Jump to content
Moopler
YeeShin

Exploit Quest Packet Spoofer gMS 173.1

Recommended Posts

Hello Mooplers,

 

I've been exploiting quests lately and found some game breaking stuff in it.

There's some quests that can be requested at any map without being in the same map as the NPC.

And there's some quests that are not even in the Quest.Wz file.

There's some game breaking quests and other useless.

Try to find them. :)

 

This script will help you to easily exploit quests request.

Spoiler

// Quest Packet Spoofer gMS 173.1
// Add Quest_ID and NPC_ID on CE and change them
// Packet info : Send [Header_013F] [Request_Type_1Byte] [Quest_ID_4Byte] [NPC_ID_4Byte] [CharacterX_2Byte] [CharacterY_2Byte]
 
[Enable]
alloc(QuestPacketSpoofer,123)
alloc(Quest_ID,4)
alloc(NPC_ID,4)
registersymbol(Quest_ID)
registersymbol(NPC_ID)
 
Quest_ID:
dd 00
 
NPC_ID:
dd 00
 
QuestPacketSpoofer:
mov ecx,[Quest_ID]
push ecx // Original OP
lea ecx,[ebp+48] // Original OP
call 004B8D60 // Original OP
mov edx,[NPC_ID]
jmp 00CC5314 // Push edx
 
00CC5305: // 8B 4E 10 51 8D 4D 48 E8 ? ? ? ? 8B 56 14 52 8D 4D 48 E8 ? ? ? ? [First Result]
jmp QuestPacketSpoofer
nop
nop
 
[Disable]
dealloc(QuestPacketSpoofer,123)
dealloc(Quest_ID,4)
dealloc(NPC_ID,4)
unregistersymbol(Quest_ID)
unregistersymbol(NPC_ID)
 
00CC5305:
mov ecx,[esi+10]
push ecx
lea ecx,[ebp+48]

 

Let the hunt begins!

 

Edited by YeeShin
  • Like 6

Share this post


Link to post
38 minutes ago, Raymond said:

How do you find Quest ID and NPC ID?

Use HaRepacker and check "Quest.wz".

You will be able to find Quest ID's and NPC ID's.

  • Like 1

Share this post


Link to post
36 minutes ago, YeeShin said:

Use HaRepacker and check "Quest.wz".

You will be able to find Quest ID's and NPC ID's.

This exploit allow me to start any quest regardless of my level? Like no restrictions at all?

Also I could repeat a quest over and over again?

Edited by Raymond

Share this post


Link to post
24 minutes ago, Raymond said:

This exploit allow me to start any quest regardless of my level? Like no restrictions at all?

Also I could repeat a quest over and over again?

That depends on the server if it accepts the "Quest Request".

The script is just a tool to change the out going Quest Requests to the Quest ID and NPC ID that you choose. :)

Share this post


Link to post

I do it on a different way "24 05 61 11 8E 00 00 00 00 00 ** ** 00 00 ** ** 00 00 ** ** 00 00 ** ** 00 00 ** ** 00 00"
you can just keep recv this packet ^ and randomize all quest if you see a green button it means the quest is working server side
I found a lot hidden quest doing that for example to skip all episodes from frienship story
24 05 61 11 8E 00 00 00 00 00 BC 7f 00 00 Bd 7f 00 00 be 7F 00 00 bf 7F 00 00 C0 7F 00 00

If you guys find my quest exploit I hope you guys keep it private shhhhhhhhh ^_^^_^^_^

267aa6555c.jpg

Edited by Crypt707
  • Like 3

Share this post


Link to post

@Crypt707 That's another way to exploit quests, but it works pretty much the same.

That way you are tricking the client to show the "Accept" button, And that "Accept" button sends the same "Quest Request" packet. :)

 

Share this post


Link to post
Quote

 

a2978f3da0a72c9b78f4acfeec849053.png

Very descriptive lmao

Edited by Suu
  • Like 1

Share this post


Link to post

@YeeShin Yea is pretty funny how nexon even put Us a nice UI to get the names of the quest, description and reward items xD
and the prologue for friendship has an exp exploit, I know you guys are smart can be spot easy :stalk:

Share this post


Link to post
27 minutes ago, Crypt707 said:

@YeeShin Yea is pretty funny how nexon even put Us a nice UI to get the names of the quest, description and reward items xD
and the prologue for friendship has an exp exploit, I know you guys are smart can be spot easy :stalk:

Might as well just give the thing seeing as how strong of a hint you're giving LOL *awaits patch*

Share this post


Link to post

Hmmmm, this accepts the quest so we would still have to fulfill the requirements to complete it right? Or can that be bypassed with a quest completion packet

Share this post


Link to post
20 minutes ago, Suu said:

Hmmmm, this accepts the quest so we would still have to fulfill the requirements to complete it right? Or can that be bypassed with a quest completion packet

This doesn't bypass anything, It just change how the Quest Request packet sent and you can easily modify the Quest ID and NPC ID.

I can't explain how the whole questing system works but...

