dagid4

Citizen
I was playing a little bit with the first retail Ultima Online 1.25.0 release and found some info willing to share:

The login client keys doesn't follow the known algorithm. I had to find them via disassembly:
Login Encryption Key #1: 0xF1A372D5
Login Encryption Key #2: 0x3A1FD527

Otherwise, the encryption algorithm works (Decrypt_Old). The packet protocol is following:
  1. Client -> 4 bytes seed
  2. Client -> 0x80: Account Login
  3. Server -> 0xA8: Account Login Ack
Now the biggest problem. I have verified in the disassembled packet table that there is no 0xA8 packet:

Packet table:
Packet  Size
0x00    100
0x01    5
0x02    3
0x03    dynamic
0x04    2
0x05    5
0x06    5
0x07    7
0x08    14
0x09    5
0x0A    11
0x0B    266
0x0C    dynamic
0x0D    3
0x0E    dynamic
0x0F    61
0x10    215
0x11    dynamic
0x12    dynamic
0x13    10
0x14    6
0x15    9
0x16    1
0x17    dynamic
0x18    dynamic
0x19    dynamic
0x1A    dynamic
0x1B    37
0x1C    dynamic
0x1D    5
0x1E    4
0x1F    8
0x20    19
0x21    8
0x22    2
0x23    26
0x24    7
0x25    20
0x26    5
0x27    2
0x28    5
0x29    1
0x2A    5
0x2B    2
0x2C    2
0x2D    17
0x2E    15
0x2F    10
0x30    5
0x31    1
0x32    2
0x33    2
0x34    10
0x35    653
0x36    dynamic
0x37    8
0x38    7
0x39    9
0x3A    dynamic
0x3B    dynamic
0x3C    dynamic
0x3D    2
0x3E    37
0x3F    dynamic
0x40    201
0x41    dynamic
0x42    dynamic
0x43    553
0x44    713
0x45    5
0x46    dynamic
0x47    11
0x48    73
0x49    93
0x4A    5
0x4B    9
0x4C    dynamic
0x4D    dynamic
0x4E    6
0x4F    2
0x50    dynamic
0x51    dynamic
0x52    dynamic
0x53    2
0x54    12
0x55    1
0x56    11
0x57    110
0x58    106
0x59    dynamic
0x5A    dynamic
0x5B    4
0x5C    2
0x5D    73
0x5E    dynamic
0x5F    49
0x60    5
0x61    9
0x62    15
0x63    13
0x64    1
0x65    4
0x66    dynamic
0x67    21
0x68    dynamic
0x69    dynamic
0x6A    3
0x6B    9
0x6C    18
0x6D    3
0x6E    14
0x6F    dynamic
0x70    28
0x71    dynamic
0x72    5
0x73    2
0x74    dynamic
0x75    35
0x76    16
0x77    16
0x78    dynamic
0x79    9
0x7A    dynamic
0x7B    2
0x7C    dynamic
0x7D    13
0x7E    2
0x7F    dynamic
0x80    62
0x81    dynamic
0x82    2
0x83    39
0x84    69
0x85    2
0x86    dynamic
0x87    dynamic
0x88    66
0x89    dynamic
0x8A    dynamic
0x8B    dynamic
0x8C    11
0x8D    dynamic
0x8E    dynamic
0x8F    dynamic
0x90    19
0x91    65
0x92    dynamic
0x93    98
0x94    dynamic
0x95    9
0x96    dynamic
0x97    2
0x98    dynamic
0x99    26
0x9A    dynamic
0x9B    258
0x9C    309
0x9D    51
0x9E    dynamic
0x9F    dynamic
0xA0    3
0xA1    9
0xA2    9
0xA3    9
0xA4    149

I can't figure out what packet to send next :( I was digging through old emulators (UO98, Fuse 0.97, UOX build 19), but had no luck. They all use the 0xA8 packet. So I'm lost. Any hints?
 

PyrO

Moderator
Nvm I was stupid and tired, read the sentence wrong on the packet ;D its just the flag 0x5D noth another packet. My bad :D
 
OP
dagid4

dagid4

Citizen
Nvm I was stupid and tired, read the sentence wrong on the packet ;D its just the flag 0x5D noth another packet. My bad :D
I was trying all the flags :) 0x5D, 0xFF, 0xCC, 0x64, it doesn't work. The point is that this version of client doesn't know 0xA8 packet (otherwise it would be in the packet table). The login sequence must have been different in those old days.
 
OP
dagid4

dagid4

Citizen
I was reading through UO98 forum and come to this thread A few tidbits | JoinUO Forums

Guy called Kair uploaded an archive with all packets descriptions. It is really comprehensive :) and it contains description for 0x81 packet:

Packet 0x81:
0x81 - Login OK
---------------
Client->Server:No
Server->Client:Yes
Length:dynamic

byte 0x81
short size
byte numCharacters
byte serverFlags = 0xCD

loop x 5
{
    char[0x1E] charName
    char[0x1E] charPass
}

byte numServers
loop x numServers
{
    byte serverID
    char[0x10] serverName
}
    
byte numStartingLocs
loop x numStartingLocs
{
    byte cityID
    char[0x1F] cityName
    char[0x1F] tavernName
}

I haven't tried yet, but I think that this is the missing packet.