|
You last visited: Today at 07:11
Advertisement
Buying from network with packet injecting?
Discussion on Buying from network with packet injecting? within the SRO Coding Corner forum part of the Silkroad Online category.
06/04/2011, 19:58
|
#1
|
elite*gold: 0
Join Date: Sep 2007
Posts: 255
Received Thanks: 531
|
Buying from network via packet injecting?
What i'm trying to do is simple AutoIt script using nuConnector that automatically buys elixirs from stallnetwork, but client crash everytime it buys one. After reloggin i can see it have bought one, sometimes more. Here is the code:
Code:
#NoTrayIcon
#include <String.au3>
Global $buying = false, $currentPage = 1
Global $weapon_id = "00000E5F"
Global $shield_id = "00000E60"
Global $protector_id = "00000E61"
Global $accessory_id = "00000E62"
GUICreate("GUI", 171, 176, 192, 114)
$typeCombo = GUICtrlCreateCombo("Weapon Elixir", 16, 16, 137, 25)
GUICtrlSetData(-1, "Protector Elixir|Accessory Elixir|Shield Elixir")
GUICtrlCreateLabel("Max price:", 16, 56, 53, 17)
$maxPrice = GUICtrlCreateInput("500000", 16, 88, 137, 21)
$buy = GUICtrlCreateButton("Check and Buy!", 16, 136, 139, 25)
GUISetState(@SW_SHOW)
TCPStartUp()
$socket = TCPConnect("127.0.0.1", 22580)
If @Error Then Exit
While 1
Switch GUIGetMsg()
Case -3
Exit
Case $buy
InjectPacket("7461", "01002100000000") ;reguest 1st page of elixirs
$buying = true
EndSwitch
$recv = ReadPacket()
$size = Dec(StringMid($recv, 3, 2) & StringMid($recv, 1, 2))
$opcode = StringMid($recv, 7, 2) & StringMid($recv, 5, 2)
$data = StringMid($recv, 13)
If $opcode = "B461" AND $buying = true Then
BeginParse($data, $size)
ParseByte()
$amount = Dec(ParseByte())
$pages = Dec(ParseByte())
For $i = 1 To $amount
$model = ParseDword()
ParseWord()
$id = ParseDword()
$length = Dec(ParseWord())
$nick = ParseAscii($length)
$numByte = ParseByte()
ParseWord()
ParseByte()
$price = ParseQword()
$dunno = ParseQword()
If $model = $weapon_id AND GUICtrlRead($typeCombo) = "Weapon Elixir" AND _Dec($price) <= GUICtrlRead($maxPrice) Then
BuyElixir($id, $numByte, $price, $dunno)
ElseIf $model = $shield_id AND GUICtrlRead($typeCombo) = "Shield Elixir" AND _Dec($price) <= GUICtrlRead($maxPrice) Then
BuyElixir($id, $numByte, $price, $dunno)
ElseIf $model = $protector_id AND GUICtrlRead($typeCombo) = "Protector Elixir" AND _Dec($price) <= GUICtrlRead($maxPrice) Then
BuyElixir($id, $numByte, $price, $dunno)
ElseIf $model = $accessory_id AND GUICtrlRead($typeCombo) = "Accessory Elixir" AND _Dec($price) <= GUICtrlRead($maxPrice) Then
BuyElixir($id, $numByte, $price, $dunno)
EndIf
Next
If $currentPage = $pages Then
$buying = false
InjectPacket("7462", "") ;close network
$currentPage = 1
Else
InjectPacket("7461", "03" & Hex($currentPage, 2) & "2100000000") ;next page please!
