Difference between revisions of "Packets"
m (→Armory Authorization (146.1): Adds additional deauth methods) |
Studenterhue (talk | contribs) (→Armory Authorization (146.1): Remove mention of Captain's auth disk deauthing Armory. That was added when PR #18275 was testmerged, but now that it's no longer testmerged, that is no longer possible) |
||
Line 701: | Line 701: | ||
The armory will reply with a packet containing a different <code>acc_code</code> than what you sent it. This new code is <code>netpass_security</code>. This netpass is needed to open lockers via packets. | The armory will reply with a packet containing a different <code>acc_code</code> than what you sent it. This new code is <code>netpass_security</code>. This netpass is needed to open lockers via packets. | ||
Beware, only the [[Head of Security | Beware, only the [[Head of Security]] or a packet (shown below) can unauthorize the armory. | ||
You can unauthorize the armory via sending the following packet once armory is authorized. | You can unauthorize the armory via sending the following packet once armory is authorized. |
Revision as of 07:04, 9 April 2024
Welcome to the art of packets. Many of the machines you see in the game use radio signals, commonly called "packets" or more rarely just "signals", to perform certain functions. The art of intercepting and crafting your own signals for various purposes is called "packet-hacking". Packet hacking is a very powerful tool which can be used to escape or break into places, among other uses.
Rules
Hack responsibly!
Like mechanical hacking, packet-hacking is not in of itself a violation of the rules or a crime Security could persecute you for. It is not considered Grief in the same way, say, bombing something could be, and you do not need to be antagonist to use packets.
However, if you use packet-hacking to commit crime, e.g. using packets to break into the Research Sector, then crew are well within their right to try to stop you, and Security is allowed to punish you for it.
In addition, if you use packet-hacking to break into sensitive places (e.g. AI Upload, Security in general, Armory specifically), steal vital job equipment (e.g. the Captain's spare ID), or commit other borderline Grief acts, you can be yelled at by an Admin or even banned from the game for a while, especially if you make a habit of doing it.
Packet Tools
Software
SigCatcher
The best way to find signals to decipher is with the program SigCatcher, available on the Network Tools disk. SigCatcher will snag any packet that the computer can detect-- either wired packets sent directly to that computer, or wireless packets when the wireless card is in mode free. The program only has a buffer for one signal at a time though, so you may need to check it frequently. It can run as a program in the background while you mess with other things. SigCatcher has two modes:
- on will display the last packet received.
- auto will grab the first packet it receives, then stops monitoring traffic, ensuring the packet is not overwritten by subsequent network activity.
- save will save the current signal as a file to your computer.
- quit will get you out of the program, but keep it running in the background.
- fquit will end the program entirely.
SigPal
Once you've started deciphering packets, you can begin to make your own using SigPal.
- Add [Key] [Data] is the core to setting up your packets. You need to have the right keys for other machines to understand what you're sending them.
- File lets you add a file to send.
- Remove If you make a mistake, you can't simply overwrite a line, you need to delete it, then add it back.
- New to clear the entire packet.
- View to view your current packet in its entirety.
- Save to save as a signal file.
- Load to load a signal file.
- Send to transmit the packet through the computer's network card.
FROG
Allows you to ping and connect to other terminals in a manner similar to DWAINE. Bear in mind that the Research Mainframe is very occasionally on a physically separate network from the rest of the station. FROG will not recognize a wireless card. You can use this allow a ThinkDOS computer to act like a TermOS terminal, i.e. it can connect to the mainframe.
Ping
Pings and records ping data. Also does not recognize a wireless card.
Hardware
Data Terminal
This is the physical link to the wired network. A computer must be built on top of it to access that network. The most obvious and accessible data terminal is in Tech Storage, but many more can be found around the station, and they are under all of the existing ThinkDOS computers. The mechanics can make more, but must be able to properly wire them to the network.
Packet Sniffer
Found in Tech Storage. Capable of detecting all packets sent on the wired network it is attached to. Looks and functions like a powersink-- just screw it onto a data terminal and it will begin scanning. There is not much data on the main network of the station besides that which comes from the communications dish, but other interesting data may be found by setting up the sniffer on the Engineer or Research networks.
Important note for packet sniffers: The packet sniffer spaces out the various fields in a packet. If you want to copy them for your own use in, say, some Mechanics deathtrap, remove the spaces after the semicolons.
Powernet-networking Component
Found in the MechComp Dispenser, the PowerNet Component when connected to a wired network via a data terminal lets you send messages to the wired network and receive messages to your mechanic components. It allows you to do things like controlling a DWAINE Terminal using a button.
Network Diagnostics Cart
This cart can accomplish many of the same tasks as the network tools disk, but from your PDA. It features a ping tool, a packet sniffing tool, a packet sender, and a packet crafting tool. The range on the packet sniffer can be adjusted from close to far. The packet crafting tool does not have the 26 character string limit that SigPal does, allowing more complicated messaging.
Packet Formatting
A typical signal might look like this:
[command] [text_message]
[message] [What is your favorite pony]
[sender_name] [Weedgoku420]
[address_1] [02001921]
[sender] [02002276]
Each line of the signal consists of two items, the first item identifying the type of data, the second item identifying the actual data. This packet can be broken down as such:
[command] [text_message]
This tells the PDA that this command is a text message. This is just one of many commands available.
[message] [What is your favorite pony]
This is the text of the message. Note that a computer can handle a maximum of 26 characters.
