![[RESEARCH] Packets Etc.](https://www.elitepvpers.com/forum/iconimages/archlord/research-packets-etc_ltr.gif){kind=small}
[RESEARCH] Packets Etc.
Okay guys -
This post will be updated as I come across new and exciting ways to mess with the game. Please try to replicate my results and conclusions, as well as contribute your own theories and findings. Whilst there is no reason for you leeching scumbags to read this thread, those of you that want some starting blocks to start your own research may find this useful.
WORK IN PROGRESS
Just like the Cooldown method, the client collects a different packet encryption on login- So these wont be a constant method.
---------------------------------------------------------------------------------
Player Positioning- WALKTHRUWALLS
Pos (1) (2) (3)
• Pos 1 = X
• Pos 2 = Z
• Pos 3 = Y
(The X and Y may be switched, though I am sure the 2nd numerical is the Z-axis)
By editing the packets sent when we issue the client command to move, we can effect the overall destination of the character. This on its own is nothing special, but lets not forget something very important..
BY FILTERING THE PACKET, WE CAN SET A LOCATION TO RUN TO.. REGARDLESS OF OBSTACLES. What does this mean? Well yeah we can run through walls using this workaround. Always handy.
Method:
Type /fps into chat.
Check your top right- We'll have a few values popup.
Server Time:
Position:
GrassDraw? <--- Who cares? ha
Take a look at this packet I sniffed from issuing a move command.
Packet size = 40
B1 28 00 3D 01 00 00 4E C4 7D D1 AE 50 36 63 8B E3 15 83 FC 14 6E A1 14 C1 D0 61 E6 F7 26 64 67 7D 24 A6 F9 CA 38 AF BF
Ive already determined in other posts that B1 28 defines that packet as a Client command.
3D in space of the 4th byte represents the TIMER on the packet. (This will always be different- disregard this byte and make sure you never MODIFY in a filter)
Note: the LAST byte of the packet seems to ALWAYS be same. I will call this the movement function for now, but I dont have a clue what it really shows
Bytes 16-23 and 24 to 39 are what we want to look at.
Unfortunately half way through writing this, Ive hit daily server maintenance.. OH DEAR!
Basically, by recording the packet of your desired location, you can set a filter to search B1 28 ..... (and even put in your movement function byte in slot 40. and THEN, when the filter is turned on you should run through all obstacles INCLUDING WALLS, HOUSES, WATER ETC to reach that destination. The fun begins when you turn the filter off halfway through that movement, and gain full control of your players movement whilst in a "secret" spot.
Other Testing:
Record yourself clicking an inaccessible spot on your mini-map - Can you use this method to get there? How does the game determine how the environment blocks your movement- clicking far away seems to put your "move cursor" on the closest obstacle.
My theory is that further research into the 16-39 BYTE section of the packet will allow us to create an XYZ coord hack (of sorts)
--------------------------------------------
PK PACKETS
- Research the packet recieved for PKing a player- Then get his loot off the ground ;]
MORE TO COME- I HAVE AN EXAM! EEEEEEK
 |
