Question Decoding app-level packets


Apr 18, 2012
I am working in an application using Windows Packet Filter and I am looking for methods to decrypt Unreal Engine 3 packets. Most of the documentation is for UE4 in terms of networking so I am unsure how to do that.

I am using wireshark and I can capture all of the frames that I want, naturally, but I am unsure what protocol I should be looking at. Most luck I've had to have anything readable was converting a payload into C Arrays but I am unsure if I should go further since I could just mislead myself with that.

One example payload:
0000 10 7b 44 47 55 16 10 5f 49 c2 52 39 08 00 45 00
0010 00 8a 32 f7 40 00 80 06 a0 bb 40 19 25 eb c0 a8
0020 00 0f d4 20 c8 8b d0 b7 3b 78 6a fe 7a 58 50 18
0030 20 0f 2f 3d 00 00 18 80 39 d1 e9 1e e2 23 3b 68
0040 64 2f 93 ab dd 8a a6 98 1a 3f c2 42 d5 10 e8 dd
0050 aa f6 4a ce 0b 74 1a 0f eb 70 af 59 19 9e c0 09
0060 0f f5 25 23 be 92 7a b6 bc 7d 61 ac b7 b3 14 e3
0070 a6 ad 6e bb 1f 67 8c 0f 8d 70 34 5b 0f e2 50 65
0080 4c 88 b5 92 0c ef a7 ad 78 79 71 5b a4 c9 48 59
0090 7b 98 f7 17 4c 4e 23 46

Could you suggest some reading materials or tips to investigate which application level protocol I am dealing with?
If you mean how the packets are laid out that I would think would be documented. That is such a common game engine that I would hope someone already has done this. It has been a long time since I did this wireshark used to have what I think was called a packet dissector. You could design you own packet formatter. It was rather complex because it supported packets that could change format based on certain fields withing the packet.

Now if you mean actual encryption that is not likely possible....again unless it is well documented. You can for example unencrypt HTTPS BUT you must have the session keys which is not trivial to get even when you control both ends of the session.