Subspace Protocol Packets

Original source: http://d1st0rt.sscentral.com/packets.html
Copied to twcore.org for further modification and addition.

General notes:

C2S : Client to Server

Subspace packets

0x00 - Start of a special header

See: [#BI:Bi-directionalCorePackets Core Packets] or manually scroll down (Near the end) to the core packets section.

0x01 - Arena login

Offset Length Description
0 1 Type Byte 0x01
1 1 Ship type ^1^
2 2 Allow audio ^2^
4 2 X Resolution
6 2 Y Resolution
8 2 Main arena number ^3^
10 16 Arena name (optional)

1 - Ship type is 0 for warbird up to 8 for spectator
2 - When Allow audio = 0, remote messages aren't heard in private arenas (1.34.11f)
3 - Set to Pub Number for Specific Pub, Set to 0xFFFF for Random Pub, Set to 0xFFFD for private arena. Arena name is only used with private arenas.

0x02 - Leave arena

Offset Length Description
0 1 Type Byte 0x02

0x03 - Position packet

Offset Length Description
0 1 Type Byte 0x03
1 1 Direction (0 ... 360)
2 4 Timestamp
6 2 X Velocity
8 2 Y Pixels (0 ... 16384)
10 1 Checksum
11 1 Togglables ^1^
12 2 X Pixels (0 ... 16384)
14 2 Y Velocity
16 2 Bounty
18 2 Energy
20 2 Weapon Info ^2^
22 2 Energy ^4^ (Optional)
24 2 S2C Latency ^4^ (Optional)
26 2 Timer ^4^ (Optional)
28 4 Item info ^3^ ^4^ (Optional)

^1^ - Togglables: Each value is one bit in a byte
Bit 1 - Stealth
Bit 2 - Cloak
Bit 4 - XRadar
Bit 8 - Antiwarp
Bit 16 - Flash (Play the cloak/warp flash)
Bit 32 - Safety (In safe)
Bit 64 - UFO (Using UFO)
Bit 128 - ?

^2^ - Weapon info: Unsigned Integer Values or Booleans | Weapon type | 5 bits ^a1^ | | Weapon level | 2 bits | | Bouncing shrapnel (Boolean) | 1 bit | | Shrapnel level | 2 bits | | Shrapnel amount | 5 bits | | Alternate (Boolean) | 1 bit ^a2^ |

^a1^ - Weapon types: 0x00 - None
0x01 - Bullet
0x02 - Bouncing bullet
0x03 - Bomb
0x04 - Proximity bomb
0x05 - Repel
0x06 - Decoy
0x07 - Burst
0x08 - Thor
^a2^ - Alternate: Bombs -> Mines
Bullets -> Multifire

^3^ - Item info: Unsigned Integer Values or Booleans
| Shields (Boolean) | 1 bit | | Super (Boolean) | 1 bit | | Burst Count | 4 bits | | Repel Count | 4 bits | | Thor Count | 4 bits | | Brick Count | 4 bits | | Decoy Count | 4 bits | | Rocket Count | 4 bits | | Portal Count | 4 bits | | ? Unknown | 2 bits |

^4^ - These are supposed to be optional, but I'm not certain what dictates if you should send them or not. One of the possible requirements for this seems to be whether or not you are spectated by someone with 'sysop-like' powers, to display all the additional data for them.

0x04 - Unknown

0x05 - Death message

Offset Length Description
0 1 Type Byte 0x05
1 2 Killer's Player ID
3 2 Your bounty at time of death

0x06 - Chat message

Offset Length Description
0 1 Type Byte 0x06
1 1 Chat Type ^1^
2 1 Sound Byte
3 2 Target Player's Player ID ^2^
5 * [250 max] Text... ^3^
* 1 Null Terminator 0x00 Required

^1^ - Chat types: 0x00 - Message in green text [arena, zone, ...]
0x01 - Public macro
0x02 - Public message
0x03 - Team message ![// or ']
0x04 - Player to all members of another team [["Whatever]]
0x05 - Private message ![[-Whatever]]
0x06 - Red warning message [MODERATOR WARNING: Whatever -Whoever]
0x07 - Remote private message ^a^ [(Whoever)> Whatever]
0x08 - Red server errors, without a name tag (S2C only)
0x09 - Channel message ^a^ [[X;Whatever]]
^a^ - These are formatted much as you'd expect. To send a Remote Message, you include the name of the person you are sending the message to in the Text of the message like so: ":Name:Message" and with Channel Messages you include the Number of the Channel you are sending to, like so: "#;Message".

^2^ - Target player's player ID is 0x00 for the Following Chat Types: 0x00, 0x01, 0x02, 0x03, 0x06, 0x07, 0x08, 0x09. It is PlayerID for 0x05 and 0x04.

^3^ - The used character encoding (Character Set) for this seems to be ISO-8859-1, albeit continuum has some extended support, for example € does work, and some other characters, like ½ and ©, are seemingly not supported.

Although the maximum characters for this packet seems to be 243 characters.

(In Continuum you can send 249 characters no matter the caps lock).

In ASSS if you send over 243 the server will break synchronization with your packet stream then start spamming you with

M <net> [[PlayerName]] [[pid=0]] unknown network subtype 0 indicating that the last null terminator is used to begin a new packet.

