Skip to forum content

You are not logged in. Please login or register.


forums.pvpgn.pro → [EN] Diablo → PvPGN Firewall - DieTesseract

Pages 1

You must login or register to post a reply

RSS topic feed

Posts: 49

1 (edited by GecKoTDF 04.06.2023 05:17)

Topic: PvPGN Firewall - DieTesseract

Hi Guys,

Well, have been past almost 6 years from the development of the first solution was some kind of Proxy, but you need a VPS in parallel to run, but was the first step to fix the problem.
The time past and Meanski create for Windows a more simple solution call it D2GS Admin, and it worked really well.

A few days ago a user call MayhemARG post a firewall based in Python in a very basic but functional form.
After asking him a few questions and he make some changes, I decide to take the code and apply a few things that in my experience as admin where necessary.

So here is the new PvPGN Firewall of course DieTesseract.

---

INTRODUCTION
===========

The D2GS have a problem with a Hex code, if you send it, you crash the process, and all the games shut down.-
Tesseract make modifications in theory to avoid this crash and create individual enviroment for every game (D2GS.exe process) - But nobody can make it work, so it's like nothing.-

---

INSTALLATION
===========

Install Python 3.11 or above, then this libraries:
- pydivert
- psutil

For example in Windows, install Python, remember in the installation set "Use Admin privilegies", and "Add Python PATH".


Then in a CMD with admin privilegies type:

pip install pydivert
pip install psutil

Then, just execute like admin Start Firewall.bat, Done!


THE FIREWALL
===========


Very simple information and nothing else in screen, but now comes the important stuff:


GENERAL CONFIGURATION
==================


CONFIG FILE

In the config.json you set the parameters to adjust the firewall, here we have the important variables:


  "BAN_DURATION" = Time in minutes the IP that send flood packages or malicious login will be temporary banned.
  "MAX_TEMP_BANS" = The max allowed temporal bans the IP can have before get a permanent ban.
  "TIME_FOR_MAX_PACKETS" = Time in seconds to not consider flood packets as malicious.
  "MAX_PACKETS_THRESHOLD" = It's the number of flood packets allowed in the previously set time.
   For example: If TIME_FOR_MAX_PACKETS set to 10, and MAX_PACKETS_THRESHOLD to 12
   will allow 12 packets in a range of 10 seconds, this is only for Flood packages.
 
  "BLOCKED_PACKET_THRESHOLD" = It's the max number of malicious packets to count before permanent ban the IP, this apply to port 4000 (D2GS).
  "BLOCKED_PORT" = Default D2GS Port, never change.
  "LOGIN_PORT" = PvPGN Login port, usually this never change.
  "FIREWALL_RESTART" = Set True or False to restart the firewall after a set time (see below) to clear memory.
  "FIREWALL_RESTART_HOURS" = Time in hours to restart the firewall, for example 24 (this will be 1 time per day).
  "PROCESS_MONITOR" = Monitor the D2GS, True or False. This restart the D2GS.exe if crash for some reason.
  "PROCESS_NAME" = The D2GS.exe name to monitor, usually this never change.
  "PROCESS_PATH" = The complete folder path of the D2GS remember put doble \\.


PAYLOADS (Hex Codes)

You can set the payloads this are hex codes to stop, you have three files:

payloads.json = This are malicious payloads never go to D2GS process, always drop.
payloads_login.json = This are payloads that make a temporary ban to the IP, codes like like RedVex cheat, in login.
payloads_flood.json = These are payloads that pass, but in excessive quantity are harmful.

In all cases you have two ways to set the payloads inside this files:

starting_with = If the payload start with that code, it's detected.
fixed = It's a complete structure of code, will be detected only if the packet arrive it's exactly like that.

Check the EXAMPLE_payloads.json for more information.

By default you will have inside:

payloads.json = The most common attack hex code
payloads_login.json = The hex code to disable RedVex cheat login.
payloads_flood.json = The overhead chat, to avoid flood, and possible crack of D2GS.

NOTE: If you have only one code for example in starting_with and you don't have any in fixed code, put the same
in the two places, like in the default: payloads_flood.json


PERMANENT BANNED IPs

This go to the file permaban_ips.json you can remove it from there editing the file, for example:

{"172.21.41.6": 1, "186.71.42.3": 1}

You want to remove the 172.21.41.6, you will end with something like this:

{"186.71.42.3": 1}

HOW IT WORKS?
============

In general lines, when you start the firewall this will monitor two ports, the 6112 this is the login PvPGN port, and always check de 4000 port (this is the D2GS port).

You have three kind of payloads the malicious one for D2GS, the payloads for login PvPGN, that never reach port 4000 or 6112, and the flood ones, like the overhead chat, this can reach the game but if it exceeds a certain amount of packets in a certain time it's blocked.

