<

h2>Shiren Authori Server Functions

chg:

This is the action sent when the client requests to change the password associated with a user account. It sends three variables:

• Serial: The serial number connected to the current running Shiren client
• oldPass: Current password
• newPass: Requested new password

The server should fetch the serial number, check if the old password matches the current database entry and update it if it does.

reg:

This action is sent when a user attempts to validate their serial number.

• Serial: The serial number the user wants to associate with his client
• yourName: This is the username associated with the serial number
• yourPass: This is the password associated with the serial number.

If all match up with database data, the server should return a positive reply. If the client receives a positive reply, it adds the serial number to the registry and disables the registration menu until a time when the server begins rejecting the serial number.

aut:

This is the basic authorization request. The server is regularly pounded with this request throughout gameplay. It occurs at least when Shiren loads, when you enter a dungeon and when you leave it. The last call appears to be linked to the call made to the ranking server. Without a positive return from the authori server, the game will not hit ranking.

• Serial: The serial number the user claims as his own
• yourName: The username the user claims as his own
• counter: Unknown use. All logs show this value to always be null (int 0).
• check1: This appears to be a password verification. It’s some kind of encryption to match, but we have not figured out the type yet.
• check2: This appears to be a password verification. It’s some kind of encryption to match, but we have not figured out the type yet.

There are two possible outputs to all the above actions. Return data is sent as standard HTML:

Successful action:

<HTML>
<HEAD>
<meta HTTP-EQUIV=”Content-Type” CONTENT=0>
<meta HTTP-EQUIV=”Content-Type” CONTENT=”text/html; charset=”EUC-JP>
<title>authori.php</title>
</HEAD>
<!–
Shiren authentication system 89a0uKT2
–>
<!–
result=success
–>
<BODY>
OK<BR>
</BODY>
</HTML>

Failed action:

<HTML>
<HEAD>
<meta HTTP-EQUIV=”Content-Type” CONTENT=0>
<meta HTTP-EQUIV=”Content-Type” CONTENT=”text/html; charset=”EUC-JP>
<title>authori.php</title>
</HEAD>
<!–
Shiren authentication system 89a0uKT2
–>
<!–
result=fail
–>
<BODY>
ERROR<BR>
</BODY>
</HTML>

Decoding Variables

byuu figure out the string decoding system. It’s a simple substitution that can be handled in PHP with the strtr function.

So far we know the substitution tables for the TOKE and SPAW variables sent from the game client to the server.

SPAW has been completely tested. TOKE is still unclear, and we have not isolated what data it contains. It is possible our decode line for it is incorrect.


function decode($type, $str) {
  if($type == "spaw")
    $salt = "BCDEFGHIJKSTUVWX";
  else if($type == "toke")
    $salt = "ABCDEFGHIJRSTUVW";
  $str = strtr($str, $salt, "0123456789ABCDEF");
  return $str;
}