packet is shown when the game is asking for the universe information in the video I posted in the other thread.

    0000 0B 26 00 04 03 00 00 00
    0008 00 00 00 00 00 00 00 00
    0010 00 00 00 00 00 00 00 00
    0018 00 00 C7 1C 00 03 00 00
    0020 00 02 00 00 00 01 00 00
    0028 00
    Once again, the goal is to determine the response for both packets.

    Edit: I forgot to mention that this screen cap is not from a Socom title. This is from a Medius title that still has its debug symbols intact.
    You'll need this:
    [​IMG]
     
    Last edited: Feb 22, 2016
  11. Harry62

    Harry62 hacker

    I'll have to find the function that controls the "createchannelrequest" that you are referring to. When do you send/receive the packet above as in what button are you clicking to activate it? I have the majority of the functions mapped out for the online menus so it wouldn't take me any time to pinpoint it and find the packet area.

    I'd also like to add that socom 1 is one of those lucky games that have close to 90% of the debug labels(symbols as you call them) in tact. I was able to find the registerpackets function with ease and I'm sure I've found the other as well.
     
    Medux likes this.
  12. Sir Tortis

    Sir Tortis Butterstick


    I press X on "US Central" in the briefing rooms.
     
  13. Harry62

    Harry62 hacker

    Good information. I will look in to it now.
     
  14. Medux

    Medux Requiem

    this thread looks promising . Shame there speaking in a different language .
     
  15. Sir Tortis

    Sir Tortis Butterstick

    I took a look at the Socom ELF files and a memory dump taken via PCSX2 and best I can tell there are no debug symbols. Nothing like what I've seen for the other titles I have in my collection. If you opened Socom in IDA Pro it would leave all the functions blank like in the attached image below. I'd advise getting a few titles with their debug symbols intact if you wish to make quick progress. No need to make this tougher than it already is.

    Also, how does one send a PM on this site? I've looked all over and I can't find an option for it.

    [​IMG]
     
  16. Harry62

    Harry62 hacker

    You have to start a conversation with someone I believe. As for the labels I have the original socom 1 demo ELF file. It is loaded with labels for everything and the majority will import in to the socom 1 dump. I will send you a link to the demo ELF whenever I get home later today.
     
  17. Tawok

    Tawok Not *That* Kinda Guy


    For the technically illiterate people reading this, all you need to know:

    This could be the biggest development in our community in years, happening right before your eyes. If you know a PHP/MySQL programmer, or anyone that's played with MIPS assembly, now is the time.

    Explain like I'm 5: Sir Tortis has experience reviving dead servers to their full capacity, namely Twisted Metal Black Online. They're on the cusp of doing the same with SOCOM, but they need more information from the data packets that are used to run the online gameplay. If they crack the code, we could be looking at playing SOCOM 1 again, and possibly SOCOM 2 using the ONLINE menu option, instead of some janky ass XLINK LAN bullshit.

    This is awesome.
     
  18. MACK IS GOD

    MACK IS GOD VP of Toxicity

    To send a private message click on the members name in their avatar and a menu will pop up. Select "start a conversation". It will allow you to make a title of the conversation and then send a message. When they reply the "inbox" icon on the top right of the page will turn red. Simply click on that and youre good to go.
     
    [ZIP]SuPeRMaN likes this.
  19. Animal-_-

    Animal-_- TRS Staff

    Not that I don't think it's cool someone's trying to figure this out, I do have one question. Would this be p2p, or would someone need to host and maintain a server? And if a server, who's gonna pay for/maintain it?
     
  20. Tawok

    Tawok Not *That* Kinda Guy

    You'd have to ask the @Sir Tortis himself, I can't find anything concrete to answer that one.
     

Share This Page