- Joined
- Jun 5, 2010
- Messages
- 567
- Reaction score
- 598
Disclaimer: If you don't want to read a wall of text, then this guide is not for you. If you are too lazy to read this, you do not have the patience to update and therefore really shouldn't be updating in the first place and I did not write this guide for you.
General Introduction:
Updating takes time and general knowledge of the game. Some creativity might be involved as well. A few basic things must be known beforehand if anyone is interested in updating. These are the very basic definitions and without this, it is quite useless to proceed any further. I will give you an efficient way to packet sniff and update with possibly a few tricks to save time, but it is still up to you to learn the logic behind updating. I am also assuming this is updating for OdinMS source but the same concepts can be applied for Vana and DelphiMS. I haven't ever looked at Titan or the C# sources so I cannot say the same, but packets are the same for the game. I will also use v88 and v147 as I am most familiar with v88 and MapleGlobal was at v147.2 at the time the guide was written. Still, if you want to update MSEA to the latest version, this guide will still work. I will also make sure the guide works for both odinms sources using properties files and those that do not.
Why Learn Packets?
If you actually want to run a successful server with no competition, updating to the latest version is important. Now you ask me why I haven't done this for MoongraMS (according to Flav, I "don't know how to"). I simply don't have the time and energy for this stuff anymore as even though I have done it before, I have no motivation or time to do it anymore. If you're going to "aim for #1 " you're going to have to keep up with the competition that is going on. True, custom features and the site are "almost as important" as the game itself, but this is the easiest way to get players quickly and not being labeled as a terrible server who is only top because of insane rates.
Definitions and Basic Information:
Other Misc Information:
Updating Opcodes:
Introduction
How to Work a Packet Sniffer:
How to Packet Sniff Efficiently:
Analyzing Packet Logs and Updating First Opcode:
Opcode Naming:
Analyzing Packet Logs Continued:
Guessing Opcodes (theoretical examples):
Additional Tips:
Summary for Opcodes:
1. Sniff the easy opcodes but with efficiency and clarity.
2. Update the easy opcodes, go from RECV to SEND if you are not experienced although this doesn't really matter
3. Guess the opcodes that you can guess with high certainty.
4. Go back and sniff the ones that are missing and repeat #2-3 until a good list is done for send and receive packets.
Part 2 for reading packet structures and part 3 for updating packet structures coming soon.
General Introduction:
Updating takes time and general knowledge of the game. Some creativity might be involved as well. A few basic things must be known beforehand if anyone is interested in updating. These are the very basic definitions and without this, it is quite useless to proceed any further. I will give you an efficient way to packet sniff and update with possibly a few tricks to save time, but it is still up to you to learn the logic behind updating. I am also assuming this is updating for OdinMS source but the same concepts can be applied for Vana and DelphiMS. I haven't ever looked at Titan or the C# sources so I cannot say the same, but packets are the same for the game. I will also use v88 and v147 as I am most familiar with v88 and MapleGlobal was at v147.2 at the time the guide was written. Still, if you want to update MSEA to the latest version, this guide will still work. I will also make sure the guide works for both odinms sources using properties files and those that do not.
Why Learn Packets?
If you actually want to run a successful server with no competition, updating to the latest version is important. Now you ask me why I haven't done this for MoongraMS (according to Flav, I "don't know how to"). I simply don't have the time and energy for this stuff anymore as even though I have done it before, I have no motivation or time to do it anymore. If you're going to "aim for #1 " you're going to have to keep up with the competition that is going on. True, custom features and the site are "almost as important" as the game itself, but this is the easiest way to get players quickly and not being labeled as a terrible server who is only top because of insane rates.
