To Share or Not to Share

Page 25 of 52

04/16/2008 15:42 BuBucekTop#361

Guyz, it seems, that you don't completely understand packet structure.
So, let me explain. All packets in RFO protocol have standard header of 4 bytes.
First 2 bytes are packet size (in reverse order). Next 2 bytes are packet identifier.
Other bytes are packet specific data.

e.g. in packet
21 00 07 11 00 2B ....

21 00 is the total packet size (reverse it to 00 21, convert from hex to dec - and voila - 33 bytes)
07 11 is the packet identifier (moreover 07xx - packet group dealing with items)

so, please, don'ts say "21 packet" it's really 0711 packet.

Next, regarding so-called "14 packet". Let us look more closely :

14 00 66 03 7A 8D 0C B5 8B CD 7C D0 15 C9 F7 9F 96 8E 8C 9B

according to we already know, the packet actually is 66 03.

As far as I know 6603 is a security ping packet. It's not concerned item upgdade at all !
It's being sent to server in reply to 6602 packet right 5 seconds after 6602 was received.

Now, you can continue your research.

P.S. Sorry for my bad english - it's not my native language.

04/16/2008 16:10 eric0584#362

nice one! thx for the tip..

04/16/2008 16:15 Ghozt22#363

i like 2 have a +7 int set armor and +7 int or Strong Int Weapon In game!..

04/16/2008 16:20 TwixMan#364

Quote:

Originally Posted by BuBucekTop

Guyz, it seems, that you don't completely understand packet structure.
So, let me explain. All packets in RFO protocol have standard header of 4 bytes.
First 2 bytes are packet size (in reverse order). Next 2 bytes are packet identifier.
Other bytes are packet specific data.

e.g. in packet
21 00 07 11 00 2B ....

21 00 is the total packet size (reverse it to 00 21, convert from hex to dec - and voila - 33 bytes)
07 11 is the packet identifier (moreover 07xx - packet group dealing with items)

so, please, don'ts say "21 packet" it's really 0711 packet.

Next, regarding so-called "14 packet". Let us look more closely :

14 00 66 03 7A 8D 0C B5 8B CD 7C D0 15 C9 F7 9F 96 8E 8C 9B

according to we already know, the packet actually is 66 03.

As far as I know 6603 is a security ping packet. It's not concerned item upgdade at all !
It's being sent to server in reply to 6602 packet right 5 seconds after 6602 was received.

Now, you can continue your research.

P.S. Sorry for my bad english - it's not my native language.

thanks for the tip... where did you get these informations? are there any pages on the net, regarding to the security ping packet?

I'm not interessted in this 100% success shyt, i dont believe it is possible to do with a single packet send or so and screenshots won't tell the truth either. I'm just interessted in the packet structure and the packetid :)

greets

04/16/2008 16:22 nopp#365

Look at the RFO server sources and you will see that all success rate calculation are on the server.
I will try to show you shortly:
Increasing success rate by the stones (default is 0,125)

Code:

for(int i = 0; i < upgrade_jewel_num; i++)
{
if(!pJewelFld[i])
   fRate += 0.125;
else
   fRate += pJewelFld[i];
}

Calculating rate depending on item's level

Code:

BYTE GetItemUpgedLv(DWORD dwLvBit)
{
    BYTE byLv = 0;
    for(int g = 0; g < MAX_ITEM_LV; g++)
    {
        BYTE byTemp = (BYTE)((dwLvBit>>(g*4))&0x0000000F);
        if(byTemp == __NO_TALIK)
            break;
        byLv++;
    }
    return byLv;
}

Calculating general rate:

Code:

dwTotalRate = s_dwItemUpgSucRate[byLv]*fRate/upgrade_jewel_num)*1000;

Calculating random variables:

Code:

DWORD dwR1 = rand();
DWORD dwRand = (dwR1<<16)+rand();

And the final success/failur checking depending on random variables and calculated rate:

Code:

if(dwTotalRate <= dwRand%100000) {
....

And what the f*ck you can change in it by packets???? NOTHING! You can just tell to the server *by packets) which talic you want to use and what item upgrade, nothing more. All other calculation is done by the server and it gives you a result: success/failur. You can just a bit increase possibility by level, timing and other stuff, nothing more.
So stop talking bull$hit about 100% upgrading and listening to bull$hiters like zhoea. Dont believe me? Ok, try to find this magic packet or dont waste your time and just look into the sources.

Full source is attached.

04/16/2008 16:23 shiver21#366

anyone did come up to +4 or +5? it is very useful up to that level. dont make it too complicated to get to max level up upgrade, as other says it can ruined the game!

mind sharing up to only +4 or +5? any reply would be appreciated!

