UnkownMan exploit

Ok,so from the same crack that we used to exploit the MysticMerchant it should be possible to exploit the UnkownMan but with the cost of a db.

Theres a problem i encounter though and I need your guys help to test it and find a way around it with me.

Ok i got crack open and im on the local server that you create,i go to the UnkownMan and talk to him

you pay him 100 silvers then go tc to get a bottle of wine,it doesnt let you buy the bottle of wine,it says just passing by

so you log on your normal client,buy the wine go to UnkownMan give it to him log out and go on the local server,asks again for the 100 silvers..I dont know why

So next i tryed keeping the wine in inventory going on the local server you created,but that didnt work either,so whats stoping him giving you the wine,and whats making the UnkownMan ask for 100 silvers over and over?

If you guys can help with this,it will be the MM exploit all over,faster and quikc tohugh

thats weird it should ill try that later onnn it should work tho cuz it works when ur using qoproxy and there both proxys

It actually removes an item from inventory. It shouldn't work. Try the VPs though.. that uses a more similar system to the exp balls than dbs.

maybe it will work..

Vps could work...

yeah im soure vps would woork thoo :) hehe :D

o.O Ahhhh finally a Intelligent person realised im right.... well heres the info you wanted. The Unknownman has a script which tells it to check your inventry first, it checks for a DB, and if its present it removes the DB BEFORE you get the XP, it then has a packet exchanging to verify that said DB is no-longer there, state 1 (* DB there *) and then state 2 (* No-DB *) come into play, as long as the value for state 1 and 2 is flagged as true, along with global variable of Unknown man quest active (* Peaple dont realise theres a active list of quests your on *) then yourll be able to do it. This is by no means easy as in the 6 DB Exchanges i made testing this value of state 1 and state 2, there was a diffrence, ive since realised the DB needs to be in the same inventry slot to give the same reading..... but anyway heres how its done, you guys work on it. The VP works on the same aswell as all the other stuff you general public havnt exploited, Checks for State 1, makes the change, Checks State 2, Makes the change, Checks global variable or local variable for VP then gives the reward. So its Global state = True, Local State1 = True, Local State 2 = True.

P.P.S> As im getin into trouble for not warning peeps: Flaming of my posts with untrue or useles posts wont be tolerated, i wont back down on that matter, Either CONTRIBUTE or dont waste the internet space with pointless statements....... and yes.... that means you :rolleyes:. I dont have to share my help, I do because I want to, but im no n00b postng a tool so all the leechers can exploit it!. If you want these exploits do it yourselves, ill only provide the right direction.





****MAKE EPVP BAN ALL MEMBERS WHO SEND TQ OTHER MEMBERS DETAILS FROM HERE!!! ITS BREACH OF TRUST GUYS!****

Quote:

Originally posted by Queen-Of-Evil@Jul 29 2007, 11:11 o.O Ahhhh finally a Intelligent person realised im right.... well heres the info you wanted. The Unknownman has a script which tells it to check your inventry first, it checks for a DB, and if its present it removes the DB BEFORE you get the XP, it then has a packet exchanging to verify that said DB is no-longer there, state 1 (* DB there *) and then state 2 (* No-DB *) come into play, as long as the value for state 1 and 2 is flagged as true, along with global variable of Unknown man quest active (* Peaple dont realise theres a active list of quests your on *) then yourll be able to do it. This is by no means easy as in the 6 DB Exchanges i made testing this value of state 1 and state 2, there was a diffrence, ive since realised the DB needs to be in the same inventry slot to give the same reading..... but anyway heres how its done, you guys work on it. The VP works on the same aswell as all the other stuff you general public havnt exploited, Checks for State 1, makes the change, Checks State 2, Makes the change, Checks global variable or local variable for VP then gives the reward. So its Global state = True, Local State1 = True, Local State 2 = True. P.P.S> As im getin into trouble for not warning peeps: Flaming of my posts with untrue or useles posts wont be tolerated, i wont back down on that matter, Either CONTRIBUTE or dont waste the internet space with pointless statements....... and yes.... that means you :rolleyes:. I dont have to share my help, I do because I want to, but im no n00b postng a tool so all the leechers can exploit it!. If you want these exploits do it yourselves, ill only provide the right direction. ****MAKE EPVP BAN ALL MEMBERS WHO SEND TQ OTHER MEMBERS DETAILS FROM HERE!!! ITS BREACH OF TRUST GUYS!****

bro do u mind uploading the crack.i miss the whole MM thing.and i am trying to figure the vp part for now.