When any of the set hex codes in the payloads files are detected happend two things:

D2GS port 4000: They start to count (BLOCKED_PACKET_THRESHOLD) if the IP reach this number, get a permanent ban, this will be instant block without any analisis and a denied access to the port 6112 (login port).

Login port 6112: They will get a instant temporary, the time it's set in "BAN_DURATION" this will deny access to the port 6112 (login port) for example if try to login with RedVex cheats.

Flood Codes: This codes works with TIME_FOR_MAX_PACKETS and MAX_PACKETS_THRESHOLD if the IP send the max amount of packets in the maximum time permited will get a temporal ban this will be set in BAN_DURATION and will have 1 red flag, if this behavior continues will reach the MAX_TEMP_BANS in that case, that IP will be permanent banned, no more analisis, and block the 6112 (login port).


HOW LOOKS THE LOG FILE?
===================

For example here, we see the start of the Firewall, and the IP was sending the overhead chat:

2023-05-29 - Today it's a new fresh restart in the PVPGN Firewall...

18:20:20 - Flood packet has been detected: b'\x14\x00\x01Hello\x00\x00\x00' - From Source IP: 172.21.41.6
18:20:21 - Flood packet has been detected: b'\x14\x00\x01Hello!!!\x00\x00\x00' - From Source IP: 172.21.41.6

This IP send too many overhead chats, and reach the maximum allowed temporary bans:

18:20:20 - Flood packet has been detected: b'\x14\x00\x01Hellooooooo\x00\x00\x00' - From Source IP: 172.21.41.6
18:20:22  - The IP: 172.21.41.6 was temporarily banned because it sent too many packets.
18:21:20 - Flood packet has been detected: b'\x14\x00\x01Hellooooooo\x00\x00\x00' - From Source IP: 172.21.41.6
18:21:21 - Flood packet has been detected: b'\x14\x00\x01Hellooooooo\x00\x00\x00' - From Source IP: 172.21.41.6
18:21:21 - Flood packet has been detected: b'\x14\x00\x01Hellooooooo\x00\x00\x00' - From Source IP: 172.21.41.6
18:22:22  - The IP: 172.21.41.6 was banned too many times, go to permanent ban.

This IP try to send malicious packets, and it's counting, then get banned and finally try to login with no luck:

18:27:06 - Malicious packet has been detected: b'\xff\x01' - From Source IP: 172.21.41.6 - Send 1 packets
18:27:06 - Malicious packet has been detected: b'\xff\x01' - From Source IP: 172.21.41.6 - Send 2 packets
18:27:07 - Malicious packet has been detected: b'\xff\x01' - From Source IP: 172.21.41.6 - Send 3 packets
18:27:07 - Malicious packet has been detected: b'\xff\x01' - From Source IP: 172.21.41.6 - Send 4 packets
18:27:30 - The IP: 172.21.41.6 was permanent banned, because reach the malicious packet threshold.
18:28:08 - The IP: 172.21.41.6 - Try to login, but have permanent ban.

============================


Thats all, any questions put it in the comments, and I will be glad to help!
Good Luck!

--

Post's attachments

PvPGN Firewall v1.1.zip 10.65 kb, 22 downloads since 2023-05-30 

You don't have the permssions to download the attachments of this post.
Admin / Owner Project:

== OldServers Argentina ==

2

Re: PvPGN Firewall - DieTesseract

https://forums.pvpgn.pro/uploads/images/2017/08/07/tumblr_inline_mksxioe58l1qz4rgp.gif

Diablo 2 Online

Itens - Armory - Market - Clans - Builds - Planner

3

Re: PvPGN Firewall - DieTesseract

Finish guide!

Admin / Owner Project:

== OldServers Argentina ==

4 (edited by jairfabricio 13.08.2017 05:10)

Re: PvPGN Firewall - DieTesseract

Great work, you have a solution for bot players?

5

Re: PvPGN Firewall - DieTesseract

I believe that not posible via Hex code - Its something related with the patch of the d2gs and scanning process.

Admin / Owner Project:

== OldServers Argentina ==

6

Re: PvPGN Firewall - DieTesseract

al tut work fine, but how to add files (1.13c) and other txt to debian folder.

7

Re: PvPGN Firewall - DieTesseract

The 1.13c files are in the D2GS folder inside the home of the user, like I say in the post.-

And what .txt file are you talking about ?

