A very basic wireshark dissector for silkroad online packets

silkroad_proto.lua

-- Move this file to `.config/wireshark/plugins`, adapt the port on the bottom and reload the reload the lua plugins.
silkroad_proto = Proto("silkroad", "Silkroad Online Protocol")

function silkroad_proto.dissector(buffer, pinfo, tree)
	pinfo.cols.protocol = "SILKROAD"
	local subtree = tree:add(silkroad_proto, buffer(), "Silkroad Packet Data")
	local current = 0
	while buffer:captured_len() > current do
		local encrypted = false
		local upper = buffer:bytes(current + 1,1):get_index(0)
		local lower = buffer:bytes(current + 0, 1):get_index(0)
		local unmasked = upper
		if upper > 0x80 then
			unmasked = upper - 0x80
			encrypted = true
		end
		local size = (unmasked* 2 ^ 8) + lower
		subtree:add(buffer(current, 2), "Size: " .. size)
		if encrypted then
			subtree:add(buffer(current + 2,size), "Encrypted Data")
			current = current + (size + 2)
		else
			subtree:add(buffer(current + 2,2), "Opcode: " .. buffer(current + 3,1) .. buffer(current + 2,1))
			subtree:add(buffer(current + 4,2), "Check: " .. buffer(current + 4,2))
			if buffer:captured_len() < current + size + 6 then
				pinfo.desegment_len = size - (buffer:captured_len() - (current + 6))
				break
			else
				subtree:add(buffer(current + 6,size), "Content: " .. buffer(current + 6,size))
				current = current + (size + 6)
			end
		end
	end
end

tcp_table = DissectorTable.get("tcp.port")
tcp_table:add(22230, silkroad_proto)