Definitions and Basic Information:
-Byte: 1 byte
-Short: 2 bytes
-Int: 4 bytes
-Long: 8 bytes
-This will be done in hexadecimal so it is base 16. It is useful to have calculators for hex to decimal (dec) and dec to hex at the ready. It is also useful to know some basics such as 0xA in hex = 10 in decimal, 0xB = 11, and possible some multiples of 16. It is useful to also know how to multiply and add in your head. Since I can do that, for all bytes I can calculate the values pretty fast by doing it in my head. To differentiate between a value that is hexadecimal and decimal, all hex values start with 0x.
-The packets on Maplestory are in little endian format, which means the once converted to hexadecimal (hex), they are reversed. This means that if something was 0x12345678, once converted to little endian, it would be 78 56 34 12. Using the same principle, a group of 4 bytes that are 00 30 20 10 will be 0x10203000 in hex form.
-Packets are sent between the server and client to transfer data and information. The GUI is a projection of it, in a way.
-Actions that are handled by packets on Maplestory are defined by a short (2 bytes) in the beginning of the packet. Some actions may share the same short. We will call this short an opcode. Both packets sent and received by the server have opcodes. Naming these opcodes will help a lot.
-Handlers are for receive packets (received by the server FROM the client). MaplePacketCreator is for send packets (in Lithium sources it's CWvsContext, CField, etc). By receiving packets, I mean that the server receives the packets and not the client. Similarly by sending packets, I mean the server sends the packets.
-Short: 2 bytes
-Int: 4 bytes
-Long: 8 bytes
-This will be done in hexadecimal so it is base 16. It is useful to have calculators for hex to decimal (dec) and dec to hex at the ready. It is also useful to know some basics such as 0xA in hex = 10 in decimal, 0xB = 11, and possible some multiples of 16. It is useful to also know how to multiply and add in your head. Since I can do that, for all bytes I can calculate the values pretty fast by doing it in my head. To differentiate between a value that is hexadecimal and decimal, all hex values start with 0x.
-The packets on Maplestory are in little endian format, which means the once converted to hexadecimal (hex), they are reversed. This means that if something was 0x12345678, once converted to little endian, it would be 78 56 34 12. Using the same principle, a group of 4 bytes that are 00 30 20 10 will be 0x10203000 in hex form.
-Packets are sent between the server and client to transfer data and information. The GUI is a projection of it, in a way.
-Actions that are handled by packets on Maplestory are defined by a short (2 bytes) in the beginning of the packet. Some actions may share the same short. We will call this short an opcode. Both packets sent and received by the server have opcodes. Naming these opcodes will help a lot.
-Handlers are for receive packets (received by the server FROM the client). MaplePacketCreator is for send packets (in Lithium sources it's CWvsContext, CField, etc). By receiving packets, I mean that the server receives the packets and not the client. Similarly by sending packets, I mean the server sends the packets.
Other Misc Information:
-Levels, small details like pvp rank are bytes
-Jobs, stats, item slots, personality traits (charm, ambition) are shorts
-Map ID, NX cash amounts, Azwan Honor are ints. HP and MP are also now ints.
-Mesos, exp, map id are now longs
-Buffstats are ALSO ints
-Jobs, stats, item slots, personality traits (charm, ambition) are shorts
-Map ID, NX cash amounts, Azwan Honor are ints. HP and MP are also now ints.
-Mesos, exp, map id are now longs
-Buffstats are ALSO ints
Updating Opcodes:
Introduction
Updating opcodes is the first step to updating a version from one to another. This step takes either a lot of time, or a bit of time and some logic.
It is important to know about common things Nexon does with their opcodes. The most important thing is to know that Nexon usually keeps the opcodes between versions in order. This is not always true as some opcodes are moved around in some versions, but for the most part, most of the opcodes stay in order. Knowledge of what is added and removed is somewhat important as well. For example in v88 there were monster books, but by big bang patch they were removed. It is possible that the opcodes were removed as well, causing the values of the opcodes to go down.