Admin / Owner Project:

== OldServers Argentina ==

8

Re: PvPGN Firewall - DieTesseract

I have a modified d2gs.exe file
I need to import, it's version 1.13c

9

Re: PvPGN Firewall - DieTesseract

You need to create a Shared Folder, like say in the post, and reeplace al the files you want in the D2GS folder:

- Copy your D2GS files and all that stuff, for example in VirtualBox to create a shared folder you add in the program, and then in a terminal in root mode write:

mount -t vboxsf FolderNAME /home/USER/share

Where FolderNAME it's the name of the shared folder, and USER you put the name of the username you create in the virtual machine.-

Admin / Owner Project:

== OldServers Argentina ==

10

Re: PvPGN Firewall - DieTesseract

I followed everything step by step
But I can not create games


https://forums.pvpgn.pro/uploads/images/2017/08/17/d2loader1.13c_2017-08-17_11-48-49.png

11

Re: PvPGN Firewall - DieTesseract

You enter via Telnet and put maxgames 100 ? - Sometimes the regedit value of maxgames not apply

Admin / Owner Project:

== OldServers Argentina ==

12

Re: PvPGN Firewall - DieTesseract

If that doesn't work it looks like your D2GS isn't hooked up correctly to PvPGN.

Owner of SlashDiablo - One of the oldest and most well known Diablo II servers
Admin of Resurgence - Vanilla++ mod
Co-Founder of Hellforged - Diablo 09 built on 1.13 engine (current work in progress)
Founder of Diablo2.org - Dedicated Discord server for PvPGN/D2GS questions

13

Re: PvPGN Firewall - DieTesseract

This option increases the ping on the server

14

Re: PvPGN Firewall - DieTesseract

Depends on escenario, if you are making a NAT its imposible to have more lag because its internal - Make a ping to the NAT IP will be <1ms
If you are using two publics ip's its OK because you are using internet.-
Another escenario but very imposible it's the virtual machine was extreme slow - But how much ping difference you have ?

Admin / Owner Project:

== OldServers Argentina ==

15

Re: PvPGN Firewall - DieTesseract

I have a virtual private serve rBasic:

Properties:
1 vCore
3,1 GHz
2 GB de RAM
25 GB

16

Re: PvPGN Firewall - DieTesseract

You have the virtual machine inside that VPS ?

Admin / Owner Project:

== OldServers Argentina ==

17

Re: PvPGN Firewall - DieTesseract

GecKoTDF wrote:

You have the virtual machine inside that VPS ?

Yes, but work fine

18

Re: PvPGN Firewall - DieTesseract

Can't be any reason to have more lag using a D2GS inside the virtual machine - To be sure, make a ping to the internal IP of the D2GS the "NAT" IP - But im very sure you are going to have <1 ms -
How much ms difference you have with normal D2GS and in a Virtual Machine ?

Admin / Owner Project:

== OldServers Argentina ==

19

Re: PvPGN Firewall - DieTesseract

Congratulations and thanks for the tutorial, I'm going to try it right now

I've heard that in tesseract d2gs it's possible to check the Patch_D2.mpq and don't let the user enter games with wrong patch, there's a way to do this ?

Diablo II Evolution
The first with a truly connected auction house

20

Re: PvPGN Firewall - DieTesseract

b1n wrote:

Congratulations and thanks for the tutorial, I'm going to try it right now

I've heard that in tesseract d2gs it's possible to check the Patch_D2.mpq and don't let the user enter games with wrong patch, there's a way to do this ?

Thats not part of the versioncheck.conf ?

Admin / Owner Project:

== OldServers Argentina ==

21

Re: PvPGN Firewall - DieTesseract

GecKoTDF wrote:
b1n wrote:

Congratulations and thanks for the tutorial, I'm going to try it right now

I've heard that in tesseract d2gs it's possible to check the Patch_D2.mpq and don't let the user enter games with wrong patch, there's a way to do this ?

Thats not part of the versioncheck.conf ?

Pretty sure that versioncheck just checks the Game.exe file

Diablo II Evolution
The first with a truly connected auction house

22

Re: PvPGN Firewall - DieTesseract

Oh thats true - Well this method will not work to check the patch version because this only check the hex code of packets

Admin / Owner Project:

== OldServers Argentina ==

23

Re: PvPGN Firewall - DieTesseract

I've successfully installed in two servers running Windows Server 2016 + Virtual Box with your Debian, very easy to setup. Soon I'll post some results about runing this

Got some problems in another machine, this one with Windows Server 2008, any idea what's the problem?

http://www.d2evo.com/imgs/mstsc_2017-10-01_02-01-01.png

http://www.d2evo.com/imgs/mstsc_2017-10-01_12-09-09.png

After this it freezes in a black screen.

Diablo II Evolution
The first with a truly connected auction house

24

Re: PvPGN Firewall - DieTesseract

b1n wrote:

I've successfully installed in two servers running Windows Server 2016 + Virtual Box with your Debian, very easy to setup. Soon I'll post some results about runing this

Got some problems in another machine, this one with Windows Server 2008, any idea what's the problem?

http://www.d2evo.com/imgs/mstsc_2017-10-01_02-01-01.png

http://www.d2evo.com/imgs/mstsc_2017-10-01_12-09-09.png

After this it freezes in a black screen.

Looks like its searching a device, probably a floppy, or DVD unit, or something like that.-
Or its not mounting a disk - You must check probably its something related with that server.

