Release of Wireshark plugin for Uru protocols
Posted: Mon May 17, 2010 8:27 am
Announcing the public release of my Wireshark plugin for Uru protocols!
After many years of tinkering I've decided to release my Wireshark plugin. OpenURU.org has offered to host the project. It is hosted here with Chogon's knowledge and okay, but this project is not officially sanctioned or supported by Cyan Worlds.
Wireshark is a network protocol analysis tool. The Uru plugin is a module for Wireshark that dissects Uru traffic. This lets you see what the server and client are saying to each other. The plugin should work for all Uru traffic (with a few undissected submessages) from UU onward*. However, MOUL/MOULagain connections are protected by encryption, and while the plugin does have decryption functionality, we do not have the server private key with which to decrypt the traffic.
I recognize that there is a fairly limited audience for this work, and the audience will be limited further by the encrypted connections. But there are use cases now, and with open source coming someday, there will definitely be value in this kind of tool.
Further details about using the plugin, how it handles the encryption, how to acquire the code, etc. are on the project's main page, on the OpenUru.org wiki. Please go there first!
Thanks to cjkelly1 for his help with this plugin over the years. I hope that it will prove useful to someone, and I hope to be able to add thanks to other contributors in the future!
- a'moaca'
* If you somehow have decrypted traces from Live 5-8 inclusive, the plugin may have the message typecodes wrong. If you have decrypted traces from Live 5-8, you might not need this plugin, but please let me know when the types changed anyway.
After many years of tinkering I've decided to release my Wireshark plugin. OpenURU.org has offered to host the project. It is hosted here with Chogon's knowledge and okay, but this project is not officially sanctioned or supported by Cyan Worlds.
Wireshark is a network protocol analysis tool. The Uru plugin is a module for Wireshark that dissects Uru traffic. This lets you see what the server and client are saying to each other. The plugin should work for all Uru traffic (with a few undissected submessages) from UU onward*. However, MOUL/MOULagain connections are protected by encryption, and while the plugin does have decryption functionality, we do not have the server private key with which to decrypt the traffic.
I recognize that there is a fairly limited audience for this work, and the audience will be limited further by the encrypted connections. But there are use cases now, and with open source coming someday, there will definitely be value in this kind of tool.
Further details about using the plugin, how it handles the encryption, how to acquire the code, etc. are on the project's main page, on the OpenUru.org wiki. Please go there first!
Thanks to cjkelly1 for his help with this plugin over the years. I hope that it will prove useful to someone, and I hope to be able to add thanks to other contributors in the future!
- a'moaca'
* If you somehow have decrypted traces from Live 5-8 inclusive, the plugin may have the message typecodes wrong. If you have decrypted traces from Live 5-8, you might not need this plugin, but please let me know when the types changed anyway.
Lucky me that I haven’t spent a lot of work on manually dissecting my MOULa dumps yet! (I have mostly automated decryption, but not analysis of the individual messages.) This is going to make learning the protocol much easier – thank you so much!