[sender_name] [Weedgoku420]
This is what the sender's name will appear as in the message. No verification of this is done whatsoever, so the PDA will happily display whatever is written in the signal file. The limitation is again 26 characters.
[address_1] [02001841]
This is the network ID of the PDA the message will be going to.
[sender] [02002872]
This is the network ID of the PDA sending the message.
Creating packets
Packets can be created in TermOS by using the following command:
echo field=value|nfield2=value2|nfield3=value3
To store the packet as a file on the mainframe:
echo ... ^ /home/pjones/filename
To send a file (like a packet!) to your terminal, so you can send it with file_send
or print it with file_print
, save the file to the /mnt/term
directory:
cp /home/pjones/filename /mnt/term/x
If you just need to get the file right away, you can simply save the file in /mnt/term
right away:
echo ... ^ /mnt/term/foo
Any packet you send must have both a sender ID and an address. In mode net and on wired networks, the sender ID must correspond to your network module's number-- you can check that using the periph view command. Other data can be spoofed-- for instance, in sending a text message, you could change the sender name to whatever you want and make security think a Blob is somehow messaging them.
Any and all packets typed into a terminal are formatted as the following: code=output; - they must always be ended with a semi-colon. For example, command=open;address_1=1234
Sending packets using the mainframe's radio
You can use DWAINE to send out packets over the air. The mainframe's radio has a limited range, though, so it won't reach everything.
- Create a directory for the frequency you want to transmit on. Directories are the four numbers without the decimal point, e.g.
/mnt/radio/1149
for 114.9, by using the commandmkdir /mnt/radio/1149
- If the directory already exists for whatever reason, you can skip this step.
- Craft your packet.
- Optional: Save it if you need to use it more than once. Otherwise, just use
echo
and pipe it directly.
- Optional: Save it if you need to use it more than once. Otherwise, just use
- Copy or move your crafted packet to the folder you created, e.g.
copy packet /mnt/radio/1149
orecho ... ^ /mnt/radio/1149/packet
If it worked, the packet you crafted should automatically be sent out by the radio. You can use the Packet Sniffer program on your PDA to confirm.
Spoofing the login packet
Faking a login involves a few specific steps. You'll generally always need a valid ID of any kind to do the initial login, though.
- Log into the mainframe (insert your card and
term_login
) - Craft a login packet
- Send the crafted packet back to your terminal
- Either enter
su
for admin rights, or disconnect and reconnect to log in as a completely different user - Instead of using
term_login
, usefile_send
to send the packet you saved earlier - You are now logged in with your forged user
The login packet looks like this:
registered=Pubbie Jones
assignment=Staff Assistant
access=
, followed by a (semicolon? comma?)-separated list of rights — every access in the ID computer has a different one. The important one forsu
access is 34.
Applying all of the above to create the packet and register it for file_send
:
echo registered=Pubbie Jones|nassignment=Staff Assistant|naccess=34 ^ /mnt/term/loginpacket
Keep in mind that you shouldn't use this to set the Guardbuddies to purge or other destructive things unless you're a traitor.
Authentication
There are a handful of authentication codes you may or may not need.
The first three are stored on the Authentication Disk, so if you ask nicely maybe the Captain will give it to you.
netpass_heads
: Used for Guardbuddy management, shuttle (re)calling, Armory Authorization, etc.netpass_security
: Used for hacking into lockers. You can also find it by looking through the clone data disks every Security Officer and Head of Security starts with or listening in on Armory Authorization authorization or deauthorization signals.netpass_medical
: Unused.netpass_syndicate
: Exclusively for the Detomatix cart.
Connecting a device to the network
Devices are usually connected to the mainframe, and when disconnected, keep its last address in their memory. This is not the case with devices constructed from blueprints and a soldering iron like the science telepad.
In such cases where there is no previous connected address, you are required to manually connect it to the mainframe.
This requires a button and a powernet component.
- Connect the powernet component to a wired network using a data terminal.
- Connect the button to the powernet component.
- Set the terminal command message as the button value and send it.
The terminal connect message looks like this:
command=term_connect
address_1=mainframe_address
sender=device_address
Example: command=term_connect;address_1=02043924;sender=02054d8a
The packet above will connect the sender device 02054d8a
to the address 02043924
. The sender device will save it as its reconnect address.
Finding the mainframe address can be done by using term_ping mainframe
on a disconnected DWAINE terminal.
Controlling a terminal with MechComp
This lets you use MechComp to send a command to the mainframe as if you were the computer that is connected to the mainframe.
This requires:
- A powernet component.
- A DWAINE Terminal that is already logged into the mainframe
- An input device ( button, signal builder component, etc )
The terminal command message looks like this:
command=term_message
address_1=mainframe_address
sender=dwaine_terminal_address
data=
command that will be sent to the terminal
Example: command=term_message;address_1=02043924;sender=02054d8a;data=echo Hello World!
The packet above will send a message from the DWAINE terminal 02054d8a
to the mainframe 02043924
. The message echo Hello World
will be executed and return Hello World!
.
Using data=ls
would execute the command ls
instead.
Player made scripts can also be executed as long as they are in the current directory of the connected DWAINE Terminal. data=myscript 1 2 3
would execute the script called myscript
with the arguments provided as if you were the one calling it directly from the console.
Wired Network
Stuff on the station network connected by red power cables. Get a list of these by running term_ping
on any TermOS computer that isn't currently connected to something. Not all devices can be connected to via TermOS, though, and some won't reply to pings either. Sneaky!