Admin / Owner Project:

== OldServers Argentina ==

25

Re: PvPGN Firewall - DieTesseract

strangee.. with me it works!

Diablo 2 Online

Itens - Armory - Market - Clans - Builds - Planner

26

Re: PvPGN Firewall - DieTesseract

Character disconnected after transferring gold, there's any log of the blocked and rejected connections?

[video]

Diablo II Evolution
The first with a truly connected auction house

27

Re: PvPGN Firewall - DieTesseract

this proxy developed by GecKoTDF in Linux not as simple as it seems, each server has to adapt its filter rules, otherwise it can happen these problems, even more when you use modified patch. sad

Added: 06.10.2017 09:52

when I say modified patch.. I mean not only the MPQ files, but the DLLs that work with game.exe

Diablo 2 Online

Itens - Armory - Market - Clans - Builds - Planner

28

Re: PvPGN Firewall - DieTesseract

Feofilaktt wrote:

this proxy developed by GecKoTDF in Linux not as simple as it seems, each server has to adapt its filter rules, otherwise it can happen these problems, even more when you use modified patch. sad

Added: 06.10.2017 09:52

when I say modified patch.. I mean not only the MPQ files, but the DLLs that work with game.exe

I've just modified the patch_d2.mpq and players use the d2gfx.dll that allows multiple screens, just that

There's a way to identify if the packets crashing my d2gs are attacks or patch problems?

Just the first ladder of my server has been without d2gs crashes, there's several months with d2gs crashes almost every day..
thanks

Diablo II Evolution
The first with a truly connected auction house

29

Re: PvPGN Firewall - DieTesseract

b1n wrote:

I've just modified the patch_d2.mpq and players use the d2gfx.dll that allows multiple screens, just that

There's a way to identify if the packets crashing my d2gs are attacks or patch problems?

Just the first ladder of my server has been without d2gs crashes, there's several months with d2gs crashes almost every day..
thanks

I also do not know an exact way to identify problems in d2gs

my experiences, when it is attack, a log is almost always generated in D2GS-Hack.txt, but not always..

if it is a patch problem, you can use the "d2txtanalyser" tool to find any possible failures in your *.TXT files

As we commented in another post, most of the attacks come from Argentina sad

What's your experiences hosting a PVPGN?
https://forums.pvpgn.pro/viewtopic.php?id=1858

Diablo 2 Online

Itens - Armory - Market - Clans - Builds - Planner

30

Re: PvPGN Firewall - DieTesseract

b1n, if you are capturing and saving all your packet sends, then it should be easy.

I'd use something like PeerBlock to train what connections you have coming through and also manually track your logs. When it does get attacked and crashed, it'll be easy to line up the timestamps, nuke the IP, boom.

Is there a particular reason you want the exact packets? If it is being attached, it should be easy to see.  PM if you need any further help.

Owner of SlashDiablo - One of the oldest and most well known Diablo II servers
Admin of Resurgence - Vanilla++ mod
Co-Founder of Hellforged - Diablo 09 built on 1.13 engine (current work in progress)
Founder of Diablo2.org - Dedicated Discord server for PvPGN/D2GS questions

31 (edited by b1n 31.10.2017 03:38)

Re: PvPGN Firewall - DieTesseract

Feofilaktt wrote:
b1n wrote:

I've just modified the patch_d2.mpq and players use the d2gfx.dll that allows multiple screens, just that

There's a way to identify if the packets crashing my d2gs are attacks or patch problems?

Just the first ladder of my server has been without d2gs crashes, there's several months with d2gs crashes almost every day..
thanks

I also do not know an exact way to identify problems in d2gs

my experiences, when it is attack, a log is almost always generated in D2GS-Hack.txt, but not always..

if it is a patch problem, you can use the "d2txtanalyser" tool to find any possible failures in your *.TXT files

As we commented in another post, most of the attacks come from Argentina sad

What's your experiences hosting a PVPGN?
https://forums.pvpgn.pro/viewtopic.php?id=1858

in the past people said that would be certainly patch problems.. but after all those conversations I'm seeing that it's not sure it is patch problems.. I through that if it was the patch it will crash always with the same action of anyone, but that doesn't happen in this way..

Meanski wrote:

b1n, if you are capturing and saving all your packet sends, then it should be easy.

I'd use something like PeerBlock to train what connections you have coming through and also manually track your logs. When it does get attacked and crashed, it'll be easy to line up the timestamps, nuke the IP, boom.

Is there a particular reason you want the exact packets? If it is being attached, it should be easy to see.  PM if you need any further help.

All i want is a stable server sad
The reason to know the packets it's to see if is there any patch problems or if its really attack problems, I don't have this answer yet

Yeah I'll pm you to know more about that, unfortunately I'm dummy at linux and advanced network settings, I'm just a civil engineer aficionado by this game haha

Diablo II Evolution
The first with a truly connected auction house

32

Re: PvPGN Firewall - DieTesseract

b1n wrote:
Feofilaktt wrote:
b1n wrote:

I've just modified the patch_d2.mpq and players use the d2gfx.dll that allows multiple screens, just that

There's a way to identify if the packets crashing my d2gs are attacks or patch problems?

