Disconnect when select character

Page 1 of 2 1 2
12/20/2014 10:21 FireBlow#1
Hello, I am trying to log into the game but I always get DC when send packet with opcode (0x7001)

I am trying to log clientless...

Receved packet (S) - My response
(Ex. 0xA103 received by server, I send packet with opcode 0x7624)
0xA103 - 0x7624 (w/o any data, not encrypted)
0xb624 - 0x7625 (with data, not encrypted) That should be passcode
0xb625 - 0x7007 (with data, not encrypted) Requesting the character list
0xb007 - 0x7001 (with data, not encrypted) That should enter the game with selected character
After I send the packet 0x7001 I get DC... Sometimes I even get the response from server with packet 0xB001 but it always DC...

Packet structure:
Code:
case 0xA103:
{
	StreamUtility & b = container.data;
	uint8_t success = b.Read<uint8_t>();
	if (success == 1) 
	{
		Inject(0x7624, false); // I don't know what is the purpose of this packet, but I saw with packet parser that client is sending it to the server... Maybe it is passcode request
	}
}break;

case 0xb624: // Server returns it with value 1 
{					   
	StreamUtility m;
	m.Write<uint8_t>(2); // Enter the passcode (1 is change passcode... I guess)
	m.Write<uint16_t>(8); // Passcode length
	m.Write_Ascii("12345671"); // Passcode
	Inject(0x7625, m, false); // Injecting passcode packet
}break;

case 0xb625: // Passcode has been entered successfully so send the character list request
{
	 StreamUtility m;
	 m.Write<uint8_t>(2); // Code for character list
	 Inject(0x7007, m, false); // Injecting character list request packet
}break;

case 0xb007: // Returns character list, now have to enter the game with character
{
	StreamUtility m;
	m.Write<uint16_t>(4); // Character name length
	m.Write_Ascii("test"); // Character name
	Inject(0x7001, m, false); // Injecting packet to enter the game with character test
	// After injecting that packet I am always disconnected
}break;

case 0xB001: // Response on the packet 0x7001
{
	// Received the packet 0xB001						   
} break;
12/20/2014 10:58 tarek1500#2
The format of 0x7001 packet is
04 00 //Length in 2 bytes
74 65 73 74 //Name

I thing "uint8_t" for 1 byte so you need to use "uint16_t" to write 2 bytes length
Try and give me feedback.
12/20/2014 11:27 FireBlow#3
Quote:
Originally Posted by tarek1500 View Post
The format of 0x7001 packet is
04 00 //Length in 2 bytes
74 65 73 74 //Name

I thing "uint8_t" for 1 byte so you need to use "uint16_t" to write 2 bytes length
Try and give me feedback.
Oh ye... I had uint16_t but was testing something and forgot to change it back...

But the result is still same... Disconnect



EDIT:

Alright I firugred it out...

I must not inject 0x7642 packet...

Code below is wrong... When I receive 0xA103 packet I must wait for the passcode packet and never Inject 0x7624...
Code:
case 0xA103:
{
	StreamUtility & b = container.data;
	uint8_t success = b.Read<uint8_t>();
	if (success == 1) 
	{
		Inject(0x7624, false); // Wrong !!! Never inject it...
	}
}break;
12/20/2014 12:04 tarek1500#4
I don't know. But I sent it anyway and work fine :D
12/20/2014 12:39 FireBlow#5
Quote:
Originally Posted by tarek1500 View Post
I don't know. But I sent it anyway and work fine :D
How did you answer on the hackshield packet? Did anyone upload somewhere hackshield packet (0x2114) structure and how to deal with it?
12/20/2014 12:49 tarek1500#6
Create ur own HS server just like ibot
12/20/2014 15:47 FireBlow#7
Quote:
Originally Posted by tarek1500 View Post
Create ur own HS server just like ibot
Is ibot source code available? So I can see how it works...
12/20/2014 19:19 tarek1500#8
no , will try to upload a source code
12/20/2014 23:41 theking200051#9
first at all, witch proxy u use with this client less code ?
second u sent town respawn packet after u recv b001 packet ?
12/21/2014 20:35 tarek1500#10
[Only registered and activated users can see links. Click Here To Register...]

Understand it and make your own. Try not to copy and past.
Code not belongs to me
12/22/2014 11:27 FireBlow#11
Quote:
Originally Posted by theking200051 View Post
first at all, witch proxy u use with this client less code ?
second u sent town respawn packet after u recv b001 packet ?
1. I don't use any proxy... I am connecting with TCP socket to the joymax gateway server and then redirect to the agent server...

2. No... I sent town spawn packet after recieving 0xb007 packet... 0xb001 just notifies whetger the spawn was successful...

Quote:
Originally Posted by tarek1500 View Post
[Only registered and activated users can see links. Click Here To Register...]

Understand it and make your own. Try not to copy and past.
Code not belongs to me
Thank you...

One question... What does that IP address represents?

Code:
HackShield hs = new HackShield("31.193.168.141", 15775);
12/22/2014 13:29 tarek1500#12
It should be the IP & port for iSro which is "121.128.133.29 / 30" and port 15779

But what do you mean by "I sent town spawn packet after receiving 0xb007 packet... 0xb001 just notifies whether the spawn was successful"

When I receive 0xB007 from server I send 0x7001 to select which char to login then it sends 0xB001 to confirm it. Is that what are you doing?
12/22/2014 17:51 FireBlow#13
Quote:
Originally Posted by tarek1500 View Post
When I receive 0xB007 from server I send 0x7001 to select which char to login then it sends 0xB001 to confirm it. Is that what are you doing?
Thats why my char was invisible... I am now sending packet 0x34C5 to confirm spawn and char appears in the game... Do you know what are 0x750E and 0x3537 packets?
12/22/2014 22:33 theking200051#14
Quote:
Originally Posted by FireBlow View Post
Thats why my char was invisible... I am now sending packet 0x34C5 to confirm spawn and char appears in the game...
so the client less work stable ?

Quote:
Originally Posted by FireBlow View Post
1. I don't use any proxy... I am connecting with TCP socket to the joymax gateway server and then redirect to the agent server...
u used pushedx,silkroadsecurityAPI codes for handling security bytes and handshake process or u just make u r own ?
12/22/2014 22:54 FireBlow#15
Quote:
Originally Posted by theking200051 View Post
so the client less work stable ?
Not yet... I have to deal with the hackshield packet...

Quote:
Originally Posted by theking200051 View Post
u used pushedx,silkroadsecurityAPI codes for handling security bytes and handshake process or u just make u r own ?
I have used WeeMans code which is based on pushedx code...
Page 1 of 2 1 2