You can send chat messages up to 250 characters long (any more then that doesn't work, it even bypasses the continuum 249 character limit by one).

I've figured it out, nothing wrong with ASSS or subgame but the problem lies with the botcores themselves. The packets in botcores I used like OpenCore and twcore have a overlooked problem with the implementation of the packet clustering. There lies a overflow. The Cluster packet can only hold multiple packets as long as each clustered packet doesn't exceed 255 bytes, but the packet clustering system doesn't take into account packets already with higher then 255 bytes to begin with so problems start happening there where the size byte starts to overflow into some random value and then the packet stream synchronization breaks this can also cause the server to recycle.

0x07 - Take Green / Prize

Offset Length Description
0 1 Type Byte 0x07
1 4 Timestamp
5 2 X
7 2 Y
9 2 Prize

0x08 - Spectate player

Offset Length Description
0 1 Type Byte 0x08
1 2 Spectated Player's Player ID

0x09 - Password packet

Offset Length Description
0 1 Type Byte 0x09
1 1 New user (Boolean) ^1^
2 32 Name ^2^
34 32 Password ^2^
66 4 MachineID ^3^
70 1 ConnectType ^4^
71 2 Timezone bias ^5^
73 2 ? Unknown
75 2 Client version ^6^
77 4 Mem Checksums [[0x01BC]] or ![[444]]
81 4 Mem Checksums [[0x022B]] or ![[555]]
85 4 PermissionID
89 12 ? Unknown

^1^ - New user is 1 if you want to create a new user, otherwise 0

^2^ - Name and password are trimmed down to 20/24 characters on some servers/billers

^3^ - MachineID is the drive serial of C:

^4^ - Connect types: 0x00 - Unknown
0x01 - SlowModem
0x02 - FastModem
0x03 - UnknownModem
0x04 - UnknownNotRAS

^5^ - Time Zone Bias 240 = Eastern Standard Time (Safe Value)

^6^ - Client versions: 0x24 - Continuum .36
0x86 - Subspace 1.34 And 1.35

0x0A - Unknown

0x0B - SSUpdate.EXE Request

Offset Length Description
0 1 Type Byte 0x0B

0x0C - Map.lvl Request

Offset Length Description
0 1 Type Byte 0x0C

0x0D - News.txt Request

Offset Length Description
0 1 Type Byte 0x0D

0x0E - Voice Message

Offset Length Description
0 1 Type Byte 0x0E
1 1 Voice Upload Index (0 to 3 Only) ^1^
2 2 Player Id (Less then 1024)
4 * Wav File Bytes... ^2^

^1^ - Total of 4 Wav File Uploads per Player.
^2^ - Size of the Wav File is calculated by (PacketSize - 4)

0x0F - Frequency Change

Offset Length Description
0 1 Type Byte 0x0F
1 2 New Frequency

0x10 - Attach request

Offset Length Description
0 1 Type Byte 0x10
1 2 Player ID of Turretee

0x11 - Unknown

0x12 - Unknown

0x13 - Flag request

Offset Length Description
0 1 Type Byte 0x13
1 2 Flag ID

0x14 - Drop all attached pilots

This packet has no payload once received by server, sends 0x15 - Destroy Turret Link to everybody who was attached.

0x15 - Drop Flags

Offset Length Description
0 1 Type Byte 0x15

0x16 - File transfer

Offset Length Description
0 1 Type Byte 0x16
1 16 File Name
17 * ZLib Compressed File...

0x17 - Registration Form Response

Offset Length Description
0 1 Type Byte 0x17
1 32 Real Name ^1^
33 64 E-Mail ^1^
97 32 City ^1^
129 24 State ^1^
153 1 Sex ^2^
154 1 Age
155 1 Connecting From: Home (Boolean)
156 1 Connecting From: Work (Boolean)
157 1 Connecting From: School (Boolean)
158 4 Processor Type
162 4 ? Unknown
166 40 Windows Registration: Real Name
206 40 Windows Registration: Organization
[[BR]] The following are registry entries and can be found in the following key: [[BR]] SystemCurrentControlSetServicesClass
246 40 Display000:DriverDesc
286 40 Monitor000:DriverDesc
326 40 Modem000:DriverDesc
366 40 Modem001:DriverDesc
406 40 Mouse000:DriverDesc
446 40 Net000:DriverDesc
486 40 Net001:DriverDesc
526 40 Printer000:DriverDesc
566 40 MEDIA000:DriverDesc
606 40 MEDIA001:DriverDesc
646 40 MEDIA002:DriverDesc
686 40 MEDIA003:DriverDesc
726 40 MEDIA004:DriverDesc

^1^ - Real name, E-mail, City, State are null-terminated strings

^2^ - Sex is either 'F' or 'M'

0x18 - Set ship type

Offset Length Description
0 1 Type Byte 0x18
1 1 Ship Type ^1^

^1^ - Ship type is 0 for Warbird through 8 for Spectator

0x19 - Set personal banner

Offset Length Description
0 1 Type Byte 0x19
1 96 Banner Data ^1^

^1^ - Banner data is the value for each pixel in the banner. (Banner size is 12x8 pixels = 96 pixels.) Uncompressed BMP Files follow this format.

