I've noticed a few threads of .txt files with packets in them. Naturally, I decided to make a program to make these more convenient to use. Here's a shot of my current progress:
I have the basic idea of everything already planned. This shell will send a message to Alissa and tell it to send the packet this creates. Think of it as an easy way to remember and use packets without opening a bunch of text files.
However, I am having trouble understanding the workings of the packet data. From all my research I've gathered the following.
The starting 8 characters indicate the function of the packet.
00008EC3 for Shadow Missions
0000A42B for Mana Tunnels
0000526C for Chat
00006982 for Skill Loading
I know how to retrieve character ID's and how to use them.
I know how to use skill ID's to load skills.
Note: I am not necessarily asking for complete hand-out packets, but just an overview of how they work. Also note that all my information is mostly gathered from one or two posts. I have searched for many hours and haven't come up with anything substantial.
My questions are:
Are the first 8 digits the "opcode"? Sounds right to me.
How do I get the data to populate the end of the message? I know the packet for loading defense is:
00006982<Char ID>070200024E2106000100
This is how I can decompile it so far:
00006982 - Load Skill Opcode
<Char ID> - Self explanatory
07020002 - No clue. Guessing it's a parameter?
4E21 - 20001, the code for Defense.
06000100 - Again, no clue.
Can anyone explain those two parts?
And just in general, are there any decent guides to packet codes? Every thread I've seen asking about them turns into a giant flame war and has little if any information. Would be ironic if this turns into the same thing.
1. yes, the first 8 digits are the "opcode"
2. Generally, most general packets end in two or four 0s.
3. Look for alissa source. You can study how the packet builder works in it.
1. Thanks
2. That doesn't really cover how the parameters are formed or how to get them, or if you can.
3. I completely forgot Alissa came with source, but it's coded in Delphi and I don't have access to it. Notepad++ works, but then again I barely understand Delphi. Second, that doesn't answer my question. I know how packets work by themselves. I was trying to ask about how Mabinogi packets are formed as in opcodes and parameters(again). I guess 2 and 3 in my questions can be combined.
Edit: 3 is probably not clear. I don't mean formed as in put x here, I mean how do you get the opcode and parameters of a function and understand what they do. I'm assuming it's all in-game packet sniffing.
I wonder about some of those extra numbers too
IDK about all of them, but i can offer this:
1.Some of the numbers are essentially just dividers to seperate params
02,03,04,05,06 etc
Some of the numbers are related to the number of digits in a string
in english = "4cat" "6horse" "5bear"
3.Alissa sometimes builds a packet differently than the game did and it
seems to work just the same.
Your example:
00006982<Char ID>070200024E2106000100
Alissa might build like this:
00006982<Char ID>060200024E2106000100
4.Might find info here:
IMPORTANT: THESE ARE RECIEVED PACKETS. NOBODY SEES THE ANIMATIONS BUT YOU.
00006D6001000000002CEE30E0400030000000803000000010 101020000
animation packet. this one sends the animation of you countering constantly.
00006D62 <--- animation OPcode
001000000002CEE3 <--- character ID, in this case mine
0E <--- packet number (this doesnt seem to mean much)
04 <--- 4 arguments
00 <--- :
03 <--- first argument - T_INT (8 digit value)
00000008 <--- category index number*
03 <--- second argument - T_INT (8 digit value)
00000001 <--- element index number*
01 <--- third argument - T_BYTE (2 digit value)
01 <--- loop (1 is on, 0 is off)
02 <--- fourth argument - T_WORD (4 digit value)
0000 <--- seems to always be 0, just leave it like that
*you need to look into the motion.xml i added for these.