$currentPage += 1
EndIf
EndIf
If $buying = true Then
ToolTip("Buying = ON! please wait...", 0, 0)
Else
ToolTip("Buying = OFF!", 0, 0)
EndIf
WEnd
Func ReadPacket()
$recv = Hex(Binary(TCPRecv($socket, 2)))
If $recv = "" Then
Return ""
Else
$size = Dec(StringMid($recv, 3, 2) & StringMid($recv, 1, 2))
$recv &= Hex(Binary(TCPRecv($socket, $size+4)))
Return $recv
EndIf
EndFunc
Func InjectPacket($opcode, $data, $security = "0100")
$size = Hex(StringLen($data) / 2, 4)
$size = StringMid($size, 3, 2) & StringMid($size, 1, 2)
$opcode = StringMid($opcode, 3, 2) & StringMid($opcode, 1, 2)
$packet = _HexToString($size & $opcode & $security & $data)
TCPSend($socket, $packet)
EndFunc
Func Rev($val)
$result = ""
For $i = 1 To StringLen($val) / 2
$byte = StringRight($val, 2)
$val = StringTrimRight($val, 2)
$result &= $byte
Next
Return $result
EndFunc
Func _Dec($hex) ;for Qwords
$number = 0
For $i = StringLen($hex) To 1 Step -1
$number += Dec(StringMid($hex, $i, 1)) *16^ (StringLen($hex) - $i)
Next
Return $number
EndFunc
Func BuyElixir($id, $numByte, $price, $dunno)
InjectPacket("7463", Rev($id) & $numByte & Rev($price) & "010000" & Rev($dunno))
Sleep(300)
EndFunc
;-----------Packet parsing functions by pushedx!----------------------------------------------------
Func BeginParse($buffer, $size)
Global $globalParseIndex = 1
Global $globalParseSize = $size
Global $globalParseBuffer = $buffer
EndFunc
Func ParseByte()
$result = StringMid($globalParseBuffer, $globalParseIndex, 2)
$globalParseIndex = $globalParseIndex + 2
return $result
EndFunc
Func ParseWord()
$low = ParseByte()
$hi = ParseByte()
return $hi & $low
EndFunc
Func ParseDword()
$low = ParseWord()
$hi = ParseWord()
return $hi & $low
EndFunc
Func ParseQWord()
$low = ParseDword()
$hi = ParseDword()
return $hi & $low
EndFunc
Func ParseAscii($length)
$result = StringMid($globalParseBuffer, $globalParseIndex, $length * 2)
$globalParseIndex = $globalParseIndex + ($length * 2)
$len = StringLen($result)
$strResult = ""
For $i = 1 to $len Step 2
$strResult = $strResult & Chr(Dec(StringMid($result, $i, 2)))
Next
return $strResult
EndFunc
What might be causing the crash? I appreciate any help or suggestions, thanks!
edit: in rsro btw
|
|
|
06/05/2011, 00:04
|
#2
|
elite*gold: 844
Join Date: Oct 2010
Posts: 839
Received Thanks: 192
|
i didnt playe rsro befor and i dont know about autoit or like LastThief call it autoshit but mybe this server have game hack shild or somthing like that !!! try to byBass it
i hope i can help you
|
|
|
06/05/2011, 03:05
|
#3
|
elite*gold: 0
Join Date: Sep 2010
Posts: 134
Received Thanks: 41
|
It doesn't have HS.
Check the packets, perhaps this is like when you buy things from a npc, preventing them from being sent to the client might be the key.
|
|
|
06/05/2011, 08:44
|
#4
|
elite*gold: 0
Join Date: Nov 2007
Posts: 959
Received Thanks: 602
|
well,I think you simply inject the packets too fast..you should put a Sleep before the end of the while
|
|
|
06/05/2011, 11:32
|
#5
|
elite*gold: 0
Join Date: Mar 2009
Posts: 443
Received Thanks: 597
|
You cant just simply inject the buy/network buy packet. It acually works , but if the client receives the packet from the server(that you sucessfully bought the item) it crashes, because the client isnt prepared for it. You could just block the packet from the server and fake the item pickup packet
|
|
|
06/05/2011, 14:56
|
#6
|
elite*gold: 0
Join Date: Sep 2007
Posts: 255
Received Thanks: 531
|
I see, B034 is the response when i buy item from NPC or pick one. But when i buy from network the response is B463 with only 1 byte of data (always 0x01). Should i fake the B034 anyway? Sameway than picking elixir?
Code:
[S -> C][B034]
01
06
0D //slot
60 0E 00 00 //id
01 00 //quantity
e: B463 must be telling it succesfully bought it so gotta inject B034 packet before it.