0x1A - Security checksum

The checksums are generated after a server-sent seed

Offset Length Description
0 1 Type Byte 0x1A
1 4 Weapon Count
5 4 Settings Checksum ^1^
9 4 Subspace.EXE Checksum
13 4 Map.LVL Checksum
17 4 S2CSlowTotal
21 4 S2CFastTotal
25 2 S2CSlowCurrent
27 2 S2CFastCurrent
29 2 S2CRelOut (?Unsure?)
31 2 Ping
33 2 Ping Average
35 2 Ping Low
37 2 Ping High
39 1 Slow Frame Detected (Boolean)

^1^ - Settings checksum is the checksum of the contents of the settings packet

0x1B - Security violation

Offset Length Description
0 1 Type Byte 0x1B
1 1 Violation ID ^1^

^1^ - Violation IDs: These may only be sent in response to a security checksum request 0x00 - Nothing wrong
0x01 - Slow framerate
0x02 - Current energy is higher than top energy
0x03 - Top energy higher than max energy
0x04 - Max energy without getting prizes
0x05 - Recharge rate higher than max recharge rate
0x06 - Max recharge rate without getting prizes
0x07 - Too many burst used (More than you have)
0x08 - Too many repel used
0x09 - Too many decoy used (More than you have)
0x0A - Too many thor used (More than you have)
0x0B - Too many wall blocks used (More than you have)
0x0C - Stealth on but never greened it
0x0D - Cloak on but never greened it
0x0E - XRadar on but never greened it
0x0F - AntiWarp on but never greened it
0x10 - Proximity bombs but never greened it
0x11 - Bouncing bullets but never greened it
0x12 - Max guns without greening
0x13 - Max bombs without greening
0x14 - Shields or Super on longer than possible

These can be sent any time 0x15 - Saved ship weapon limits too high (burst/repel/etc)
0x16 - Saved ship weapon level too high (guns/bombs)
0x17 - Login checksum mismatch (program exited)
0x18 - Unknown
0x19 - Saved ship checksum mismatch

These may only be sent in response to a security checksum request 0x1A - Softice Debugger Running
0x1B - Data checksum mismatch
0x1C - Parameter mismatch
0x.... - Unknown integrity violation
0x3C - Unknown integrity violation (High latency in Continuum)

0x1C - Drop Brick

Offset Length Description
0 1 Type Byte 0x1C
1 2 X Tiles
3 2 Y Tiles

0x1D - Change Certain Arena Settings

Offset Length Description
0 1 Type Byte 0x1D
1 * "Weasel:SoccerBallSpeed:9000\0"
* * "Warbird:MaximumEnergy:2800\0" (Optional)
* 2 "\0\0" at the end of message

You could send multiple settings changes at once using this packet by repeating Offset 1 with null terminated byte at the end.

0x1E - End Personal KoTH Timer

Offset Length Description
0 1 Type Byte 0x1E

0x1F - Fire a Ball

Offset Length Description
0 1 Type Byte 0x1F
1 1 Ball ID
2 2 X Pixels
4 2 Y Pixels
6 2 X Velocity
8 2 Y Velocity
10 2 Your Player ID
12 4 Timestamp

0x20 - Ball request

Offset Length Description
0 1 Type Byte 0x20
1 1 Ball ID
2 4 Timestamp

0x21 - Soccer goal scored

Offset Length Description
0 1 Type Byte 0x21
1 1 Ball ID
2 4 Timestamp

0x22 - Security Violation Unknown

Offset Length Description
0 1 Type Byte 0x22
1 4 Unknown
5 4 Arena Settings Checksum
9 4 Code Checksum Unknown 1
13 4 Code Checksum Unknown 2
17 1 Security Violation Id

Continuum packets

0x23 - Unknown

0x24 - Password packet

Don't use this, its just here for completeness. Use the [#a0x09-Passwordpacket 0x09 Password Packet] instead.

Offset Length Description
0 1 Type Byte
1 1 Boolean: New user
2 32 Name
34 32 Password
66 4 Machine ID
70 1 ConnectType (*info)
71 2 Time Zone Bias
73 2 ?
75 2 Client Version
77 87 ?

0x35 - LVZ Object Toggle

Sends out one or more LVZ toggle states.
Please note: TWCore sends this through packet 0x0A.

Offset Length Description
0 1 Encapsulating Type Byte (0x0A)
1 2 Player ID ^1^
3 1 Real Type Byte (0x35)
4 2* Object Toggle Data ^2^

^1^ - Player ID: To send to a specific player, use that player's ID.
To send to all players, use -1.
^2^ - Object Toggle Data: Contains one or multiple object toggle assignments, 2 bytes wide, according to the following structure: | Bit Field | Bit Length | Description | |--------|--------|----------------| | 0 | 15 | LVZ Object ID | | 15 | 1 | New state: 0 for hidden, 1 for visible |

0x36 - LVZ Object Modification

Sends out one or more LVZ object modifications.
Please note: TWCore sends this through packet 0x0A.