Important: You can add an argument after running term_ping
which will filter out any responses that do not contain the string. This is much easier than searching through every single device that replies to the ping.
Mainframe (PNET_MAINFRAME)
The good ol' mainframe, usually hanging around the Computer Core. Connect to this to access DWAINE. Pretty much every terminal on the station starts out connected to this.
There are a few of these scattered around the universe, though a lot of them are broken and don't actually work.
AI (MAINFRAME_AI)
The AI. Connecting to this will make the AI see "Direct connection from (02001234)". You can chat with the AI by simply sending messages, and it will be able to reply as long as you're connected — your messages show up like PDA messages and the AI can respond in the same way.
Communications Dish (PNET_COM_ARRAY)
The communications dish, primarily used for calling (or recalling) the shuttle, as well as delivering the often completely inaccurate "threat report" at the start of a round.
Commands
- Call or recall the Emergency Shuttle. Returns
status
=SHUTL_E_DIS
(failed),SHUTL_E_SEN
(called), orSHUTL_E_RET
(recalled).command
:call
orrecall
(call or recall the shuttle; self-explanatory)shuttle_id
:emergency
(the only usable option)acc_code
: The netpass_heads authentication codereason
: optional reason for calling the shuttle
- Transmit something to Centcom or the partner station. Returns
status
=TRANSMIT_E_SUCCESS
orTRANSMIT_E_COOLDOWN
.command
:transmit
transmit_type
:centcom
for messages to centcom orstation
for messages to the partner station.acc_code
: The netpass_heads authentication codetitle
: transmission titledata
: message to transmituser
: user transmitting message
- View / download Centcom messages (generally the "threat report" which is always wildly wrong, sometimes other things).
- Unlike the above commands, these are entered from a terminal connected directly to the array.
command
:term_message
(automatically added if sending from a terminal)data
: The text entered into the terminal, e.g. "command=download&message=1
".command
: One of the following:list
: Lists available messagesdownload
: Sends a message as a file that you can thenfile_print
(etc)
message
: If usingdownload
, a message number
Example raw packet dump:
(sent) address_1=020036fd; command=call; shuttle_id=emergency; acc_code=(Authentication code); sender=0200c069; (recv) command=device_reply; status=SHUTL_E_SEN; address_1=0200c069; sender=020036fd;
Terminals (PNET_ADAPTER)
Other terminals and data terminals on the network, generally. You can direct-connect two TermOS computers together if you want, but there's not much you can really do with that beyond chat back and forth and send files, maybe.
Telepad (PNET_S_TELEPAD)
The Telescience Telepad. There can be more than one of these; you specify which one you want with the -p [0-9]
argument to teleman
.
You can't change the coordinates with just packets. Coordinates are updated by the computer contacting the mainframe, which sends out the command to the telepad with an attached file.
Example raw packet dump:
[18:47:4]:command=term_message; data=command=teleman&args=-p 1 send; address_1=02002182; sender=02001ed4; [18:47:5]:command=term_message; data=command=send&session=746; render; address_1=02001cbd; sender=02002182; [18:47:5]:command=term_message; data=command=ack&session=746; address_1=02002182; sender=02001cbd; [18:48:1]:command=term_message; data=command=OK; render; address_1=02001ed4; sender=02002182; [19:10:1]:command=term_message; data=command=teleman&args=-p 1 receive; address_1=02002182; sender=02001ed4; [19:10:1]:command=term_message; data=command=receive&session=17; render; address_1=02001cbd; sender=02002182; [19:10:1]:command=term_message; data=command=nack&cause=recharge&session=17; address_1=02002182; sender=02001cbd; [19:10:7]:command=term_message; data=command=Telepad is recharging.; render; address_1=02001ed4; sender=02002182; [19:13:3]:command=term_message; data=command=teleman&args=-p 1 receive; address_1=02002182; sender=02001ed4; [19:13:4]:command=term_message; data=command=receive&session=333; render; address_1=02001cbd; sender=02002182; [19:13:4]:command=term_message; data=command=ack&session=333; address_1=02002182; sender=02001cbd; [19:14:0]:command=term_message; data=command=OK; render; address_1=02001ed4; sender=02002182;
Printers (PNET_PRINTDEVC)
Printers. Generally you just write to the /mnt/lp-whatever
folders on the mainframe.
This page is under construction. The following information may be incomplete. Discover if there is a way to directly print to printers |
Databanks (PNET_DATA_BANK)
The data banks that contain all of the information on the mainframe.
GuardBuddy docking station (PNET_PR6_CHARG)
GuardBuddy chargers. These also communicate wirelessly to the buddies; see the section there for more.
Raw packets below. You can see the netpass_heads
authentication code in here as well (3635 Bravo-51).