You can monitor the outgoing packets when you start a quest or sub-quest and see how the whole thing works.

And for the big chain-quests like Black-Heaven and FriendStory, They use a different packet to start the chain-quest and you can simply skip the Acts and go directly to the final act.

 

  • Like 1

Share this post


Link to post

Nexon made It really annoying to do an event quest for an exclusive chair [Defend 30 times]. It pops at random times a day and you need 10 pieces to get an item and even then you are subject to RNG. 

C/P this into DamiPE

Send 013F 04 0000E8B3 008F6ED8 0102 00B1 

or if you are using Yeeshin's script

QuestID: 59571
NPCID: 9400024

Also if you use DamiPE the Daily Board Quests are much more tangible read and easier to edit

Recv 0524 008E1161 00000000 0000F2E1 0000F2DD 0000F2E7 0000F2EE 0000F2F5

The numbers that are boxed in are all QuestIDs in hex

Recv 0524 0000[F2E1] 0000[F2DD] 0000[F2E7] 0000[F2EE] 0000[F2F5]

 

Edited by OuterHaven

Share this post


Link to post

Nexon made It really annoying to do an event quest for an exclusive chair [Defend 30 times]. It pops at random times a day and you need 10 pieces to get an item and even then you are subject to RNG. 

C/P this into DamiPE


Send 013F 04 0000E8B3 008F6ED8 0102 00B1 

or if you are using Yeeshin's script

Quest ID 59571
NPC ID 9400024

Hey do you know where that quest is stored in the wz files? I can't seem to find it with the NPC id.

Edited by noobistnoober

Share this post


Link to post
7 minutes ago, noobistnoober said:

Hey do you know where that quest is stored in the wz files? I can't seem to find it with the NPC id.

The quest.wz only goes by Quest ID to which if you open up the tree, you'll be able to see the NPC associated with the quest. Not sure where your getting looking up the NPC ID first as way to look it up. 

All you gotta do is look up the quest ID....

Edited by OuterHaven

Share this post


Link to post
15 minutes ago, OuterHaven said:

The quest.wz only goes by Quest ID to which if you open up the tree, you'll be able to see the NPC associated with the quest. Not sure where your getting looking up the NPC ID first as way to look it up. 

All you gotta do is look up the quest ID....

That quest isn't in check.img which usually contains the npc + quests

Share this post


Link to post
2 minutes ago, noobistnoober said:

That quest isn't in check.img which usually contains the npc + quests

It is

4e8a044e68f8a4222546fa0dad2e1bb2.png

Share this post


Link to post

I am a little confused on this exploit. I was able to get the quest ID and NPC ID and used @YeeShin's code to put the quest and NPC ID in this format:

Quest_ID:
dd 32707

NPC_ID:
dd 1530000

However, it didn't appeared to me that the quest is in progress or it accepted the quest. Any givers?

Share this post


Link to post
3 hours ago, SupperFish said:

I am a little confused on this exploit. I was able to get the quest ID and NPC ID and used @YeeShin's code to put the quest and NPC ID in this format:


Quest_ID:
dd 32707

NPC_ID:
dd 1530000

However, it didn't appeared to me that the quest is in progress or it accepted the quest. Any givers?

After you change the NPC_ID and Quest_ID.

You have to request any quest from any NPC or Event tab. (This script just changes the outgoing Quest Request Packets)

 

Share this post


Link to post
3 hours ago, YeeShin said:

After you change the NPC_ID and Quest_ID.

You have to request any quest from any NPC or Event tab. (This script just changes the outgoing Quest Request Packets)

 

Right, but after executing your code in CE, the NPC didnt have a light bulb in their head or any sort. When I click the NPC 1530000, it didnt have any dialogue or gives me anything at all. I got the quest ID and NPC ID via quest.wz in check.img tab.

Edited by SupperFish

Share this post


Link to post
8 hours ago, SupperFish said:

I am a little confused on this exploit. I was able to get the quest ID and NPC ID and used @YeeShin's code to put the quest and NPC ID in this format:


Quest_ID:
dd 32707

NPC_ID:
dd 1530000

However, it didn't appeared to me that the quest is in progress or it accepted the quest. Any givers?

The script doesn't cause the lightbulb to appear. You have to use a quest with a lightbulb on them already for it to spoof the IDs in the packet. 

Share this post


Link to post
2 minutes ago, OuterHaven said:

The script doesn't cause the lightbulb to appear. You have to use a quest with a lightbulb on them already for it to spoof the IDs in the packet. 

That means the quest cannot be finished first in order to use the script, correct?

Share this post


Link to post
5 minutes ago, SupperFish said:

That means the quest cannot be finished first in order to use the script, correct?

No you have a misunderstanding on what the script does.

All this script does is change an the respective QuestID and NPCID for the quest packet. That's why you have to use a quest that you can request in game, so that the script can change the respective IDs into the ones you are trying to use.  Its then up to the server if it accepts it. 

Share this post


Link to post
Guest
This topic is now closed to further replies.
×