[Release] PacketLogger

KanimaNT · 07/11/2022, 19:08

Quote:
Originally Posted by BladeTiger12
Hello Elitepvpers,

today I release my new PacketLogger for NosTale.
I thought to create a new one, because Doktor.'s one doesn't really work well and Elektrochemie's one do not save the filters. (Annoying )
There are not much functions, but I hope it will be usefull for some people.

Btw: Mouse over a Packet u will see the full.
Here are some Pictures:

Gallery 1

TCP Feature (for developers)

Spoiler

Explanation

Spoiler

You can use every programming language that supports the TCP protocol!

- A TCP Server in the PacketLogger to communicate with the Client (proxy-like).
- For IP:Port look in titlebar of the PacketLogger.

Actually pretty easy to use. You can connect as much clients as you want to this server.
I also uploaded in the archive some example AutoIt scripts. Maybe it's useful for someone.

So first of all: All packets have the same format as NosTale (Space splitted)
The first item is a number: 0 for receive, 1 for send Packet.

E.g.:

PHP Code:

packet = receiveFromPacketLogger(); splitted = split(packet, ' '); type = splitted[0]; header = splitted[1]; if type == 0 then "RECEIVE PACKET" if type == 1 then "SEND PACKET"

Same is for sending back to PacketLogger:

PHP Code:

sendPacket = "1 walk 22 33 1"; <- 1 is for send recvPacket = "0 gold 2329392"; <- 0 is for recv sendToPacketLogger(sendPacket); sendToPacketLogger(recvPacket);

That's it. You can do whatever you want with it.
Have fun.

Helpful Snippets:

Spoiler

Python "GetPacketLoggerPorts" Snippet by
Post:

Spoiler

Code:

from typing import List from psutil import process_iter, AccessDenied, Process def get_processes(substring: str) -> List[Process]: processes = [] for process in process_iter(): try: if substring in process.name(): processes.append(process) except AccessDenied as err: pass return processes def get_nostale_packet_logger_ports() -> List[int]: processes = get_processes("NostaleClientX.exe") ports = [] for process in processes: for connection in process.connections(): if connection.laddr and connection.laddr.ip == "127.0.0.1": ports.append(connection.laddr.port) return ports

Useful Python Functions for Memory Editing/PacketLogger Helper-Functions by
Post:
Github Repository:

TCP Feature applications:

Spoiler

DPS Counter by
Link to thread:

Fish bot by
Thread:
Github Repo:

Put every file from "PacketLogger" folder in the archive into the NosTale folder! You just need to inject the "PacketLogger.dll" nothing else!
When u get errors during inject try to download:
-
- (Scroll down)

Ty to for the picture

Downloads in attachment and that's it. Have fun with it .

Updates:

Spoiler

12.04.2022:
- Fixed pattern of recv function
- Fixed encoding
08.04.2022:
- Fixed special characters (Thanks to: Hatz~ :> )
14.02.2020: (Downloads 1751)
- Added TCP Server to communicate with NosTale over Packetlogger
18.04.2019: (Downloads: 295)
- Fixed patterns for Vendetta
05.03.2019: (Downloads: 1621)
- Fixed bot for Vendetta
16.07.2017:
- Now you can mark selected packets
- You can activate/deactivate filter's.
18.07.2017
- Little bug fix
08.08.2018
- Fixed the pointers/patterns

Here is the Virustotal:

GitLab Repo:
I've used QT(just google it) and PolyHook 2.0().
I won't help you to set up the project, do it by yourself.

probably stupid question but did anyone try to inject it into DynZen server? it seems crashing for me

Limoo · 07/12/2022, 22:41

Quote:

Originally Posted by KanimaNT

probably stupid question but did anyone try to inject it into DynZen server? it seems crashing for me

It doesn't (crash) or at least a few weeks ago you could inject it

KanimaNT · 07/12/2022, 23:13

Quote:

Originally Posted by Limoo

It doesn't (crash) or at least a few weeks ago you could inject it

DynZen uses different client version. That's why patterns should be changed (same as for vendetta few years ago).