Offset Length Description
0 1 Encapsulating Type Byte (0x0A)
1 2 Player ID ^[#point0x36_1 1]^
3 1 Real Type Byte (0x36)
4 11* Object Modification Data ^[#point0x36_2 2]^

^[=#point0x36_1 1]^ - Player ID: To send to a specific player, use that player's ID.
To send to all players, use -1.
^[=#point0x36_2 2]^ - Object Modification Data: Contains one or multiple object modification assignments, 11 bytes wide, according to the following structure: | Field | Length | Description | |--------|--------|----------------| | 0 | 1 | Update Flags | | 1 | 2 | Object ID & Object Type | | 3 | 2 | Location [& Type] (x coord) | | 5 | 2 | Location [& Type] (y coord) | | 7 | 1 | LVZ Image ID | | 8 | 1 | LVZ Layer | | 9 | 2 | Display Time & Mode |

S2C : Server to Client

Subspace packets

0x00 - Start of a special header

See: [#BI:Bi-directionalCorePackets Core Packets] or manually scroll down (Near the end) to the core packets section.

0x01 - PlayerID Change

Offset Length Description
0 1 Type Byte 0x01
1 2 New Player ID ^1^

^1^ - This is used to notify you of what your Player ID is.

0x02 - You are now in the game

Offset Length Description
0 1 Type Byte 0x02 ^1^

^1^ - At this point you can start sending position packets.

0x03 - Player(s) Entering ^1^

Offset Length Description
0 1 Type Byte 0x03
1 1 Ship Type
2 1 ? Unknown (0x00)
3 20 Name
23 20 Squad
43 4 Kill Points
47 4 Flag Points
51 2 User ID
53 2 Frequency
55 2 Wins
57 2 Losses
59 2 Attachee ID
61 2 Flags Held
63 1 Has KOTH Timer

^1^ - Upon entering an arena (or possibly some other instances) several of these packets (including the Type Byte) are stacked on top of each other and sent as one packet. Be sure to process this packet in 64 byte chunks until there are no chunks left.

0x04 - Player Leaving

Offset Length Description
0 1 Type Byte 0x04
1 2 Player ID

0x05 - Large Position Packet (Weapons Packet)

Offset Length Description
0 1 Type Byte 0x05
1 1 Direction (0-360)
2 2 Time Stamp
4 2 X Pixels (0-16384)
6 2 Y Velocity
8 2 Player ID
10 2 X Velocity
12 1 Checksum
13 1 Togglables ^1^
14 1 Ping
15 2 Y Pixels (0-16384)
17 2 Bounty
19 1 Weapon Parameters
20 1 Weapon Type
21 2 Energy ^2^ ^3^ (Optional)
23 2 S2C Lag ^2^ (Optional)
25 2 Timer ^2^ (Optional)
27 4 Item Info ^2^ (Optional)

^1^ - Bit flags for the Togglables byte in bit order. | Stealth: | 1; | | Cloaked: | 2; | | XRadar: | 4; | (XRadar calcs are done client-side) | | Antiwarp: | 8; | (Antiwarp calcs are done client-side) | | WarpFlash: | 16; | (Uncloaking, portaling, etc.) | | UNKNOWN1: | 32; | ? | | UFO: | 64; | (*ufo - Illegal usage caught in sg9+) | | UNKNOWN2: | 128; | ? |

^2^ - This data is only sent if the ExtraPositionData flag is set to true in the zone settings.

^3^ - This data is sent if either the ExtraPositionData flag is set to true, or if you are using the Energy Password.

0x06 - Player Death

Offset Length Description
0 1 Type Byte 0x06
1 1 ID of green left by death
2 2 Killer ID
4 2 Killed ID
6 2 Bounty ^1^
8 2 Number of flags transferred

^1^ - Add this to the killer's kill points.

The death green is the ID of the green that is left by this players death. Killed ID is the ID of the player that got killed. The bounty, along with the other kill score modifiers in settings are added to the players kill points. The flags are how many flags were transferred as a result of the kill.

0x07 - Chat

Offset Length Description
0 1 Type Byte 0x07
1 1 Chat Type ^1^
2 1 Sound Byte
3 2 Originator ID ^2^
5 * Chat Message

^1^ - Chat types: 0x00 - Message in green text [arena, zone, ...]
0x01 - Public macro
0x02 - Public message
0x03 - Team message ![// or ']
0x04 - Player to all members of another team ["Whatever]
0x05 - Private message ![/Whatever or :playername:Whatever]
0x06 - Red warning message [MODERATOR WARNING: Whatever -Whoever]
0x07 - Remote private message [(Whoever)> Whatever]
0x08 - Red server errors, without a name tag (S2C only)
0x09 - Channel message [;X;Whatever]
^2^ - Target player's player ID is 0 for public messages (0x02)

0x08 - Player got a Prize

Offset Length Description
0 1 Type Byte 0x08
1 4 Timestamp
5 2 X Tiles
7 2 Y Tiles
9 2 Prize
11 2 Player ID

0x09 - Player Score Update

Offset Length Description
0 1 Type Byte 0x09
1 2 Player ID
3 4 Kill Points
7 4 Flag Points
11 2 Wins
13 2 Losses

