Last Friday, I was in a boring class with Hime, and we were talking
about our school's network. We pointed that it would be interesting
to know what IP address is atributed to a certain student.
The network works as follow (for students): we are given an IP address through DHCP, then we connect to the school's VPN, where we get a different IP address. This IP address's PTR record contains the student's LDAP login.
The first thing that came to my mind was to start Wireshark, and see if some packets could help us identify what physical IP address matches with what VPN IP address. It did not, but instead, we found something pretty interesting that was broadcasted to the whole network...
At this point, we did not know what corresponded this packet, but
we roughly knew what it was about: SweetLuck is playing on
We set up a wireshark filter to find more about those packets, and some familiar nicks showed up. ("Minimon", "Miwakage", "Boku") They are student from a different class who play Hearthstone. To see the packets better, I wrote a PHP script (And Hime wrote one in Ruby) that listened to a given port, and reported the packets it receives.
Those packets are sent by Hearthstone to advertise when a player is
online in the neighborhood. (It has a "Player next to me" features
even though you must be connected to play.)
Since those packets are CSV, we tried to understand what informations they contained. To do so, we took a real packet, and sent them to a player who would then tell us the outcome.
Now that we know how the packets work, we started broadcasting few of them to send Hearthstone players a message ;)
We also noted that it is possible to make players lag by sending
them many players with LONG name (no buffer overflows :( ).
It seems that if the name is longer than 10k chars, the game will
disable this feature until you restart the game.
Sending a nick with a NULL byte will glitch the name, and print XML-like tags.
Even though it was not complicated reversing this "protocol", it was fun, and the courses sure got faster. Now, it may be interesting to gather more datas, and use them to extract informations from them: how long an average battle starts, if the what courses are the most favourable for a game of Hearthstone (according to the students), or who ragequits the most ;)