Further information regarding this client will be published to my research site: https://sites.google.com/site/ultimaonlineoldpackets/

I've been working with the T2A client from the initial retail release. This CD can be found here: http://mirror.ashkantra.de/joinuo/Clients/1.25.35 (T2A)/ . The image I worked with is the one named T2A_US_FULL_114B.iso .

Client Executable Info
Name: client.exe
MD5 Hash: 1033e32ffd80c16b8af4a6904e7a4544
SHA1 Hash: d91f8307941f21b40c48484659e46ee2e23337ad
Login Encryption Key #1: 0x383477BC
Login Encryption Key #2: 0x02345CC6
Login Encryption Algorithm: Reference the POL source code, method LoginCrypt:: Decrypt_Old
Game Server Encryption: Same as Login Encryption (see details below)
Login Data Compression: None
Game Data Compression: Standard UO Huffman

Notes about the Supplied Patches
Before applying the below patches, verify the hashes! Applying these patches to a client who's original hash value does not match the above is certain to result in failure.

Each patch is given in two different formats. The first gives the offset of each byte to replace and the value to replace it with. The second gives a string of bytes to search for and another string of bytes to replace it with. This search string is unique within the client file. Only one form of each patch should be applied.

Multi-Client Patch

Offset Format:
Code:
0x544D8=0xEB
0x973B9=0xEB

String Replacement Format:
Code:
3DB7000000751C=3DB7000000EB1C
15B8624B003BC67418=15B8624B003BC6EB18

Encryption Removal Patch
Offset Format:
Code:
0x88A3A=0xEB

String Replacement Format:
Code:
020085C98BCA747B=020085C98BCAEB7B
 
Last edited:
I am working on an experimental UO server emulator written in NodeJS. I have the architecture complete and am starting to implement. So now I'm working towards my personal pet project, which is to build as old-school of a shard as I possibly can without game breaking client bugs.

I'd like to get hold of a pre-T2A client that is fully patched, but I seem to have exhausted those efforts. So I'm targeting T2A retail release.
 
Nice, sounds like an interesting project (and a lot of hard work)!

If you're interested in the mechanics of the era, UO Second Age has had years and years of research put into it and their forums are a great source of information taken from many users' research when it comes to T2A mechanics.

The UO demo (dated mid 1998) can also shed light on many mechanics. Grimoric has some of the decompiled scripts hosted here, but afaik noone has cracked the core which contains a lot of important information. There was a long running UO Demo project called UO98 which was worked on by Batlin, Derrick, Kaivan and others, which eventually resulted in a half finished, full blown UO server with all the official code from UO in July 1998. However very few people still have the server files and those that do seem unwilling to share it.
 
Ask Richard Garriott, who knows, he might have the files(he is a hoarder) but the question would be " Can he give them without worry of legal issues" I know Richard supports the free shards, It's worth a shot right?
 
The folks over at Second Age are great, but I'm not really interested in being 100% accurate. Rather I am interested in taking what I think were the motivations and goals of the design team and re-implementing them through a more modern game design lens. I think UO had a great thing going in those early days, but there were so many unknowns and so many untested paths that the first iteration was destined to be lab experiment we saw play out during those first few years. A large section of the free shard community saw something that really compelled them during that era. I want to take a stab at implementing those compelling ideas in a different way.

Also, the server architecture I am working on is 100% open source and built to be extraordinarily easy to extend (without modifying the upstream code, that's a big lesson I've learned from ServUO). So if someone wants to use this work as a basis for an era-accurate project they should be able to re-use most of the nitty-gritty stuff like packet handlers and such.

Also, I'm getting comfy with a decompiler now and am hot on the trail of the encryption code. With this kind of tooling it's actually easier than what I used to do, which was reverse engineer 8-bit NES games.
 
Aaaaaaaaaaaaand... encryption is broken :) At least the login encryption. I am feeling much more confident now.

I am going to continue working with this to see if there is a separate encryption method for the game server. There is one report on the Second Age forums that the 1.25 series clients used the same rotation cipher method for both, but I was skeptical of that. Now that I have analysed the code and isolated the cipher key encryption, I see there are 126 separate methods that end with feeding a buffer into this method. And every buffer starts with a unique single byte that aligns with the older packet guides. So I'm beginning to be hopeful that this is in fact the only encryption method in use. I should have confirmation soon, I just have to write a login server right quick :)

Finally I'd like to say that ServUO is still my focus. A few people have contacted me in private to ask if I am still staffing for ServUO, and the answer is yes. This is my side project that I work on when I get burnt out on ServUO. I've been working on it off and on since January. There's just not been anything worth publicly discussing until now.

Edit: Also supplied the byte string search and replace method of each patch. This is how some patchers like UODecryptor work.
 
Last edited:
I've got the client connected to a game server now and confirmed that not only does this client version have no other forms of encryption, it also performs no compression. The original post has been updated to reflect all currently known information.
 
I have removed some of the information that has proven to be inaccurate. No further updates will be made here. Please refer to the research page linked for future updates.
 
Back