Dofus: update detection to version 3.X (#2852)

See #2827
author: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> 2025-05-25 20:06:12 +0200
committer: GitHub <noreply@github.com> 2025-05-25 20:06:12 +0200
commit: 03e1e593d137eebf94c0741b12178c528ee950e3 (patch)
tree: 4556e8967624a6038f2e9be90e61658ae564afa0 /src/lib
parent: 46dff3474e5c6df46ed2dafc476070fc2e3076f6 (diff)
3 files changed, 11 insertions, 92 deletions
diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc
index 0a54ad490..25b2a225d 100644
--- a/src/lib/ndpi_content_match.c.inc
+++ b/src/lib/ndpi_content_match.c.inc
@@ -1756,6 +1756,10 @@ static ndpi_protocol_match host_match[] =
 
    { "kick.com",                                       "Kick", NDPI_PROTOCOL_KICK, NDPI_PROTOCOL_CATEGORY_VIDEO, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
 
+   { "ankama.com",                                     "Dofus", NDPI_PROTOCOL_DOFUS, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL},
+   { "ankama-games.com",                               "Dofus", NDPI_PROTOCOL_DOFUS, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL},
+   { "dofus-touch.com",                                "Dofus", NDPI_PROTOCOL_DOFUS, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL},
+
 #ifdef CUSTOM_NDPI_PROTOCOLS
 #include "../../../nDPI-custom/custom_ndpi_content_match_host_match.c.inc"
 #endif
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index bb287d2d6..6adebf900 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -1520,7 +1520,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
 			  "Crossfire", NDPI_PROTOCOL_CATEGORY_RPC, NDPI_PROTOCOL_QOE_CATEGORY_UNSPECIFIED,
 			  ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
-  ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DOFUS,
+  ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DOFUS,
 			  "Dofus", NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_QOE_CATEGORY_ONLINE_GAMING,
 			  ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
diff --git a/src/lib/protocols/dofus.c b/src/lib/protocols/dofus.c
index 109a5d5a6..d87763d88 100644
--- a/src/lib/protocols/dofus.c
+++ b/src/lib/protocols/dofus.c
@@ -41,102 +41,17 @@ static void ndpi_search_dofus(struct ndpi_detection_module_struct *ndpi_struct,
 
   NDPI_LOG_DBG(ndpi_struct, "search dofus\n");
 
-  /* Dofus v 1.x.x */
-  if (packet->payload_packet_len == 13 && get_u_int16_t(packet->payload, 1) == ntohs(0x0508)
-      && get_u_int16_t(packet->payload, 5) == ntohs(0x04a0)
-      && get_u_int16_t(packet->payload, packet->payload_packet_len - 2) == ntohs(0x0194)) {
-    ndpi_dofus_add_connection(ndpi_struct, flow);
-    return;
-  }
-  if (flow->l4.tcp.dofus_stage == 0) {
-    if (packet->payload_packet_len == 3 && memcmp(packet->payload, "HG", 2) == 0
-        && packet->payload[packet->payload_packet_len - 1] == 0)
-      goto maybe_dofus;
-
-    if (packet->payload_packet_len == 12 && memcmp(packet->payload, "Af", 2) == 0
-        && packet->payload[packet->payload_packet_len - 1] == 0)
-      goto maybe_dofus;
-
-    if (packet->payload_packet_len == 35 && memcmp(packet->payload, "HC", 2) == 0
-        && packet->payload[packet->payload_packet_len - 1] == 0)
-      goto maybe_dofus;
-
-    if (packet->payload_packet_len > 2 && packet->payload[0] == 'A'
-        && (packet->payload[1] == 'x' || packet->payload[1] == 'X')
-        && packet->payload[packet->payload_packet_len - 1] == 0) 
-      goto maybe_dofus;
-
-    if (packet->payload_packet_len > 2 && memcmp(packet->payload, "Ad", 2)
-        && packet->payload[packet->payload_packet_len - 1] == 0)
-      goto maybe_dofus;
-
-  }
-  if (flow->l4.tcp.dofus_stage == 1) {
-    if (packet->payload_packet_len == 11 && memcmp(packet->payload, "AT", 2) == 0
-	&& packet->payload[10] == 0x00) {
-      ndpi_dofus_add_connection(ndpi_struct, flow);
-      return;
-    }
-    if (packet->payload_packet_len == 5
-        && packet->payload[0] == 'A' && packet->payload[4] == 0x00 
-	&& (packet->payload[1] == 'T' || packet->payload[1] == 'k')) {
+  /* Dofus 3 */
+  if(ntohs(flow->c_port) == 5555 || ntohs(flow->s_port) == 5555) {
+    if(packet->payload_packet_len > 3 &&
+       packet->payload[0] + 1 == packet->payload_packet_len &&
+       packet->payload[1] == 0x0a &&
+       packet->payload[2] + 2 ==  packet->payload[0]) {
       ndpi_dofus_add_connection(ndpi_struct, flow);
-      return;
     }
   }
-  /* end Dofus 1.x.x */
 
