[Request] Packet Structure for CharData Packet

s2k · 12/04/2009, 21:38

can someone tell me which structure the CharData packet has? i would really appreciate this, since im still noob in such things. its just too high for me/ too much information for my head.

PHP Code:



S->C(3013) 82390000221919978A0400000000008601000014AA0000000000002B0000000000000000000049070000C3020000000000000000000000371F02242D000000953C4016000000004700000000038F2D0000000000000000000000340000000005B32D0000000000000000000000350000000006442A00000000000000000000002F0000000009D038000001860000000000000000000000000AF338000000000000000000000000000000000BAD3800000063000000000000000000000002300000000100000011000000010000000D3B2A000000000000000000000027000000000E7B2C000000000000000000000029000000000FDC2C000000C8027400000000003B000000010B0000000200000010172A00000000000000000000002F000000001106000000320012050000000100131A4B0000070014060000003200150D0000003200160D00000032001706000000270018060000003200190D00000032001A0D00000032001B600E000001001C3E00000014001D3800000004001E0600000002001F0D000000060020100000000100211B2B0000000FAC2A54010000003A00000003050000000200000068000000120000003C0000000600000022CB2A0000000000000000000000270000000023472D00000000000000000000003600000000246B2D00000000000000000000003600000000040000010102000017010202000000010302000000010402000000010502000000010602000018020001DA1B00000101F81B000001012C1C00000101791C00000101951C00000101A71C00000101C01C00000101DB1C00000101021D00000101481D00000101621D000001017B1D00000101981D00000101B01D00000101EB1D00000101FE1D00000101301E000001014D1E00000101F626000001011427000001014027000001015327000001015D27000001016F27000001018127000001019B2700000101AC2700000101D427000001012628000001018D2800000101244E000001020A0001000000960000009700000098000000990000009A0000009B000000A1000000D1000000FC000000039C000000100058010101011400534E5F434F4E5F514E4F5F45555F434F4E535F37010000000001511D0000BB000000300018070201011900534E5F434F4E5F514E4F5F414D5F4645525259315F315F3031012300000002011900534E5F434F4E5F514E4F5F414D5F4645525259315F315F30320102000000EF000000300018070101011900534E5F434F4E5F514E4F5F43415F57415245484F5553455F330100000000009C050A00AA621FC7F6431B758B41EF15BC432085000100208500000000008041000048420000C842000600E2E0F0F1E0[AccountID]01000000000000000000000000000000FFD71BE103000000002F040000000717004AED03006401497B1D00000249981D00000349B01D00000449DA1B00000549F81B00000649EB1D000007492C1C00001549402700001649AC27000017499B27000018491427000019498D2800001A49532700001B49D42700001F46040000002046120000002949402700002A47060000002B49532700002E47060000002F49DA1B000030460A00000041C642B243808500010001000001

im wondering what happened to all those packet wickis?

[Wicked] · 12/04/2009, 22:10

Here is all packet structures -> Credits to Drew Benton aka PushEdx

Code:

//-----------------------------------------------------------------------------

//1 Byte allignment for easy stream casting
#pragma pack(push, 1)

// Generic packet structure
struct tPacket
{
    // Size of this packet
    WORD size;

    // Opcode of this packet (0x5000)
    WORD opcode;

    // Security count byte (0 from server to client packets)
    BYTE securityCount;

    // Security crc byte (0 from server to client packets)
    BYTE securityCRC;
};

// First/second packets received from the server
struct tPacket_5000
{
    // Size of this packet
    WORD size;

    // Opcode of this packet (0x5000)
    WORD opcode;

    // Security count byte (0 from server to client packets)
    BYTE securityCount;

    // Security crc byte (0 from server to client packets)
    BYTE securityCRC;

    // Internal flag
    BYTE flag;
};

// First packet received from the server
struct tPacket_5000_E
{
    // Size of this packet (0x25)
    WORD size;

    // Opcode of this packet (0x5000)
    WORD opcode;

    // Security count byte (0 from server to client packets)
    BYTE securityCount;

    // Security crc byte (0 from server to client packets)
    BYTE securityCRC;

    // Internal flag (0xE)
    BYTE flag;

    // Initial blowfish key
    BYTE blowfish[8];

    // security count seed 
    DWORD seedCount;

    // security crc seed 
    DWORD seedCRC;

    // Additional seeds used
    DWORD seedSecurity[5];
};

// Second packet received from the server
struct tPacket_5000_10
{
    // Size of this packet (0xF)
    WORD size;

    // Opcode of this packet (0x5000)
    WORD opcode;

    // Security count byte (0 from server to client packets)
    BYTE securityCount;

    // Security crc byte (0 from server to client packets)
    BYTE securityCRC;

    // Internal flag (0x10)
    BYTE flag;

    // Challenge value to make sure everything is legit
    DWORD challenge[2];
};

That packet is encrypted :P it's too huge to be a normal one

s2k · 12/05/2009, 02:16

thanks, but that doesn't help me in this case. as far as i can see, what you have posted is the security packet structure (?)

Quote:

That packet is encrypted :P it's too huge to be a normal one

no its decrypted by SrProxy.

from that packet, the client gets all character data, skills and stuff. i need the correct structure

plz help someone

Nep7uN2 · 05/18/2010, 18:28

Here is a parsed CHARDATA packet.
I dont know the meaning of every data, but here are some.

If someone know any plus info than post it pls.

