Jump to content
Moopler Closing Read more... ×
Moopler
Sign in to follow this  
maplefreak200

Help [Request] Packet Sending addies v183.3

Recommended Posts

Hello moopler, as title suggests, what are the current addies for this version? I am trying to find the new addresses for this version but not sure how to find the correct addresses since most of the aobs have broken for this version. Also, it appears that nexon added some other encryption to sending/logging packets and im not sure how the packet structure will look like now. Here are the addresses for v182.2 and my v183 attempt, the addies don't appear to be correct.

V182.2 Addies:

namespace GMSAddys


{
    const uint32_t MSLockAddy = 0x40EC80;            // 53 56 8B 74 24 0C 8B D9 8B CE
    const uint32_t MSUnlockAddy = 0x403D40;            // 8B 01 83 40 04 FF 75 06
    const uint32_t innoHashAddy = 0x1F838A0;        // 51 8B 44 24 10 C7 04 24
    const uint32_t FlushSocketAddy = 0xA41A50;        // 6A FF 68 ? ? ? ? 64 A1 ? ? ? ? 50 83 EC 44 A1 ? ? ? ? 33 ? 50 8D 45 ? 64 A3 ? ? ? ? 89 4D ? 8B 4D ? 83 ? ? E8 ? ? ? ?
    const uint32_t MakeBufferListAddy = 0x11401F0;    // 6A FF 68 ? ? ? ? 64 A1 ? ? ? ? 50 83 EC 14 53 55 56 57 A1 ? ? ? ? 33 C4 50 8D 44 24 28 64 A3 ? ? ? ? 8B D9 89 5C 24 1C

    const uint32_t CClientSocketPtr = 0x29E61CC;    // 8B 0D ? ? ? ? 85 C9 74 0A 8D 44

    const uint32_t GameVersion = 182;

v183 attempt:

 

#pragma once

#define GMS
#include "MapleStructs.h"

class MsPacket
{
    std::string m_error;
    std::string m_source;
    std::vector<uint8_t> m_data;
    bool m_bShouldBeParsed;
    static uint32_t dwMainThreadID;

public:
    MsPacket();
    bool IsConnected();

    void Encode1(uint8_t data);
    void Encode2(uint16_t data);
    void Encode4(uint32_t data);
    void Encode8(uint64_t data);
    void EncodeString(std::string data);

    bool Parse(std::string& source);
    bool Recv();
    bool Send();

    std::string ToString();
    std::string GetError();
};

 

 

#pragma once
#include <vector>
#include <stdint.h>
#include <WinSock.h>
#include <string>

extern void Log(const std::string& msg);
#pragma comment (lib, "Ws2_32.lib")

namespace GMSAddys
{
    const uint32_t MSLockAddy = 0x7C4ED0;            // 53 56 8B 74 24 0C 8B D9 8B CE
    const uint32_t MSUnlockAddy = 0x60B780;            // 8B 01 83 40 04 FF 75 06
    const uint32_t innoHashAddy = 0x233CB1B;        // 51 8B 44 24 10 C7 04 24
    const uint32_t FlushSocketAddy = 0xA9FF30;        // 6A FF 68 ? ? ? ? 64 A1 ? ? ? ? 50 83 EC ? 53 56 57 A1 ? ? ? ? 33 C5 50 8D ? ? 64 A3 ? ? ? ? 8B F9 89 ? ? 8B 47 ?
    const uint32_t MakeBufferListAddy = 0x12C22D3;    // 6A FF 68 ? ? ? ? 64 A1 ? ? ? ? 50 83 EC 14 53 56 57 A1 ? ? ? ? 33 ? 50 8D ? ? ? ? ? ? ? ? ? ? ? 89

    const uint32_t CClientSocketPtr = 0x2AF17B4;    // 8B 0D ? ? ? ? 85 C9 74 ? 8D ? ? 50 E8 ? ? ? ? 8D ? ? E8