0x0A - Password Packet Response

Offset Length Description
0 1 Type Byte 0x0A
1 1 Login Response ^1^
2 4 Server Version ^2^
6 4 ? Unknown
10 4 Subspace.exe Checksum ^3^
14 4 ? Unknown
18 1 ? Unknown
19 1 Registration Form Request (Boolean)
20 4 Scrty file 4th offset DWORD
24 4 News.txt Checksum ^4^
28 8 ? Unknown (Random dust from memory)

^1^ - The following is a list of what all the different Response codes mean: 0x00 - Login OK
0x01 - Unregistered Player ^a1^
0x02 - Bad Password
0x03 - Arena is Full
0x04 - Locked Out of Zone
0x05 - Permission Only Arena
0x06 - Permission to Spectate Only
0x07 - Too many points to Play here
0x08 - Connection is too Slow
0x09 - Permission Only Arena
0x0A - Server is Full
0x0B - Invalid Name
0x0C - Offensive Name
0x0D - No Active Biller ^a2^
0x0E - Server Busy, try Later
0x0F - Not enough usage to play here
0x10 - Restricted Zone ^a3^
0x11 - Demo Version Detected
0x12 - Too many Demo users
0x13 - Demo Versions not Allowed
0xFF - Restricted Zone, Mod Access Required

^a1^ - Some Billers require you to register and will kick you out after a short time if you do not send the Registration form.  
    ^a2^ - You can still log in, but scores are not being permanently recorded.  
    ^a3^ - This restriction is usually based on insufficient hours of Usage.

^2^ - Returns the Major and the Minor version as a single number (so 1.34.12a returns 134) does not return Sub Version..
^3^ - Compare against local Subspace.exe to determine if an Update is needed. (obviously useless with a bot)
^4^ - Compare against local News.txt to determine if there is a new News.txt to be downloaded.

0x0B - Soccer Goal Made

Offset Length Description
0 1 Type Byte 0x0B
1 2 Frequency that made the goal
3 4 Team Points

0x0C - Player Voice

Offset Length Description
0 1 Type Byte 0x0C
1 2 Player ID
3 * Wav File...

0x0D - Player Changed Frequency

Offset Length Description
0 1 Type Byte 0x0D
1 2 Player ID
3 2 Frequency
Offset Length Description
0 1 Type Byte 0x0E
1 2 Turreter Requester Player ID
3 2 Turreter Destination Player ID ^1^

^1^ - If this value is left blank, you will be detached from whoever you are attached to.

0x0F - Arena Settings

Offset Length Description
0 1 Type Byte 0x0F
1 1428 Arena Settings Struct ^1^

^1^ - This information has been lost (maybe it can be retrieved from Mervbot?)

0x10 - File Transfer

Offset Length Description
0 1 Type Byte 0x10
1 16 File Name ^1^
17 * File Data... ^2^

^1^ - If no File Name is specified, then it's the News.txt
^2^ - If the file is the News.txt it must be Uncompressed first. According to Snrrrub, all other files are sent Uncompressed.

0x11 - Unknown, Possible NO-OP

0x12 - Flag Position

Offset Length Description
0 1 Type Byte 0x12
1 2 Flag Id
3 2 X Tiles
5 2 Y Tiles
7 2 Owner ^1^

^1^ - The Team number that owns the flag.

0x13 - Flag Claim

Offset Length Description
0 1 Type Byte 0x13
1 2 Flag Id
3 2 Player Id

0x14 - Flag Victory

Offset Length Description
0 1 Type Byte 0x14
1 2 Team
3 4 Jackpot Points
Offset Length Description
0 1 Type Byte 0x15
1 2 Turret Driver Player ID ^1^

^1^ - This is sent from a client that has turret(s) attached to it and wants to get rid of them. Upon recieving this packet, you should check to see if you are attached to Player ID and if so, detatch.

0x16 - Drop Flag

Offset Length Description
0 1 Type Byte 0x16
1 2 Carrier Player ID

0x17 - Unknown, Possible NO-OP

0x18 - Synchronization Request

Offset Length Description
0 1 Type Byte 0x18
1 4 Prize Seed Value ^1^
5 4 Door Seed Value ^1^
9 4 Timestamp
13 4 Checksum Key ^2^

^1^ - Seed values are used in Random Number Generators to determine the location of Prizes and the timing for door switching.
^2^ - When this packet is recieved, a Security Checksum packet (0x1A) should be returned using the Server Checksum Key.

0x19 - Request File

Offset Length Description
0 1 Type Byte 0x19
1 256 Local File Name
257 17 Remote File Name ^1^

^1^ - Sent when the server wants a file from the client (as in *putfile). The file requested should be in the same directory as the EXE.

0x1A - Reset Score(s)

Offset Length Description
0 1 Type Byte 0x1A
1 2 Player Id ^1^

^1^ - If player ID = 0xFFFF then reset everyone's scores.

0x1B - Personal Ship Reset

Offset Length Description
0 1 Type Byte 0x1B

0x1C - Put Player in Spectator Mode

| Offset | Length | Description | | 0 | 1 | Type Byte 0x1C | | 1> | 2 | Player Id ^2^ (One of the following: ^1^) | | 1> | 1 | Request Extra Pos Info (Boolean) (One of the following: ^1^) |

^1^ - Only one type of 1C is sent, check length to determine which one was sent. Length = 2 or 3.
^2^ - I can only assume if the ID is yours, you should spec yourself.

