[Fix] [v.164] Integrity Check Algorithm

[Fraysa]

Two years ago @Darter posted this thread about a certain integrity check in the client which causes the client to crash within a minute if the server doesn't respond to it. He created a list with all the possible responses and @SuperLol made this algorithm which worked fine... until v.164.

I tried many different offsets but unfortunately nothing worked. I created another list using @Darter's help and using data from the official servers and @SuperLol made this new algorithm, so all credits belong to him.

You may refer to it as "clientAuth".

Code:

public static int GetIntegrityResponse(int request)
        {
            int response;

            int a = (request >> 5) << 5;
            response = ((8 - ((request - a) >> 2)) << 2) + (request & 0x3) - 4 + a;

            return response;
        }

Enjoy your development!

[MentaL]

[SuperLol]

Oh this was made assuming 1 returns 28, 2 returns 29, and so on. If it starts at 0, then I'll be off by 1.

[Fraysa]

Oh this was made assuming 1 returns 28, 2 returns 29, and so on. If it starts at 0, then I'll be off by 1.

Yep, it starts at 0. I modified it, no worries.

[HawtMaple]

Based on the original, took less than a minute to fix, math.

Code:

    int pRequest = slea.readInt();
    int pResponse = (pRequest >> 5 << 5) + ((((pRequest & 0x1F) >> 3 ^ 0x3) << 3) + (8 - (pRequest & 0x7)));
    pResponse |= pRequest >> 7 << 7;

[ExtremeDevilz]

This is actually BlackCipher Heartbeat Check

[Fraysa]

This is actually BlackCipher Heartbeat Check

Yep it is.

[Darter]

very nice quality release 10/10 glad i could help build a new table of values for you and help contribute to the dev scene of maple. good luck on dev everyone

btw if you block your maplestory client from sending this to the official servers nothing will happen...its strictly for client to feel safe

[Dynamik]

Two years ago @Darter posted this thread about a certain integrity check in the client which causes the client to crash within a minute if the server doesn't respond to it. He created a list with all the possible responses and @SuperLol made this algorithm which worked fine... until v.164.

I tried many different offsets but unfortunately nothing worked. I created another list using @Darter's help and using data from the official servers and @SuperLol made this new algorithm, so all credits belong to him.

You may refer to it as "clientAuth".

Code:

public static int GetIntegrityResponse(int request)
        {
            int response;

            int a = (request >> 5) << 5;
            response = ((8 - ((request - a) >> 2)) << 2) + (request & 0x3) - 4 + a;

            return response;
        }

Enjoy your development!

Pardon my ignorance, but as far as I know, this line does absolutely nothing since you are shifting right five, and then shifting left five.

Code:

            int a = (request >> 5) << 5;

Why keep it? D:

[Darter]

Pardon my ignorance, but as far as I know, this line does absolutely nothing since you are shifting right five, and then shifting left five.

Code:

            int a = (request >> 5) << 5;

Why keep it? D:

it cuts off bits

[ALotOfPosts]

Pardon my ignorance, but as far as I know, this line does absolutely nothing since you are shifting right five, and then shifting left five.

Code:

            int a = (request >> 5) << 5;

Why keep it? D:

>> 5 is the same as saying /32
<< 5 is the same as saying *32

So 100/32*32 is 96, instead of 100 due to truncation.
Let's have a binary representation of a number like 100
64+32+4=1100100
We shift it 5 bytes to the right
11 is left.
We shift it 5 bytes to the left
1100000 is the current number
1100000 = 64+32 = 96.

Basically what was said above, but a more mathematical answer.

[Zygon]

>> 5 is the same as saying /32
<< 5 is the same as saying *32

So 100/32*32 is 96, instead of 100 due to truncation.
Let's have a binary representation of a number like 100
64+32+4=1100100
We shift it 5 bytes to the right
11 is left.
We shift it 5 bytes to the left
1100000 is the current number
1100000 = 64+32 = 96.

Basically what was said above, but a more mathematical answer.

I prefer this

Code:

int a = request & 0xffffffe0;

[oxysoft]

I prefer this

Code:

int a = request & 0xffffffe0;

fucking disgusting bit level hacking

u have all my respects

[Another One]

You don't need any fancy bitwise operations..

Code:

return request ^ SendPacketOpcode.BC_AUTH.getValue();

This works for every version, you will never have to change this.
(Where BC_AUTH is the send header for the same packet, 0x1C in v164)

It's also more likely to be what the official servers actually use, instead of them "randomly changing the algorithm", it likely automatically changes whenever the header does, which is exactly what has happened so far.

[Fraysa]

You don't need any fancy bitwise operations..

Code:

return request ^ SendPacketOpcode.BC_AUTH.getValue();

This works for every version, you will never have to change this.
(Where BC_AUTH is the send header for the same packet, 0x1C in v164)

It's also more likely to be what the official servers actually use, instead of them "randomly changing the algorithm", it likely automatically changes whenever the header does, which is exactly what has happened so far.

oh shit. this is fcuking genius