It is important to know about common things Nexon does with their opcodes. The most important thing is to know that Nexon usually keeps the opcodes between versions in order. This is not always true as some opcodes are moved around in some versions, but for the most part, most of the opcodes stay in order. Knowledge of what is added and removed is somewhat important as well. For example in v88 there were monster books, but by big bang patch they were removed. It is possible that the opcodes were removed as well, causing the values of the opcodes to go down.
How to Work a Packet Sniffer:
After knowing this, it is time to go and grab some packets from the game. I personally favor SnowSniffer solely due to the ASCII printout, but I currently use MapleShark and will be writing a guide about it. It is googleable and just look for the latest version, which I believe is 2020. If you don't have .NET framework, get that as MapleShark needs it. Download and install
I have gotten some questions on MapleShark not working for a few people, so I will also include a small guide. Open up the executable and set the settings. If you are on wireless, choose wireless. If you are on ethernet, use local area connection when it asks for it. Sometimes you have to pick option number 2 of these sections.
![SuperLol - Updating a Server from One Version to Another [Updated] - RaGEZONE Forums](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7 "SuperLol - Updating a Server from One Version to Another [Updated] - RaGEZONE Forums")
MapleShark also asks you for the ports you want to sniff. Set those from 8500-8700 (channels start at 8585, login is 8484, cash is 8686 so adjust accordingly). The ports don't quite reach 8700, but use 8700 for simplicity. When you have this open, you can change channels or log into the game and packets will start being logged. If packets are not logged right away, then switch up the settings and try again.
You must be registered to see links
while you're at it since this is needed for packet sniffing.I have gotten some questions on MapleShark not working for a few people, so I will also include a small guide. Open up the executable and set the settings. If you are on wireless, choose wireless. If you are on ethernet, use local area connection when it asks for it. Sometimes you have to pick option number 2 of these sections.
![SuperLol - Updating a Server from One Version to Another [Updated] - RaGEZONE Forums](https://forum.ragezone.com/images/404_image.png "SuperLol - Updating a Server from One Version to Another [Updated] - RaGEZONE Forums")
MapleShark also asks you for the ports you want to sniff. Set those from 8500-8700 (channels start at 8585, login is 8484, cash is 8686 so adjust accordingly). The ports don't quite reach 8700, but use 8700 for simplicity. When you have this open, you can change channels or log into the game and packets will start being logged. If packets are not logged right away, then switch up the settings and try again.
How to Packet Sniff Efficiently:
Good packet sniffing isn't just mindless moving around and training on monsters, contrary to popular belief due to released packets during v80 days. No, those packets are pretty useless and so are the people thanking them. The problem with those packets is that there will be an abundance of movement packets, monster packets, and attack packets, which you don't need more than a few of to update. When you packet sniff, you need to get what you want, quickly and clearly. To packet sniff efficiently, do one function at a time. Look through the receive packets and send packets and find the ones you want to sniff. An easy approach is to say what you want to sniff before sniffing the exact action. For example if you want to sniff meso drop, don't just drop mesos and move on, say DROPPING MESOS and then drop mesos. Also know how many mesos you dropped. Saying something like DROPPING 256 MESOS is better than saying DROPPING MESOS. It is important to do exactly what you said before, to make it easy on yourself (drop 256 mesos if you said you would). After sniffing one feature that you wanted to sniff, say in chat that you are done. This will be useful later on when you look at your log. You will know the general area of what you just sniffed by looking at the packet log. Once you have a sizeable log with many things sniffed, you can stop sniffing. If this is your first time updating and you have little experience, then sniff a bunch of things so you can fill in the unknown opcodes later on.
An easier example for sniffing:
Wanted: Creating a party
Before you create the party in game, say in all chat: CREATE PARTY
Then quickly create the party before doing anything else
Right after you create the party, say in all chat again: FINISHED CREATING PARTY
After that, go to MapleShark, find where in the log you said CREATE PARTY, and between the places where you said CREATE PARTY and FINISHED CREATING PARTY will be the create party packet (explained in next section).
