Tibia-Wireshark-Plugin icon indicating copy to clipboard operation
Tibia-Wireshark-Plugin copied to clipboard

Published 20 hours ago verified publisher icon a3f

New Wireshark versions crashes

Open Source61 opened this issue 5 years ago • 5 comments
trafficstars

New Wireshark versions at least >= 3.2.8 are crashing when loading Tibia rsa keys settings. Also the RSA decryption doesn't seem to work for me using custom RSA keys.

Source61 avatar Oct 31 '20 14:10 Source61

I can't reproduce this locally with either current master (https://github.com/wireshark/wireshark/commit/9ac8dcb3a124eb42c57d4c0aa8d626ff1fefbb4e) or v3.2.8 (https://github.com/wireshark/wireshark/commit/8c208b7f257de50613e1e6a09a5b221f284883a0). Could you describe the steps to reproduce?

I tested with 1077.pcap.gz and OTServ privat key:

"192.236.132.181","7171","/home/a3f/prjs/Game-Tibia-Chess/share/otserv.private",""

RSA decryption worked for me with Try OTServ's RSA key unchecked.

a3f avatar Nov 02 '20 21:11 a3f

@a3f No real steps to reproduce involved, every single vanilla wireshark version >= 3.2.8 release with this plugin pre-installed crashes when adding/setting the RSA pem file using your script to generate. I don't want to publicly release my private key or my server's IP, but can make you a recording of wireshark crashing if you'd like me to.

Source61 avatar Nov 13 '20 17:11 Source61

Created a new PEM using I believe default otserv primes, same result - wireshark crashing (Preferences -> Protocols -> Tibia -> Edit RSA Keys -> Add -> Details -> Ok -> Crash). PEM file: http://paste.debian.net/1172349/

Source61 avatar Nov 13 '20 17:11 Source61

Update: Tried your PEM key, Wireshark still crashing when adding it. To be clear Wireshark works fine until I try to add a PEM key under the Tibia protocol tab. No capturing involved, just settings...

Source61 avatar Nov 15 '20 13:11 Source61

I forgot to add that I'm running Windows. Wireshark with your plugin used to work for me when I was running Linux, but I can't run Linux anymore with my new laptop. Here's a video recording of the persistent crashing after adding a keyfile: https://i.imgur.com/pGexN2A.mp4 To recover Wireshark I have to run Wireshark 2.6 and delete the key from there since it doesn't crash, but lacks newer functionality, including detecting required adapters for my captures. Here's the pem keyfile I used in the recording: https://github.com/Source61/scripts/blob/master/a3f.pem

Either way I don't think I actually need the plugin for my own use currently, would've just been nice to have especially earlier, thought I'd let you know about the issue just in case.

Source61 avatar May 23 '21 12:05 Source61