|
|
|
06/05/2011, 22:14
|
#7
|
elite*gold: 0
Join Date: Sep 2007
Posts: 255
Received Thanks: 531
|
I got it working now, thanks for help! I used phConnector v2 to block the B463 packet. Now that i had to parse inventory i could also make alchemy bot and other small tools for a lazy man (me) ^^
Code:
#NoTrayIcon
#include <Array.au3>
#include <String.au3>
#include "equipData.au3"
Global $buying = false, $currentPage = 1
Global $weapon_id = "00000E5F"
Global $shield_id = "00000E60"
Global $protector_id = "00000E61"
Global $accessory_id = "00000E62"
GUICreate("GUI", 171, 176, 192, 114)
$typeCombo = GUICtrlCreateCombo("Weapon Elixir", 16, 16, 137, 25)
GUICtrlSetData(-1, "Protector Elixir|Accessory Elixir|Shield Elixir")
GUICtrlCreateLabel("Max price:", 16, 56, 53, 17)
$maxPrice = GUICtrlCreateInput("500000", 16, 88, 137, 21)
$buy = GUICtrlCreateButton("Check and Buy!", 16, 136, 139, 25)
GUISetState(@SW_SHOW)
TCPStartUp()
$socket = TCPConnect("127.0.0.1", 22580)
If @Error Then Exit
While 1
Switch GUIGetMsg()
Case -3
Exit
Case $buy
InjectPacket("7461", "01002100000000") ;reguest 1st page of elixirs
$buying = true
EndSwitch
$recv = ReadPacket()
$size = Dec(StringMid($recv, 3, 2) & StringMid($recv, 1, 2))
$opcode = StringMid($recv, 7, 2) & StringMid($recv, 5, 2)
$data = StringMid($recv, 13)
If $opcode = "3013" Then
BeginParse($data, $size)
$globalParseIndex += 118 ;skip 59 bytes
$maxSlot = Dec(ParseByte())
$itemCount = Dec(ParseByte())
Global $usedSlot[$maxSlot]
ToolTip("Loading inventory please wait...", 0, 0)
For $i = 1 To $itemCount
$slot = Dec(ParseByte())
$model = ParseDword()
If IsEquip($model) = true Then
$plus = Dec(ParseByte())
ParseQword()
ParseDword()
ParseDword()
ParseByte()
Else
ParseWord()
Endif
$usedSlot[$slot] = "used"
Next
EndIf
If $opcode = "7034" Then
BeginParse($data, $size)
$flag = ParseByte()
If $flag = "09" Then ;item sold to npc
$slot = Dec(ParseByte())
$usedSlot[$slot] = ""
ParseWord()
ParseDword()
ElseIf $flag = "02" Then ;item stored
$slot = Dec(ParseByte())
$usedSlot[$slot] = ""
ParseByte()
ParseDword()
ElseIf $flag = "00" Then ;item moved
$slot = Dec(ParseByte())
$usedSlot[$slot] = ""
$newSlot = Dec(ParseByte())
$usedSlot[$newSlot] = "used"
ParseWord()
EndIf
EndIf
If $opcode = "B461" AND $buying = true Then
BeginParse($data, $size)
ParseByte()
$amount = Dec(ParseByte())
$pages = Dec(ParseByte())
For $i = 1 To $amount
$model = ParseDword()
ParseWord()
$id = ParseDword()
$length = Dec(ParseWord())
$nick = ParseAscii($length)
$numByte = ParseByte()
ParseWord()
ParseByte()
$price = ParseQword()
$dunno = ParseQword()
If $model = $weapon_id AND GUICtrlRead($typeCombo) = "Weapon Elixir" AND _Dec($price) <= GUICtrlRead($maxPrice) Then
BuyElixir($model, $id, $numByte, $price, $dunno)
ElseIf $model = $shield_id AND GUICtrlRead($typeCombo) = "Shield Elixir" AND _Dec($price) <= GUICtrlRead($maxPrice) Then
BuyElixir($model, $id, $numByte, $price, $dunno)
ElseIf $model = $protector_id AND GUICtrlRead($typeCombo) = "Protector Elixir" AND _Dec($price) <= GUICtrlRead($maxPrice) Then
BuyElixir($model, $id, $numByte, $price, $dunno)
ElseIf $model = $accessory_id AND GUICtrlRead($typeCombo) = "Accessory Elixir" AND _Dec($price) <= GUICtrlRead($maxPrice) Then
BuyElixir($model, $id, $numByte, $price, $dunno)
EndIf
Next
If $currentPage = $pages Then
$buying = false
InjectPacket("7462", "") ;close network
$currentPage = 1
Else
InjectPacket("7461", "03" & Hex($currentPage, 2) & "2100000000") ;next page please!
