IDB loginpacket

Results 1 to 5 of 5
  1. #1
    (O_o(o_O(O_O)o_O)O_o) Novak is offline
    MemberRank
    Apr 2009 Join Date
    The NetherlandsLocation
    1,120Posts

    IDB loginpacket

    Hi, im searching for the loginpacket in a IDB. The op is 0x00 (0). (v118)

    So far I found CLogin_OnPacket
    Spoiler:

    PHP Code:
    int __thiscall CLogin::OnPacket(void *thisint a1int a2)
    {
      
    int result// eax@1

      
    result a1;
      switch ( 
    a1 )
      {
        case 
    0:
          
    result CLogin::OnCheckPasswordResult(a2);
          break;
        case 
    1:
          
    result sub_6B7AB0((int)((char *)this 8), a2);
          break;
        case 
    2:
          
    result sub_6B7F40(a2);
          break;
        case 
    3:
          
    result sub_6AC770(a2);
          break;
        case 
    4:
          
    result sub_6AA930(a2);
          break;
        case 
    5:
          
    result sub_6AE970(a2);
          break;
        case 
    6:
          
    result sub_6ACF50(a2);
          break;
        case 
    7:
          
    result sub_6B4D70(a2);
          break;
        case 
    8:
          
    result sub_6AAA50(a2);
          break;
        case 
    9:
          
    result sub_6B44C0(a2);
          break;
        case 
    10:
          
    result sub_6B8440(a2);
          break;
        case 
    12:
          
    result sub_6AE880(a2);
          break;
        case 
    14:
          
    result sub_6B33E0(a2);
          break;
        case 
    13:
          
    result sub_6B48E0(a2);
          break;
        case 
    11:
          
    result sub_6B8AC0(a2);
          break;
        case 
    25:
          
    result sub_6AA970(a2);
          break;
        case 
    34:
          
    result sub_6AAA20(a2);
          break;
        case 
    28:
          
    result sub_6AA8E0(a2);
          break;
        case 
    29:
          
    result sub_6AE790(a2);
          break;
        case 
    30:
          
    result sub_6B9080(a2);
          break;
        case 
    31:
          
    result sub_6AA320(a2);
          break;
        case 
    32:
          
    result sub_6AB180(a2);
          break;
        case 
    33:
          
    result sub_6AB1D0(a2);
          break;
        default:
          if ( (
    unsigned int)(a1 211) <= )
            
    JUMPOUT(loc_86B770);
          if ( (
    unsigned int)(a1 214) <= )
            
    JUMPOUT(loc_701090);
          return 
    result;
      }
      return 
    result;


    But I'm not sure where to find the packet structure after this.

    CLogin::OnCheckPasswordResult also didn't seen to be it.
    Spoiler:

    PHP Code:
    int __thiscall sub_6B7AB0(int thisint a2)
    {
      
    int v2// edi@1
      
    int v3// ecx@1
      
    int v4// esi@1
      
    int v5// ebp@1
      
    int result// eax@3
      
    int v7// eax@13
      
    int v8// eax@16
      
    int v9// edi@31
      
    int v10// ebp@31
      
    int v11// ebx@31
      
    bool v12// zf@35
      
    int v13// eax@38
      
    int v14// [sp-3Ch] [bp-A8h]@31
      
    int v15// [sp-38h] [bp-A4h]@31
      
    int v16// [sp-34h] [bp-A0h]@31
      
    int v17// [sp-30h] [bp-9Ch]@31
      
    int v18// [sp-2Ch] [bp-98h]@31
      
    int v19// [sp-28h] [bp-94h]@31
      
    int v20// [sp-24h] [bp-90h]@31
      
    int v21// [sp-20h] [bp-8Ch]@31
      
    int v22// [sp-1Ch] [bp-88h]@31
      
    int v23// [sp-18h] [bp-84h]@31
      
    int v24// [sp-14h] [bp-80h]@31
      
    int v25// [sp-10h] [bp-7Ch]@31
      
    int v26// [sp-Ch] [bp-78h]@31
      
    signed int v27// [sp-8h] [bp-74h]@4
      
    int v28// [sp-4h] [bp-70h]@4
      
    int v29// [sp+14h] [bp-58h]@31
      
    int v30// [sp+18h] [bp-54h]@31
      
    int v31// [sp+1Ch] [bp-50h]@16
      
    int v32// [sp+20h] [bp-4Ch]@31
      
    int v33// [sp+24h] [bp-48h]@31
      
    int v34// [sp+28h] [bp-44h]@1
      
    int v35// [sp+2Ch] [bp-40h]@31
      
    char v36// [sp+30h] [bp-3Ch]@31
      
    char v37// [sp+38h] [bp-34h]@31
      
    int v38// [sp+40h] [bp-2Ch]@31
      
    int v39// [sp+44h] [bp-28h]@31
      
    int v40// [sp+48h] [bp-24h]@31
      
    int v41// [sp+4Ch] [bp-20h]@31
      
    int v42// [sp+50h] [bp-1Ch]@31
      
    int v43// [sp+54h] [bp-18h]@31
      
    int v44// [sp+58h] [bp-14h]@31
      
    int v45// [sp+5Ch] [bp-10h]@31
      
    int v46// [sp+68h] [bp-4h]@13

      
    v2 this;
      
    v34 this;
      
    v3 = *(_DWORD *)(this 396);
      *(
    _DWORD *)(v34 472) = 0;
      (*(
    void (__stdcall **)(signed int))(*(_DWORD *)v3 64))(3);
      
    v4 a2;
      
    v5 = (unsigned __int8)CInPacket::Decode1(a2);
      *(
    _BYTE *)(v2 580) = CInPacket::Decode1(v4);
      if ( 
    dword_116E0CC )
        
    sub_6D5990(1);
      
    result v5 1;
      switch ( 
    v5 )
      {
        case 
    0:
        case 
    7:
        case 
    9:
        case 
    10:
          
    v28 0;
          
    v27 15;
          goto 
    LABEL_24;
        case 
    3:
        case 
    4:
          
    v28 0;
          
    v27 16;
          goto 
    LABEL_24;
        case 
    14:
          
    v28 0;
          
    v27 21;
          goto 
    LABEL_24;
        case 
    6:
          
    v28 0;
          
    v27 20;
          goto 
    LABEL_24;
        case 
    5:
          
    v28 0;
          
    v27 3;
          goto 
    LABEL_24;
        case 
    8:
          
    sub_6B4B30(00);
          
    v28 0;
          
    v27 17;
          goto 
    LABEL_24;
        case 
    11:
          
    v28 0;
          
    v27 19;
          goto 
    LABEL_24;
        case 
    12:
          
    v28 0;
          
    v27 14;
          goto 
    LABEL_24;
        case 
    15:
          
    result sub_6C1600(27);
          if ( 
    result )
          {
            
    StringPool::GetInstance();
            
    v7 = *(_DWORD *)StringPool::GetString(&a23201);
            
    sub_C76810(v70);
            
    result a2;
            
    v46 = -1;
            if ( 
    a2 )
              
    result ZXString_char____Release((volatile LONG *)(a2 12));
          }
          break;
        case 
    16:
          
    result sub_6C1600(26);
          if ( 
    result )
          {
            
    StringPool::GetInstance();
            
    v8 = *(_DWORD *)StringPool::GetString(&v313201);
            
    v46 1;
            
    sub_C76810(v80);
            
    result v31;
            
    v46 = -1;
            if ( 
    v31 )
              
    result ZXString_char____Release((volatile LONG *)(v31 12));
          }
          break;
        case 
    17:
        case 
    22:
          
    v28 0;
          
    v27 33;
          goto 
    LABEL_24;
        case 
    44:
          
    v28 0;
          
    v27 72;
          goto 
    LABEL_24;
        case 
    45:
          
    v28 0;
          
    v27 78;
          goto 
    LABEL_24;
        case 
    18:
          
    v28 0;
          
    v27 27;
          goto 
    LABEL_24;
        case 
    26:
          
    v28 0;
          
    v27 40;
          goto 
    LABEL_24;
        case 
    39:
          
    v28 0;
          
    v27 901;
    LABEL_24:
          
    result sub_6C1890(v27v28);
          break;
        default:
          break;
      }
      if ( !
    v5 || v5 == 12 || v5 == 23 )
      {
        switch ( *(
    _BYTE *)(v2 580) )
        {
          case 
    0:
          case 
    1:
            if ( 
    dword_116E0CC )
              
    sub_6D5990(0);
            
    v9 CInPacket::Decode4(v4);
            
    v10 = (unsigned __int8)CInPacket::Decode1(v4);
            
    LOBYTE(v33) = CInPacket::Decode1(v4);
            
    LOBYTE(v32) = CInPacket::Decode1(v4);
            
    CInPacket::Decode1(v4);
            
    CInPacket::DecodeStr(&v30);
            
    v46 3;
            
    LOBYTE(v31) = CInPacket::Decode1(v4);
            
    LOBYTE(a2) = CInPacket::Decode1(v4);
            
