Jump to content
Moopler

Question

Hey guys, newbie Packet editor here.

I have always been curious, what is the process of finding mesos/exp exploits? Is it a case of just randomly messing with packets or do people get the idea that this particular set of packets work and begin testing? 
#LetMePickYourBrains

 

Cheers

Share this post


Link to post

2 answers to this question

Recommended Posts

  • 0

The most common way to find exploits is to just play the game and think of things that might not have been coded or secured properly. For example when you receive a reward from a quest it might be possible to click 'Prev' in de NPC to obtain the reward again. I'm not much of an exploit finder myself, but I believe this is the way how it's generally done. Perhaps @YeeShin or @OuterHaven could share a piece of advice from their perspective?

Share this post


Link to post
  • 0

I wish I could help out in detail but I don't consider myself that much of an exploiter.

A big ongoing issue is that MapleStory constantly repeats the same/similar mistakes like forgetting to add a check.
Knowing previous exploits and building upon that and how they worked helps out a lot. 

A good basis is to know at least basic client to server interactions and vice versa. 

But I guess I could breakdown what I did for the MMF hack.

The first thing I did was try to understand the mini game and the client interacts with the servers with the packets. 
MMF is an dodge the obstacle mini game to which you are allowed to be hit four times by the obstacles. If you survive til the end with at least one remaining hit left you will receive a perfect.


In this case breaking it down was really simple. What is the interaction between the client and server that determines that my character actually got hit?

Upon playing with event mini-game with a packet editor on, I was able to see that upon getting hit that the client was sending a packet.
This packet is probably what tells the server if I had gotten hit by a MMF object. 

So to not get damaged, you could do something simple like blocking that packet from being sent through a PE or you could do it through cheat engine and ret the function that sends that packet. To find the function you can simply look at the packet information through Dami Packet Editor.
 

Although I took it further, I wanted to remove the objects completely.
Now how does the client generate the objects? Does the server tell the client or does the client only generate them itself. So I check receive and found nothing is being received upon the the spawn of MMF damage objects.

So that means the client is actually generating them itself. 

So now we have to think logically on how the cilents sends the packet.

For the packet to be sent this probably is what happening

  1. MMF Damage Objects are generated
  2. Character has collided with object
  3. Send Packet that tells server that player has been hit by the objects.

Funny enough that's order that MapleStory operates for the MMF minigame 

85b82812b6b24861c5b34e93e42caa2e.png

I was able to derive this by DPE starting from the send packet. 
I set a break point on the function with cheat engine that sends the packet, to which gave me an a new address upon sending the packet.

I looked at that address ,function start, and ret that function. 

I went in the mini game and observed the effects and nothing except not sending the packet. Hypothetically Guessed this probably handles player collision then calls the function that will send the packet.

Set break point on player collision function, got an address.

Repeated above and went in minigame to observe effects. 

Now great I removed the MMF objects, now I can hypothetically guess this function generates the MMFobjects.

 

The derivation of the MMF event detection to was all trial and error. I was not getting rewards so I had to think of possible server detections Maple story had for the event. 

"Get hit at least once in the stage to not trigger the hacking detection"

That was derived from thinking Nexon probably thinking ahead against hackers and thought it was impossible to not get hit at least once. 

Entered the mini game and followed the above and still did not get rewards. Realized I did not move at all in a game where you should be moving to avoid being hit. 

"Make sure you move around a lot to not trigger the hacking detection they have for standing still"

 

 

 

  • Like 7

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×