Code:

	// Recv & Hook
	{
		const byte abSignature[] = { 0x55, 0x8B, 0xEC, 0x83, 0xC4, 0xF0, 0x53, 0x56, 0x57, 0x33, 0xC9, 0x89, 0x4D, 0xF4, 0x89, 0x4D, 0xF0, 0x89, 0x55, 0xFC, 0x8B, 0xD8, 0x8B, 0x45, 0xFC };
		const char *szMask = "xxxxx?xxxxxxx?xx?xx?xxxx?";
		ReadPattern(EAddress::ARecvHook, abSignature, szMask);

		s_mapAddress[EAddress::ARecvPacket] = s_mapAddress[EAddress::ARecvHook];
	}

	// Send & Hook
	{
		// Official
		const byte abSignature[] = { 0x53, 0x56, 0x8B, 0xF2, 0x8B, 0xD8, 0xEB, 0x04, 0xEB, 0x05, 0x39, 0x19, 0x8B, 0xD6, 0x8B, 0xC3, 0xE8, 0xFF, 0xFF, 0xFF, 0xFF, 0x84, 0xC0, 0x74, 0x1A };
		const char *szMask = "xxxxxxxxxxxxxxxxx????xxxx";
		
		ReadPattern(EAddress::ASendHook, abSignature, szMask);
		
		s_mapAddress[EAddress::ASendPacket] = s_mapAddress[EAddress::ASendHook];
	}

	// Send & Hook Vendetta
	if (!s_mapAddress[EAddress::ASendHook]) {
		const byte abSignature[] = { 0x53, 0x56, 0x57, 0x8B, 0xFA, 0x8B, 0xF0, 0xB3, 0x01, 0xEB, 0x04, 0xEB, 0x05 };
		const char* szMask = "xxxxxxxxxx?x?";
		ReadPattern(EAddress::ASendHook, abSignature, szMask);

		s_mapAddress[EAddress::ASendPacket] = s_mapAddress[EAddress::ASendHook];
	}

	// Packet Class Pointer
	{
		const byte abSignature[] = { 0xA1, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x00, 0x80, 0x78, 0x60, 0x00, 0x74, 0x1B, 0x84, 0xDB };
		const char *szMask = "x????xxxxxxxxxx";
		ReadPattern(EAddress::APacketClassPointer, abSignature, szMask, 1);
	}

I've been trying to find correct patterns..but to be fair I have no idea what I was doing. All kind of reverse eng stuff is pure black magic for me.
Maybe someone will be able to find correct patterns and then push a suggestion to creator.

Limoo · 07/13/2022, 20:36

Quote:

Originally Posted by KanimaNT

DynZen uses different client version. That's why patterns should be changed (same as for vendetta few years ago).

Code:

	// Recv & Hook
	{
		const byte abSignature[] = { 0x55, 0x8B, 0xEC, 0x83, 0xC4, 0xF0, 0x53, 0x56, 0x57, 0x33, 0xC9, 0x89, 0x4D, 0xF4, 0x89, 0x4D, 0xF0, 0x89, 0x55, 0xFC, 0x8B, 0xD8, 0x8B, 0x45, 0xFC };
		const char *szMask = "xxxxx?xxxxxxx?xx?xx?xxxx?";
		ReadPattern(EAddress::ARecvHook, abSignature, szMask);

		s_mapAddress[EAddress::ARecvPacket] = s_mapAddress[EAddress::ARecvHook];
	}

	// Send & Hook
	{
		// Official
		const byte abSignature[] = { 0x53, 0x56, 0x8B, 0xF2, 0x8B, 0xD8, 0xEB, 0x04, 0xEB, 0x05, 0x39, 0x19, 0x8B, 0xD6, 0x8B, 0xC3, 0xE8, 0xFF, 0xFF, 0xFF, 0xFF, 0x84, 0xC0, 0x74, 0x1A };
		const char *szMask = "xxxxxxxxxxxxxxxxx????xxxx";
		