    const uint32_t GameVersion = 183;
}

namespace EMSAddys
{
    const uint32_t MSLockAddy = 0x4093F0;            // 53 56 8B 74 24 0C 8B D9 8B CE
    const uint32_t MSUnlockAddy = 0x401420;            // 8B 01 83 40 04 FF 75 06
    const uint32_t innoHashAddy = 0x13F7550;        // 51 8B 44 24 10 C7 04 24
    const uint32_t FlushSocketAddy = 0x5C4630;        // 6A FF 68 ? ? ? ? 64 A1 ? ? ? ? 50 83 EC 10 53 55 56 57 A1 ? ? ? ? 33 C4 50 8D 44 24 24 64 A3 ? ? ? ? 8B E9 8B 45 08
    const uint32_t MakeBufferListAddy = 0xA2AC60;    // 6A FF 68 ? ? ? ? 64 A1 ? ? ? ? 50 83 EC 14 53 55 56 57 A1 ? ? ? ? 33 C4 50 8D 44 24 28 64 A3 ? ? ? ? 8B E9 89 6C 24 1C

    const uint32_t CClientSocketPtr = 0x1996DEC;    // 8B 0D ? ? ? ? 8D 54 24 1C 52 E8 ? ? ? ? 8B 0D

    const uint32_t GameVersion = 114;
}

#ifdef GMS
using namespace GMSAddys;
#endif // GMS

#ifdef EMS
using namespace EMSAddys;
#endif // EMS

struct ZSocketBase
{
    unsigned int _m_hSocket;
};

template <class T> struct ZList
{
    virtual ~ZList<T>();        //0x00
    void* baseclass_4;            //0x04
    unsigned int _m_uCount;        //0x08
    T* _m_pHead;                //0x0C
    T* _m_pTail;                //0x10    
};                                //0x14 
static_assert(sizeof(ZList<void>) == 0x14, "ZList is the wrong size");

template <class T> struct ZRef
{
    void* vfptr;
    T* data;
};

#pragma pack( push, 1 )
struct COutPacket
{
    COutPacket() : m_bLoopback(false), m_bIsEncryptedByShanda(false), m_uOffset(0) { }
    COutPacket(uint8_t* data, uint32_t dwLength) : COutPacket()
    {
        m_lpvSendBuff = data;
        m_uDataLen = dwLength;
    }

    int32_t  m_bLoopback;                            // + 0x00
    uint8_t* m_lpvSendBuff;                            // + 0x04
    uint32_t m_uDataLen;                            // + 0x08
    uint32_t m_uOffset;                                // + 0x0C
    int32_t  m_bIsEncryptedByShanda;                // + 0x10

    void MakeBufferList(ZList<ZRef<void>> *l, unsigned __int16 uSeqBase, unsigned int *puSeqKey, int bEnc, unsigned int dwKey)
    {
        typedef void(__thiscall *MakeBufferList_t)(COutPacket *_this, ZList<ZRef<void>> *l, unsigned __int16 uSeqBase, unsigned int *puSeqKey, int bEnc, unsigned int dwKey);
        MakeBufferList_t MakeBufferList = reinterpret_cast<MakeBufferList_t>(MakeBufferListAddy);
        MakeBufferList(this, l, uSeqBase, puSeqKey, bEnc, dwKey);
    }
};

struct CInPacket
{
    int32_t m_bLoopback;                            // + 0x00
    int32_t m_nState;                                // + 0x04
    uint8_t* m_lpbRecvBuff;                            // + 0x08
    uint32_t m_uLength;                                // + 0x0C
    uint32_t m_uRawSeq;                                // + 0x10
    uint32_t m_uDataLen;                            // + 0x14
    uint32_t m_uOffset;                                // + 0x18
};

#pragma pack( pop )

struct ZFatalSectionData
{
    void *_m_pTIB;                                    // + 0x00
    int _m_nRef;                                    // + 0x04
};

struct ZFatalSection : public ZFatalSectionData
{

};

template<class T> struct ZSynchronizedHelper
{
public:
    __inline ZSynchronizedHelper(T* lock)
    {
        reinterpret_cast<void(__thiscall*)(ZSynchronizedHelper<T>*, T*)>(MSLockAddy)(this, lock);
    }

    __inline ~ZSynchronizedHelper()
    {
        reinterpret_cast<void(__thiscall*)(ZSynchronizedHelper<T>*)>(MSUnlockAddy)(this);
    }

private:
    T* m_pLock;
};

static auto CIGCipher__innoHash = reinterpret_cast<unsigned int(__cdecl *)(char *pSrc, int nLen, unsigned int *pdwKey)>(innoHashAddy);
struct CClientSocket
{
    struct CONNECTCONTEXT
    {
        ZList<sockaddr_in> lAddr;
        void *posList;
        int bLogin;
    };