An easier example for sniffing:
Wanted: Creating a party
Before you create the party in game, say in all chat: CREATE PARTY
Then quickly create the party before doing anything else
Right after you create the party, say in all chat again: FINISHED CREATING PARTY
After that, go to MapleShark, find where in the log you said CREATE PARTY, and between the places where you said CREATE PARTY and FINISHED CREATING PARTY will be the create party packet (explained in next section).
Analyzing Packet Logs and Updating First Opcode:
Now that you have packet logs, log off of MapleStory. You don't want more packets coming. Now go back to the MapleShark GUI and scroll down each packet that is logged. The packets received by the server will be outbound, and the packets sent by the server will be inbound. The names are counter-intuitive but if you think about it the other way around by replacing server with client, then it would make sense (receive by client = inbound). The opcode is given at the side as well along with the packet length. This will be useful later on. Now it is the time to find when you talked. Scroll down each packet until you find where you talked. The textbox to the bottom right of MapleShark gives you an ASCII printout.
To find out the sections you have just sniffed, start with what you first sniffed and scroll down to what you just said in plain text. In the previous section I suggested dropping mesos or creating party to be the first one to sniff. If you used that example, then search for a packet that has text that says DROPPING MESOS or CREATE PARTY. This is generally the first step to analyzing packets: Knowing where your packets you sniffed are. The next step would be knowing where your sniffed section ends. For that, it is easy as well, and scroll down until you see text that says FINISHED CREATING PARTY or something of that sort. It should be at most a few packets below. If it isn't, then there could be something wrong, or you enabled too many packets to be sniffed.
Now that you know the general area, look at the first packet that had the text. If it is outbound, then that packet will be for receive packets. Get the opcode that MapleShark says it is. The packet that has the plaintext is the chat packet. In v88 it is 0x31. In v99 it is 0x37 and in v112.4 it is 0x59. In v147.2, it is 0x6A. Navigate to the file where the receive packets are stored. Get the old value of GENERAL_CHAT and change that to the new value. Example: v88 is 0x31, v99 = 0x37, v112.4 it = 0x59. Change 0x31 to 0x37, or 0x59 for v112.4, or 0x6A for v147.2. Since 0x59-0x31 = 0x28 = 40, note that it is +40. This will come in handy later. If you are experienced or very good at mental math, you may skip this step. You have updated your first opcode. Next go back to MapleShark and look at the inbound packet containing the words you have said. This is also GENERAL_CHAT, but in send opcodes. Go to where your opcodes are stored and change that for CHATTEXT as well. In v88 it is 0xA2. In v99 it is 0xAF. In v112.4 it is 0xF8. Just as a freebie, the send opcode (incoming) for CHATTEXT is 0x169 in v147.2.
To find out the sections you have just sniffed, start with what you first sniffed and scroll down to what you just said in plain text. In the previous section I suggested dropping mesos or creating party to be the first one to sniff. If you used that example, then search for a packet that has text that says DROPPING MESOS or CREATE PARTY. This is generally the first step to analyzing packets: Knowing where your packets you sniffed are. The next step would be knowing where your sniffed section ends. For that, it is easy as well, and scroll down until you see text that says FINISHED CREATING PARTY or something of that sort. It should be at most a few packets below. If it isn't, then there could be something wrong, or you enabled too many packets to be sniffed.