-
-  /* Dofus 2.0 */
-  if ((packet->payload_packet_len == 11 || packet->payload_packet_len == 13 || packet->payload_packet_len == 49)
-      && get_u_int32_t(packet->payload, 0) == ntohl(0x00050800)
-      && get_u_int16_t(packet->payload, 4) == ntohs(0x0005)
-      && get_u_int16_t(packet->payload, 8) == ntohs(0x0005)
-      && packet->payload[10] == 0x18) {
-    if (packet->payload_packet_len == 13
-	&& get_u_int16_t(packet->payload, packet->payload_packet_len - 2) != ntohs(0x0194)) {
-      goto exclude;
-    }
-    if (packet->payload_packet_len == 49 && ntohs(get_u_int16_t(packet->payload, 15)) + 17 != packet->payload_packet_len) {
-      goto exclude;
-    }
-    ndpi_dofus_add_connection(ndpi_struct, flow);
-    return;
-  }
-  if (packet->payload_packet_len >= 41 && get_u_int16_t(packet->payload, 0) == ntohs(0x01b9) && packet->payload[2] == 0x26) {
-    u_int16_t len, len2;
-    len = ntohs(get_u_int16_t(packet->payload, 3));
-    if ((len + 5 + 2) > packet->payload_packet_len)
-      goto exclude;
-    len2 = ntohs(get_u_int16_t(packet->payload, 5 + len));
-    if (5 + len + 2 + len2 == packet->payload_packet_len) {
-      ndpi_dofus_add_connection(ndpi_struct, flow);
-      return;
-    }
-  }
-  if (packet->payload_packet_len == 56
-      && memcmp(packet->payload, "\x00\x11\x35\x02\x03\x00\x93\x96\x01\x00", 10) == 0) {
-    u_int16_t len, len2;
-    len = ntohs(get_u_int16_t(packet->payload, 10));
-    if ((len + 12 + 2) > packet->payload_packet_len)
-      goto exclude;
-    len2 = ntohs(get_u_int16_t(packet->payload, 12 + len));
-    if ((12 + len + 2 + len2 + 1) > packet->payload_packet_len)
-      goto exclude;
-    if (12 + len + 2 + len2 + 1 == packet->payload_packet_len && packet->payload[12 + len + 2 + len2] == 0x01) {
-      ndpi_dofus_add_connection(ndpi_struct, flow);
-      return;
-    }
-  }
-exclude:
   NDPI_EXCLUDE_DISSECTOR(ndpi_struct, flow);
-  return;
-
-maybe_dofus:
-  flow->l4.tcp.dofus_stage = 1;
-  NDPI_LOG_DBG2(ndpi_struct, "maybe dofus\n");
-  return;
-
 }
 
 void init_dofus_dissector(struct ndpi_detection_module_struct *ndpi_struct)
author	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2025-05-25 20:06:12 +0200
committer	GitHub <noreply@github.com>	2025-05-25 20:06:12 +0200
commit	03e1e593d137eebf94c0741b12178c528ee950e3 (patch)
tree	4556e8967624a6038f2e9be90e61658ae564afa0 /src/lib
parent	46dff3474e5c6df46ed2dafc476070fc2e3076f6 (diff)