- Notifications
You must be signed in to change notification settings - Fork13
A public repo for hacky diep stuff - networking protocol, WebAssembly, memory editing, & physics
License
cx88/diepssect
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
This a public repo for hacky diep stuff, including networking protocol, WebAssembly, memory editing, & physics.
I started working on this back in the summer of 2017, with the goal of deciphering the diep.io protocol. Unfortunately the developer started updating the game for a while, and each time the memory layout and protocol is shuffled. But since now it's been months since the last update now, I'm starting to work on it again.
If you make any discoveries, pull requests are welcome! You can also message me on my Discord server atdiscord.gg/8gvUd3v.
All of the userscripts are found in theuserscripts folder, but you can also install them by just clicking. They all should be able to run in harmony, with the exception ofdpma.js, which should not be combined withhexedit.js ordiep-pl.js.
https://cx88.github.io/diepssect/dpma/dpma.user.js
dpma.js- A WIP script that allows both editing memory and packets.diep-pl.js- A diep packer logger, used for deciphering the protocol.hexedit.js- A script that allows memory editing.injector.js- A script that inject itself into diep'sbuild_*.jsfor exporting and replacing variables.nsfsk.js- Test script. Currently does nothing.
There are other browser or node.js scripts, which can be found in thescripts folder.
You can getdiep-pl.js and use it in TemperMonkey. Press F12 to view all short cuts, but it include features like Alt+Z to dump log to console.
The progress in packets are split into 4 categories. Unknown means that the structure of the packet is not yet completely understood. Structured means that the structure of the packet is known, but the specific details are not know yet. Mapped means that the packet is currently completely decoded, but it will change every update and must be mapped again. Done means that the packet has a know and static or extremely predictable mapping, enough to be automated.
Although data is represented in many ways, there are only six primary encodings. You can find information on all of them in thescripts/coder.js file.
| Name | Description | Size |
|---|---|---|
| Float | A floating point number | 4 |
| Int | A little-endian integer | 4 |
| Varint | A signed 32 bit integer | 1+ |
| Varuint | An unsigned 32 bit integer | 1+ |
| Varfloat | A float casted to a varint | 1+ |
| String | A null terminated string | 1+ |
Many packets are already completely deciphered. Some packet types have a known structure, but contain tables or mappings that are unknown and possible to figure out through manual trial-and-error. A few are completely unknown and deemed impossible without reverse engineering.
| ID | Description | Status |
|---|---|---|
00 | init | Done |
01 | input | Done |
02 | spawn | Done |
03 | upgrade build | Mapped |
04 | upgrade tank | Mapped |
05 | echo | Done |
06 | Unknown | |
07 | extension found | Structured |
08 | clear death | Done |
09 | take tank | Done |
Serverbound packets are generally easy to dissect, most having few if any arguments. The only exception to this is the01 packet, which is in the following format:01 vu(flags) vf(mouseX) vf(mouseY) (vx(movementX) vy(movementY))?
The flags are as below, starting with the least significant bit:
- left mouse
- up key
- left key
- down key
- right key
- god mode
- suicide
- right mouse
- instant upgrade
- use gamepad
- switch class
- constant of true
Note that the movement arguments are only added when using gamepads.
| ID | Description | Status |
|---|---|---|
00 | update | Structured |
01 | outdated client | Done |
02 | compressed update | Structured |
03 | message | Done |
04 | server status | Done |
05 | echo | Done |
06 | party link | Done |
07 | ready | Done |
08 | achievements | Structured |
09 | invalid link | Done |
0a | player count | Done |
Although most clientbound packets are as easy as the serverside packets. There are two main extremely complicated ones,00 and02, which I'll explain inCLIENTBOUND.md.
Here are some repos about the protocol. Unfortunately, most of the information there especially about the details of the00 packet is either outdated or incorrect.
- https://github.com/firebolt55439/Diep.io-Protocol
- https://github.com/FlorianCassayre/diep.io-protocol
Diep.io usesEmscripten withWebAssembly. This means that unlike most .io games, diep is written not in JavaScript but rather C++. This means that the code cannot be easily read, and will be difficult to comprehend even when disassembled.
Aside from the generatedbundle_*.js (formerlyd.js), diep also havec.js (originallycompressed) which controls input data.
You can gethexedit.js and use it in TemperMonkey. Six vectors with static memory addresses have been included, and you can find their information in the comments.
You can getdiep-pl.js and use it in TemperMonkey. Press F12 to view all short cuts, but it include features like Alt+X to pause updated, Alt+Q to view motion frame by frame, and Alt+M to enable debug mode which show raw health up to 6 digits.
Althoughdpma.js will replacediep-pl.js eventually, currently you can combine both scripts and the entity box should work and display all visible entities. The entity with the highest ID, which is usually the last created entity, will be blue. You'll need to ignore the hidden entities near the center, which are your barrels.
Here's a very useful page with lots of stuff about diep's physics.