small example - the combat animations:
--> <Category Index="8" Name="Combat" Desc="전투 특수 동작">
<Element Index="0" Name="CombatDefence" Desc="가드" />
--> <Element Index="1" Name="CombatCounter" Desc="반격" />
<Element Index="2" Name="CombatSmash" Desc="강공격" />
<Element Index="3" Name="CombatDown" Desc="넘어져 있는 사람 공격" />
<Element Index="4" Name="CombatWindMillStanding" Desc="윈드밀,일반" />
<Element Index="5" Name="CombatWindMillRising" Desc="윈드밀,반격" />
<Element Index="6" Name="windbreaker_prepare" Desc="윈드브레이커준비모션" />
<Element Index="7" Name="windbreaker_wait" Desc="윈드브레이커캐스팅모션" />
<Element Index="8" Name="Taunt" Desc="도발스킬" />
<Element Index="9" Name="WandSlashCasting" Desc="윈드슬래시 준비모션" />
<Element Index="10" Name="WandSlashProcessing" Desc="윈드슬래시 시전모션" />
<Element Index="11" Name="Evasion" Desc="낙법" />
</Category>
Category Index is argument 1
Element index is argument 2
the arrows point to those we have in the example packet all the way at the top.
limitations:
-certain conditions have to be met
(i.e. need to be giant for taunt animation, need a ranged weapon for range animations)
IMPORTANT: THESE ARE RECIEVED PACKETS. OTHERS DO NOT SEE THESE EFFECTS.
before we start, this is the basic layout of the packet.
this is all recieved, so only you can see it and you will
rubberband if you use any speed changing ones.
i will keep this layout broken down for the examples, but you need to
fit it all together in one long string before recieving it.
this will look as such:
0000A028(charID)2004000400000000000000000400000000 000000000400000000000000000300000000
the template is: parameter #, digit #, parameter setting - effect
so 1, 7, 4 means first parameter, 7th digit, change it from 0 to 4
so, for example, getting sakura petals (1, 1, 1) to fall around you
while you get a heal enhancement (3, 13, 8) with demigod (2, 13, 4),
levitate (2, 3, 2), nuadha item set effect (3, 16, 8) and the
berserker run (3, 16, 4) you will get:
notice how berserker run and nuadha item set had te same param changed?
the nuadha one was 8, or d in the forumula, while the berserker one was
4, or c in the formula. we wanted these mixed so we looked up and saw
that C = 3 + 4, so we changed it to (3, 16, C) to let them both in
parameter breakdown of above:
every 1, 2, 4 and 8 introduces new effect. the rest mixes them together.
the mixes are as followed:
this is the list of all the effects (and notations i added) i have found:
note that not all the recieved ones worked, might be because you need
to be mounted on a pet or be a specific race. all of these have been
tested on a female human. note that the mini pot does NOT shrink your
character, it only displays the message.
1, 10, 1 - no change detected
1, 10, 2 - no change detected
1, 10, 4 - unknown status effect (looks like chat bubble with X in it)
1, 10, 8 - no change detected
1, 11, 1 - DK disarm effect
1, 11, 2 - unknown status effect (looks like bird fetch, but different color)
1, 11, 4 - ray of light over your head (G1 final effect?)
1, 11, 8 - unknown status effect (looks like bird fetch, sparkles appear under you when used)
1, 12, 1 - elf mirage poison
1, 12, 2 - sapped (music effect, everything you hit triggers their PD)
1, 12, 4 - PvP penalty status effect
1, 12, 8 - Lethargic status effect (idk what it does)
1, 13, 1 - Misfortune status effect (idk what it does)
1, 13, 2 - no change detected
1, 13, 4 - flashing red/normal (FAST)
1, 13, 8 - pulsing red/normal
1, 14, 1 - confused status effect
1, 14, 2 - combat 2x exp (pot) status effect
1, 14, 4 - only able to walk
1, 14, 8 - luck status effect
1, 15, 1 - silence status effect (your chat auto-converts to thought bubble)
1, 15, 2 - petrified status effect*
1, 15, 4 - coward status effect
1, 15, 8 - berserker (music) status effect
1, 16, 1 - poisoned status effect
1, 16, 2 - deadly status effect (die in 1 hit, good for training)
1, 16, 4 - potion poisoned status effect
1, 16, 8 - numb status effect
2, 1, 1 - item drop rate boost
2, 1, 2 - fishing boost
2, 1, 4 - fishing boost (again? probably different durations, 30 minute and 2 hour)
2, 1, 8 - no change detected
2, 2, 1 - no change detected (possible strengthening of 2, 2, 4?)
2, 2, 2 - no change detected (possible strengthening of 2, 2, 4?)
