Cool down hack

This hack work only with arrows
Example Scan a buy with 100 arrows (sry for my bad english xD)
note the orange range, then scan a sell with 19 arrows and note the orange range too
then use the filter an paste the first scan into the "search" range (40 - 47)
and the second scan into the "modify" range (40 - 47)
activate youre filter and buy 100 arrows,now you become 19 arrows for 1 gold

Ok but is a same situation, it's change but not in the evolution, I'm remarque in the slop i'am in the play is every same,if my stock 99 potion, and i sell 1 potion the pack change, but if i buy 1 potion in my package, the cm stack enderstain 98 potion, well going to the start situation, but yes i enderstain the project for buy a reduction price for potion, and not buy at 100%, you want buy in the same price if you sell, the 40/47 is the same for the arrows 19 arrows is 1%, equal with 1 potion, but not the same price

sorry for my english i'm french, and if you not enderstain, go him to applicar me up good
and take a tuto english, but me enderstain me, i coming down with my exerce, and is false a good presentation is a great comprehension

well fil good for you in [Only registered and activated users can see links. Click Here To Register...]

<hr>Append on Jun 18 2007, 11:55<hr> look my scan, i'm buy 99 potion, but the number can change, if reset the play, change your man, but i no see if you die, well look my packect, for buy 99 potion

and i'm buy 99 potion

B1 3800 63 000000B23C7B28A0ADDDA08CBDF3AD7419D3F4 33C3B6B22C9E6AED <span style='color:red'>4511AFBBED9D870B 23873CB179FEEFE9</span> C97E38D8C0348A5B BF

i'm buy 1 potion

B1 3800 64 000000B23C7B28A0ADDDA08CBDF3AD7419D3F4 33C3B6B22C9E6AED
38AB9AFC5AB9480E 4E2B969342AAA3C7 C1D75B564C64B071 BF

and now i'm sell 1 potion

B1 3800 65 000000B23C7B28A0ADDDA08CBDF3AD7419D3F4 69FDD01CE8C786E3 CFBA8DBD8E33103A 4E2B969342AAA3C7 502681FFB5F9A78C BF

it's a good example you for have a little same and differe, but it's a risk for not banned if i'm manupaled a false number, and why not

the "4E2B969342AAA3C7" hex code is the amount not the price..
example: if u added 23873CB179FEEFE9 into modify and 4E2B969342AAA3C7 into search
u sell ever 99 potions not 1 for the price from 99 ^^

if u buy 19 arrows calculate the server the normal price for 1 arrow = 0.1 Gold
19 arrows * 0.1 = 1.9 Gold

but the server can't 1.9 substract from youre gold because the server substract 1 gold from youre gold

thats the hack- no more, no less

Blacky

Hello my friend

It is possible to utilise the WPE for change the take XP

exempl: I kill a wroms,take XP, and I kill a lezardman, change it us, and go to a big train wroms, and take the same XP for a lezardman?

no, the xp is server side

hi leutz...
habe heute eine ele gesehen (lvl38), die machte einen schaden von ca 2000... ich bin nun 49 also 11lvl über ihr und hatte keine chance.... hat da einen ne ahnung wie das geht?

---------

hi...
I saw a elementalist lvl38 today.
I'm lvl 49 but she does about 2000 damage on me...
how that could be?

mhh.. schade über 2k ist sehr unwahrscheinlich, man kann die dmg normaler weise nicht "increasen" weiß aber nicht wie das bei pvp aussieht..

Quote:

Originally posted by BlackMaster@Jun 27 2007, 03:52 mhh.. schade über 2k ist sehr unwahrscheinlich, man kann die dmg normaler weise nicht "increasen" weiß aber nicht wie das bei pvp aussieht..

doch man kan die dmg erhöhen hab des mal im battlesquare gesehn^^ da hat ein 40iger ele nen 71 knigth 1hit geklopt^^ danach stellte sich raus das das alles an sein summon hängt.. ich hab kein ele also kann ich da auch net ausprobieren^^

man müsste mal den summon scannen :) vllt. kann man das lvl des skills erhöhen,.. werds mal bei gelegenheit testen

Very nice Black!!!

I wish I could read and write German cuz u guys are quite smart. I deciphered enough to repeat Black's approach to speed casting, but I am wondering how it works. Here is what I know:

Assumptions:
1) Key1 sends Packet1
2) Key2 sends Packet2
3) WPE replaces Packet1.command with Packet2.command forming ModPacket1 (based on the filter I made)
4) Pressing Key1 causes ModPacket1 to be sent to the server.