[37:25:5]:command=term_message; data=_command=add&_freq=1219; render; address_1=020020f4; sender=02002182; [37:25:5]:command=term_message; data=_freq=1219&acc_code=3635 Bravo-501;command=dock_return; render; address_1=020020f4; sender=02002182; [37:25:5]:command=term_message; data=command=status&status=success; address_1=02002182; sender=020020f4; [40:30:1]:address_1=02002182; data=prman upload 0200143B heckle name=titusgettemy; command=term_message; sender=0200b5ce; [49:37:5]:command=term_message; data=command=status&status=ejected&botid=020032dd; address_1=02002182; sender=0200143b;
Some of the commands you can use, as command=#######
:
status
: Gets the status of a buddy docked to this station as a reply:status=nobot
: If you get "nobot", there's no buddy here. You'll get only this for every command.status=########
: The buddy's network identifier.charge=###
: Eithernocell
(no power cell) or a number from 0 to 100 representing the percent of power remaining in the buddy's cell.tool=#####
: The current tool (weapon), or "NONE" if there's no tool installed.deftask=#####
: The default task this buddy runs when it has nothing better to do, or "NONE" if it doesn't have one.curtask=#####
: The current task this buddy is running, or "NONE" if it doesn't have one.
eject
: Boots the buddy out of the docking station.- No reply here. If you didn't get a
nobot
reply, it worked.
- No reply here. If you didn't get a
upload
: Uploads a new task to the buddy. Optionally withoverwrite=?
andnewmodel=?
, which overwrite the current task or default task respectively. Requires a file to be sent along with the data, so good luck spoofing this.- You'll get a reply with
status=upload_success
if the task has been uploaded. - You'll get a reply with
status=badtask
if the task is bad (or missing).
- You'll get a reply with
download
: Downloads a task from the buddy. Usemodel=?
to download the default task, otherwise it'll download the current one.- Replies with
command=taskfile
if it worked. In theory you'll get a file sent to your terminal with the task. What can you do with it? - Replies with
command=status&status=notask
if there's no task to download.
- Replies with
taskinq
: Gets the buddy's currently installed tasks.- Replies with
command=trep
, withdeftask=#####
for the default task andcurtask=#####
for the current task, or "NONE" if there isn't one.
- Replies with
wipe
: Erases the buddy's installed tasks and replaces them with nothing.- Replies with
command=status&status=wipe_success
.
- Replies with
The chargers also occasionally report back to their host (i.e. the mainframe) when things happen. The format of these may not be 100% correct.
command=status&status=ejected&botid=########
: Ejected a buddy.command=status&status=connect&botid=########
: A buddy docked itself or was docked by someone.
Mainframe Radio (PNET_PR6_RADIO)
The radio near the Mainframe. It's mostly used for talking to the GuardBuddy bots when they're away from chargers, but you can do some other stuff with it.
Capturing packets with the power of the mainframe:
- Make a folder for the frequency you want to monitor, e.g.
/mnt/radio/1149
- Periodically
ls /mnt/radio/1149
to see if any packets have appeared cat /mnt/radio/1149/Q2158018
to view packets
The mainframe will capture any packet sent to a frequency that has a directory created.
Note: The actual mechanics behind this are a bit different (there's some communications going on between the mainframe and radio) but for the most part this will get you what you want.
Regardless, raw packet dump example:
[19:41:7]:command=term_message; data=_command=add&_freq=1149; render; address_1=02002303; sender=02002275; [20:03:3]:command=term_message; data=_freq=1149&command=text_message&message=butt&sender_name=fart; render; address_1=02002303; sender=02002275; [45:35:6]:address_1=02002275; data=echo test=butt ^ x; command=term_message; sender=02018e2a; [45:35:6]:command=term_message; data=command=status&status=success; address_1=02002275; sender=02002303; [45:35:6]:command=term_message; data=_freq=1149&test=butt; render; address_1=02002303; sender=02002275;
IR detectors (PNET_IR_DETECT)
IR detectors, usually placed around important things like the Armory and sometimes the AI core.
This page is under construction. The following information may be incomplete. Update info on IR detectors |
Artlab test apparatus (PNET_TEST_APPT)
The various testing apparatuses in the Artifact Lab. Also includes the "Gas Sensors" you see in places like Toxins.
[34:18:5]:command=term_message; data=command=deactivate; render; address_1=02000d04; sender=02000673;
[34:18:5]:command=term_message; data=OK; render; address_1=0200cbf2; sender=02000673;
[34:18:5]:address_1=02000673; data=gptio deactivate elec_box; command=term_message; sender=0200cbf2;
Terminals (SRV_TERMINAL)
The teleport computer for the Telescience telepad. It doesn't communicate directly with the teleport pad, but instead sends commands to the mainframe. If you want to learn to control the science teleporter remotely, these would be the packets you want to sniff out.
Note that a few other things also use this as a tag.
P: [020639b9]-TYPE: SRV_TERMINAL P: [02002d0e]-TYPE: PNET_MAINFRAME
[58:26:4]:command=term_message; data=command=teleman&args=-p 2 coords x=50 y=50 z=4; address_1=02002d0e; sender=020639b9; [58:26:5]:command=term_message; data=command=ack&session=641; address_1=02002d0e; sender=020639b6; [58:26:5]:data=command=set_coords&session=641; address_1=020639b6; command=term_file; sender=02002d0e; [58:27:0]:command=term_message; data=command=teleman&args=-p 2 send; address_1=02002d0e; sender=020639b9; [58:27:1]:command=term_message; data=command=OK; render; address_1=020639b9; sender=02002d0e; [58:27:1]:command=term_message; data=command=send&session=708; render; address_1=020639b6; sender=02002d0e; [58:27:1]:command=term_message; data=command=ack&session=708; address_1=02002d0e; sender=020639b6; [58:27:7]:command=term_message; data=command=OK; render; address_1=020639b9; sender=02002d0e;
Nuclear charge (PNET_NUCCHARGE)
The nuclear charge. Authentication is easily spoofed by using the mainframe's built-in nuke manager, nukeman
. Just use the same packet you used to spoof superuser access when asked to login with an authorized ID, then repeat with two more login packets with superuser, but with one (or both) of the other fields modified. Either the registered= field or the assignment= field.