    CInPacket::DecodeBuffer(&v368);
            
    dword_1173128(&v36, &v42);
            
    CInPacket::DecodeBuffer(&v378);
            
    dword_1173128(&v37, &v38);
            
    v11 CInPacket::Decode4(v4);
            
    CInPacket::DecodeStr(&v29);
            
    v35 = (int)&v28;
            
    LOBYTE(v46) = 4;
            
    v28 0;
            
    sub_431510(&v29);
            
    v27 v11;
            
    v23 v38;
            
    v24 v39;
            
    v22 0;
            
    v25 v40;
            
    v21 0;
            
    v26 v41;
            
    LOBYTE(v46) = 5;
            
    v17 v42;
            
    v18 v43;
            
    v19 v44;
            
    v20 v45;
            
    v16 a2;
            
    v15 v31;
            
    a2 = (int)&v14;
            
    v14 0;
            
    sub_431510(&v30);
            
    LOBYTE(v46) = 4;
            
    sub_6ADB90(v9v10v33v32v14v15v16v17v18v19v20v21v22v23v24v25v26v27v28);
            
    a2 ZAllocEx_ZAllocAnonSelector___Alloc(196);
            
    LOBYTE(v46) = 6;
            if ( 
    a2 )
              
    sub_6D87A0(v34);
            
    LOBYTE(v46) = 3;
            if ( 
    v29 )
              
    ZXString_char____Release((volatile LONG *)(v29 12));
            
    result v30;
            
    v12 v30 == 0;
            goto 
    LABEL_39;
          case 
    2:
          case 
    3:
            
    result sub_6C1480(310);
            if ( 
    result && !*(_DWORD *)(v2 464) )
            {
              
    StringPool::GetInstance();
              
    v13 = *(_DWORD *)StringPool::GetString(&v355);
              
    v46 2;
              
    sub_C76810(v130);
              
    result v35;
              
    v12 v35 == 0;
    LABEL_39:
              
    v46 = -1;
              if ( !
    v12 )
                
    result ZXString_char____Release((volatile LONG *)(result 12));
            }
            break;
          default:
            
    result sub_6C1890(150);
            break;
        }
      }
      return 
    result;



    sub_6B7AB0 couldn't render in pseudo code, but that probably has nothing to do with finding the login packet.

    Please don't flame Im new to all this. I'm just trying to learn. And I've allready learnt a lot from moogra's update guide and Heidi's IDB guide. I just don't fully understand it yet.

    Thanks in advance for thinking with me!

    - - - Updated - - -

    This is the error im having, big chunk of packet problems:
    Spoiler:

    Code:
    Received data :
    00 D2 71 96 C3 48 86 27 E3 15 E8 3D 90 9D C6 05 53 C9 09 3B 3E FE 17 53 6D 2C 48
     F1 49 94 08 94 59 66 D8 B6 EB 2A E6 82 8C F9 5C 5C EF E1 0E BC 18 EF 1B 0F 46 4
    B 9B C0 DA 7B 64 69 C6 E2 62 D3 93 3D 4B E5 18 3B CE 5E 92 06 23 6C 40 66 74 6B
    64 B2 2E 17 BC B2 9B 0C AE 08 14 9E 94 CB CC 04 8B 45 EF 22 C7 93 57 EB E7 C1 30
     1F 1B 61 61 02 57 4E 4B A0 B1 EF 3A 5A D7 42 BE 8C A9 7D
    .Êq?├H?'Ò.Þ=??ã.S╔.;>■.Sm,H±I?.?YfÏÂÙ*µ??¨\\´ß.╝.´..FK?└┌{diãÔbË?=KÕ.;╬^?.#l@ftk
    d▓..╝▓?.«..??╦╠.?E´"Ã?WÙþ┴0..aa.WNKá▒´:ZÎB¥?®}
    Received data : (Unhandled)
    00 D2 71 96 C3 48 86 27 E3 15 E8 3D 90 9D C6 05 53 C9 09 3B 3E FE 17 53 6D 2C 48
     F1 49 94 08 94 59 66 D8 B6 EB 2A E6 82 8C F9 5C 5C EF E1 0E BC 18 EF 1B 0F 46 4
    B 9B C0 DA 7B 64 69 C6 E2 62 D3 93 3D 4B E5 18 3B CE 5E 92 06 23 6C 40 66 74 6B
    64 B2 2E 17 BC B2 9B 0C AE 08 14 9E 94 CB CC 04 8B 45 EF 22 C7 93 57 EB E7 C1 30
     1F 1B 61 61 02 57 4E 4B A0 B1 EF 3A 5A D7 42 BE 8C A9 7D
    .Êq?├H?'Ò.Þ=??ã.S╔.;>■.Sm,H±I?.?YfÏÂÙ*µ??¨\\´ß.╝.´..FK?└┌{diãÔbË?=KÕ.;╬^?.#l@ftk
    d▓..╝▓?.«..??╦╠.?E´"Ã?WÙþ┴0..aa.WNKá▒´:ZÎB¥?®}
    Last edited by UnknownDog; 13-01-15 at 12:42 AM.