0x1D - Player Team and Ship Changed

Offset Length Description
0 1 Type Byte 0x1D
1 1 Ship Type
2 2 Player Id
4 2 Frequency

0x1E - Personal Banner Changed

Offset Length Description
0 1 Type Byte 0x1E
1 1 Boolean ?Unknown? (0x00)

0x1F - Player Banner Changed

Offset Length Description
0 1 Type Byte 0x1F
1 2 Player ID
3 96 Banner Data (Bitmap)

0x20 - Collected Prize

Offset Length Description
0 1 Type Byte 0x20
1 4 Timestamp
5 2 X Tiles
7 2 Y Tiles
9 2 Prize Type ^1^
11 2 Player Id

0x20 - Buy Item From ?buy=prize Or Get Prized *prize #prize

Timestamp is divided to be used as ?buy=prize also used for *prize #prize

| Offset | Length | Description | | 0 | 1 | Type Byte 0x20 | | 1 | 2 | Amount of prize | | 3 | 2 | Prize Id ^1^ |

^1^ - Listed here from 0 to 28: Unknown, Recharge, Energy, Rotation, Stealth, Cloak, XRadar, Warp, Guns, Bombs, Bullets, Thruster, TopSpeed, FullCharge, EngineShutdown, Multifire, Proximity, Super, Shields, Antiwarp, Repel, Burst, Decoy, Thor, MultiPrize, Brick, Rocket, Portal.

0x21 - Brick Dropped

Offset Length Description
0 1 Type Byte 0x21
1 2 X1 Tiles
3 2 Y1 Tiles
5 2 X2 Tiles
7 2 Y2 Tiles
9 2 Team
11 2 Brick ID (sent more than once)
13 4 Timestamp

0x22 - Turf Flag Update

Offset Length Description
0 1 Type Byte 0x22
1> 2 Team for Flag X ^1^

^1^ - The following are repeated until the end of the message.

0x23 - Flag Reward Granted

Offset Length Description
0 1 Type Byte 0x23
1 2 Team
3 2 Points Awarded
5> 2 Team ^1^ (Optional)
7> 2 Points Awarded ^1^ (Optional)

^1^ - The Team and Points Awarded field are repeated until all Point notifications are made. This packet can be of any length.

0x24 - Speed Game Over

Offset Length Description
0 1 Type Byte 0x24
1 1 Best
2 2 Your Rank
4 4 Your Score
8 4 Player 1 Score
12 4 Player 2 Score
16 4 Player 3 Score
20 4 Player 4 Score
24 4 Player 5 Score
28 2 Player 1 Id
30 2 Player 2 Id
32 2 Player 3 Id
34 2 Player 4 Id
36 2 Player 5 Id

0x25 - Toggle UFO Ship

Offset Length Description
0 1 Type Byte 0x25
1 1 Boolean Available?

0x26 - Unknown, Possible NO-OP

0x27 - Keep-Alive

Offset Length Description
0 1 Type Byte 0x27

0x28 - Small Position Packet

Offset Length Description
0 1 Type Byte 0x28
1 1 Direction (0 ... 360)
2 2 Timestamp
4 2 X Pixels (0 ... 16384)
6 1 Ping
7 1 Bounty
8 1 Player Id ^1^
9 1 Togglables ^2^
10 2 Y Velocity ^3^
12 2 Y Pixels (0 ... 16384)
14 2 X Velocity ^3^
16 2 Energy ^4^ ^5^ (Optional)
18 2 S2C Lag ^4^ (Optional)
20 2 Timers ^4^ (Optional)
22 4 Items ^4^ ^6^ (Optional)

^1^ - Since the Player ID here is only one byte, this packet is only capable of addressing the first 256 clients in a zone.
^2^ - Togglables: Each value is one bit in a byte
Bit 1 - Stealth
Bit 2 - Cloak
Bit 4 - XRadar
Bit 8 - Antiwarp
Bit 16 - Flash (Play the cloak/warp flash)
Bit 32 - Safety (In safe)
Bit 64 - UFO (Using UFO)
Bit 128 - ?

^3^ - Velocitys are measured in Pixels per 10 Seconds.
^4^ - These values are only recieved if the ExtraPositionData variable in the Settings is set to True.
^5^ - This value is sent if either the ExtraPositionData value is set to True in the settings or if you are using the Energy Password.
^6^ - Item info: Unsigned Integer Values or Booleans
| Shields (Boolean) | 1 bit | | Super (Boolean) | 1 bit | | Burst Count | 4 bits | | Repel Count | 4 bits | | Thor Count | 4 bits | | Brick Count | 4 bits | | Decoy Count | 4 bits | | Rocket Count | 4 bits | | Portal Count | 4 bits | | ? Unknown | 2 bits |

0x29 - Map Information

Offset Length Description
0 1 Type Byte 0x29
1 16 Map File Name
17 4 Map Checksum ^1^
21 4 Map FileSize (compressed) ^2^

^1^ - If the Mapfile does not exist, send a Request Map packet. If it does exist, check its checksum against the one that came in this packet, if they do not match, Request the map. If they do match, load the map.
^2^ This is a Continuum only extension parameter, doesn't exist in old Subspace protocol. Without sending this parameter on Continuum the Map download will always be at 0%.