Just the first ladder of my server has been without d2gs crashes, there's several months with d2gs crashes almost every day..
thanks

I also do not know an exact way to identify problems in d2gs

my experiences, when it is attack, a log is almost always generated in D2GS-Hack.txt, but not always..

if it is a patch problem, you can use the "d2txtanalyser" tool to find any possible failures in your *.TXT files

As we commented in another post, most of the attacks come from Argentina sad

What's your experiences hosting a PVPGN?
https://forums.pvpgn.pro/viewtopic.php?id=1858

in the past people said that would be certainly patch problems.. but after all those conversations I'm seeing that it's not sure it is patch problems.. I through that if it was the patch it will crash always with the same action of anyone, but that doesn't happen in this way..

Meanski wrote:

b1n, if you are capturing and saving all your packet sends, then it should be easy.

I'd use something like PeerBlock to train what connections you have coming through and also manually track your logs. When it does get attacked and crashed, it'll be easy to line up the timestamps, nuke the IP, boom.

Is there a particular reason you want the exact packets? If it is being attached, it should be easy to see.  PM if you need any further help.

All i want is a stable server sad
The reason to know the packets it's to see if is there any patch problems or if its really attack problems, I don't have this answer yet

Yeah I'll pm you to know more about that, unfortunately I'm dummy at linux and advanced network settings, I'm just a civil engineer aficionado by this game haha

I have the same problem, but I made new iptables rules and all ok not more crash, but there another problem after 1 day or 2 maybe the D2GS.exe gets stuck. the exe still runs but gets stuck,here are the log d2gs_deactive: game server  (id: 3) deactived (0 left)

33

Re: PvPGN Firewall - DieTesseract

@gonza_450

What rules you create?

Admin / Owner Project:

== OldServers Argentina ==

34

Re: PvPGN Firewall - DieTesseract

Other PvPGN members also have this problem. It takes me between 10-15 days to halt the D2GS process.

I improved the performance of my D2GS after reviewing the files in my Patch and re-emphasizing an auto-restart on D2GS every 3 days.

I have almost no problems with my D2GS.

Diablo 2 Online

Itens - Armory - Market - Clans - Builds - Planner

35

Re: PvPGN Firewall - DieTesseract

Yes I restart the process 1 time per day the PVPGN and the D2GS and check if the PVPGN have players logged if they are dont reset until go to 0

Admin / Owner Project:

== OldServers Argentina ==

36

Re: PvPGN Firewall - DieTesseract

This lines doesnt work on my Debian Server:

#Block HACK
iptables -A INPUT -p tcp --dport 4000 -m string --hex-string '|FF01|' --algo bm -j DROP

#Block overhead chat
iptables -A INPUT -p tcp --dport 4000 -m string --hex-string '|1400|' --algo bm -j REJECT

I have Debian + D2GS on wine.
Command iptables -L show this rules but "small chat under chars" in game still works.

37

Re: PvPGN Firewall - DieTesseract

Update the download Links.

Well the overhead Chat code it's not the best I recommend disable, and now @meanski create a more powerfull tool and works better I belive, it's here:

D2GS Admin

https://forums.pvpgn.pro/viewtopic.php?id=2058

Admin / Owner Project:

== OldServers Argentina ==

38

Re: PvPGN Firewall - DieTesseract

This is a different way to windows server users tested on Windows Server 2019
Hi i tried D2Gs Admin but it didnt work, didnt block the full package, only the first 2bytes of the code, i did another one
it autostarts the process of D2GS defined the location inside the source code, so i share it compiled and the source code

Copy and paste in your browser
prnt.sc/mu6JzZGmKJ-_

Cannot post 2 links, so
https://www.mediafire.com/file/zpexqsw1 … l.zip/file
Source Code:

import pydivert
import threading
import subprocess
import time
import psutil
import ctypes
import json

log_file = "blocked_packets.log"  # Specify the log file path
ban_duration = 300  # Ban duration in seconds
banned_ips_file = "banned_ips.json"  # File to store banned IPs

# Set the window title
ctypes.windll.kernel32.SetConsoleTitleW("Revenge Firewall")

# Load banned IPs from file
def load_banned_ips():
    try:
        with open(banned_ips_file, "r") as f:
            return json.load(f)
    except (FileNotFoundError, json.JSONDecodeError):
        return {}

# Save banned IPs to file
def save_banned_ips(banned_ips):
    with open(banned_ips_file, "w") as f:
        json.dump(banned_ips, f)

