Was SRO Security updated since 2017-2018?

satanson · October 14, 2019, 1:02am

Hi. I was playing with Drew’s PHP Server Status but it looks iSRO has changed since 2017-2018 because the gateway disconnects after the script sends Handshake_E packet.

I’m using PHP 7.3.2, so I had to replace mcrypt_ecb function with openssl_(en/de)crypt.

I also patched Silkroad to remove m_value_x randomization. I ran simple TCP server to test the patch and Silkroad response was always the same. So then I sniffed some packets with Wireshark, and I was trying to use this script to parse them, and… Handshake_E result is not the same as the client’s one.

Do you know something about it? Or maybe I’m wrong and made some stupid mistake?

Ryan · October 14, 2019, 2:02am

There were no security changes. Some of the opcodes have changed for logging in though. I suspect it’s due to changes in PHP.

If you can use Python instead you could try this: GitHub - ProjectHax/pySilkroadSecurity: Silkroad Security API for Python

It’s a bit of a pain to setup due to different libraries on every distro but it does work. I use it for a couple things.

mrdeepmind · October 14, 2019, 10:31am

Also they removed the X-Trap thing long time ago right? At least client works on Wine without that security program.

satanson · October 14, 2019, 7:09pm

You were right. That was due to changes in PHP. Thanks.

https://gist.github.com/Chan-Tai-Man/a8fc921649b42e6db655b26c83791c3c