Jump to content
Moopler
YeeShin

Outdated Grand Athenaeum EXP/Teleport Exploit [V114.1]

Recommended Posts

Hello mooplers :wut:

There's 2 part of this exploit.

 

For characters below level 100 (Any character level):

Enable this script and then Pressing F1 or F2 (the smiling emot) will trigger a pop up and accepting it will teleport you to a level 100 quest, and you wont be able to complete it so you have to relog and then you will be teleported to Grand Athenaeum default map from there you can get to henesys. 

It's just a 1 time use teleportation.

 

 

For characters level 100 or above :

Enable this script and then press F2 (the smiling emot) you will be teleported to chapter 3 of the Grand Athenaeum that can be exploited to get EXP, Just complete the chain quest.

After completing the quest you can repeat the reward thing by press F2 again and again, You will gain 181k EXP everytime.

You can also use it as a Town Teleporter, When you leave the Grand Athenaeum it will teleport you to the last town you used the mirror to get to Grand Athenaeum.

Just go to the town where you want to save your Grand Athenaeum teleport and use the mirror to go to Grand Athenaeum.

then by pressing F2 anywhere and leaving the Grand Athenaeum will teleport you back to that town.

 

Enjoy the script :ohyou: 

 

// Moopler.net
// Wut Teleport + EXP exploit
// Will only work for EMS. 

[ENABLE]
00B52A40:
db c2 04 00

01631855:
db 66 81 f9
db 70 00 74
db 2b 66 89
db 0c 10 83
db 46 08 02
db e9 d2 02
db e6 fe 99
db 95 a7 f5
db f4 90 dd
db 5c 40 84
db a4 cf e2
db 12 88 9d
db 2d 36 09
db 0c 8d 15
db d9 14 c3
db da 23 3f
db 7e 13 66
db b9 ba 01
db 66 89 0c
db 10 83 46
db 08 02 e9
db A3 02 E6
db fE 13 37

00B52F00:
db c2 04 00

00491b33:
db e9 1d fd
db 19 01 90
db 90 90
[DISABLE]
00B52F00:
db 6A FF 68

00491b33:
db 66 89 0c
db 10 83 46
db 08 02

00B52A40:
db 6A FF 68

 

Edited by YeeShin
  • Like 7

Share this post


Link to post

for character above lvl 100: does it mean, that i have to do these 3 book quests?

Pressing F2 will teleport you directly to chapter 3, And you don't have to do chapter 1 and 2. (It's just a client-side illusion :wut:

  • Like 2

Share this post


Link to post

can this teleport work for other things, or is it just related to this quest?

You can teleport to this quest from anywhere. (except cross realm)

You can't teleport to a "Map ID" of course.

  • Like 1

Share this post


Link to post

I knew that the exploit was to do with this place.

 

But damn, I don't really have an idea what these scripts do but they make the difference between something being exploitable and not.

 

Good shit YeeShin.

Edited by Swanniie

Share this post


Link to post

cant make this work.. im just doin the quests ... tryed a lot of times when i received reward and didnt work for me.. fk

 

did you finish the 3rd book? you have to to all quests from the 3rd book

Share this post


Link to post

COMPLETE ALL THE QUESTS UNTIL YOU GET 181K EXP.

THERE ARE QUITE A FEW QUESTS SO IT WILL TAKE A WHILE.

ONCE YOU HAVE GOT 181K EXP. ENABLE SCRIPT AND PRESS F2 AND KEEP CLICKING YES.

YOU WILL GAIN ANOTHER 181K EXP AFTER ALL THE CUTSCENES.

RINSE AND REPEAT.

CURRENTLY THERE ARE NO WAYS TO SKIP THE CUTSCENES BEFORE YOU ASK.

/caps

  • Like 2

Share this post


Link to post

[How does this script work]

 

Here's a clean version of the script.

[ENABLE]
alloc(yeeshin, 100)
alloc(change, 100)
label(RET)

yeeshin:
cmp cx,0070 // 70 00 = Header the check
je change
mov [edx+eax],cx
add dword ptr [esi+08],02
jmp RET

change:
mov cx,01ba // ba 01 = header that will replace the 70 00
mov [edx+eax],cx
add dword ptr [esi+08],02
jmp RET

00491b33:
jmp yeeshin
nop
nop
nop
RET:
 
[DISABLE]

00491b33:
mov [edx+eax],cx
add dword ptr [esi+08],02

 

 

It is a simple header filter script that changes a packet header before it being sent to the server. 

Whenever a packet with the header ''70 00'' being sent it will change it to ''BA 01''.

And how does that changes the F1 and F2 emot into a teleporting exploit is like this

 

First i wanted to find a packet that can be sent from any character level/class/job and the packet should look like this

''XX XX 02 XX XX XX XX XX...''

And you may ask why is that? it all goes to the header ''BA 01''

The packet structure of the header ''BA 01'' is like

''BA 01 XX''

Any extra bytes will not do anything to the packet.

I found the packet that will fit with this header filtering script that will do the job and it's the Emot packets (Smiling F2)

This is how the smiling F2 packet looks like

''70 00 02 00 00 00 FF FF FF FF 00''

It really fits the thing i wanted to find.

And what does this script do is changing this packet

''70 00 02 00 00 00 FF FF FF FF 00''

into this packet

''BA 01 02 00 00 00 FF FF FF FF 00''

 

And that packet will be acceptable by the server and will pop up the Grand Athenaeum Dialog. 

 

  • Like 2

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×