2, 2, 4 - shadow crystal
2, 2, 8 - item drop rate boost status
2, 3, 1 - Demigod Invulnerability (wings of eclipse)
2, 3, 2 - levitate
2, 3, 4 - attacked by a crow (hit by wings of rage)
2, 3, 8 - attacked by a crow disappears
2, 4, 1 - no change detected
2, 4, 2 - no change detected
2, 4, 4 - no change detected
2, 4, 8 - no change detected
2, 5, 1 - no change detected
2, 5, 2 - no change detected
2, 5, 4 - no change detected
2, 5, 8 - no change detected
2, 6, 1 - no change detected
2, 6, 2 - no change detected
2, 6, 4 - no change detected
2, 6, 8 - no change detected
2, 7, 1 - light up skill hotbar
2, 7, 2 - darken (deactivate?) skill hotbar (like when mounted on a pet)
2, 7, 4 - no change detected
2, 7, 8 - no change detected
2, 8, 1 - no change detected
2, 8, 2 - no change detected
2, 8, 4 - no change detected
2, 8, 8 - no change detected
2, 9, 1 - "Unable to consume items or food" status effect
2, 9, 2 - no change detected
2, 9, 4 - no change detected
2, 9, 8 - unable to move*
2, 10, 1 - no change detected
2, 10, 2 - ray of light over your head (possible G1 final effect)
2, 10, 4 - berserker (music) glow (not status effect)
2, 10, 8 - chibi (mini potion used)
2, 11, 1 - no change detected
2, 11, 2 - no change detected
2, 11, 4 - no change detected
2, 11, 8 - no change detected
2, 12, 1 - no change detected
2, 12, 2 - the "twilight" effect (sparkles!)
2, 12, 4 - black fog around you (*cough*)
2, 12, 8 - unable to move*
2, 13, 1 - frozen (by frozen blast)*
2, 13, 2 - break out of frozen blast (get hit)
2, 13, 4 - demigod (includes speed boost, skills become usable)
2, 13, 8 - undemigod (lose the effect)
2, 14, 1 - no change detected
2, 14, 2 - no change detected
2, 14, 4 - no change detected
2, 14, 8 - bot timer*
2, 15, 1 - elephant water spray status effect
2, 15, 2 - poisoned glow (not status effect)
2, 15, 4 - confused glow (not status effect)
2, 15, 8 - unable to move*
3, 1, 1 - no change detected
3, 1, 2 - no change detected
3, 1, 4 - no change detected
3, 1, 8 - no change detected
3, 2, 1 - no change detected
3, 2, 2 - no change detected
3, 2, 4 - no change detected
3, 2, 8 - no change detected
3, 3, 1 - no change detected
3, 3, 2 - no change detected
3, 3, 4 - no change detected
3, 3, 8 - no change detected
3, 4, 1 - no change detected
3, 4, 2 - no change detected
3, 4, 4 - no change detected
3, 4, 8 - no change detected
3, 5, 1 - no change detected
3, 5, 2 - no change detected
3, 5, 4 - no change detected
3, 5, 8 - no change detected
3, 6, 1 - no change detected
3, 6, 2 - no change detected
3, 6, 4 - no change detected
3, 6, 8 - no change detected
3, 7, 1 - no change detected
3, 7, 2 - no change detected
3, 7, 4 - no change detected
3, 7, 8 - no change detected
3, 8, 1 - no change detected
3, 8, 2 - unable to move
3, 8, 4 - no change detected
3, 8, 8 - passive pet boost - flame horse
3, 9, 1 - movement change (you start sneaking as in the romeo and juliet mission)
3, 9, 2 - no change detected
3, 9, 4 - no change detected
3, 9, 8 - no change detected
3, 10, 1 - metallurgy enhancement
3, 10, 2 - dark fog around you + andras' music box effect (doppelgänger effect in G10 final)
3, 10, 4 - no change detected
3, 10, 8 - Passive pet boost - dragon flying
0000A86E001000000002CEE30E02000400100000000A696703 00000001
request duel packet. target works via character ID.