    virtual ~CClientSocket();
    void* ___u1;
    void* m_unknown;
    ZSocketBase m_sock;
    CONNECTCONTEXT m_ctxConnect;
    sockaddr_in m_addr;
    int m_tTimeout;
#ifdef GMS
    void* unknown;                    //ZList<ZInetAddr>::'vftable'
#endif
    ZList<ZRef<void> > m_lpRecvBuff; //ZList<ZRef<ZSocketBuffer> >
    ZList<ZRef<void> > m_lpSendBuff; //ZList<ZRef<ZSocketBuffer> >
    CInPacket m_packetRecv;
    ZFatalSection m_lockSend;
    unsigned int m_uSeqSnd;
    unsigned int m_uSeqRcv;
    char* m_URLGuestIDRegistration;
    int m_bIsGuestID;

    void Flush()
    {
        reinterpret_cast<void(__thiscall*)(CClientSocket*)>(FlushSocketAddy)(this);
    }

    void SendPacket(COutPacket& oPacket)
    {
        ZSynchronizedHelper<ZFatalSection> lock(&m_lockSend);

        if (m_sock._m_hSocket != 0 && m_sock._m_hSocket != 0xFFFFFFFF && m_ctxConnect.lAddr._m_uCount == 0)
        {
            oPacket.MakeBufferList(&m_lpSendBuff, GameVersion, &m_uSeqSnd, 1, m_uSeqSnd);
            m_uSeqSnd = CIGCipher__innoHash(reinterpret_cast<char*>(&m_uSeqSnd), 4, 0);
            Flush();
        }
    }
};
#ifdef GMS
static_assert(sizeof(CClientSocket) == 0xA0, "CClientSocket is the wrong size!");
#endif // GMS

#ifdef EMS
static_assert(sizeof(CClientSocket) == 0x98, "CClientSocket is the wrong size!");
#endif // EMS

 

 

#include "MsPacket.h"

#include <Windows.h>
#include <algorithm>
#include <iomanip>
#include <sstream>
#include <TlHelp32.h>


extern void Log(const std::string& message);

MsPacket::MsPacket() : m_bShouldBeParsed(true)
{
}

void MsPacket::Encode1(uint8_t data)
{
    m_data.push_back(data);
}

void MsPacket::Encode2(uint16_t data)
{
    m_data.push_back(data & 0xFF);
    m_data.push_back((data >> 8) & 0xFF);
}

void MsPacket::Encode4(uint32_t data)
{
    m_data.push_back(data & 0xFF);
    m_data.push_back((data >> 8) & 0xFF);
    m_data.push_back((data >> 16) & 0xFF);
    m_data.push_back((data >> 24) & 0xFF);
}

void MsPacket::Encode8(uint64_t data)
{
    m_data.push_back(data & 0xFF);
    m_data.push_back((data >> 8) & 0xFF);
    m_data.push_back((data >> 16) & 0xFF);
    m_data.push_back((data >> 24) & 0xFF);
    m_data.push_back((data >> 32) & 0xFF);
    m_data.push_back((data >> 40) & 0xFF);
    m_data.push_back((data >> 48) & 0xFF);
    m_data.push_back((data >> 56) & 0xFF);
}

void MsPacket::EncodeString(std::string data)
{
    Encode2(data.size());
    for (size_t i = 0; i < data.size(); i++) m_data.push_back(data);
}

bool MsPacket::IsConnected()
{
    try { return *reinterpret_cast<void**>(CClientSocketPtr) != nullptr; }
    catch (...) { return false; }
}

bool MsPacket::Parse(std::string& data)
{
    m_source = data;
    //Removing all spaces from the packet
    m_source.erase(std::remove(m_source.begin(), m_source.end(), ' '), m_source.end());
    if (m_source.size() % 2 != 0)
    {
        m_error = "The total length of the packet was not an even number.\n"
            "The parser isn't able to understand that you mean '0F' when you type 'F', "
            "so please prefix all small bytes with a 0.\n";
        return false;
    }

    if (m_source.size() == 0)
    {
        m_error = "The input string didn't contain a single valid hexadecimal byte,please remove any spaces in the packet and try again...\n";
        return false;
    }

    m_data.clear();
    m_data.reserve(m_source.size() / 2);
    m_bShouldBeParsed = false;
    for (int i = 0, size = m_source.size(); i < size; i += 2)
    {
        char c1 = m_source;
        char c2 = m_source[i + 1];