Now that you know the general area, look at the first packet that had the text. If it is outbound, then that packet will be for receive packets. Get the opcode that MapleShark says it is. The packet that has the plaintext is the chat packet. In v88 it is 0x31. In v99 it is 0x37 and in v112.4 it is 0x59. In v147.2, it is 0x6A. Navigate to the file where the receive packets are stored. Get the old value of GENERAL_CHAT and change that to the new value. Example: v88 is 0x31, v99 = 0x37, v112.4 it = 0x59. Change 0x31 to 0x37, or 0x59 for v112.4, or 0x6A for v147.2. Since 0x59-0x31 = 0x28 = 40, note that it is +40. This will come in handy later. If you are experienced or very good at mental math, you may skip this step. You have updated your first opcode. Next go back to MapleShark and look at the inbound packet containing the words you have said. This is also GENERAL_CHAT, but in send opcodes. Go to where your opcodes are stored and change that for CHATTEXT as well. In v88 it is 0xA2. In v99 it is 0xAF. In v112.4 it is 0xF8. Just as a freebie, the send opcode (incoming) for CHATTEXT is 0x169 in v147.2.
Opcode Naming:
Now you may be thinking, how did I know it was CHATTEXT and GENERAL_CHAT for send and receive packets respectively? Perhaps you may be thinking, how would you know what the packet names are right off the bat? There is no simple answer to this. I just know because I've done this many times. Although the packets are not badly named, some are a bit confusing. For example, in my source I have ARAN_COMBO for receive packet but the handler is named DamageMonsterHandler for some stupid reason. Oftentimes figuring out this for the first time may take a while. Here are some helpful tips though: Remember that packet opcodes stay in order for the most part. In v88, ARAN_COMBO comes before CS_OPERATION (doing things with cash shop). If you got something like ARAN_COMBO and it is 0x9999, then it is way too high since it's greater than the value of cash shop (when you sniff that later on) and you're probably doing it wrong. However, if you got something like ARAN_COMBO being 0xBA, then it may be reasonable. There are many ways to verify if it is correct and this will be gone more in depth in the Looking At Packet Structures section of this guide.
To name an opcode, right click the naming section of the packet line. Then enter the name in regularly. Make sure the name you give the opcode is relevant to the opcode. Otherwise confusion will occur.
To name an opcode, right click the naming section of the packet line. Then enter the name in regularly. Make sure the name you give the opcode is relevant to the opcode. Otherwise confusion will occur.
Analyzing Packet Logs Continued:
So you have just found the GENERAL_CHAT opcode. This is a very important step. To make things easier for yourself, at any GENERAL_CHAT packet, right click it and name it GENERAL_CHAT (RECV). The good thing about MapleShark is that it can search for the packets you have logged based on opcode. No one wants to read through a list of hexadecimal numbers like Outbound 0x37, so naming it something in English will help. After this is done, scroll down to the next few packets. Remember we only updated chatting, and we have not even updated what we were trying to update, which is the function of what you said. While doing updates, I sometimes drop mesos first. Now it's time to use your brain. Find the old opcode for dropping mesos. Start in the Recv handler. Now the question is how did I know it was receive? There are two reasons. One, experience, and I know that it is receive, and it sends a DROP_ITEM_FROM_MAPOBJECT packet. Secondly, think back and remember those exploits on GMS about duping mesos. Also think about the meso hacks back in the older versions through packet editing negative values. Packet editing is done completely in receive handlers since clients send a custom packet that will be received by the server. Anyways now that you have the packet opcode from the old version, remember that most of the time opcodes go up, but not at a crazy rate. In v88, it was 0x5E. Now search for packets that around around that area and outbound. If you need more help, look at the mesodrophandler, and figure out what the packet length should be around (more indepth in analyzing packet structures). Since this is not covered yet, you will not know the exact length from v88, but think about it. Does a lot of data need to be transmitted for dropping mesos? Probably not. The meso count is needed, possibly what dropped it matters, and possibly when it dropped matters, and even perhaps the location of the drop. This means the packet will not be insanely long. So look around for a short packet.
