This game is largely server side, actually it's incredible how much server-side goes on. Even engrams on the ground, you can't pick them up until you have full connection.
Man in the Middle - Short description - Where you intercept all traffic on your computer going from your console to the server back to your console. All traffic goes through you before it reaches it's destination. The server side thinks you are the console and the console thinks you are the server. This brings up a lot of possibilities.
Cain and Abel - Needed for MITM Attack
Now using Wireshark, we can evaluate each packet that goes from your console to the server and back. Doing little things (like buying an engram) that take 3-4 sec are good so that you don't have a lot of packets to review.
What we want to do is intercept and modify the packets that the server sends back to the console. Once we identify certain packets (like putting a weapon in your vault), we can do this again but block off the server connection (using Zone Alarm), and send packets from your computer to your console basically spoofing the server for a couple of seconds. The possibilities are endless.
This is a work-in-progress as I've only spent a few hours testing.
To find what is all Server-side, you can use Zone Alarm and while doing the MITM attack and basically block the server-side. If the game allows you to do stuff then it's client side, if not server side.
Server-side (will be updated)
- Equipping/Un-equipping weapons/items
- Bounties at the tower (obtaining and rewarding)
- Buying anything
- Picking up engrams
- Taking/Putting items in the vault
- Dismantling
- Reviving
Client-side (PLEASE POST ANYTHING YOU BELIEVE TO BE CLIENT-SIDE)
- Picking up ammo
- Killing enemies
THE IDEA (Duplication)-
1. Take an item out of the vault, record packets sent and received.
2. Put item back in the vault.
3. Identify which packets the server sent the client when taking the item out.
4. Block Server-side connection, try to take the item out of the vault (won't let you), but then send the server-side packets you gathered earlier.
5. Go back to orbit immediately, unblock server-side
6. Now you have the item in your inventory, but since we blocked all server-side connection while taking the item out, the server still shows the item in the vault.
Again, this is just a work-in-progress as I've only had a few hours of reviewing but the idea is there. I do realize that this may be a little out of the reach for most people to understand but just giving my thoughts.
EDIT - PROGRESS - 9/29/14
I see some people are having issues with this method. Let me explain some more...
Your console connects to bungie through a variety of different IP addresses (their servers). For what each IP address is for, well that is unknown. But, we can easily find out which IP address accounts for the inventory, etc. Equipping different stuff in your inventory, you'll start seeing one IP generate much more packets than the others. Voila you have found the server you want to mimic.
FYI - In Cain and Abel, "Full Routing" on an IP means that we have effectively establish the MITM attack. Here in the picture you can see that the IP I needed is indeed "Full Routing."
Now time to sniff packets. What I found out in just a short time of testing, is that equipping a different item (in this case a gauntlet) produces 12 total packets between your console and the server. It seems as the packets come in pairs each being the same length. In the "Destination" column, the 4.x.x.x.x IP address is packets sending from my console to the server. My console is the 192.168.1.8.
Well that's it for now. Expect another update here this week
