Toribash
Original Post
[DISC] Toribash Protocol Passthrough.
Sup, I'm trying to write a small script to allow me to log out toribash's protocol to the terminal. Here's what I have thusfar.

https://github.com/Eleeleth/toribash...ol-passthrough

It's not much, and it currently requires you to do some fancy iptables routing. (Point game1.toribash.com:22000 and the ip that resolves to, to localhost:22000.)

Run the script in your terminal, and open toribash and click multiplayer, and you should get a log of the raw protocol for the lobby screen.

This thread is mostly going to act as a rubber duck debugging session in the public record. Feel free to comment/complain/ridicule/praise/whatever.

(The end goal of this project is a full parser as well as documentation for the protocol.)
<~suomynona> TITS OR ELEELETH
This is excellent work, Eleeleth.
[23:23:53] <AndChat|700625> Blue eyes ultimate dragon best card
[23:24:29] <AndChat|700625> You know the one with 3 heads
[23:24:39] <~Lightningkid> just like my dick



[11:35:40] <box> Hampa suck
[11:36:21] <hampa> not the first to tell me that today
That nigga ain't shit. I could do better just writing code in this message box.
I got a fantastic pull request from a mysterious stranger, and now it requires sudo to run. It'll automagically fuck with your hosts file, too.
<~suomynona> TITS OR ELEELETH
Could you not just use something like Wireshark?
:D
Only nerds with protractors use shit like Wireshark for a simple TCP sniff.
Originally Posted by Blam View Post
Could you not just use something like Wireshark?

This is a jumping off point for a parser.
<~suomynona> TITS OR ELEELETH
I haven't tried using Wireshark in a couple of years, so I decided to give Blam the benefit of the doubt and give it one more shot. After five minutes of trying to use it to capture a log of the toribash protocol, I remember why I didn't ever like it to begin with. Wireshark's a great program, and the functionality it provides is impressive. I've never been able to make any real use out of it, though, because of the issues I perceive in usability.

For instance, let's say I want to make a log of the Toribash protocol for the purpose of reverse engineering some of the new stuff. With that purpose in mind, I start up a network capture, do whatever I need to do in Toribash, and when I'm done, stop capturing.

Given how many background services make heavy use of network traffic, it's highly unlikely your capture will only consist of the the packets relevant to Toribash. That wouldn't be a huge issue, except that for some reason, they never saw it necessary to add functionality to the GUI for removing packets that have been capture. (At least, not to my knowledge. I took the time to read through most of the documentation, but if I missed something, let me know) I realize you can filter what packets are displayed, but why am hiding packets that will never be of any use to me? Why can't I just hold shift, click two rows, and hit delete? I also realize that you can setup capture filters before starting a capture, and any packet not matching your filter will be ignored. The problem I see with that, however, is most of the time, I don't have enough information related to the activity I'm trying to track to create an accurate filter - I'm using WireShark to find out that information.

tldr: From my perspective, Wireshark isn't really convenient for casual reverse engineering.
Last edited by Juntalis; Jun 12, 2013 at 03:19 PM.
Updated this to use pcap, log out TB sessions by cloning and running

touch log.txt && sudo ruby ./lib/passthrough.rb > log.txt

or something. I'll make it easier to run later.
<~suomynona> TITS OR ELEELETH
TORIBASH 30
INFO 10; 10 0 0 49 0 100 0 0 1
SERVER 0; 176.9.64.22:20180 judo1
CLIENTS 2; RichardPT	Kuraimaru	Sid6Point7	Sean39mo	TapWatr	Grodark	NotThatGuy	Silvantor	ginopchoka	frizbe
NEWGAME 1; 1000 70 20 0 0 3 80 0 1 judo.tbm 0 0 100 0 0 0 1 0 2 0 0 0 0 0 0 0.000000 0.000000 -9.820000 0 0 0
DESC 0; ^16Beginner^07:: Judo 1
Lets break down the response from the lobby server (game.toribash.com:22000).

TORIBASH 30 // Not sure here, but it's included every server.
INFO 10; 10 0 0 49 0 100 0 0 1 // Some information about the server, iirc this is stuff like minbet, among other things. 
SERVER 0; <ip>:<port> <servername> // This is the meat of what we want from this connection.
CLIENTS 2; <space delimited list of usernames in the server> // Pretty simple.
NEWGAME 1; 1000 70 20 0 0 3 80 0 1 judo.tbm 0 0 100 0 0 0 1 0 2 0 0 0 0 0 0 0.000000 0.000000 -9.820000 0 0 0 // I'll go back through this later and define each one, but it's obvious that it's the game settings.
DESC 0; <server /desc> // Simple enough.
99% of the time with a bot, we'll be joining a predetermined room, so we connect to the lobby and use it as a DNS, resolving the name to the actual port we want to connect to.

Here's a small ruby script to resolve a server to it's destination. It's a quickie, and is free to use and improve. https://gist.github.com/Eleeleth/5793630

e: and a version that will give you an IP if the room doesn't already exist: https://gist.github.com/Eleeleth/5793836

e: and a basic idlebot, because I can. https://gist.github.com/Eleeleth/5794591
Last edited by Eleeleth; Jun 17, 2013 at 02:24 PM.
<~suomynona> TITS OR ELEELETH