Hemera VII's main tape doesn't include this, so you'll have to bring a tape of your own with it, "borrow" one of the replacement Master Tapes on the station or use Hemera VII's other tape, which DOES have nukeman.
If you're feeling like a little bit of DIY, you can also connect to the nuke directly and run commands that way. The following commands can be run without any authorization:
status
: Returns the nuke status (whether it's counting down or not) and the time left.settime
: Sets the detonation time. The maximum time is 600 seconds, the minimum is 120.
These commands require the "auth" field of your packet to be set to the correct netpass_heads
:
act
: Activates the nuclear charge, with an accompanying announcement.deact
: Deactivates the nuclear charge, stopping the countdown. Past 10 seconds, you can no longer disarm the nuke- run!
You can also scan the nuclear charge with a Syndicate device analyzer and deploy one elsewhere, if that's more your thing.
Area Power Controllers (PNET_PWR_CNTRL)
The Area Power Controllers attached to the network. They have settings for the equipment, lights, and environmental controls, as well as control of the cover lock. The three power settings can be values from 0 to 3, which represent the following states:
0
: Off1
: Auto (Off)2
: On3
: Auto (On)
APCs start off connected to the mainframe, and as such will only respond to packets they believe came from the mainframe. You'll need to override the sender field or disconnect it with a spoofed term_disconnect
, the latter allowing you to connect directly with a DWAINE terminal. Some of the packets you can use to interact with them look like this:
sender=02003c12; address_1=02006754; command=term_message; data=command=setmode&light=0&environ=0; sender=02003c12; address_1=02006754; command=term_message; data=command=status;
You can use the following commands with data=command=#######
or simply command=#######
if connected by terminal:
status
: Returns the status of the APC, including all the following fields (but unfortunately not the area name):charge=###
: A number from 0 to 100 representing the percent of power remaining in the APC's cellequip=#
: A number from 0 to 3 representing the state of the equipment setting for the APClight=#
: A number from 0 to 3 representing the state of the light setting for the APCenviron=#
: A number from 0 to 3 representing the state of the environmental control setting for the APCcover=#
: A number representing the state of the cover lock, with 1 for engaged and 0 for disengaged
setmode
: This command allows you to control the state of the APC, supplying any of the values you wish to change. You can include settings for any of:equip=#
light=#
environ=#
cover=#
Please note that if you turn off equipment power to the computer core APC, you'll have a difficult time executing any more commands.
Wireless Network
Basically everything you can spoof (aside from PDA messages) will require a address_1
field, indicating the target of the message.
sender
is added automatically to almost every packet-sending device, though apparently you can get away without one by manually crafting a signal and using a wireless computer's free mode (with greatly reduced range).
Wireless Range
This page is under construction. The following information may be incomplete. Confirm that pings still go through Z-levels |
.
These are the PDA Ping ranges. You can imagine it as how far you can drop a PDA dropping and have it still respond. Sending may be similar (or unlimited size?).
min
: 16 tilesmed
: 32 tilesmax
: 64 tiles
Note that pings go through Z-levels! If you manage to pin down a signal but there doesn't seem to be anything there, it's probably in the debris field or in one of the adventure zones. Welp!
Broadcast ranges are only for broadcasting — anything can receive a packet if it's in the broadcast range of the source, even if its own broadcast range is far smaller. If your device has a broadcast range of 64 tiles, and your target device has a range of 16 tiles, the target device will receive your signal as long as you're anywhere within 64 tiles, but you won't receive the device's beyond those 16.
PDAs (114.9)
They're PDAs. You know, the ones almost everyone spawns with.
- Device name:
NET_PDA_51XX
- Broadcast range: ≥ 64 tiles (127 × 127)
Packets:
- Really easy to scan, the Network Tools cartridge defaults to this frequency.
- Snoop on people trying to use PDAs to covertly message people!
Just be sure to get your ID switched to "NSA Operative" firstClear the log regularly so it doesn't clog up with PDA pings.
Packet spoofing:
address_1
: Omit both this andgroup
to broadcast to every PDA in range. Otherwise, set to a PDA's address to send only to that PDA.group
: An alternative toaddress_1
, sending to all PDAs in the specified group. See the 'Groups' section of your PDA's messenger app for some examples.command
: Generallytext_message
, though there are others, including but not limited to:file_send_req
Used to send file send requests, though you can't actually send anything without using the PDA clipboard.file_size
The size of the filefile_ext
The file extension (PPROG, TXT, etc.)file_name
The name of the file
file_send_acc
Used to accept file send requests. Can be spoofed with a ThinkDOS computer on free mode, causing the file to download to the target PDA. Can only accept a valid file send request, and must be sent to the pda that sent the request.file_send
Used to send files after send requests are accepted, doesn't work without an accepted file request.report_pda
The scan function in the PDA messenger.report_reply
Replies toreport_pda
, can be used to change your PDA's name to other people on the messenger
message
: The text you want to send. Surprise!sender_name
: What the name should show up as. Leaving it blank will make PDAs show it as !UNKNOWN!sender_assignment
What the job assignment of the sender should show up as.
Experiment! Maybe you'll find more.