0x2A - Compressed Map File

Offset Length Description
0 1 Type Byte 0x2A
1 16 Map File Name
17 * ZLib Compressed Map File

0x2B - Set Personal KotH Timer

Offset Length Description
0 1 Type Byte 0x2B
1 4 New timer value

0x2C - KotH Game Reset

Offset Length Description
0 1 Type Byte 0x2C
1 1 Adding KoTH timer
2 4 Timer value
6 2 Player Id

0x2D - Add KotH time

Offset Length Description
0 1 Type Byte 0x2D
1 4 Additional time

0x2E - Power-Ball Position Update

Offset Length Description
0 1 Type Byte 0x2E
1 1 Powerball Id
2 2 X Pixels
4 2 Y Pixels
6 2 X Velocity
8 2 Y Velocity
10 2 Owner Id
12 4 Timestamp

0x2F - Arena Directory Listing

Offset Length Description
0 1 Type Byte 0x2F
1> * Arena Name (Null Terminated) ^1^
?> 2 Arena Population ^1^

^1^ - Arena Name and Arena Population are repeated until all arenas are enumerated.

0x30 - Zone Banner Advertisements

Offset Length Description
0 1 Type Byte 0x30
1 1 Display Mode
2 2 Width
4 2 Height
6 4 Duration
10 * Banner Pixels ^1^

^1^ - No one seams to have any clue how to determine the end of this field. Nor does anyone know how this file is packed. (W*H+10 == Len)
This field only contains pixel colors (1 byte per pixel), no palette is sent, it uses the default subspace palette of 256 colors.
If you wish to receive the image you have to fill in 14 byte header for the BITMAP image, you can create this header by saving any image in MS-Paint with 256 colors.

0x31 - Post Login Sequence

Offset Length Description
0 1 Type Byte 0x31

Continuum Packets

0x32 - Change Personal Ship Coordinates

Offset Length Description
0 1 Type Byte 0x32
1 2 X Tiles
3 2 Y Tiles

0x33 - Custom Login Failure Message

0x34 - Continuum Version Packet

Offset Length Description
0 1 Type Byte 0x34
1 2 Continuum Version ^1^
3 4 Continuum.EXE Checksum (CRC32) ^2^

^1^ The Current Continuum.exe version is 40
^2^ The Current Continuum.exe Checksum is 0xC9B61486 [Checksum is unsigned integer]

0x35 - LVZ Object Toggling

0x36 - LVZ Object Modification

0x37 - Toggle Send Damage

0x38 - Watch Damage

Offset Length Description
0 1 Type Byte 0x38
1 2 Player ID
3 4 Timestamp
7> 2 Attacker ID ^1^
9> 2 Weapon Info ^1^
11> 2 Last energy ^1^
13> 2 Damage ^1^
15> 1 ? ^1^

^1^ - The following are repeated until the end of the message.

...

0x09 Player Score Update
Watch out by this packet -> Flag Points and Kill Points are reversed

0x03 Player Entering
Watch out -> Flag Points and Kill Points are reversed

BI : Bi-directional Core Packets

Subspace Packets

0x01 - Encryption Request

Offset Length Description
0 2 Type Byte 0x00, 0x01
2 4 Client Encryption Key
6 2 Client Version/Type ^1^

^1^ - Protocol versions:
0x0001 - Subspace
0x0010 - Continuum Step 1 Array from Scrty1 File (Sends 1 Key for that Array)
0x0011 - Continuum Step 1 & 2 Array from Scrty1 File (Sends 2 Keys)
The scrty1 file has the following format:

<version (4)>
{
    <key2 (4)>
    <step1 expansion (80)>
} * 1024
{
    <key2 (4)>
    <step1,2 expansion (80)>
} * 1024

0x02 - Encryption Response

Offset Length Description
0 2 Type Byte 0x00, 0x02
2 4 Client Encryption Key

0x02 - Encryption Response (Continuum)

Offset Length Description
0 2 Type Byte 0x00, 0x02
2 4 Always 0x00000000
7 1 Has billing? 0x00 or 0x01
8 256 Billing identity

If the billing identity is missing, the packet has a length of 7 bytes. The billing identity is related to the Zone Password warning you see for non ssc zones.

0x03 - Reliable Message

Offset Length Description
0 2 Type Byte 0x00, 0x03
2 4 ACK ID
6 * Reliable Packet...

0x04 - Reliable ACK

Offset Length Description
0 2 Type Byte 0x00, 0x04
2 4 ACK ID ^1^

^1^ The Reliable ACK packet is used both ways Client to Server and Server to Client to let both sides know which ACK ID they already received so it doesn't get re-sent again.

Since Reliable packets in case of packet-loss don't arrive they are synchronized by a ACK ID.[[br]] In SubGame2 the ACK ID gets re-cycled every 256 elements, So if ACK ID value is up to 2311 it is really ACK ID value 7 because [2311 % 256] = 7.[[br]] If packets with ACK ID 2,3,4,5 are on Queue for processing and the processing ACK ID is only on 1 it won't process until ACK ID 1 is recieved.