When you find a decent sized packet around the old opcode, time to check if it is correct. This is where remembering how much you dropped comes in. Drag your mouse and highlight 4 consecutive bytes in the packet. You may highlight it in the bottom of the GUI and the integer provided will be calcuated into decimal on the righthand side of the GUI. If that doesn't match the amount of mesos you dropped, keep going. Keep going until the end and if none of the ints match the amount of mesos you dropped, you have the wrong packet. The question is now how is it an int. There are again 2 ways I know it's an int. One, through experience and the second through looking at the packet handler (more info to come). Anyways after a few trials, the meso drop opcode should be found to be 0x69 for v99 (0xA8 for v112.4). Replace the old one with this one. The old opcode was 0x5E, and 0x69-0x5E = 11 so add a +11 tag next to it (for v112.4 there's a crazy jump from v88). Now it's time to check the send packet. Because you know the receive opcode is MESO_DROP, find the handler that corresponds to it.
Update: For V112.4 it is: 0xA8 for MESO_DROP (RECV). 0x1D3 for DROP_ITEM_FROM_MAP_OBJECT (SEND)
Obviously it is MesoDropHandler, but if the opcode was named badly, there must be another way to find the handler. The foolproof way to do it is through searching an IDE. I will assume Netbeans here, but those that use Eclipse have a very similar feature. Right click the variable called MESO_DROP and select the option find usages. In Eclipse it is similar. Select the default choice and it will find you the usages of the variable. Double click the line of code that uses it. This will take you to PacketProcessor.java (in odinms) and next to the line of the code will be the name of the file. Press ctrl, and then click on the name of the file. This will take you straight to the file (IDE Shortcuts!). In the handler, sometimes there will be a c.getSession().write(MaplePacketCreator.stuff); line of code. This tells the server what packet to send back to the player. In some handlers, more than one of these will be used and in others, there will not be an packets sent at all. This is where code reading needs to take place. Remember what you did and navigate to the correct section of code. Find the packet that the server sends (if any) and go to that method (hold down the control key and click on the method). The method will be something like public static MaplePacket blah() {MaplePacketLittleEndianWriter mplew = stuff; mplew.writeShort(<OPCODE HERE>);/*code omitted*/}. Find the opcode in <OPCODE HERE>. In the case of meso dropping, it would be DROP_ITEM_FROM_MAPOBJECT. Go back to where the send opcodes are located and get the old opcode for DROP_ITEM_FROM_MAPOBJECT.
Now go back to MapleShark and find the packet sent after MESO_DROP. If the packet opcode is reasonably near the old one, this may be the correct packet (to be verified later on). For now replace the old opcode (v88 = 0x10C, v112.4 = 0x1D3) with the new one you have found. Calculate the difference and make note of it for future checking. This whole procedure needs to be continued for everything you have sniffed. If you are too lazy but this is your first time doing this, then stop right now. It is not worth continuing as this is one of the easier parts and the part that really takes the least amount of work. Updating is not for the weak.
A general idea of checking packets.
When you find a decent sized packet around the old opcode, time to check if it is correct. This is where remembering how much you dropped comes in. Drag your mouse and highlight 4 consecutive bytes in the packet. You may highlight it in the bottom of the GUI and the integer provided will be calcuated into decimal on the righthand side of the GUI. If that doesn't match the amount of mesos you dropped, keep going. Keep going until the end and if none of the ints match the amount of mesos you dropped, you have the wrong packet. The question is now how is it an int. There are again 2 ways I know it's an int. One, through experience and the second through looking at the packet handler (more info to come). Anyways after a few trials, the meso drop opcode should be found to be 0x69 for v99 (0xA8 for v112.4). Replace the old one with this one. The old opcode was 0x5E, and 0x69-0x5E = 11 so add a +11 tag next to it (for v112.4 there's a crazy jump from v88). Now it's time to check the send packet. Because you know the receive opcode is MESO_DROP, find the handler that corresponds to it.
