Starcraft – Match information in Starcraft 2 via packet capture

starcraft-2

I'm writing a small application to track some additional statistics not provided within Starcraft 2 (e.g. current daily point increase/decrease, distribution of matches such as those won in the first 5 minutes, etc…). The problem is that there is some information that isn't available on the battle.net webpage. Ideally, I'd parse all of the information directly from this website, but things like length the game ran and opponents aren't provided on the web version.

So, I've been looking into capturing packets on a client machine to see if there is a way I can extract this data as a user is playing sc2. I'm not entirely sure this is going to work, because as I've seen thus far, the packets are either encrypted, or simply not readable.

I just wanted to see if others had thoughts on how I might go about this. Also, the software is going to be GPL licensed, so if you're interested in helping out, let me know.

~Scott

Best Answer

I also agree this is a poor approach, but since you piqued my curiosity, I went and installed wireshark.

Here is an average SC2 packet:

User Datagram Protocal, Src Port: 50542, Dst Port: bnetgame (1119)
Length: 32
Data (24 bytes)
Data: 76ed0100077ce965cd7e4018cc8040001e92508e0fa0cd00

I remember that the original Starcraft had the option of using the IPX protocol as an alternative to TCP, so I guess I shouldn't be surprised that they rolled their own protocal for Starcraft 2. What's more the average packet size in my sample was 60bytes, which with overhead means you're getting 24 bytes of data. Without a good insight in to how they do sequencing, any sort of parallel data being transmitted on that connection is going to be hard to reassemble.

At this point they don't even need encryption, their chopping scheme for transmitting smaller packets will act as obfuscation.

Since efficient network transfer of data is a bit of a hobby of mine, I decided to dig deeper.

Storm UDP Protocol
This protocol is defined and processed by functions within Storm.dll and is used for numerous games - namely, Diablo 1, Warcraft II: BNE, Starcraft, and Starcraft: Brood War.
(WORD)      Checksum
(WORD)      Header Length
(WORD)      Seq1
(WORD)      Seq2
(BYTE)      CLS
(BYTE)      Command
(BYTE)      PlayerID
(BYTE)      Resend

I take back my original assessment, you can definitely identify the sequence pretty easily. What's more It looks like you can break apart the messages fairly easily. The concern then becomes extracting information from the 4-8 Bytes of data in the messages.

So let's look at that data.

== 0x36 - Stim Pack ==
{{{
  // No parameters.
}}}
CLASS 2

----------------------------------------------------
== 0x35 - Zerg Bldg Morph ==
{{{
    WORD wUnitType;
}}}
CLASS 2

Fascinating. Apparently SC2 is transmitting the same codes you find in a replay over the BattleNet. So breaking apart a replay is the same as using a packet capture. Your only real decision should then become: Do you need the data in real time? If you don't then using replays will be easier than disassembling the data from tshark.

Related Topic