Was SRO Security updated since 2017-2018?

Hi. I was playing with Drew’s PHP Server Status but it looks iSRO has changed since 2017-2018 because the gateway disconnects after the script sends Handshake_E packet.

I’m using PHP 7.3.2, so I had to replace mcrypt_ecb function with openssl_(en/de)crypt.

I also patched Silkroad to remove m_value_x randomization. I ran simple TCP server to test the patch and Silkroad response was always the same. So then I sniffed some packets with Wireshark, and I was trying to use this script to parse them, and… Handshake_E result is not the same as the client’s one.

Do you know something about it? Or maybe I’m wrong and made some stupid mistake?

There were no security changes. Some of the opcodes have changed for logging in though. I suspect it’s due to changes in PHP.

If you can use Python instead you could try this: https://github.com/ProjectHax/pySilkroadSecurity

It’s a bit of a pain to setup due to different libraries on every distro but it does work. I use it for a couple things.

1 Like

Also they removed the X-Trap thing long time ago right? At least client works on Wine without that security program.

You were right. That was due to changes in PHP. Thanks.

1 Like