--- permalink: /posts/writeups/2 title: Implementing a CK3 Private Peer-to-Peer Multiplayer Server - Part 1 - Intercepting Client/Server Exchange categories: - Write Up tags: - write up - ck3 - mitm - reverse engenering layout: default.liquid is_draft: true --- ## Implementing a CK3 Private Peer-to-Peer Multiplayer Server - Part 1 - Intercepting Client/Server Exchange ### Reason for the project #### Issues: * Official CK3 multiplayer suffers from performance issues, particularly with long loading times. * If official servers are discontinued or unsupported, multiplayer functionality will be lost. #### Goal: Provide a peer-to-peer solution that improves multiplayer performance and eliminates dependency on Paradox’s servers. ### Enumeration In this initial phase, we will document and gather information to reverse-engineer the protocol exchange between the CK3 game client and Paradox’s servers. This will allow us to implement own private server for the game. ### Identify Logs Location Logs related to the client can be useful during the development of the server. To locate the relevant log files for Crusader Kings 3, run the following command in our home directory: ```bash $ find -iname "*.log" | grep -i Crusader ./.local/share/Paradox Interactive/Crusader Kings III/logs/gui_warnings.log ./.local/share/Paradox Interactive/Crusader Kings III/logs/message.log ./.local/share/Paradox Interactive/Crusader Kings III/logs/memory.log ./.local/share/Paradox Interactive/Crusader Kings III/logs/code_revisions.log ./.local/share/Paradox Interactive/Crusader Kings III/logs/database_conflicts.log ./.local/share/Paradox Interactive/Crusader Kings III/logs/dedicated_server.log ./.local/share/Paradox Interactive/Crusader Kings III/logs/system.log ./.local/share/Paradox Interactive/Crusader Kings III/logs/callstacks_hotjoin.log ./.local/share/Paradox Interactive/Crusader Kings III/logs/error.log ./.local/share/Paradox Interactive/Crusader Kings III/logs/randomlog_hotjoin.log ./.local/share/Paradox Interactive/Crusader Kings III/logs/text.log ./.local/share/Paradox Interactive/Crusader Kings III/logs/setup.log ./.local/share/Paradox Interactive/Crusader Kings III/logs/profile.log ./.local/share/Paradox Interactive/Crusader Kings III/logs/game.log ./.local/share/Paradox Interactive/Crusader Kings III/logs/debug.log ``` We identified that the logs are located in ```~/.local/share/Paradox Interactive/Crusader Kings III/logs```. These logs will be useful for identifying client errors comming for implementation of our server. ### Monitor Server Communication To implement our own server, we need to reverse-engineer the protocol between the CK3 client and the server. In order to do that we need to monitor the communication and understand the messages being exchanged. However, this communication is typically encrypted to protect data confidentiality, integrity, and authenticity. To overcome this, we set up a Man-in-the-Middle (MITM) proxy. A MITM proxy intercepts and decrypts the traffic between the client and the server, allowing us to inspect and analyze the data being exchanged. The proxy acts as an intermediary between the client and the server, where the client communicates with the MITM proxy instead of the actual server. The proxy, in turn, forwards the data to the real server. By doing so, we can capture, read, and log the messages that are passed, even if they are encrypted. This setup allows us to observe not only the clear and encrypted communication between the client and server. By analyzing this data, we can gather the necessary information to reverse-engineer the protocol, which is crucial for building our own server implementation. 1. Setup the [mitmproxy](https://mitmproxy.org/) in SOCKS5 mode: ```bash $ mitmweb --mode socks5 [14:20:26.195] SOCKS v5 proxy listening at *:1080. [14:20:26.197] Web server listening at http://127.0.0.1:8081/ ``` 2. Add the MITM Proxy Certificate to the Trusted Certificate Store The MITM Proxy uses a self-signed certificate that must be added to our trusted certificate store (for more info, see TODO). To obtain the certificate, follow these steps: * Set up Firefox to use the MITM proxy: - Go to **Settings** → **Network Settings** → **Manual Proxy Configuration** - Set **SOCKS Host** to `127.0.0.1` and **Port** to `1080`. * In the MITM proxy web interface (http://127.0.0.1:8081/), navigate to **File** → **Install Certificates**. Follow the instruction for your system. In our case Archlinux: - Download the certificate file ( `mitmproxy-ca-cert.pem` for linux). - Then add certificate as trusted ca system wide (for archlinux): ```bash $ sudo trust anchor --store mitmproxy-ca-cert.pem ``` * After downloading the certificate, return to Firefox and reset the network configuration: - Go to **Settings** → **Network Settings** → **Use System Proxy Settings**. 3. Redirect CK3 Traffic Through the Proxy Then we need to redirect the ck3 application trafic througt MITM the proxy. To redirect only the traffic of CK3 we use [nsproxy](https://github.com/nlzy/nsproxy). ```nsproxy``` (namespace proxy) is a Linux-specific command-line tool, that makes applications force to use a specific SOCKS5 or HTTP proxy. ```bash $ nsproxy -s 127.0.0.1 -p 1080 ./ck3 ``` If you're not aware of the location of the CK3 binary, we can always use the following command to find its location: ```bash $ find . -iname "*.log" | grep -i Crusader ``` 4. Analyze the Communication In the MITM proxy web interface ([http://127.0.0.1:8081/](http://127.0.0.1:8081/)), we can now observe the game client’s requests. Interestingly, we observe that multiplayer communication occurs over a WebSocket connection. Therefore, the next step is to study the exchanges within this WebSocket to understand the protocol. ## Conclusion We have gained the ability to capture and analyze the data exchanged between CK3 clients and the multiplayer server, which will be essential for reverse-engineering the protocol. This information will be crucial for beginning the implementation of our own server. In the next phase, we will delve deeper into the communication to reverse-engineer the protocol before starting the development of our own implementation.