Update: For V112.4 it is: 0xA8 for MESO_DROP (RECV). 0x1D3 for DROP_ITEM_FROM_MAP_OBJECT (SEND)
Obviously it is MesoDropHandler, but if the opcode was named badly, there must be another way to find the handler. The foolproof way to do it is through searching an IDE. I will assume Netbeans here, but those that use Eclipse have a very similar feature. Right click the variable called MESO_DROP and select the option find usages. In Eclipse it is similar. Select the default choice and it will find you the usages of the variable. Double click the line of code that uses it. This will take you to PacketProcessor.java (in odinms) and next to the line of the code will be the name of the file. Press ctrl, and then click on the name of the file. This will take you straight to the file (IDE Shortcuts!). In the handler, sometimes there will be a c.getSession().write(MaplePacketCreator.stuff); line of code. This tells the server what packet to send back to the player. In some handlers, more than one of these will be used and in others, there will not be an packets sent at all. This is where code reading needs to take place. Remember what you did and navigate to the correct section of code. Find the packet that the server sends (if any) and go to that method (hold down the control key and click on the method). The method will be something like public static MaplePacket blah() {MaplePacketLittleEndianWriter mplew = stuff; mplew.writeShort(<OPCODE HERE>);/*code omitted*/}. Find the opcode in <OPCODE HERE>. In the case of meso dropping, it would be DROP_ITEM_FROM_MAPOBJECT. Go back to where the send opcodes are located and get the old opcode for DROP_ITEM_FROM_MAPOBJECT.
Now go back to MapleShark and find the packet sent after MESO_DROP. If the packet opcode is reasonably near the old one, this may be the correct packet (to be verified later on). For now replace the old opcode (v88 = 0x10C, v112.4 = 0x1D3) with the new one you have found. Calculate the difference and make note of it for future checking. This whole procedure needs to be continued for everything you have sniffed. If you are too lazy but this is your first time doing this, then stop right now. It is not worth continuing as this is one of the easier parts and the part that really takes the least amount of work. Updating is not for the weak.
A general idea of checking packets.
Guessing Opcodes (theoretical examples):
Now after a good size of opcodes are updated in this tedious manner, a few other tricks can be utilized. Possibly the most useful one is guessing opcodes with good accuracy. This is where the adding the packet increases and decreases such as +11 for meso dropping.
I have prepared an example in v147.2 to show what I mean (these are actual opcodes!):
You current source version is v117.2 and you want to update to v147.2
Your opcodes are as follows (for RECV):
MOVE_FAMILIAR = 0x14D
TOUCH_FAMILIAR = 0x14E
ATTACK_FAMILIAR = 0x14F
REVEAL_FAMILIAR = 0x151
QUICK_SLOT= 0x152, 0x1E1
You log on GMS and sniff that MOVE_FAMILIAR is 0x1DC by getting your familiar to move around and logging packets. You also log on and get quick slot packets to be 0x1E1 by changing your quick slots and getting the packets for it. However, you don't have any monsters to attack but you want to know the value of the ATTACK_FAMILIAR packet and you have NO IDEA what REVEAL_FAMILIAR is. The good thing is with this method, you can still figure out what the packet opcodes are.
MOVE_FAMLIAR was 0x14D and went to 0x1DC so it had a +143 jump.
QUICK_SLOT was 0x152 and went to 0x1E1 so it also had a +143 jump.
From this, we can just assume that everything in between also has a +143 jump. You can never be 100% sure, but as mentioned before Nexon likes keeping packets in order, so you can make this assumption with high accuracy. Using this logic, TOUCH_FAMILIAR is 0x1DD, ATTACK_FAMILIAR is 0x1DE, and REVEAL_FAMILIAR is left as an exercise to the reader.
I have prepared an example in v147.2 to show what I mean (these are actual opcodes!):
You current source version is v117.2 and you want to update to v147.2
Your opcodes are as follows (for RECV):
MOVE_FAMILIAR = 0x14D
TOUCH_FAMILIAR = 0x14E
ATTACK_FAMILIAR = 0x14F
REVEAL_FAMILIAR = 0x151
QUICK_SLOT= 0x152, 0x1E1
You log on GMS and sniff that MOVE_FAMILIAR is 0x1DC by getting your familiar to move around and logging packets. You also log on and get quick slot packets to be 0x1E1 by changing your quick slots and getting the packets for it. However, you don't have any monsters to attack but you want to know the value of the ATTACK_FAMILIAR packet and you have NO IDEA what REVEAL_FAMILIAR is. The good thing is with this method, you can still figure out what the packet opcodes are.