  2. #2
    Moderator Eric is offline
    ModeratorRank
    Jan 2010 Join Date
    DEV CityLocation
    3,188Posts

    Re: IDB loginpacket

    CLogin::OnCheckPasswordResult is 0x00.

    Pretty much how you would decode it is reference your v117's getAuthSuccessRequest or whatever it's named in Lithium, and then look in it at IDA.

    Notes:
    Decode1 = byte = 00 = mplew.write(0);
    Decode2 = short = 00 00 = mplew.writeShort(0);
    Decode4 = int = 00 00 00 00 = mplew.writeInt(0);
    DecodeStr = string = 01 00 61 = mplew.writeMapleAsciiString("a");
    DecodeBuffer depends. Decode buffer is usually like CInPacket::DecodeBuffer(v12, 0x8u); The 0x8u part is the length of the buffer. When 0x8u is set, it means it's a long (00 00 00 00 00 00 00 00, mplew.writeLong(0), but when it's sometihng like 0xDu it means it's 13. Normally this is a mplew.writeMapleAsciiString("a", 13); which means you have a max amount of characters at 13.

    With all of this, looking in that IDB you will find Decode calls. These are what you'll be writing in your packet. Some are booleans which is like if (CInPacket::Decode1(v4)) {, and etc. But like I said, just reference your v117's. I doubt much if anything has changed on that packet.

  3. #3
    (O_o(o_O(O_O)o_O)O_o) Novak is offline
    MemberRank
    Apr 2009 Join Date
    The NetherlandsLocation
    1,120Posts

    Re: IDB loginpacket

    Thanks! Will see if I can manage. I've also enabled logging (like you also recommended) and I'm slowly becoming a lot wiser. Starting to get things slowly. It's giving me clear error's so that's nice.

    Also, thank you soo much. You've been the most helpfull person so far :D. Can't thank you enough!!

  4. #4
    Moderator Eric is offline
    ModeratorRank
    Jan 2010 Join Date
    DEV CityLocation
    3,188Posts

    Re: IDB loginpacket

    Quote Originally Posted by pow3rran9er View Post
    Thanks! Will see if I can manage. I've also enabled logging (like you also recommended) and I'm slowly becoming a lot wiser. Starting to get things slowly. It's giving me clear error's so that's nice.

    Also, thank you soo much. You've been the most helpfull person so far :D. Can't thank you enough!!
    No problem. Once you've fixed your first handler and your first packet, it gets easier and easier.

    Also, a really off-topic question I couldn't resist, but that "xDMS" server back in 2009.. Are you referring to xDreamerMS v62 with 500x 150x and 10x rates?

  5. #5
    (O_o(o_O(O_O)o_O)O_o) Novak is offline
    MemberRank
    Apr 2009 Join Date
    The NetherlandsLocation
    1,120Posts

    Re: IDB loginpacket

    Quote Originally Posted by chunkarama View Post
    No problem. Once you've fixed your first handler and your first packet, it gets easier and easier.

    Also, a really off-topic question I couldn't resist, but that "xDMS" server back in 2009.. Are you referring to xDreamerMS v62 with 500x 150x and 10x rates?
    Haha, I get that a lot. Actually I believe xDreamerMS got on about a week after mine. Mine had more focus on wz-edits and custom Party-Quests. So no. It wasn't dreamer. Was allways a bit jeaulous about Dreamer since they had an awesome system that made entire channels PvP. Whilst I only had 1 pvp map. I was simply too stupid to comprehend that it would be quite easy to make it over an entire channel.

    I was quite active around the time servers like D.ChaosMS-EX were running actually. I remember going onto their chatbox and trolling on the fact they were still even using hamachi. (I was quite annoying back then en very proud I had portforwarded. Ah well, most 13 year old's are like that I suppose.)
    Also had multiples disputes on whether my WZ editor was leeching their files. In review, he probably was. He was jamming togheter all maple versions and pvs customs.

    Ah well... I'm drifting off. Back to work! (Tho loving the nostalgia this brings)



Advertisement