        auto isValidByte = [this](char& c)
        {
            if (!isxdigit(c))
            {
                std::stringstream ss;
                if (c == '?' || c == '*')
                {
                    //The packet contains random bytes so we need to do the parsing every time we send the packet
                    m_bShouldBeParsed = true;
                    ss << std::uppercase << std::hex << rand() % 0xF;
                    ss >> c;
                }
                else
                {
                    ss << std::uppercase << std::hex << c;
                    m_error = "It contained an invalid character: " + ss.str();
                    return false;
                }
            }
            return true;
        };
        if (isValidByte(c1) && isValidByte(c2))
        {
            int b;
            std::stringstream ss;
            ss << std::hex << c1 << c2;
            ss >> b;
            m_data.push_back(b);
        }
        else return false;
    }
    return true;
}

bool MsPacket::Recv()
{
    m_error = "Not implemented :-(";
    return false;
}

bool MsPacket::Send()
{
#ifdef _DEBUG
    if (m_bShouldBeParsed)
    {
        if (!Parse(m_source)) return false;
    }
    Log("Sent " + ToString());
    return true;

#else

    //The packet needs to have atleast the header if we want to send it
    if (!IsConnected())
    {
        m_error = "CClientSocket isn't connected\n"
            "You are probably hitting the Send button at the play screen, or MS just crashed...";
        return false;
    }
    if (m_bShouldBeParsed && !Parse(m_source)) return false;

    COutPacket p;
    p.m_lpvSendBuff = &m_data[0];
    p.m_uDataLen = m_data.size();

    try { (*reinterpret_cast<CClientSocket**>(CClientSocketPtr))->SendPacket(p); return true; }
    catch (...) { return false; }
#endif
}

std::string MsPacket::ToString()
{
    std::stringstream ss;
    ss << std::uppercase << std::hex;
    for (BYTE b : m_data) ss << std::setw(2) << std::setfill('0') << int(b) << " ";
    std::string result = ss.str();
    result.pop_back();
    return result;
}

std::string MsPacket::GetError()
{
    return m_error;
}

uint32_t MsPacket::dwMainThreadID = 0;

 

@XShade

@Dami

@NewSprux2.0?

@Waty

@Fameguy

@Crypt707

@CJ.

@MaTriiXzZ

@DAVHEED

Really appreciate your help guys, Thanks! :)

Edited by maplefreak200

Share this post


Link to post
Guest

Incase you didn't know, the InnoHash function from the In Game Cipher class can be simulated. You don't really need to find the function address. I assume you can C++ since you posted C++. You can touch up on the detail but the default key is like 99% always used. I'm using v183.1 (left) because didn't have time vs pdb leak (right). Like I've been saying though, there isn't really much change to the logic it is just alt ways to go about. If you know your stuff you are fine.

 

Everything else can be found if you follow around the calls of InnoHash.

1irWpow.png

v183.1
innoHash - 55 8b ec 51 8b 4d 10 8d 45 fc 85 c9 c7 45 fc f2 53 50 c6 57 0f 45 c1 33 ff 39 7d 0c 7e ?? 53 56 8b 4d 08 8a 50 01 8a 34 0f 47 0f b6 ca 0f b6 f6 0f b6 89 40 22 ac 02 2a ce 00 08 0f b6 8e 40 22 ac 02 32 48 02 2a d1 88 50 01 8a 50 03 0f b6 ca 2a 10 0f b6 89 40 22 ac 02 02 ce 30 48 02 02 96 40 22 ac 02 88 50 03 8b 08 c1 c1 03 89 08 3b 7d 0c 7c ?? 5e 5b 8b c1 5f 8b e5 5d c3 8b 00 5f 8b e5 5d c3  


pdb leak
unsigned int __cdecl CIGCipher::innoHash(char *pSrc, int nLen, unsigned int *pdwKey)
{
  unsigned int *v3; // eax@1
  int v4; // esi@3
  char v5; // dl@4
  char v6; // cl@4
  char v7; // cl@4
  unsigned int v8; // ecx@4
  unsigned int result; // eax@5
  unsigned int dwDefaultKey; // [sp+0h] [bp-4h]@1