04/16/2008 16:27 shiver21#367

Quote:
Originally Posted by nopp
Look at the RFO server sources and you will see that all success rate calculation are on the server.
I will try to show you shortly:
Increasing success rate by the stones (default is 0,125)
Code:
for(int i = 0; i < upgrade_jewel_num; i++)
{
if(!pJewelFld[i])
   fRate += 0.125;
else
   fRate += pJewelFld[i];
}
Calculating rate depending on item's level
Code:
BYTE GetItemUpgedLv(DWORD dwLvBit)
{
    BYTE byLv = 0;
    for(int g = 0; g < MAX_ITEM_LV; g++)
    {
        BYTE byTemp = (BYTE)((dwLvBit>>(g*4))&0x0000000F);
        if(byTemp == __NO_TALIK)
            break;
        byLv++;
    }
    return byLv;
}
Calculating general rate:
Code:
dwTotalRate = s_dwItemUpgSucRate[byLv]*fRate/upgrade_jewel_num)*1000;
Calculating random variables:
Code:
DWORD dwR1 = rand();
DWORD dwRand = (dwR1<<16)+rand();
And the final success/failur checking depending on random variables and calculated rate:
Code:
if(dwTotalRate <= dwRand%100000) {
....
And what the f*ck you can change in it by packets???? NOTHING! You can just tell to the server *by packets) which talic you want to use and what item upgrade, nothing more. All other calculation is done by the server and it gives you a result: success/failur. You can just a bit increase possibility by level, timing and other stuff, nothing more.
So stop talking bull about 100% upgrading and listening to bull like zhoea. Dont believe me? Ok, try to find this magic packet or dont waste your time and just look into the sources.

Full source is attached.

nice algorithm catched...! anyways juz as the thread says its 100% upgrade success, why not believe, others tried to sniff on it and did have a progress so dont alter those who want to break the codes... peace

04/16/2008 16:30 BuBucekTop#368

instead of saying "thanx" press apropriate button =)
regading "where did you get these informations?" it's easy - I've dizassembled client binary and looked carefully throught the code.

2nopp

I have this sources too, but the're too outdated. Many things changed afer these sources were leaked. And don't forget about possible bugs in packet handling. If you find 'em - you can exploit 'em.

04/16/2008 16:33 TwixMan#369

Quote:

Originally Posted by BuBucekTop

instead of saying "thanx" press apropriate button =)
regading "where did you get these informations?" it's easy - I've dizassembled client binary and looked carefully throught the code.

2nopp

I have this sources too, but the're too outdated. Many things changed afer these sources were leaked. And don't forget about possible bugs in packet handling. If you find 'em - you can exploit 'em.

well you got my "Thanks" ;)

04/16/2008 16:35 borlet#370

i just wanna know...why can't we send the "14" packets?

and to zhoea,

can u post a screenie that u made this work in RF-PH before i collapse in thinking of ways to make a 100% upgrade chance?

04/16/2008 16:41 BuBucekTop#371

Quote:

i just wanna know...why can't we send the "14" packets?

look, man, I've described above that so-called "14 packet" is actually "security ping response". In other words - when you joined the world server sends you "security ping request" - packet 6602. Client recalculates response key based on request key, encrypts it and sends back in 6603 packet right 5 seconds after receiving 6602. If you'll try to re-send already captured 6603 packet - that will result to immediate disconnect. Also your suspected activity will be logged on server.

04/16/2008 16:41 nopp#372

there is only one client packet for item upgrading while author said that we must change 8 packets :)
I heard such dispute many times before and believe me there is only one way to 100% upgrade items: SQL-injection. Forget about packets. Sure I will not tell you where it is, but injecting SQL-request is:
UPDATE tbl_inven SET U<item_slot>=<talics> WHERE Serial=<character_id>--
where talics has format the same as in "03 06" packet

04/16/2008 16:46 nopp#373

Quote:

Originally Posted by borlet

i just wanna know...why can't we send the "14" packets?

and to zhoea,

can u post a screenie that u made this work in RF-PH before i collapse in thinking of ways to make a 100% upgrade chance?

uhaha and what you will see on the screen? :D Look at mine:

04/16/2008 16:49 shiver21#374

Quote:

Originally Posted by BuBucekTop

instead of saying "thanx" press apropriate button =)
regading "where did you get these informations?" it's easy - I've dizassembled client binary and looked carefully throught the code.

i agreed but no possibility to use your post. no offense thou!

Quote:

Originally Posted by nopp

there is only one client packet for item upgrading while author said that we must change 8 packets :)
I heard such dispute many times before and believe me there is only one way to 100% upgrade items: SQL-injection. Forget about packets. Sure I will not tell you where it is, but injecting SQL-request is:
UPDATE tbl_inven SET U<item_slot>=<talics> WHERE Serial=<character_id>--
where talics has format the same as in "03 06" packet

well for SQL injection, someone will find a way to have this.

04/16/2008 16:49 BuBucekTop#375

Quote:

Originally Posted by nopp

uhaha and what you will see on the screen? :D Look at mine:

��. �� -�� ? =))

Page 25 of 52

« First

Last »