Ruckingenur kits (146.7)
Ruckingenur kits, like the one in the Electronics lab.
- Device name:
NET_RKANALYZER
- Broadcast range: ≥ 64 tiles (127 × 127)
Ruckingenur kits use packets to maintain a distributed database of blueprints and whether or not they're locked. The seven commands documented below are used by the ruck to maintain this database.
Ruckingenur Protocol | |
---|---|
command=SYNCREPLY
|
Sent after SYNC, every kit selects the highest net_id is assigned to be the host This command only accepts packets addressed to TRANSRKIT
|
command=SYNC
|
Every ruck responds with SYNCREPLY and considers the sender as a potential host. The current host is an exception, if it detects a new ruck kit it will instead attempt to UPLOAD a Ruckingenur Bundle file containing the database of blueprints.This command only accepts packets addressed to TRANSRKIT
|
command=DROP
|
Identical to SYNC except the sender of this packet is not considered as a host. Used when ruckingenur is shutting down. |
command=UPLOAD
|
Internal upload channel for blueprint distribution. A bincludes blueprint file. This channel does not generate PDA messages and is used to by rucks to transfer blueprints between themselves. |
command=add
|
PDA blueprint upload channel, identical to UPLOAD used by PDA device scanners. For add The host ruckingenur will send a PDA message to the mechanic groups to announce the upload. For legacy reasons the command is "add" not "ADD".
|
command=DOWNLOAD data=Item Name
|
Internal blueprint file request channel, replies with UPLOAD packet with an attached file. |
LOCK=1 acc_code=netpass_head DATA=Item Name
|
Used to lock and unlock blueprints by name, this packet is normally protected with NT class encryption and cannot be sniffed. This command only accepts packets addressed to TRANSRKIT
|
Several of these commands distribute blueprint files, these can be sniffed and copied with mechcomp file components or other means.
When a device scanner is used, blueprints are distributed to other kits with an UPLOAD
command. The ruckingenur kit that scanned the blueprints then sends a PDA message announcing the scans.
Wireless network adapters (114.9, variable)
Computers that have a wireless network card. Some of these are included even in devices that aren't really computers, and they don't really do anything, like the "filing cabinet" Security computers.
- Device name:
WNET_ADAPTER
- Broadcast range: varies
Cogmap1's Morgue filing cabinet, for example:
- Broadcast range: 18 tiles (35 × 35)
Others may be different. The ranges are dependent on the type of card and its mode.
GuardBuddy devices (121.9)
GuardBuddies and their docking stations.
- Device name:
PNET_PR6_GUARD
(buddies),PNET_PR6_CHARG
(docking stations) - Broadcast range: ≈ 75 tiles (150 × 150)
The following is sent exclusively by the docking stations. They also communicate over the wired network; see their section above for more.
command=recharge_src; data=x=##&y=##;
: Sent by the docking station as a reply to therecharge
broadcast, with its current X and Y (GPS) position, so the buddies know where to go to charge.
There's a lot of network traffic, but here's some examples. If you aren't targeting a specific bot's address, you need to include acc_code=(netpass_heads)
.
address_1=recharge
: Sent by the buddies as a broadcast. Causes the docking stations to report their locations; see above.command=dock_return
: Adds a task to the buddy to go to a docking station and dock. Makes the buddy say "Software update requested" and show the "update" emotion.command=captain_greet
: Makes the buddy say one of several goofy lines, if it's wearing the captain's hat. Sent by the tour guide buddy if it runs into another buddy wearing it.command=wizard_greet
: Makes the buddy say of several other goofy lines, if it's wearing a wizard's hat. Sent by the tour guide buddy if it runs into another buddy wearing it.
Doors (141.1)
Pretty much every airlock on, and off, the station.
- Device name:
DOR_AIRLOCK
- Broadcast range: 6 tiles (11 × 11)
Sending a command to a door requires an access code, a number usually between 1 and 32 (inclusive). This can be found on the maintenance panel by screwdrivering the door. Doors only broadcast signals relatively close by, so you'll have to be nearby if you want to see anything. You can get the address of a door by screwdrivering it open and checking, using the packet sniffer and touching the door, or just taking a guess from doors that respond to your pings.
Some doors can't be screwdrivered so you'll have to use a different option, but those doors also tend to resist packet hacking. AI control is a requirement for doors to receive packets, and most of these doors have it off by default.
Doors broadcast certain details whenever they're interacted with, as well as a few moments later when they auto-close.
user_id
: Person whose ID was used (e.g.Pubbie Jones
). If a mob like Beepsky opens a door, this is???
(yes, three question marks) instead.- If the door opens:
data
:denied
, if someone who didn't have access tried to open a door
- Otherwise:
door_status
: State the door is in (e.g.open
,closed
)lock_status
: State of the door bolts (e.g.locked
,unlocked
)tag
: This appears to always be blank.
Sending packets manually to open/close doors:
address_1
: Network address of door (required)access_code
: Access code of the door (required)command
: One of the following:open
: Opens a doorclose
: Closes a doorlock
: Drops the door boltsunlock
: Raises the door boltssecure_open
: Bolts a door opensecure_close
: Bolts a door closed
Network Radio (141.1, 141.9, also varies)
This page is under construction. The following information may be incomplete. Determine broadcast range, find if it possible to receive other files and save them to the disk with file_save [name]
|
The "Network Radio", which looks like... well, an old timey radio. Usually located near the mainframe in the computer core, sometimes it's elsewhere. This is what interfaces with the mainframe's /mnt/radio
.