Question:
1) When I press Key1, the cooldown timer for Key2 starts and the skill associated with Key2 launches (since ModPacket1 was sent to the server). Does the server keep track of the cooldown for Key2 or my client?
2) If my client keeps track of the cooldown time and 'filters' the packets I can send to the server, is there a way to trick the client into reducing the cooldown time? For example, Elemental Core has a cooldown of 11 seconds. I'm guessing that the client will not send packets to the server when I launch Elementatl Core during the cooldown period. (Thus, the client filters packet traffic to the server). If this is the case, it should be possible to modify the client so that the programmed cooldown is reduced from 11 seconds to 1 second thus allowing the skill to be cast much faster. This seems like a better approach since we would not have to rebuild the WPE filter each time and we could set the cooldown times to a desired value (i.e., 11 seconds to 6 seconds to avoid detection by other players).

I have an ini file encrypter/decrypter where I tried to mod the cast times, but these file do not appear to affect the client performance. I searched the client for cooldown times using Ollydgb and IDA, but didn't really find much. (I am still a bit noobish on Olly and IDA, but I do know the file encryption and decryption is RC4 with a MD5 hash and the packet encryption is Blowfish.)

Does anyone have ideas on how to make this work?

Because od dynamic allocation memory it's hard to test the basic cooldwon because it's passed thtur the interface of the client.

It's for that that the cooldown hack work :

1 - pressing a key
2 - check by client that the icone (skill) is avaible to use (internal timer)
3 - sending data with encrypted key that as been given at the connection (sometime change to with some reason (dead ect..))

If you check the client you see that timer specifique thread are lunch for the game.
It's for the game encryption data valitated by a time line (maybe use in encryption to)

Check my first post detail the packet.

Thanks man - this is what I thought. I like how simple it is, but I do have to reinitialize after dying a few times. It seems like the server rekeys the crypto or something. Most of the time, I need to restart AL when that happens which is kinda painful.

I would like to see what we can do to write a C++ program make this more automated. Anyone have a sample baseline I can start looking at?

Tutorial here :
[Only registered and activated users can see links. Click Here To Register...]

Hallo

Ist es eigentlich möglich die einzelnen skills zu verändern ?
Also ob man z.b seine Aoes verstärken und seine def skills ebenso ?

Müsste doch eigentlich auch gehen.

mfg

Hello

Ive been searching the web for the Cool Down Hack for a few weeks now and finally i think i may have found the right place. Unfortunatly im English, i only understand English, and im English. Ive used WPE PRO before so im not a complete noobie to it, but i do not understand the German.. is it German?.. instructions.

I would be very happy if someone could create a simple easy guide for us English peeps. Ive tried for hours to figure out this other language, using many translators, yet the outcome still makes no sence.

I am an Elementalist, level 37, fully equiped with uniques with the important skills bought (AoEs, Defence, Buffs). I tend to have abit of trouble soloing level 38 mobs (normal, not dungeon) when my Soul Barrier runs out. Will this speed hack be able to cast Soul Barrier as soon as it runs out? it seems to be when it runs out i die.

I apreciate everything so far, although i do not fully understand it, it has given me a better understanding of what i am to do.

Thank you for any ENGLISH advice,

All the best,

Vee

TZ_PASS_LOSE,

Thanks for the tutorial - it's quite good. I understand everything in it and will continue to see how it may apply to AL. I am also wondering if there are other turorials since this was Part 1?

I am not pro at this RE stuff yet, but here is what I have been thinking and doing:
1) decrypt the ini/txt files as they have the codes needed to decipher the packet data
2) capture a login session between the client and the server to cpature the crypto key. I believe that AL uses a symmetric session key with the Blowfish algorithm (based on some work in part 1)
3) decrypt the packet data to see if I can find plain text. For example, the names of other players in the area when I log in (since the server must send this data for my client to display.) For this step, I use CommView, but Wireshark may be better if it has a session decryption function.
4) write a simple sniffer to capture the crypto key and display basic data about other characters in the area when I log in.

If we can do this, then we can start to build something more like ACXO.

Do you think Wireshark is the best packet analysis tool for this job? Do you know of plug-ins or other packet capture tools with decryption capability?

Thanks for your help - This form has the most knowledgable people of all that I have visited.

<hr>Append on Jul 9 2007, 08:05<hr> Vee,

Continue to study Black's photo post - it is quite good and has the answers you seek. I'm sure that it is better if you think about it more since it is not hard. That way you will learn to hack - and not be dependent on others to hack for you. :)

As for the Soul Barrier recast, use lens stones (to shorten the cooldown so it can be cast immediately) and a bot with a timer if you want to recast automatically. I don't believe that WPE can do this unless there are plug-ins with timers for packet sends.