# Initialize banned IPs dictionary
banned_ips = load_banned_ips()

def block_packet(packet, w):
    payload = bytes(packet.tcp.payload)
    if packet.tcp.dst_port == 4000 and payload.startswith(b'\xff\x01'):
        source_ip = packet.src_addr
        if source_ip in banned_ips:
            ban_start_time = banned_ips[source_ip]
            ban_elapsed_time = time.time() - ban_start_time
            if ban_elapsed_time < ban_duration:
                # IP is still banned, don't send the packet
                print(f"IP {source_ip} is banned. Packet dropped.", flush=True)
                return
            else:
                # Ban duration has elapsed, remove the IP from the banned list
                del banned_ips[source_ip]
                save_banned_ips(banned_ips)

        # Log blocked packet and source IP
        log_message = f"Blocked packet: {payload}\nSource IP: {source_ip}\n"
        with open(log_file, "a") as f:
            f.write(log_message)

        # Display blocked packet and source IP
        print(log_message, flush=True)

        # Ban the source IP
        banned_ips[source_ip] = time.time()
        save_banned_ips(banned_ips)

        # Do not send the packet to effectively block it

    else:
        # Allow the packet to pass through
        w.send(packet)

def packet_capture():
    print("Starting packet capture...")
    with pydivert.WinDivert("tcp.DstPort == 4000") as w:
        for packet in w:
            block_packet(packet, w)

# Start packet capture in a separate thread
packet_capture_thread = threading.Thread(target=packet_capture)
packet_capture_thread.start()

print("Scanning packets on port 4000...")

# Continuously check if the process is running and restart if necessary
while True:
    process_name = "D2GS.exe"

    # Check if the process is running
    process_running = any(
        proc.name() == process_name for proc in psutil.process_iter()
    )

    if not process_running:
        # Restart the process
        process_path = r"C:\Users\Mantenimiento\Desktop\Server\D2GS\D2GS.exe"
        try:
            subprocess.Popen(
                process_path,
                shell=True,
                stdout=subprocess.PIPE,
                stderr=subprocess.PIPE,
                creationflags=subprocess.CREATE_NEW_CONSOLE,
            )
            print(f"Process '{process_name}' restarted.")
        except subprocess.CalledProcessError:
            print(f"Failed to restart process '{process_name}'.")

    # Wait for a few seconds before checking again
    time.sleep(5)

39

Re: PvPGN Firewall - DieTesseract

MayhemARG wrote:

This is a different way to windows server users tested on Windows Server 2019
Hi i tried D2Gs Admin but it didnt work, didnt block the full package, only the first 2bytes of the code, i did another one
it autostarts the process of D2GS defined the location inside the source code, so i share it compiled and the source code

Copy and paste in your browser
prnt.sc/mu6JzZGmKJ-_

Cannot post 2 links, so
https://www.mediafire.com/file/zpexqsw1 … l.zip/file
Source Code:

import pydivert
import threading
import subprocess
import time
import psutil
import ctypes
import json

log_file = "blocked_packets.log"  # Specify the log file path
ban_duration = 300  # Ban duration in seconds
banned_ips_file = "banned_ips.json"  # File to store banned IPs

# Set the window title
ctypes.windll.kernel32.SetConsoleTitleW("Revenge Firewall")

# Load banned IPs from file
def load_banned_ips():
    try:
        with open(banned_ips_file, "r") as f:
            return json.load(f)
    except (FileNotFoundError, json.JSONDecodeError):
        return {}

# Save banned IPs to file
def save_banned_ips(banned_ips):
    with open(banned_ips_file, "w") as f:
        json.dump(banned_ips, f)

# Initialize banned IPs dictionary
banned_ips = load_banned_ips()

def block_packet(packet, w):
    payload = bytes(packet.tcp.payload)
    if packet.tcp.dst_port == 4000 and payload.startswith(b'\xff\x01'):
        source_ip = packet.src_addr
        if source_ip in banned_ips:
            ban_start_time = banned_ips[source_ip]
            ban_elapsed_time = time.time() - ban_start_time
            if ban_elapsed_time < ban_duration:
                # IP is still banned, don't send the packet
                print(f"IP {source_ip} is banned. Packet dropped.", flush=True)
                return
            else:
                # Ban duration has elapsed, remove the IP from the banned list
                del banned_ips[source_ip]
                save_banned_ips(banned_ips)

        # Log blocked packet and source IP
        log_message = f"Blocked packet: {payload}\nSource IP: {source_ip}\n"
        with open(log_file, "a") as f:
            f.write(log_message)

        # Display blocked packet and source IP
        print(log_message, flush=True)

        # Ban the source IP
        banned_ips[source_ip] = time.time()
        save_banned_ips(banned_ips)

        # Do not send the packet to effectively block it

    else:
        # Allow the packet to pass through
        w.send(packet)

def packet_capture():
    print("Starting packet capture...")
    with pydivert.WinDivert("tcp.DstPort == 4000") as w:
        for packet in w:
            block_packet(packet, w)

# Start packet capture in a separate thread
packet_capture_thread = threading.Thread(target=packet_capture)
packet_capture_thread.start()

print("Scanning packets on port 4000...")

# Continuously check if the process is running and restart if necessary
while True:
    process_name = "D2GS.exe"

    # Check if the process is running
    process_running = any(
        proc.name() == process_name for proc in psutil.process_iter()
    )

    if not process_running:
        # Restart the process
        process_path = r"C:\Users\Mantenimiento\Desktop\Server\D2GS\D2GS.exe"
        try:
            subprocess.Popen(
                process_path,
                shell=True,
                stdout=subprocess.PIPE,
                stderr=subprocess.PIPE,
                creationflags=subprocess.CREATE_NEW_CONSOLE,
            )
            print(f"Process '{process_name}' restarted.")
        except subprocess.CalledProcessError:
            print(f"Failed to restart process '{process_name}'.")

    # Wait for a few seconds before checking again
    time.sleep(5)

Nicee job!

Diablo 2 Online

Itens - Armory - Market - Clans - Builds - Planner

40

Re: PvPGN Firewall - DieTesseract

Feofilaktt wrote:

Nicee job!

Thanks, but the revious code is outdated, here is the one updated one working better.
https://github.com/jcerutti/PythonFirewallD2GS

41

Re: PvPGN Firewall - DieTesseract

Hi Guys! I tested the MayhemARG and works like a charm.
I update the first guide, with new information.

Good Luck!

Admin / Owner Project:

== OldServers Argentina ==

42

Re: PvPGN Firewall - DieTesseract

GecKoTDF wrote:

Hi Guys! I tested the MayhemARG and works like a charm.
I update the first guide, with new information.

Good Luck!

Thanks, the next update will be config files, for those who doesn't know wich line to edit, maybe something like a config.json or yaml, both works hah.

the zip file you added are for those who doesnt know how to install pip addons on python the script can be run straight from cmd with admin privileges it's better than the .exe version. and the exe version will be discontinued.

43 (edited by GecKoTDF 25.05.2023 23:05)

Re: PvPGN Firewall - DieTesseract

I see.

Well the .exe version in my personal experience with users, it's more simple and safe.
For example im using Windows Server 2016, and runs fine, without need to install nothing.
And because it's a .exe file I can add it into the Game Panel and start it with the server.

If the .exe dissapear will be need it detailed instructions for scratch to get Python installed, and how to install all the pre-requisites, because the 80% of the users don't know this.

About the config file, I think the most simple way it's a .cfg file, where you set the variables like
BAN_DURATION, BANNED_IPS_FILE, etc. To avoid edit the original .py file and destroy something in the process.
Add a variable to the Folder Path of the D2GS.exe.
The chance to enable or disable the process monitoring, because some people do it with another software.
And probably another .cfg file to set different payloads like:

\xFF\x01
\xFF\x02
\xFF\x03

Because some people have modded versions of the game, more custom and some Hex code can change.

Thanks for your time.

P.D: Igual te hablo en ingles para que el resto entienda, sino despues nos putean y nos comemos el bansito ahre.

Admin / Owner Project:

== OldServers Argentina ==

44

Re: PvPGN Firewall - DieTesseract

GecKoTDF wrote:

I see.

Well the .exe version in my personal experience with users, it's more simple and safe.
For example im using Windows Server 2016, and runs fine, without need to install nothing.
And because it's a .exe file I can add it into the Game Panel and start it with the server.

If the .exe dissapear will be need it detailed instructions for scratch to get Python installed, and how to install all the pre-requisites, because the 80% of the users don't know this.

About the config file, I think the most simple way it's a .cfg file, where you set the variables like
BAN_DURATION, BANNED_IPS_FILE, etc. To avoid edit the original .py file and destroy something in the process.
Add a variable to the Folder Path of the D2GS.exe.
The chance to enable or disable the process monitoring, because some people do it with another software.
And probably another .cfg file to set different payloads like:

\xFF\x01
\xFF\x02
\xFF\x03

Because some people have modded versions of the game, more custom and some Hex code can change.

Thanks for your time.

P.D: Igual te hablo en ingles para que el resto entienda, sino despues nos putean y nos comemos el bansito ahre.

Updated github with those changes you mentioned before, and updated Readme with the dependencies to run it from windows server 2019, should work for any windows S.o
config.json for basic configs, and payloads.json for the payload settings, also an example-payloads.json to add multiple payloads to block.

https://github.com/jcerutti/PythonFirewallD2GS

Saludos genio, no vi que tambien eras argentino jajaja.

45

Re: PvPGN Firewall - DieTesseract

MayhemARG wrote:
GecKoTDF wrote:

I see.

Well the .exe version in my personal experience with users, it's more simple and safe.
For example im using Windows Server 2016, and runs fine, without need to install nothing.
And because it's a .exe file I can add it into the Game Panel and start it with the server.

