Latest packet structures?

Page 2 of 2 1 2
06/07/2012 16:20 _fobos_#16
Quote:
Originally Posted by IAmHawtness View Post
Haha, I never really expected to see you here again, I think last time I spoke to you, you were busy working at a restaurant, and then you just disappeared for years
Very true! Life became a bitch, had to face some challenges, but now everything is back on track! And here I am, haha.
06/07/2012 16:38 IAmHawtness#17
Quote:
Originally Posted by _fobos_ View Post
Very true! Life became a bitch, had to face some challenges, but now everything is back on track! And here I am, haha.
Nice to hear, welcome back :)
06/07/2012 17:26 _fobos_#18
Quote:
Originally Posted by IAmHawtness View Post
Nice to hear, welcome back :)
Thanks dude!

Quick question in general:
Magic attack packet changed? Every time I send a cure to myself or another I only record sending a 3FE (1022) packet it does not include the spell ID or the coordinates or target UID.
Confusing! Ill include a cure packet:

Code:
28 00 FE 03 64 CE 3E 0C B3 21 17 00 77 25 29 8D 13 9D 7A 4C 18 00 00 00 0B 4D 21 53 00 00 00 00 00 00 00 00 00 00 00 00

<<Breakdown>>

Size: 			28 00
Packet ID: 		FE 03
Timer :       	64 CE 3E 0C
Character ID: 	B3 21 17 00
Unknown: 	        77 25 29 8D (last 1 seems to change sometimes)
Unknown: 		13 9D 7A 4C (2nd and last 1 seems to change sometimes)
Unknown: 		18 00 00 00
Unknown:          	0B 4D 21 53 (last 1 seems to change sometimes)
Empty: 		00 00 00 00
Empty: 		00 00 00 00
Empty: 		00 00 00 00
06/07/2012 17:42 IAmHawtness#19
Quote:
Originally Posted by _fobos_ View Post
Thanks dude!

Quick question in general:
Magic attack packet changed? Every time I send a cure to myself or another I only record sending a 3FE (1022) packet it does not include the spell ID or the coordinates or target UID.
Confusing! Ill include a cure packet:

Code:
28 00 FE 03 64 CE 3E 0C B3 21 17 00 77 25 29 8D 13 9D 7A 4C 18 00 00 00 0B 4D 21 53 00 00 00 00 00 00 00 00 00 00 00 00

<<Breakdown>>

Size: 			28 00
Packet ID: 		FE 03
Timer :       	64 CE 3E 0C
Character ID: 	B3 21 17 00
Unknown: 	        77 25 29 8D (last 1 seems to change sometimes)
Unknown: 		13 9D 7A 4C (2nd and last 1 seems to change sometimes)
Unknown: 		18 00 00 00
Unknown:          	0B 4D 21 53 (last 1 seems to change sometimes)
Empty: 		00 00 00 00
Empty: 		00 00 00 00
Empty: 		00 00 00 00
The magic attack packet has some of its values encrypted (target id, spell id, coordinates as far as I recall), and it has been that way for as long as I can remember. The encryption is public though, can be found in almost any private server source, not sure if there's a specific thread about it though
06/07/2012 18:02 _fobos_#20
Quote:
Originally Posted by IAmHawtness View Post
The magic attack packet has some of its values encrypted (target id, spell id, coordinates as far as I recall), and it has been that way for as long as I can remember. The encryption is public though, can be found in almost any private server source, not sure if there's a specific thread about it though
RIGHT, I got it, I have to get back into this.. Wish I had my old notes.
That way I would only have to update the old memory addresses to hook.
See I thought I had hooked post-decryption, I was wrong :)

Not yet going to look through pserver sources, to translate the enc/dec to C++.
Right now I just want to get the packet structures that I'll be using, there's no point yet in capturing the first few packets. Thanks again for pointing it out ;)
06/07/2012 18:41 pro4never#21
Quote:
Originally Posted by _fobos_ View Post
RIGHT, I got it, I have to get back into this.. Wish I had my old notes.
Looking at pserver sources, why can't everyone just use C++ haha.

BTW. If I remember correct wasn't there a post-encrypted memory address I could just hook instead?
Just to confirm :)
There's actually a number of c++ server sources. If that's your main interest, try looking up some of bone's releases.

Aside from all the lovely bot checks and client protection, preserver sources will probably still be the best reference when working on a clientless. They contain so much more information on packet structures, game sequences and handling then any other public reference out there.


Now that I think back, I'm positive I remember seeing you here ages ago so a big welcome back from me too!
06/07/2012 18:53 _fobos_#22
Quote:
Originally Posted by pro4never View Post
There's actually a number of c++ server sources. If that's your main interest, try looking up some of bone's releases.

Aside from all the lovely bot checks and client protection, preserver sources will probably still be the best reference when working on a clientless. They contain so much more information on packet structures, game sequences and handling then any other public reference out there.


Now that I think back, I'm positive I remember seeing you here ages ago so a big welcome back from me too!
Haha, I had altered my previous post a little to explain a little more, see before I can actually start my real project I have to first structure the packets I'll be using. So that will be my main objective right now. I can't just jump into deep after 3 years, haha.

I'll hook right after decryption, this used to be possible so I guess it should still be. That way I can read the packets and create new notes on their structures. then once I'm done with that I'll do exactly as you said.
And thanks for the tip about bone's releases, I had no clue there were C++ servers going around. I never have been much a fan of private servers to be honest, so I'm not surprised!

Edit: And thanks for the warm welcome, it's good to be back! And I recall your name as well!

Another edit: How I hate that they fixed the running Conquer directly. Can't even Olly properly, have to get something done about that first.. Sigh.. Haha.
That was easy enough, however my Olly complains that address 000000000 is not readable =\
Works fine outside of olly though.. weird, am I missing a debugger check or something?

Edit number 3: Ignore me being an idiot, got Conquer working fine in Olly now, just had to search a little deeper and stop assuming the first thing I see is the correct one, even though it worked fine outside Olly it wasn't a proper patch.
I jinxed it.. It worked fine.. till just now lol.

Edit number 4: Jesus finally, it was my Olly for some reason, works fine now thank god...
06/07/2012 22:28 pro4never#23
Yupp you can directly hook into the post decrypted receive method and pre encrypted send method in the client. There's a number of frameworks dedicated to doing just that and I'm fairly sure they even have up to date memory addresses to save you some time.

Most recent info I see on addresses as well as hawtness' delicious hook framework

[Only registered and activated users can see links. Click Here To Register...]
06/07/2012 22:52 _fobos_#24
Quote:
Originally Posted by pro4never View Post
Yupp you can directly hook into the post decrypted receive method and pre encrypted send method in the client. There's a number of frameworks dedicated to doing just that and I'm fairly sure they even have up to date memory addresses to save you some time.

Most recent info I see on addresses as well as hawtness' delicious hook framework

[Only registered and activated users can see links. Click Here To Register...]
I'm all for time saving! I should seriously start reading topics, then I won't need referrals to them haha. There's just so much to catch up on, it's mind blowing!
Not just in here, in the game as well, steeds, monks, pirates, new maps, arena's, soul thingy's you add to your crap. It's too much for a curious mind! With every new thing I see I think about possible exploitation of it haha.
Page 2 of 2 1 2