But it does process ACK ID's instantly if they are received in proper order to the processing ACK ID it doesn't wait to stack them up how I thought lol.

0x05 - Sync Request To Sync Time

Offset Length Description
0 2 Type Byte 0x00, 0x05
2 4 Timestamp
6 4 Total Packets Sent
10 4 Total Packets Received

0x06 - Sync Response

Offset Length Description
0 2 Type Byte 0x00, 0x06
2 4 Received Timestamp
6 4 Local Timestamp

0x07 - Order to Disconnect

Offset Length Description
0 2 Type Byte 0x00, 0x07

0x08 - Small Chunk Body

Offset Length Description
0 2 Type Byte 0x00, 0x08
2 * Data ^1^

^1^ - Store the data in a buffer until you get a tail.

0x09 - Small Chunk Tail

Offset Length Description
0 2 Type Byte 0x00, 0x09
2 * Data ^1^

^1^ - Now process the buffer

0x0A - HUGE Chunk

Offset Length Description
0 2 Type Byte 0x00, 0x0A
2 4 Total Length
6 * Data ^1^

^1^ - Store data in a buffer until buffer length = Total Length.

0x0B - Cancel Huge Chunk

0x0C - Cancel Huge Chunk ACK

0x0D - NO-OP

0x0E - Packet Cluster

Offset Length Description
0 2 Type Byte 0x00, 0x0E
2> 1 Packet Length ^1^
3> * Packet... ^1^

^1^ - Packet Length and Packet are repeated for each packet in the packet cluster.
This packet can be any length up to a maximum of 512 bytes.

Continuum Packets

0x10 - Continuum Encryption Response (Server)

Offset Length Description
0 2 Type Byte 0x00, 0x10
2 4 Server Key 1 (Could be any value) ^1^
6 4 Scrty1 Key (Either Step1 or Step1And2) ^2^
10 2 01 00 (Flag?) ^3^

^1^ The Server Key 1 is the main key Continuum and the server uses to expand Step3 of the scrty1 key expansion. The server generates this key and sends it over to the client. It could be generated to any random value.
In subgame server it is generated by seperating the 4 byte integer into 2 sections of 2 byte.
First section indicates how much times you opened Continuum.
Second section is just a pseudo-random number generator which is seeded with GetTickCount().
^2^ The Scrty1 Key is any of the random 4 byte key which is expanded from offset 0-1023 in the Scrty1 server-sided file.
The Scrty1 file format contains 2 array expansion databases.
First one is a old outdated version which is probably turned off contains only Step1 of expansion done for you still requires you to do Step2 and Step3 on the server, most likely due to the extra stress on the CPU this was disabled.
This one is used when Protocol is set to 0x0010 in the packet 0x01 - Encryption Request.
The second which is currently used in Continuum v0.40 is the bottom half of Scrty1 file which is called Step1AndStep2 also offseted from 0-1023, 4 byte key and of course 1024 of 80 byte expanded arrays for every key. This newer version uses the Protocol 0x0011 in the packet 0x01 - Encryption Request
It is much easier to implement if you are building a server, since you only need to implement Step3 and not Step2 and Step3
The scrty1 file has the following format:

<version (4)>
{
    <key2 (4)>
    <step1 expansion (80)>
} * 1024
{
    <key2 (4)>
    <step1,2 expansion (80)>
} * 1024

^3^ When the Protocol Version is set to 0x0011 then this (Flag) is set to 1 and packet length is 12.
When Protocol Version is set to 0x0010 then this Flag is completely omitted and packet is only length of 10.

0x11 - Continuum Encryption Request (Client)

Offset Length Description
0 2 Type Byte 0x00, 0x11
2 4 Mimic's Server Key 1 ^1^
6 2 01 00 (Flag?) ^2^

^1^ Mimicked Server Key 1 is from packet 0x10 the one above.
The purpose of the mimicked server key is rather silly it's used as a extra Lookup serversided, other then IP Table lookup pretty much the Server Key never repeats itself for every user that connects it might start to roll over after thousands of connect attempts. So it's pretty useless. Considering they got Remote Port lookups which is far superior to tell connections apart I think the Flag may also be mimicked not sure though.

^2^ I Believe this flag information is similar to packet 0x10 in some way.

TODO: Update this list to what we and others know now, and include what TWCore handles. Also adding the higher packet numbers.

0x12 - Continuum Encryption Key Expansion Request (Server)

Offset Length Description
0 2 Type Byte 0x00, 0x12
2 4 Seed

Request the client to perform a key expansion using the given seed.

The server has a big table of keys contained in scrty1. It periodically picks a new slot and asks multiple clients to perform key expansion on a seed it randomly generates (for that slot). If the clients agree on the key expansion the result (see 0x0013) is stored in scrty1 and used to encrypt packets.

0x13 - Continuum Encryption Key Expansion Response (Client)

Offset Length Description
0 2 Type Byte 0x00, 0x13
2 2 Version (0x0000)
4 4 Key
8 4*20 Key table

The result of this is stored in scrty1 and used for encrypting packets.