Client: 1.250
Opcode: 3013

Code:

007FCD19: 4A 41 73 BC // ?
007FCE2E: 92 39 00 00 //model
0092A17D: 42 // volume 
009249A0: 01 // level
009249B0: 01 // highest mastery level
009249C0: 00 00 00 00 00 00 00 00 // exp
009249D0: 00 00 00 00 // spbar
009249DE: 00 00 00 00 00 00 00 00 //gold
009249EE: 00 00 00 00 //skillpoints
009249FE: 00 00 // attribute points
00924A0E: 00 // zerk points
00924A1E: 00 00 00 00 // Gathered exp?
00924A2E: C8 00 00 00 // HP
00924A3E: C8 00 00 00 // MP
00924A4C: 01 // noob flag
00924A5C: 00 // daily PK
00924A6C: 00 00 // total PK
00924A7C: 00 00 00 00 // PK penalty points
00924A92: 00 // PK rank?
0092852E: 2D // max inv slots
0092853C: 07 // item number

// here starts the items
// normal item
0092858E: 01 // slot
0080AE88: CF 2C 00 00 // itemID
0080AF81: 00 // plus value
0080AF91: 00 00 00 00 00 00 00 00 // ? item stats maybe
0080AFA1: 27 00 00 00 // durability
00809760: 00 // blueamount
00807C03: 01 
00807C11: 00 
00807C03: 02 
00807C11: 00 

0092858E: 04 
0080AE88: D0 2C 00 00 
0080AF81: 00 
0080AF91: 00 00 00 00 00 00 00 00 
0080AFA1: 27 00 00 00 
00809760: 00 
00807C03: 01 
00807C11: 00 
00807C03: 02 
00807C11: 00 

0092858E: 05 
0080AE88: D1 2C 00 00 
0080AF81: 00 
0080AF91: 00 00 00 00 00 00 00 00 
0080AFA1: 27 00 00 00 
00809760: 00 
00807C03: 01 
00807C11: 00 
00807C03: 02 
00807C11: 00 

0092858E: 06 
0080AE88: EB 29 00 00 
0080AF81: 00 
0080AF91: 00 00 00 00 00 00 00 00 
0080AFA1: 27 00 00 00 
00809760: 00 
00807C03: 01 
00807C11: 00 
00807C03: 02 
00807C11: 00 

// quantity item
0092858E: 0D // slot
0080AE88: 42 1D 00 00 // itemID
0080B09E: 01 00 // quantity

0092858E: 0E 
0080AE88: 43 1D 00 00 
0080B09E: 01 00 

0092858E: 0F 
0080AE88: 1A 4B 00 00 
0080B09E: 13 00 

//avatar data
0092869C: 05 // avatar slot count?
009286AA: 00 // avatar num

//mastery data
00927D1B: 00 // mastery list start

00927D29: 01 // it signs that a mastery starts
00927D56: 01 02 00 00 // masteryID
00927D63: 01 // mastery lvl

00927D71: 01 
00927D56: 02 02 00 00 
00927D63: 00 

00927D71: 01 
00927D56: 03 02 00 00 
00927D63: 01 

00927D71: 01 
00927D56: 04 02 00 00 
00927D63: 00 

00927D71: 01 
00927D56: 05 02 00 00 
00927D63: 00 

00927D71: 01 
00927D56: 06 02 00 00 
00927D63: 00 

00927D71: 02 // mastery list end

// Skill data
00927DB0: 00 // skill list start
// this is not a good packet, coz this char has no skill :(
00927DBE: 02 // skill list end

// Quest data 
// available quests
009282BB: 01 00 // num quests
009282D6: 01 00 00 00 // questID

// accepted quests
009282FC: 00 // num quests

0092835E: 00 // ? maybe some padding that signs that quests ended 

00912929: 93 72 9B 04 // CharacterID
00912945: 4C 69 // X-Y sector
00912953: 00 00 EA 44 A0 C4 FE 40 00 40 B9 44 6A 45 // floating X-Y-Z coords 

// Angle data & movement flags.
007F73A3: 00 // angle ?
007F73B7: 01 // ?
007F73C9: 00 // ?
007F73D7: 6A 45 // ?
009201A5: 00 // ?
009201B5: 00 // angle ?
 
009201C5: 00 // zerk points 
009201D5: 00 00 80 41 // walk speed float
009201E5: 00 00 48 42 // run speed float
009201F5: 00 00 C8 42 // berserk speed float
00920211: 00 // ?

0049FC52: 07 00 // charname len
0049FCA3: 52 65 64 53 74 65 72 // charname
0049FC52: 00 00 // job alias len ? 
0049FCA3: // job alias ?

// Job data
0092C1D1: 00 
0092C1DF: 01 
0092C1F4: 00 00 00 00 
0092C202: 00 00 00 00 
0092C210: 00 00 00 00 
0092C260: 00 
0092C26E: 00 
0092C27E: 00 

0092C5C5: FF // PK Flag
00928960: 03 00 20 00 00 00 00 00 // ?
009289A8: A8 8A 8E 00 // accountID
009289D9: 00 // GM flag

// unknown.
007F9423: 07 
007F9441: 04 
007F94A1: 01 4A EA 03 00 64 02 4A F0 03 00 64 03 4A EE 03 00 64 04 4A F8 03 00 64 
007F93A3: 00 00 
007F93B1: 00 00 
007F93BF: 00 00 
007F93CD: 00 
007FC7A0: 00 
007FCEA4: 01 00 01 00 
007FCEBE: 00 
007FD048: 00

kenan557 · 05/16/2011, 13:16

Anybody have more info about this packet? Any other fields?