  v3 = pdwKey;
  dwDefaultKey = -967814158;
  if ( !pdwKey )
    v3 = &dwDefaultKey;
  v4 = 0;
  if ( nLen <= 0 )
  {
    result = *v3;
  }
  else
  {
    do
    {
      v5 = pSrc[v4];
      v6 = *((_BYTE *)v3 + 1);
      *(_BYTE *)v3 += LOBYTE((&CIGCipher::bShuffle)[*((_BYTE *)v3 + 1)]) - v5;
      *((_BYTE *)v3 + 1) = v6 - (*((_BYTE *)v3 + 2) ^ LOBYTE((&CIGCipher::bShuffle)[(unsigned __int8)v5]));
      v7 = *((_BYTE *)v3 + 3) - *(_BYTE *)v3;
      ++v4;
      *((_BYTE *)v3 + 2) ^= v5 + LOBYTE((&CIGCipher::bShuffle)[*((_BYTE *)v3 + 3)]);
      *((_BYTE *)v3 + 3) = LOBYTE((&CIGCipher::bShuffle)[(unsigned __int8)v5]) + v7;
      v8 = __ROL4__(*v3, 3);
      *v3 = v8;
    }
    while ( v4 < nLen );
    result = v8;
  }
  return result;
}

or you can step through the calls of (any) function you know by heart

BkEToZH.png

 

Edited by Guest

Share this post


Link to post

@Crypt707 some of the aobs are correct in my v183 attempt. I think the clientsocket pointer/MSunlockaddy and flushsocket are correct. the rest is unknown to me.

 

i see @five posted innohash aob.

 

Not sure about Mslock/Bufferlist addy

Share this post


Link to post
	const uint32_t MSLockAddy = 0x5E5200;			// 55 8b ? 56 8b 75 ? 57 8b ? 8b ? 89 ? ff 15 ? ? ? ?
	const uint32_t MSUnlockAddy = 0x60B780;			// 8B 01 83 40 04 FF 75 06
	const uint32_t innoHashAddy = 0xBEAAD0;		// 55 8b ec 51 8b 4d 10 8d 45 fc 85 c9 c7 45 fc f2 53 50 c6 57 0f 45 c1 33 ff 39 7d 0c 7e ?? 53 56 8b 4d 08 8a 50 01 8a 34 0f 47 0f b6 ca 0f b6 f6 0f b6 89 40 22 ac 02 2a ce 00 08 0f b6 8e 40 22 ac 02 32 48 02 2a d1 88 50 01 8a 50 03 0f b6 ca 2a 10 0f b6 89 40 22 ac 02 02 ce 30 48 02 02 96 40 22 ac 02 88 50 03 8b 08 c1 c1 03 89 08 3b 7d 0c 7c ?? 5e 5b 8b c1 5f 8b e5 5d c3 8b 00 5f 8b e5 5d c3
	const uint32_t FlushSocketAddy = 0xA9FF30;		// 6A FF 68 ? ? ? ? 64 A1 ? ? ? ? 50 83 EC ? 53 56 57 A1 ? ? ? ? 33 C5 50 8D ? ? 64 A3 ? ? ? ? 8B F9 89 ? ? 8B 47 ?
    	const uint32_t MakeBufferListAddy = 0x12C22D0;	// 6A FF 68 ? ? ? ? 64 A1 ? ? ? ? 50 83 EC 14 53 56 57 A1 ? ? ? ? 33 ? 50 8D ? ? ? ? ? ? ? ? ? ? ? 89
	
	const uint32_t CClientSocketPtr = 0x2AF17B4;	// 8B 0D ? ? ? ? 85 C9 74 ? 8D ? ? 50 E8 ? ? ? ? 8D ? ? E8

	const uint32_t GameVersion = 183;

ok i managed to update, i am not sure if the addresses are correct however. All the aobs are correct. I also found 2 addresses for flush socket:

0xA9FF30

0xDC7140

@Five

@Crypt707

@CJ.

 

EDIT: it appears I am crashing when I attempt to send a packet, not sure what address is wrong.

 

Edited by maplefreak200

Share this post


Link to post

the question is if someone has try sending a packet successfully, @CJ. posted a script but I dc or crash with the script, on mapleshark does look like it send through
and the headers change on login off or cc. @waty and @Damien are on vacation at pine apple beach too.:P

Share this post


Link to post

The script in the scripts database work, I tested it. Causes of dc might be you didn't fix the packet size (if the packet is bigger) in the script or because you send a packet with the same timestamp too many time (it doesn't support randomization).