		ReadPattern(EAddress::ASendHook, abSignature, szMask);
		
		s_mapAddress[EAddress::ASendPacket] = s_mapAddress[EAddress::ASendHook];
	}

	// Send & Hook Vendetta
	if (!s_mapAddress[EAddress::ASendHook]) {
		const byte abSignature[] = { 0x53, 0x56, 0x57, 0x8B, 0xFA, 0x8B, 0xF0, 0xB3, 0x01, 0xEB, 0x04, 0xEB, 0x05 };
		const char* szMask = "xxxxxxxxxx?x?";
		ReadPattern(EAddress::ASendHook, abSignature, szMask);

		s_mapAddress[EAddress::ASendPacket] = s_mapAddress[EAddress::ASendHook];
	}

	// Packet Class Pointer
	{
		const byte abSignature[] = { 0xA1, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x00, 0x80, 0x78, 0x60, 0x00, 0x74, 0x1B, 0x84, 0xDB };
		const char *szMask = "x????xxxxxxxxxx";
		ReadPattern(EAddress::APacketClassPointer, abSignature, szMask, 1);
	}

I've been trying to find correct patterns..but to be fair I have no idea what I was doing. All kind of reverse eng stuff is pure black magic for me.
Maybe someone will be able to find correct patterns and then push a suggestion to creator.

I'm 100% sure that it worked, I used it

FI0w · 07/23/2022, 16:36

@

Could you add some kind of recv catch so that the client dont crash if too less arguments?(simple asm catch should reach)

PvePowa · 08/13/2022, 12:29

When i inject the PacketLogger.dll, the game crash.
I've got the text :: 'Dll injected', and then the app shut down.
Any one had the same issue in the past?

Fentoz · 08/19/2022, 20:50

Quote:

Originally Posted by PvePowa

When i inject the PacketLogger.dll, the game crash.
I've got the text :: 'Dll injected', and then the app shut down.
Any one had the same issue in the past?

im having the same issue, i tried packetlogger last time about half a year ago and it was fine, whatever version. can anyone help? :P

BladeTiger12 · 08/21/2022, 21:44

Quote:

Originally Posted by FI0w

@

Could you add some kind of recv catch so that the client dont crash if too less arguments?(simple asm catch should reach)

When I got some spare time I'll try to add it

Will let you know when I've released it.

BlackSkyFire · 08/23/2022, 15:31

I have the problem that the packet logger in the Alzanor Raid crashes at some point, just like in the Valehir Raid, what could be the reason?

XxmimoixX · 09/03/2022, 11:08

Hello,

Someone have tp packet ?
I try a lot of tp packet on send but it doesnt work
example : n_run 26 0 1 ID

Limoo · 09/03/2022, 15:59

Quote:

Originally Posted by XxmimoixX

Hello,

Someone have tp packet ?
I try a lot of tp packet on send but it doesnt work
example : n_run 26 0 1 ID

Fake receive tp 1 88888 10 16 0

[RECV] tp [player_type] [player_id] [x] [y] 0

It's only visual, you can't TP with packet

XxmimoixX · 09/03/2022, 16:41

I make a program based on this packet logger few years ago and make many tp button like go in nosville/act4/5/6/7 so yes we can (2 years ago it's worked).

I dont speak about tp like random pos i know it's not possible, i speak about the warp tp method, i think it's fixed now.

Example of packet for tp i use :

Limoo · 09/03/2022, 20:25

Quote:

Originally Posted by XxmimoixX

I make a program based on this packet logger few years ago and make many tp button like go in nosville/act4/5/6/7 so yes we can (2 years ago it's worked).

I dont speak about tp like random pos i know it's not possible, i speak about the warp tp method, i think it's fixed now.