$currentPage += 1
EndIf
EndIf
If $buying = true Then
ToolTip("Buying ON! please wait...", 0, 0)
Else
ToolTip("Buying OFF!", 0, 0)
EndIf
WEnd
Func ReadPacket()
$recv = Hex(Binary(TCPRecv($socket, 2)))
If $recv = "" Then
Return ""
Else
$size = Dec(StringMid($recv, 3, 2) & StringMid($recv, 1, 2))
$recv &= Hex(Binary(TCPRecv($socket, $size+4)))
Return $recv
EndIf
EndFunc
Func InjectPacket($opcode, $data, $security = "0100")
$size = Hex(StringLen($data) / 2, 4)
$size = StringMid($size, 3, 2) & StringMid($size, 1, 2)
$opcode = StringMid($opcode, 3, 2) & StringMid($opcode, 1, 2)
$packet = _HexToString($size & $opcode & $security & $data)
TCPSend($socket, $packet)
EndFunc
Func Rev($val)
$result = ""
For $i = 1 To StringLen($val) / 2
$byte = StringRight($val, 2)
$val = StringTrimRight($val, 2)
$result &= $byte
Next
Return $result
EndFunc
Func _Dec($hex) ;for Qwords
$number = 0
For $i = StringLen($hex) To 1 Step -1
$number += Dec(StringMid($hex, $i, 1)) *16^ (StringLen($hex) - $i)
Next
Return $number
EndFunc
Func BuyElixir($model, $id, $numByte, $price, $dunno)
$slot = GetSlot()
If $slot <> -1 Then
$usedSlot[Dec($slot)] = "used"
InjectPacket("7463", Rev($id) & $numByte & Rev($price) & "010000" & Rev($dunno))
InjectPacket("B034", "0106" & $slot & Rev($model) & "0100", "0200")
Sleep(300)
Else
$buying = false
InjectPacket("7462", "") ;close network
MsgBox(16, "Error", "Inventory full")
EndIf
EndFunc
Func IsEquip($id)
$search = _ArraySearch($item_id, $id)
If $search <> -1 Then
Return true
Else
Return false
EndIf
EndFunc
Func GetSlot()
For $i = 0 To UBound($usedSlot) - 1
If $usedSlot[$i] = "" AND $i > 12 Then
Return Hex($i, 2)
EndIf
Next
Return -1
EndFunc
;-----------Packet parsing functions by pushedx!----------------------------------------------------
Func BeginParse($buffer, $size)
Global $globalParseIndex = 1
Global $globalParseSize = $size
Global $globalParseBuffer = $buffer
EndFunc
Func ParseByte()
$result = StringMid($globalParseBuffer, $globalParseIndex, 2)
$globalParseIndex = $globalParseIndex + 2
return $result
EndFunc
Func ParseWord()
$low = ParseByte()
$hi = ParseByte()
return $hi & $low
EndFunc
Func ParseDword()
$low = ParseWord()
$hi = ParseWord()
return $hi & $low
EndFunc
Func ParseQWord()
$low = ParseDword()
$hi = ParseDword()
return $hi & $low
EndFunc
Func ParseAscii($length)
$result = StringMid($globalParseBuffer, $globalParseIndex, $length * 2)
$globalParseIndex = $globalParseIndex + ($length * 2)
$len = StringLen($result)
$strResult = ""
For $i = 1 to $len Step 2
$strResult = $strResult & Chr(Dec(StringMid($result, $i, 2)))
Next
return $strResult
EndFunc
And a snippet which creates "equipData.au3" from media.pk2's itemdata files:
Code:
#include <File.au3>
$a = 0
$new = FileOpen("equipData.au3", 1)
LoadItems("itemdata_5000.txt", $new)
LoadItems("itemdata_10000.txt", $new)
LoadItems("itemdata_15000.txt", $new)
LoadItems("itemdata_20000.txt", $new)
LoadItems("itemdata_25000.txt", $new)
LoadItems("itemdata_30000.txt", $new)
LoadItems("itemdata_35000.txt", $new)
FileClose($new)
$read = FileReadLine("equipData.au3", 1)
$replace = "#include-once" & @CRLF & "Global $item_id[" & $a & "]" & @CRLF & @CRLF & $read
_ReplaceStringInFile("equipData.au3", $read, $replace, 0, 0)
MsgBox(0, "", "Done!")
Func LoadItems($filename, $new)
$file = FileOpen($filename, 0)
While 1
$read = FileReadLine($file)
If @error = -1 Then ExitLoop
$array = StringSplit($read, " ", 2)
$id = Hex($array[1], 8)
If StringInStr($read, "ITEM_CH_") OR StringInStr($read, "ITEM_EU_") Then
FileWrite($new, "$item_id[" & $a & "] = " & '"' & $id & '"' & @CRLF)
$a += 1
EndIf
Wend
FileClose($file)
EndFunc
|
|
|
06/05/2011, 22:53
|
#8
|
elite*gold: 844
Join Date: Oct 2010
Posts: 839
Received Thanks: 192
|
good work
|
|
|
08/03/2011, 14:59
|
#9
|
elite*gold: 166
Join Date: Apr 2009
Posts: 2,339
Received Thanks: 2,654
|
@jremy
Can you explain what you did to stop crashing? i am also doing something like this , so i get crash. The thing is not with stall network btw, buying items from npc.