- Device name:
PNET_PR6_RADIO
- Broadcast range: ?
You can log into the mainframe by connecting to this using a computer with a wireless network peripheral and FROG or TermOS. You can create a login packet using ThinkDOS's WizWrite and put it on the main drive in ThinkDOS under whatever name you want, then restart with a TermOS disk and run "file_load [name]
" in TermOS, which will allow you to run file_send
with the login packet.
Secure Lockers (143.1)
Secure lockers that require an ID to open, including personal lockers in the Crew Quarters.
- Device name:
WNET_SECLOCKER
- Broadcast range: 3 tiles (5 × 5)
The range on these is extremely short.
You can send these a few commands over the radio, though you'll need netpass_security
to lock or unlock them and netpass_heads
to find netpass_security
.
address_1=(address)
: this is required to send packets to a locker and can be found by using a multitool on the locker itself.command=status
: Replies withcommand=lock=[locked]&open=[open]
command=lock; pass=(netpass_security)
: Locks the locker.command=unlock; pass=(netpass_security)
: Unlocks the locker. Surprise.
If you use one of the lock or unlock packets, you'll get a response with command=ack
or command=nack; data=badpass
depending on if it worked or not.
Personal lockers don't send messages when opened/claimed with an ID.
Hydroponics trays (143.3)
This page is under construction. The following information may be incomplete. Determine if still current. |
- Device name: One of
WNET_PACKETSPY
,WNET_GENERIC
,WNET_DETECTOR
,WNET_SYN%%^#FF
, randomly - Broadcast range: ≥64 tiles (129 × 129)
Packets:
netid
:02001234
-- The address of that particular tray. (Isn't this whatsender
is for?)data
: One of the following:event_new
: A seed was planted in the tray.event_death
: The plant died.event_cleared
: The plant (dead or otherwise) was removed from the tray.
Yep, that's it. There's nothing useful here. Not even the type of seed, or if it's ready to harvest, or anything. Sorry.
Fire Alarms (143.7)
- Device name:
WNET_FIREALARM
- Broadcast range: ∞ (possibly)
Broadcasts a packet when things happen:
address_tag
: Location name (likeHead of Research's Office
)type
: Alarm type (alwaysFire
)netid
: Network address (as well assender
for some reason)alert
: What happened:fire
: Fire alarm triggeredreset
: Fire alarm cleared
You can also trigger these remotely if you want to be annoying.
address_1
: Network address of the Fire Alarm. (Required.)command=#####
: One of the following:status
: Triggers the above packet broadcast.trigger
: Triggers the alarm.reset
: Resets the alarm.
Robot patrol beacons (many frequencies)
This page is under construction. The following information may be incomplete. Add ways for triggering, receiving, and editing beacon broadcasts, as well as more info on how they work. Find real example of patrol beacon pack |
Various patrol beacons around the station. These are used by Guardbuddies, Securitrons, and the tour guide, though often not on the same frequencies.
- Frequencies: 143.1, 144.1, 144.3, 144.5, and so on.
They don't respond to pings, but they do respond to beacon requests. Beacons have a specific format and options available to control how bots act and what they do.
Securitron and tour guide beacons broadcast on this frequency. They're located under floor tiles, and you can access them by popping them open with a screwdriver and swiping an appropriate card.
Tour Guide beacon, this one from the Escape Arm:
- Location:
tour16
tour
:1
-- Marks it as a tour beaconnext_tour
:tour17
-- Which beacon comes after this in the routedesc
:In the event of catastrophic station damage...
(What the tour guide will say when stopping here)
Patrol beacon, a fictional example:
- Location:
sec
patrol
:1
-- Marks it as a patrol beaconnext_patrol
:bar
-- Which beacon comes after this in the route
You can't move the beacons around or create new ones, but you can at least make Murray shout obscenities when describing places. Or make him get stuck into a loop forever. Keep in mind that the text length you're allowed to enter is much shorter than the length of the default tour messages.
Sample log:
[37:15:3]:findbeacon=tour; address_1=!BEACON!; sender=0200564a; [37:15:3]:beacon=tour13; netid=02000e46; tour=1; next_tour=tour14; desc=...; [37:15:3]:beacon=tour16; netid=02000fa6; tour=1; next_tour=tour14; desc=...;
Securitrons (144.7)
Status updates, sent from the bots:
type
:secbot
name
:Officer Beepsky
-- this is whatever the bot is named. No way to distinguish between identically-named botsloca
:Cafeteria
-- where the bot is currently located.mode
:0
-- One of various modes (as described by the Securitron control PDA app):0
: Idle (Ready)1
: Spotted someone marked as arrest (Apprehending target)2
: At target, preparing to arrest3
: Arresting target4
: Starting patrol5
: On patrol6
: (Responding to summons) — will go to mode 4 and start patrolling when it reaches its destination
Controlling via the R.O.B.U.S.T. cart's Securitron app:
command
: One of the following:bot_status
: Get the status of the botgo
: Start patrollingstop
: Stop patrollingsummon
: Summons the bot
active
:Officer Beepsky
(see note below)target
:the floor
; only ifcommand=summon
. (see note below)
Notes: These are BYOND internal atom references, and not actually text. What's happening is that a BYOND atom reference is being passed in the packet, and printing this reference will yield its name ("(the) floor"). As a result, they're impossible to replicate in packets. These only work from the PDA application for that reason.