dont use the crack.exe proxy its crap, u can do the same job with a standard packet filter, besides crack.exe wont work for Unknown man or VP as the global variables are 3 where Global variable for MM was 1 variable. And its not "Dude" its a Ma'm thankyou :D

Ohh mine,i am all messed up.Well u see i have never try my hand on a packet sniffer , erm looking at Co hotlink of packet sniffer.Which one should i use.Co packet sniffer does not seem to work(the link asks me to change server.dat to 127.0 something something)

general packet sniffer is so complicated.so many ips and the packets are encryted?

Ok so queen,I dont really mean what your trying to explain by state 1 and 2 for the unkownman...

Im not a master programer person so i dont even know how to use a packet filter,and wouldnt have a clue how tog et one to work as i have never used one.

could you make it a little bit clearer about state one and two and also tell me which packet filter you use.

I dont really understand because it should have worked,seen as there was a db in my inventory and i was going to do the quest,but it didnt have the option to buy a wine x.x it said "just passing by"

Help :D

thanks

Quote:

Originally posted by Queen-Of-Evil@Jul 29 2007, 16:11 dont use the crack.exe proxy its crap, u can do the same job with a standard packet filter, besides crack.exe wont work for Unknown man or VP as the global variables are 3 where Global variable for MM was 1 variable. And its not "Dude" its a Ma'm thankyou :D

then i need ur help which packet thing do u use i tried doing it it took my db away made me lvl and then i couldnt do it again it would send the packet but nothing would happen cuz i no longer had the db

Get a packet filter from [Only registered and activated users can see links. Click Here To Register...] we have many there thatll do this job. Ok ill explain the UM variables again: :fedup:

Global variables are a list of Variables ingame used by TQ to make exploiting harder but there standard in alot of games (* I first encounterd them editing BaldursGate 1 and 2 *). Theres a list of all the variables which reads either 0 or 1 after the quest/event meaning True/False, I.E. when u start Disscity it changes Disscityquest_0 to Disscityquest_1, thus the game knows ur in the quest cause the value for doing the quest is true. The UM variable to make the exploit work is the Quest you start, it has 3 variables, Started, Collected Wine, Delivered wine,,, Then it checks the Variable for DB in say slot 1, comes back True, then the server sends a delete item packet with a new Value updating UnknownmanCredited_0 to make it 1. This makes the server know yourve paid the DB, then cause UnknownmanCredited_1 is active it makes it run the ApplyDBXP script on there end, and they credit you the XP... EXACTLY like the MM exploit worked but theres more variables, you have find the correct packets, then know when to send them or block them, for example you can Block the packet to shut the NPC chat window after transaction. Well theres the basics, please no more PMs asking for the Packet address or a "Hack"... Im happy to help assist peaple who have the skill to deserve the exploit and wont abuse it, but for the rest of you be happy you where given the MM exploit at all... you proved you couldnt be trusted not to abuse it so no more help of that form.

The MM hack was more of blocking packets from the client than the server.. it never finished the login sequence and I assume TQs coding job did the rest by not applying some changes to the character (whether you've done the quest or not) due to not being fully logged in. They don't have a check on whether you're logged in all the way yet or not so it let's you go around as if you are (hence why skills/profs were missing in game). It wasn't so much of editing vars as it was just not completing a sequence. The proxy just made the cheating easier after that. It sent the sequence of packets to accept the exp balls (NPC dialog request and then the "button click" packet) over and over again. You could have done it manually in game but it's easier to click one button over and over :P

Fuck it i give up... 8 hours or trying and nothing.;.. packets piss me off ill just go legit lol