|
|
|
08/03/2011, 17:00
|
#10
|
elite*gold: 0
Join Date: May 2008
Posts: 201
Received Thanks: 73
|
Quote:
Originally Posted by sarkoplata
@jremy
Can you explain what you did to stop crashing? i am also doing something like this , so i get crash. The thing is not with stall network btw, buying items from npc.
|
Like Shadow Said He faked a pickup Packet and Blocked the Stall Network response packet.
|
|
|
08/03/2011, 18:15
|
#11
|
elite*gold: 166
Join Date: Apr 2009
Posts: 2,339
Received Thanks: 2,654
|
Quote:
Originally Posted by GoneUp
Like Shadow Said He faked a pickup Packet and Blocked the Stall Network response packet.
|
Ok well , i blocked the packet when server sends when i buy item from npc. And so i didnt crash but i wasnt able to see the item in my inventory , of course.
So to see the item i did (faked pickup packet)
Code:
Dim FakeSuccess As New Packet(&HB074)
FakeSuccess.WriteUInt8(1)
FakeSuccess.WriteUInt8(1)
Proxy.ag_local_context.Security.Send(FakeSuccess)
Code:
Dim FakePickUp As New Packet(&HB034)
FakePickUp.WriteUInt8(1)
FakePickUp.WriteUInt8(6)
FakePickUp.WriteUInt8(Slot)
FakePickUp.WriteUInt32(ItemId)
FakePickUp.WriteUInt8(Amount)
Proxy.ag_local_context.Security.Send(FakePickUp)
Code:
Dim FakeOK As New Packet(&HB074)
FakeOK.WriteUInt8(2)
FakeOK.WriteUInt8(0)
Proxy.ag_local_context.Security.Send(FakeOK)
Although i was sure that would not work , i just tried. And it made my client crash.So should i send the pickpacket also ? well , since it does not have any uniqueid as a drop...
|
|
|
08/04/2011, 10:01
|
#12
|
elite*gold: 0
Join Date: Dec 2007
Posts: 2,400
Received Thanks: 1,517
|
Quote:
Originally Posted by sarkoplata
Ok well , i blocked the packet when server sends when i buy item from npc. And so i didnt crash but i wasnt able to see the item in my inventory , of course.
So to see the item i did (faked pickup packet)
*Code*
Although i was sure that would not work , i just tried. And it made my client crash.So should i send the pickpacket also ? well , since it does not have any uniqueid as a drop...
|
Try to send as less responses as possible to client when it doesn't send a request.
|
|
|
08/04/2011, 12:09
|
#13
|
elite*gold: 0
Join Date: Jan 2009
Posts: 575
Received Thanks: 752
|
Quote:
Originally Posted by sarkoplata
Although i was sure that would not work , i just tried. And it made my client crash.So should i send the pickpacket also ? well , since it does not have any uniqueid as a drop...
|
It's simple, just block buying response packet, and imitate item pickup packet.
|
|
|
08/04/2011, 19:55
|
#14
|
elite*gold: 166
Join Date: Apr 2009
Posts: 2,339
Received Thanks: 2,654
|
Quote:
Originally Posted by zeteris
It's simple, just block buying response packet, and imitate item pickup packet.
|
I already did it , problem was i needed to write word for amount but i wrote byte , my bad.
|
|
|
|
Similar Threads
|
Help by injecting
10/01/2010 - Combat Arms Hacks, Bots, Cheats & Exploits - 3 Replies
Some people say their hacks dont work but you always can use Gordon 1.4.0
You dont need to have an account for it. Just download gordonsys loader, open it and than u see login screen. But above login screen there are some tabs, click on injector, type by process Engine.exe click on pick library, choose your .dll file
fill in by delay 0 (or 1000) click on stealth injection, (If u want to keep this settings click on Add library) click inject, And enjoy playing,
(srry for my bad english)...
|
hope its good here, I am Buying packet bot/UCE for polish server....
03/30/2010 - Kal Online - 5 Replies
Hello all,
i dont know if i am allowed to make this thread but i hope i am,
i am BUYING packet bot, UCE or what ever ya sell and is good,
write me here and PM me!!!
Paying with Paypal plz i hope somebody can help me thanks alot all..
i pay first before receiving ofcourse!!
|
Packet injecting...
03/05/2009 - S4 League - 3 Replies
Alright people. lets figure something out. I want to know if I'm at a dead end before I release anything. (and no I don't really have anything yet). My friends and I have gotten around hackshield, and it still thinks it's running. I've gotten the S4Client to show up in WPE pro's process list. but it doesn't find any packets besides this:
00000000 0A:00:F0:0A:00:00:00:00:00:00 ..........
That's the only packet it gets, which is weird because I didn't get the cannot inject dll error....
|
All times are GMT +2. The time now is 07:11.
|
|