MOVE_FAMLIAR was 0x14D and went to 0x1DC so it had a +143 jump.
QUICK_SLOT was 0x152 and went to 0x1E1 so it also had a +143 jump.
From this, we can just assume that everything in between also has a +143 jump. You can never be 100% sure, but as mentioned before Nexon likes keeping packets in order, so you can make this assumption with high accuracy. Using this logic, TOUCH_FAMILIAR is 0x1DD, ATTACK_FAMILIAR is 0x1DE, and REVEAL_FAMILIAR is left as an exercise to the reader.
Additional Tips:
Because of the guessing strategy, opcodes can easily be filled up pretty fast. There are a few ways to make your life easier. Firstly, don't sniff everything in the same area. True, you may get completely perfect opcodes in that section, but usually you can guess those. Spread the packet sniffing throughout the opcodes list. Maybe sniff MESO_DROP, then sniff going into cash shop, then sniff some familiar info, go sniff some attacks. Use the knowledge of packet guessing to your advantage.
Sometimes guessing with certainty isn't purely enough and you get something like
ACTION_1 = 0x55 //+4, was 0x51
ACTION_2 = ? // was 0x52
ACTION_3 = 0x65 //+5 was 0x60
For these examples, look at what the actions are. If action_1 is scrolling, and action_2 is like enhancement scrolling, and action_3 is something to do with moving items, then it is more likely for the ACTION_2 to get the +4 than the +5. Another way to know this is that 0x52 is closer to 0x51 (looking at old values).
Knowing what packets represent and when they are used what is also good to remember. Some of the packets are actually badly named in OdinMS. For example, DROP_ITEM_FROM_MAP_OBJECT is also used when you enter a map. A name like SPAWN_ITEM would probably be more accurate. WARP_TO_MAP is used when you log in but also at other times. PARTY_CHAT (RECV) in some sources should more properly be named something like MULTICHAT since alliance, buddy, and guild chat all use the same handler. Of course the actual names in the client are better, but this guide does not cover that far (you will not be able to look in the client yet).
Sometimes guessing with certainty isn't purely enough and you get something like
ACTION_1 = 0x55 //+4, was 0x51
ACTION_2 = ? // was 0x52
ACTION_3 = 0x65 //+5 was 0x60
For these examples, look at what the actions are. If action_1 is scrolling, and action_2 is like enhancement scrolling, and action_3 is something to do with moving items, then it is more likely for the ACTION_2 to get the +4 than the +5. Another way to know this is that 0x52 is closer to 0x51 (looking at old values).
Knowing what packets represent and when they are used what is also good to remember. Some of the packets are actually badly named in OdinMS. For example, DROP_ITEM_FROM_MAP_OBJECT is also used when you enter a map. A name like SPAWN_ITEM would probably be more accurate. WARP_TO_MAP is used when you log in but also at other times. PARTY_CHAT (RECV) in some sources should more properly be named something like MULTICHAT since alliance, buddy, and guild chat all use the same handler. Of course the actual names in the client are better, but this guide does not cover that far (you will not be able to look in the client yet).
Summary for Opcodes:
1. Sniff the easy opcodes but with efficiency and clarity.
2. Update the easy opcodes, go from RECV to SEND if you are not experienced although this doesn't really matter
3. Guess the opcodes that you can guess with high certainty.
4. Go back and sniff the ones that are missing and repeat #2-3 until a good list is done for send and receive packets.
Part 2 for reading packet structures and part 3 for updating packet structures coming soon.
Last edited:
