Intercept Mabinogi’s connection — Wireshark newb practice

Incentive is everything

Incentive is everything

While I was playing an MMORPG called Mabinogi, I forgot to read a quest objective/book which contained important flavor text. I have already completed the quest.

I am a lore person.
I couldn’t bear it.

The problem is that this game is niche. There’s no such site like https://www.wowhead.com/ which contains everything datamined.

I need to see the flavor text.

Seeking for path

First, I decided to unpack the data files of Mabinogi, see if I can find any localized description text. Fortunately, somebody already wrote it.

After a brief checking of data structure, I managed to find a localized file and the UID of the item.

I mean, itemdb.Taiwan.txt is not really obfuscated.

And by checking the respective itemdb.xml, I found something weird.

Ehh, html?

The weird html file is nowhere to be seen in the data files of Mabinogi.
I’m fairly sure that all the data packages had been fully reverse-engineered a long time ago, and it hasn’t changed since.

What now?

The Eureka Moment

Well, I must have ignored something really important. It didn’t take long until the lightning bolt struck me.

What if the client asked it from server?

Although it seems very weird not to include it in local files, it’s still possible. Don’t forget this game is damn old, it doesn’t even have a proper pathing algorithm of its 3D map.

Yeah, bingo.

I simply bought another book-item, and I was able to see the http get request from the client. That means, by simply replacing the url with what you’ve found in the itemdb.xml, you are able to see the context of the book you want.

Thank god I don’t have to deal with client authentication. It accepts any browser connection.

http://tw.tbook.mabinogi.gamania.com/book_rest_6.html

Here’s the book. 深林中的戀人。

這樣奇幻圖書館的書籍就能被補充完全了。徵求各位巴哈的有心人幫忙補完！畢竟不是每個人都有空在這邊解包找item UID然後wireshark瑪奇連線。

Disclaimer: I did not break the EULA of Mabinogi. I did not modify the client or the connection between Mabinogi Client and Server. I just observe it. Fair gaming everyone.

This research is for educational purposes, as I’m an infosec student.