Example of packet for tp i use :

You can still use n_run tp but you need an NPC.
For example n_run 16 1 2 2777 (2777 is a big lettuce in nosville meadows)

You need to stay in range. (5 cells max)

XxmimoixX · 09/04/2022, 09:33

Quote:

Originally Posted by Limoo

You can still use n_run tp but you need an NPC.
For example n_run 16 1 2 2777 (2777 is a big lettuce in nosville meadows)

You need to stay in range. (5 cells max)

ty for this information man.
So im gonna use the script packet for tp in nosville and use the npc next to the spawn point to tp where i want.

It's not a clean solution but it's work.

~~Unit_Lucas~~ · 09/04/2022, 23:43

Quote:
Originally Posted by BladeTiger12
Hello Elitepvpers,

today I release my new PacketLogger for NosTale.
I thought to create a new one, because Doktor.'s one doesn't really work well and Elektrochemie's one do not save the filters. (Annoying )
There are not much functions, but I hope it will be usefull for some people.

Btw: Mouse over a Packet u will see the full.
Here are some Pictures:

Gallery 1

TCP Feature (for developers)

Spoiler

Explanation

Spoiler

You can use every programming language that supports the TCP protocol!

- A TCP Server in the PacketLogger to communicate with the Client (proxy-like).
- For IP:Port look in titlebar of the PacketLogger.

Actually pretty easy to use. You can connect as much clients as you want to this server.
I also uploaded in the archive some example AutoIt scripts. Maybe it's useful for someone.

So first of all: All packets have the same format as NosTale (Space splitted)
The first item is a number: 0 for receive, 1 for send Packet.

E.g.:

PHP Code:

packet = receiveFromPacketLogger(); splitted = split(packet, ' '); type = splitted[0]; header = splitted[1]; if type == 0 then "RECEIVE PACKET" if type == 1 then "SEND PACKET"

Same is for sending back to PacketLogger:

PHP Code:

sendPacket = "1 walk 22 33 1"; <- 1 is for send recvPacket = "0 gold 2329392"; <- 0 is for recv sendToPacketLogger(sendPacket); sendToPacketLogger(recvPacket);

That's it. You can do whatever you want with it.
Have fun.

Helpful Snippets:

Spoiler

Python "GetPacketLoggerPorts" Snippet by
Post:

Spoiler

Code:

from typing import List from psutil import process_iter, AccessDenied, Process def get_processes(substring: str) -> List[Process]: processes = [] for process in process_iter(): try: if substring in process.name(): processes.append(process) except AccessDenied as err: pass return processes def get_nostale_packet_logger_ports() -> List[int]: processes = get_processes("NostaleClientX.exe") ports = [] for process in processes: for connection in process.connections(): if connection.laddr and connection.laddr.ip == "127.0.0.1": ports.append(connection.laddr.port) return ports

Useful Python Functions for Memory Editing/PacketLogger Helper-Functions by
Post:
Github Repository:

TCP Feature applications:

Spoiler

DPS Counter by
Link to thread:

Fish bot by
Thread:
Github Repo:

Put every file from "PacketLogger" folder in the archive into the NosTale folder! You just need to inject the "PacketLogger.dll" nothing else!
When u get errors during inject try to download:
-
- (Scroll down)

Ty to for the picture

Downloads in attachment and that's it. Have fun with it .

Updates:

Spoiler

12.04.2022:
- Fixed pattern of recv function
- Fixed encoding
08.04.2022:
- Fixed special characters (Thanks to: Hatz~ :> )
14.02.2020: (Downloads 1751)
- Added TCP Server to communicate with NosTale over Packetlogger
18.04.2019: (Downloads: 295)
- Fixed patterns for Vendetta
05.03.2019: (Downloads: 1621)
- Fixed bot for Vendetta
16.07.2017:
- Now you can mark selected packets
- You can activate/deactivate filter's.
18.07.2017
- Little bug fix
08.08.2018
- Fixed the pointers/patterns

Here is the Virustotal:

GitLab Repo:
I've used QT(just google it) and PolyHook 2.0().
I won't help you to set up the project, do it by yourself.

Hello everyone, I don't really see how it would be useful? since we can change values in the game, I would like to know more about the real things we can do with this kind of tools, thanks !