Share this post


Link to post

@cj. it does work but for some reason i can't click anything on the game after I send the first time, the only packet I tested so far is the same 10 meso drop packet

pretty much I only change the header and the time stamp on the script, after relogin into the game I can see the 10 meso drop coin on the floor, the mean the packet work.
but I don't know whats wrong with that client not responding after pressing F1.
anyways cheers:)

Share this post


Link to post
Guest

@maplefreak200 it is not correct.

v183.3:
// note that bufferlist is always called before the call to innoHash
CIGCipher::innoHash(char *, int, unsigned int *)
00BEAAD0 
COutPacket::EncodeStr(ZXString<char>)
0078AF90 
CDisconnectException::CDisconnectException(long)
00ED1BD0   
COutPacket::Encode1(uchar)
00798D70 
COutPacket::Encode4(ulong)                                                        
00798DC0 
COutPacket::EncodeBuffer(void const *,uint)                                       
007A37B0 
COutPacket::Encode2(ushort)                                                       
007D19A0 
COutPacket::COutPacket(long)                                                      
009BB040 
COutPacket::MakeBufferList(ZList<ZRef<ZSocketBuffer>> &,ushort,ulong *,int,ulong) 
009BB2D0 
CClientSocket::SendPacket(COutPacket const &)                                     
00DC6B50 
CInPacket::Decode1(void)                										  
0078AD40 
CInPacket::Decode4(void)                										  
0078ADF0 
CInPacket::DecodeStr(void)              										  
0078AEA0 
CInPacket::Decode2(void)                										  
00798C10 
CInPacket::DumpString(void)             					  					  
009BAC60 
CInPacket::WriteClientLog(void)         					  					  
009BAE10 
CInPacket::SendBackupPacket(ulong)      					  					  
009BAFB0 
CField::OnPacket(long,CInPacket &)      					  					  
00F14760 
CWvsContext::OnPacket(long,CInPacket &) 					  					  
0206C630 
CIOBufferManipulator::DecodeStr(ZXString<char> &,uchar const *,uint)
0078ACD0   

 

Edited by Guest

Share this post


Link to post
Spoiler

const unsigned int MSLockAddy = 0x005E5200;         // 
const unsigned int MSUnlockAddy = 0x0060B780;       // 
const unsigned int innoHashAddy = 0x00BEAAD0;       // 
const unsigned int FlushSocketAddy = 0x00DC7140;    //
const unsigned int MakeBufferListAddy = 0x009BB2D0; // 

const unsigned int CClientSocketPtr = 0x02AF17B4;   // 8B 0D ? ? ? ? 85 C9 74 ? 8D ? ? 50 E8 ? ? ? ? 8D ? ? E8

const unsigned int GameVersion = 183;

 

Tested and work. Structs didn't change.

Edited by CJ.
  • Like 2

Share this post


Link to post

Well it works great using Waty source packet sender. I only had flushsocketaddy wrong address and then replace for correct address provide by CJ.

also any of you guys have a script to block recv headers?

Share this post


Link to post

wow thanks alot guys and 

@Five  :x

 

I finally gotten it to work and all, but now I want to know how can this new crypto where it randomized the packets be bypassed? Sending a packet in game will disconnect you unless it is an encrypted form of the packet. Login server packets can be sent without being disconnected, it appears they are not encrypted. I don't know if something in the maplestructs or mspacket changed.

Edited by maplefreak200

Share this post


Link to post
Guest
On 3/8/2017 at 14:56, maplefreak200 said:

wow thanks alot guys and 

@Five  :x

 

I finally gotten it to work and all, but now I want to know how can this new crypto where it randomized the packets be bypassed? Sending a packet in game will disconnect you unless it is an encrypted form of the packet. Login server packets can be sent without being disconnected, it appears they are not encrypted. I don't know if something in the maplestructs or mspacket changed.

Lovely. It isn't randomization, it is more of an obfuscated vm'd function that uses either obfuscated mapping for encode2 packet headers or just uses encode1 packet headers depending on short or byte sized header . @Waty has seen it in the packets http://pastebin.com/WYcAf937. I'm currently working on an unvirtualized unpack for the game functions to see if any more additional data can be obtained. @NewSprux2.0? is probably looking into packets also.

It is sent from the server by the request of the client once your character is selected.

Edited by Guest

Share this post


Link to post
6 hours ago, maplefreak200 said:

Really thanks for your help @Five, what is your current progress so far regarding this obfuscated VM'd function so far? Such a start for Nexon to be using this. :ph34r:

he mentioned in the chatbox he didn't want to release anything about it due to other websites stealing etc iirc, but maybe he will post helpful hints for people looking.

Share this post


Link to post
Guest

@RedPanda isn't the reason but okay. Maybe something will be released.

 

Edited by Guest

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×