MULE bots (144.7)
Status updates, sent from the bots:
type
:mulebot
name
:1
-- The bot's unique name/ID number.loca
:Supply Lobby
-- The bot's current location.mode
:0
-- The bot's current mode, from the following:0
: Ready1
: Loading/Unloading2
: Navigating to Delivery Location3
: Navigating to Home4
: Waiting for clear path5
: Calculating navigation path6
: Calculating navigation path7
: Unable to locate destination
powr
:100
-- The bot's current cell charge.dest
:Medbay
-- The bot's current target destination. Refers to an underfloor MULE Delivery Beacon.home
:QM #1
-- The bot's home location. Refers to an underfloor MULE Delivery Beacon.load
:Jon Pubbie
-- Whatever is currently loaded on top of the bot, e.g. player name, Crate, etc.retn
:1
-- Will the bot automatically return home after the delivery?pick
:1
-- Will the bot automatically pick up any cargo at the delivery destination?
Controlling via the QM's PDA:
The # in command_#
should be replaced with the name (number) of the bot being controlled (for example, command_1
would control mulebot #1).
command_#
: Should be one of the following:bot_status
: Get the bot's current status (as seen above).target
: Set the bot's destination.autoret
: Set whether the bot should return after a delivery.autopick
: Set whether the bot should pickup crates at the destination.stop
: Tell the bot to stop where it is.go
: Tell the bot to continue towards its destination.home
: Tell the bot to return to its home location.
destination
: The ID of the bot's new destination (see the MULE bot section of the Quartermaster page for a list of valid destinations). Only used ifcommand_#
is set totarget
.value
: Should be1
or0
, corresponding to Yes or No respectively. Only used ifcommand_#
is set toautoret
orautopick
.
Armory Authorization (146.1)
This is the computer used by Security to authorize the armory.
- Device name:
ARM_AUTH
- Broadcast range: 3 tiles (5 × 5)
Sending the following packet authorizes the armory:
address_1=[arm_auth netid];command=authorize;acc_code=[netpass_heads];
The armory will reply with a packet containing a different acc_code
than what you sent it. This new code is netpass_security
. This netpass is needed to open lockers via packets.
Beware, only the Head of Security or a packet (shown below) can unauthorize the armory.
You can unauthorize the armory via sending the following packet once armory is authorized.
address_1=[armory_auth netid];command=unauthorize;acc_code[netpass_heads];
Remote Signaling Devices (Variable; 141.1 - 148.9)
Remote Signalers are used to transmit and receive simple packets containing a numerical code via a customizable frequency. They will only ever send and receive packets on the frequency they are tuned to.
- Broadcast range: ∞
When the ACTIVATE button is pressed in a signaler's UI, the following packet is sent over the frequency the signaler is tuned to:
message:
ACTIVATE
code:
Whatever the code in the signaler's UI is set to
Signalers will respond to packets formatted in the above structure (the message=ACTIVATE
is entirely unnecessary) on their frequency, activating whatever device they may be connected to if the value of code
matches the code of the signaler itself.
Signalers do not adjust their behavior if address_1
is present in the packet, and will never include a sender
or address_1
key in their packets.
Space GPS (145.3)
Space GPS's allow a user to see their coordinates and the coordinates of other GPS's, as well as tracking other GPS's. GPS's may be wirelessly requested to share their coordinates, which is done with the the use following packet structure:
command:
status
address_1:
The address of the GPS you wish to see the status of
They will respond with the following packet:
sender:
The GPS's address
address_1:
The address of the device that sent the status
command
identifier:
Contains the identifier of the GPS (e.g: 7372-NT13
)
coords:
Contains the X and Y coordinates of the GPS, in x,y
format (e.g coords=111,89
)
location:
Contains the GPS's Landmark (such as Station or Debris Field). Does NOT contain raw Z level coordinate.
distress:
1 if the Distress Signal is active, 0 otherwise
Example packet: sender=0202dd33; address_1=0202db82; identifier=7372-BRYC; coords=111,89; location=Landmark: Ship; distress=0
GPS also sends similar packet when the distress alert is activated/deactivated, but the distress field is replaced with distress_alert:
distress_alert:
help when activated, clear otherwise
Example packet: sender=02049fe0; identifier=5324-test; coords=196,140; location=Landmark: Station; distress_alert=help;
Notably, the GPS identifier is also present in the message a GPS replies to a standard ping with, rather than just its device ID.
Supplementary Video
Department Guides | |
---|---|
Engineering | Making and Breaking · Construction · Gas · Power Grid · Thermoelectric Generator · Singularity Generator · Geothermal Generator · Catalytic Generator · Nuclear Generator · Mining · Materials and Crafting · Wiring · Hacking · MechComp · Mechanic components and you · Control Unit · Ruckingenur Kit · Reactor Statistics Computer · Cargo Crates |
Medsci | Doctoring · Genetics · Robotics · Telescience · Plasma Research · Artifact Research · Chemistry · Chemicals · ChemiCompiler · Decomposition |
Security | Security Officer · Contraband · Forensics · Space Law |
Service | Foods and Drinks · Botany · Writing · Piano Song Dump · Instruments |
The AI | Artificial Intelligence · AI Laws · Chain of Command · Guide to AI · Humans and Nonhumans · Killing the AI |
Computers | Computers · TermOS · ThinkDOS · Packets |