If the .exe dissapear will be need it detailed instructions for scratch to get Python installed, and how to install all the pre-requisites, because the 80% of the users don't know this.

About the config file, I think the most simple way it's a .cfg file, where you set the variables like
BAN_DURATION, BANNED_IPS_FILE, etc. To avoid edit the original .py file and destroy something in the process.
Add a variable to the Folder Path of the D2GS.exe.
The chance to enable or disable the process monitoring, because some people do it with another software.
And probably another .cfg file to set different payloads like:

\xFF\x01
\xFF\x02
\xFF\x03

Because some people have modded versions of the game, more custom and some Hex code can change.

Thanks for your time.

P.D: Igual te hablo en ingles para que el resto entienda, sino despues nos putean y nos comemos el bansito ahre.

Updated github with those changes you mentioned before, and updated Readme with the dependencies to run it from windows server 2019, should work for any windows S.o
config.json for basic configs, and payloads.json for the payload settings, also an example-payloads.json to add multiple payloads to block.

https://github.com/jcerutti/PythonFirewallD2GS

Saludos genio, no vi que tambien eras argentino jajaja.

Just FYI, I think you meant to send Gecko a private message but you reported the post instead :-)

Owner of SlashDiablo - One of the oldest and most well known Diablo II servers
Admin of Resurgence - Vanilla++ mod
Co-Founder of Hellforged - Diablo 09 built on 1.13 engine (current work in progress)
Founder of Diablo2.org - Dedicated Discord server for PvPGN/D2GS questions

46

Re: PvPGN Firewall - DieTesseract

Meanski wrote:
MayhemARG wrote:
GecKoTDF wrote:

I see.

Well the .exe version in my personal experience with users, it's more simple and safe.
For example im using Windows Server 2016, and runs fine, without need to install nothing.
And because it's a .exe file I can add it into the Game Panel and start it with the server.

If the .exe dissapear will be need it detailed instructions for scratch to get Python installed, and how to install all the pre-requisites, because the 80% of the users don't know this.

About the config file, I think the most simple way it's a .cfg file, where you set the variables like
BAN_DURATION, BANNED_IPS_FILE, etc. To avoid edit the original .py file and destroy something in the process.
Add a variable to the Folder Path of the D2GS.exe.
The chance to enable or disable the process monitoring, because some people do it with another software.
And probably another .cfg file to set different payloads like:

\xFF\x01
\xFF\x02
\xFF\x03

Because some people have modded versions of the game, more custom and some Hex code can change.

Thanks for your time.

P.D: Igual te hablo en ingles para que el resto entienda, sino despues nos putean y nos comemos el bansito ahre.

Updated github with those changes you mentioned before, and updated Readme with the dependencies to run it from windows server 2019, should work for any windows S.o
config.json for basic configs, and payloads.json for the payload settings, also an example-payloads.json to add multiple payloads to block.

https://github.com/jcerutti/PythonFirewallD2GS

Saludos genio, no vi que tambien eras argentino jajaja.

Just FYI, I think you meant to send Gecko a private message but you reported the post instead :-)

no bro, it was a reply haha, he asked for some configs and i made them.

47 (edited by GecKoTDF 01.06.2023 01:29)

Re: PvPGN Firewall - DieTesseract

Update first post!

Added: 30.05.2023 20:23

Upload version v1.1 with some changes

- Improve comments and part of the code
- Improve main screen information
- Add 6112 temporary ban for Hex Codes like RedVex
- Update Readme to the new information
- Add a .BAT to start the Firewall more simple (like in admin mode)
- Add example file for the payloads.json

File attached in the first post.

Admin / Owner Project:

== OldServers Argentina ==

48

Re: PvPGN Firewall - DieTesseract

GecKoTDF wrote:

Update first post!

Added: 30.05.2023 20:23

Upload version v1.1 with some changes

- Improve comments and part of the code
- Improve main screen information
- Add 6112 temporary ban for Hex Codes like RedVex
- Update Readme to the new information
- Add a .BAT to start the Firewall more simple (like in admin mode)
- Add example file for the payloads.json

File attached in the first post.

Nice updates, I lost my telegram account that's why I didn't answered there anymore haha create a request on the GitHub and I'll update the code there or i can give you access to the GitHub and keep the base version and this one

49

Re: PvPGN Firewall - DieTesseract

MayhemARG wrote:

Nice updates, I lost my telegram account that's why I didn't answered there anymore haha create a request on the GitHub and I'll update the code there or i can give you access to the GitHub and keep the base version and this one

Great, I send you a Private Message.

Admin / Owner Project:

== OldServers Argentina ==

Posts: 49

Pages 1

You must login or register to post a reply

Who now at forum

Currently view post: 0 guests, 0 registered users

forums.pvpgn.pro → [EN] Diablo → PvPGN Firewall - DieTesseract