0000A86E <--- request duel OPcode
001000000002CEE3 <--- character ID, in this case mine
0E <--- packet number (this doesnt seem to mean much)
02 <--- 2 arguments
00 <--- :
04 <--- first argument - T_ID (16 digit value)
00100000000A6967 <--- character ID of your opponent
03 <--- second argument - T_INT (8 digit value)
00000001 <--- can/cannot*
*this is 0 when you cannot request the duel, so i flagged it as can/cannot
0000A888001000000002CEE3050100030000000A
duel % packet. percentage is 10%
0000A888 <--- change percentage OPcode
001000000002CEE3 <--- character ID, in this case mine
05 <--- packet number
01 <--- amount of arguments
00 <--- :
03 <--- first argument - T_INT (8-digit value)
0000000A <--- the % in hex, in this case 10%
current limitations:
-using this during the 5 second countdown before a match will result in both players being unable to attack eachother.
-changing % this way affects BOTH players
-cannot go to 1,000,000,000* or higher, if you cross that boundary it reverts to 0%
*this is 3B9ACA00 in hex
several "popular" percentages:
0FFFFFFF - 268,435,455% (popular 'cause its easy to type)
00000064 - 100%
00000019 - 25%
0000000A - 10%
00000000 - 0%
0000A88C001000000002CEE30201000101
enable/disable ring out mode
0000A88C <--- change ringout rule OPcode
001000000002CEE3 <--- character ID, in this case mine
02 <--- packet number
01 <--- 1 argument
00 <--- :
01 <--- first argument - T_BYTE (2 digit value)
01 <--- on/off*
*1 is on, 0 is off
current limitations:
-does not show the ring out "barrier" when turned on mid-battle
-ring does not move, it's the circle around you when you requested the battle
00005273001000000002CEE315020006000C546F7573686972 6F75323200060003686900
whisper packet. target is Toushirou22, message is hi.
00005273 <--- send whisper OPcode
001000000002CEE3 <--- character ID, in this case mine
15 <--- packet number
02 <--- 2 arguments
00 <--- :
06 <--- first argument - T_STR (text string) value
00 <--- start of the text
0C <--- amount of characters in the text (includes itself)
546F75736869726F753232 <--- the name of the target in hex
00 <--- end of the text
06 <--- 2nd argument - T_STR (text string) value
00 <--- start of the text
03 <--- amount of characters in the text (includes itself)
6869 <--- the message in hex
00 <--- end of text
current limitations (without mods etc.) :
- between 100 and 200 characters (adds up all the strings), i have yet to determine a specific amount*
- faulty amount of characters in text results in either you crashing or the text being bricked
*going over the limit will crash you and not send anything
---------------------------------WARNING-------------------------------
this has not yet been tested with any character limit edits!
use at your own risk!
---------------------------------WARNING-------------------------------
how to write characters:
the characters 0 to 9 are, in hex, 30 to 39
the characters A to Z are, in hex, 41 to 5A
the characters a to z are, in hex, 61 to 7A
some special characters:
is 20 (a space)
, is 2C
. is 2E
? is 3F
! is 21
: is 3A
; is 3B
- is 2D
how did we get to those hex values?
i shall explain it here.
we're using the unicode of the characters!
(hold alt and press numbers on your keyboard, try 90 (it gives Z))
this number 90 (a decimal value) is what we convert to hexadecimal
we use the following formulas to "count" them:
x*(y^n)
x being the number in the value
y depending on the type of value*
n is the number in your value, counting from right to left. starting from 0**
*(decimal is 10, hex is 16, octal is 8, binary is 2)
**(so the 9 in 90 would be n=1, the 5 in 54321 would be n=4, the 1 in 21 is n=0, etc.)
from right to left the decimal value "90" is:
0*(10^0) = 0
9*(10^1) = 90
____+
90
before going hex, lets take a look at the digits first:
0 = 0
1 = 1
2 = 2
3 = 3
4 = 4
5 = 5
6 = 6
7 = 7
8 = 8
9 = 9
A = 10
B = 11
C = 12
D = 13
E = 14
F = 15
making a grand total of 16 digits (are you seeing how we got the value of y?)
now we need to get 90 in hexadecimal, which is 5A
A*(16^0) = 10
5*(16^1) = 80
_____+
90
these packets still work. note that the recieved ones are NOT seen by others.
hope you enjoy it, feel free to ask any questions.
I'm kind of surprised at the amount of help I got. Thanks Cloud for all the examples, Tylian for noting that they are C strings, and Blade for noting Alissa splits the parameters. I noticed Alissa did it last night but didn't quite understand it.
So I'm guessing if I want to find opcodes for specific things (i.e. 6982 for skills, A88A for duel/pvp, etc), I have to do them myself in-game and extract the packet? If so I have a lot of in-game packet sniffing to do. In the mean time I'm building a scanner for csend since it's easier than finding opcodes for packets with parameters.
Edit: New question, are ALL received packets visual only? From what I've gathered I'd say so. Just had a fun experience with trying to use a Recv to do something.
Being an amateur I thought I could just moon gate, grab the packet and have a free teleport to Ceo Island. I though it worked since I tested it while on Ceo Island and it kept putting me back at the tunnel. Teleported to Dun and back to make sure it worked and got this:
Long story short, lesson learned. Can't just resend packet with same result.
I also found out that the client sends a sort of confirmation packet when it receives items. I tested this with the snowball and I get something like
RECV - Item Gain Screen (Shows the snowball with info, etc)
RECV - Item Gain Message (System Message that says "obtained x")
RECV - I didn't note the last one, but it was visual like the last two
SEND - 00006598<CharID>02010100(Something like that anyway. Not sure of exact opcode.)
This stuck out at me because I Recv the same type of packet when I do certain actions. I'm pretty sure that's what stops you from getting more than one.
So I'm guessing if I want to find opcodes for specific things (i.e. 6982 for skills, A88A for duel/pvp, etc), I have to do them myself in-game and extract the packet? If so I have a lot of in-game packet sniffing to do. In the mean time I'm building a scanner for csend since it's easier than finding opcodes for packets with parameters.
Edit: New question, are ALL received packets visual only? From what I've gathered I'd say so. Just had a fun experience with trying to use a Recv to do something.
Naturally the server tells your client what to display. So every packet you receive is an information, that normally would come from the server. You can do funny stuff here, but it'll always be client sided. And even though Mabinogi has some security flaws, you can't change what the server knows about your character, no matter what packets you let your client receive. Only things you send will actually do something.
About a scanner for csend, aka packets without parameters, I'm pretty sure there already is one , isn't there?
Edit: Wow... my first post, after being registered here for exactly 6 years xD
Naturally the server tells your client what to display. So every packet you receive is an information, that normally would come from the server. You can do funny stuff here, but it'll always be client sided. And even though Mabinogi has some security flaws, you can't change what the server knows about your character, no matter what packets you let your client receive. Only things you send will actually do something.
About a scanner for csend, aka packets without parameters, I'm pretty sure there already is one , isn't there?
Edit: Wow... my first post, after being registered here for exactly 6 years xD
First post in 6 years? How'd you manage that? Anyway, thanks for the input.
I thought so. I almost flipped the first time I "duplicated" AP. Had a message say AP +25, but it was just client sided sadly. As for that scanner, I don't think it works well. I see people in the thread saying it can make your character unusable. Second, I actually am running it now on an alternate account and I am not seeing it log anything. I get this:
I've never tested it, but it's listing Codes, isn't it?^^ I'd believe these are parameter-less packets. No need to mark them or anything.
The problem is it lists every single packet as a parameter-less packet. There is no skipping that I see. So this is basically counting from 0x01 to 0xFFFFFFFF and writing it to a file.
If it's doing what I think it is, you basically just need to watch your screen for changes. It's probably just a plain scanner that could be made up using a simple macro and Alissa/Agnes telling it to send (StartOP-1)&CharID
[TOOL] Silkroad Online Tool!!! Auto Login + Patcher + Script !!! 09/28/2011 - SRO PServer Guides & Releases - 22 Replies Hello members!
If you remember i make SRO AutoLogin in minimalized window!
This is mine second script:
Process Pather by lolkop edit by me + mine autologin!
This is fastes and stable than Process Pather,
Silkroad Online tool is very easy only 1 click to patch!
http://img690.imageshack.us/img690/4966/silktool. png
