v117 Magic Wheel

**blkancientss** · 12-08-13

Hey, I'm trying to get the magic wheel working as I want it for acouple things in my server.

From looking in the IDA, There are 2 send packets that need to be done for it. I'm not sure how to go about doing these.

OnMagicWheelStart

Spoiler:

Code:

int __thiscall OnMagicWheelStart(void *this, int a2)
{
  void *v2; // ebp@1
  int v3; // esi@1
  int v4; // edi@1
  int v5; // eax@1
  int v6; // eax@1
  int v7; // ebx@1
  void *v8; // eax@4
  int v9; // eax@4
  signed int *v10; // esi@5
  void *v11; // eax@5
  char *v12; // eax@5
  int v13; // eax@11
  int v14; // edi@12
  int v15; // ebp@12
  void *v16; // esi@13
  void *v17; // eax@13
  char *v18; // eax@13
  int result; // eax@26
  signed int v20; // [sp-Ch] [bp-54h]@5
  int v21; // [sp-8h] [bp-50h]@5
  int v22; // [sp-4h] [bp-4Ch]@4
  char v23; // [sp+0h] [bp-48h]@4
  int v24; // [sp+14h] [bp-34h]@1
  int v25; // [sp+18h] [bp-30h]@5
  char v26[4]; // [sp+1Ch] [bp-2Ch]@5
  int v27; // [sp+20h] [bp-28h]@4
  int v28; // [sp+24h] [bp-24h]@5
  int v29; // [sp+28h] [bp-20h]@5
  int v30; // [sp+2Ch] [bp-1Ch]@5
  int v31; // [sp+30h] [bp-18h]@13
  int v32; // [sp+34h] [bp-14h]@13
  int *v33; // [sp+38h] [bp-10h]@5
  int v34; // [sp+44h] [bp-4h]@1

  v2 = this;
  v3 = a2;
  v4 = CInPacket::Decode4(a2);
  v5 = CInPacket::Decode4(v3);
  v6 = sub_7EFD00(v5);
  sub_7FE1D0(&v24, v6);
  v7 = 0;
  v34 = 0;
  a2 = 0;
  LOBYTE(v34) = 1;
  if ( !v4 )
  {
    v14 = CInPacket::Decode4(v3);
    CInPacket::DecodeStr(v26);
    v15 = *((_DWORD *)v2 + 2112);
    LOBYTE(v34) = 2;
    if ( v14 == v15 )
    {
LABEL_18:
      v9 = *(_DWORD *)v26;
      goto LABEL_19;
    }
    v33 = &v22;
    v22 = v14 == v15;
    ZXString_char_::operator_(&v22, &v24);
    v16 = sub_8A4AE0(&v32, v22);
    v22 = 8437;
    LOBYTE(v34) = 3;
    v17 = (void *)StringPool::GetInstance();
    v18 = *(char **)StringPool::GetString(v17, (int)&v31, v22);
    v22 = *(_DWORD *)v16;
    LOBYTE(v34) = 4;
    ZXString_char_::Format((int)&a2, v18, v26[0]);
    LOBYTE(v34) = 3;
    if ( v31 )
      ZXString_char_::_Release((volatile LONG *)(v31 - 12));
    v13 = v32;
    LOBYTE(v34) = 2;
LABEL_16:
    if ( v13 )
      ZXString_char_::_Release((volatile LONG *)(v13 - 12));
    goto LABEL_18;
  }
  if ( v4 == 1 )
  {
    CInPacket::DecodeStr(v26);
    LOBYTE(v34) = 5;
    CInPacket::DecodeStr(&v25);
    v33 = &v22;
    LOBYTE(v34) = 6;
    v22 = 0;
    ZXString_char_::operator_(&v22, &v24);
    v22 = *(_DWORD *)sub_8A4AE0(&v30, v22);
    v21 = *(_DWORD *)v26;
    v33 = &v20;
    LOBYTE(v34) = 7;
    v20 = 0;
    ZXString_char_::operator_(&v20, &v25);
    v10 = (signed int *)sub_8A49E0(&v29, v20);
    v20 = 8436;
    LOBYTE(v34) = 8;
    v11 = (void *)StringPool::GetInstance();
    v12 = *(char **)StringPool::GetString(v11, (int)&v28, v20);
    v20 = *v10;
    LOBYTE(v34) = 9;
    ZXString_char_::Format((int)&a2, v12, v20);
    LOBYTE(v34) = 8;
    if ( v28 )
      ZXString_char_::_Release((volatile LONG *)(v28 - 12));
    LOBYTE(v34) = 7;
    if ( v29 )
      ZXString_char_::_Release((volatile LONG *)(v29 - 12));
    LOBYTE(v34) = 6;
    if ( v30 )
      ZXString_char_::_Release((volatile LONG *)(v30 - 12));
    v13 = v25;
    LOBYTE(v34) = 5;
    goto LABEL_16;
  }
  if ( v4 != 2 )
    goto LABEL_24;
  v8 = (void *)StringPool::GetInstance();
  v22 = *(_DWORD *)StringPool::GetString(v8, (int)&v27, 4404);
  LOBYTE(v34) = 10;
  ZXString_char_::Format((int)&a2, (char *)v22, v23);
  v9 = v27;
LABEL_19:
  LOBYTE(v34) = 1;
  if ( v9 )
    ZXString_char_::_Release((volatile LONG *)(v9 - 12));
  v7 = a2;
  if ( a2 && *(_BYTE *)a2 )
  {
    v33 = &v22;
    v22 = 0;
    ZXString_char_::operator_(&v22, &a2);
    sub_4B11C0(v22);
  }
LABEL_24:
  LOBYTE(v34) = 0;
  if ( v7 )
    ZXString_char_::_Release((volatile LONG *)(v7 - 12));
  result = v24;
  v34 = -1;
  if ( v24 )
    result = ZXString_char_::_Release((volatile LONG *)(v24 - 12));
  return result;
}

OnMagicWheelReceive

Spoiler:

Code:

LONG __thiscall OnMagicWheelReceive(int this, int a2)
{
  int v2; // ebp@1
  int v3; // esi@2
  int v4; // esi@6
  int v5; // edi@6
  char v6; // bl@6
  LONG result; // eax@8
  int v8; // esi@9
  int v9; // esi@13
  volatile LONG *v10; // edi@13
  int v11; // esi@14
  int v12; // [sp+14h] [bp-2Ch]@6
  int v13; // [sp+18h] [bp-28h]@6
  char v14; // [sp+1Ch] [bp-24h]@6
  int v15; // [sp+20h] [bp-20h]@6
  char v16; // [sp+24h] [bp-1Ch]@8
  int v17; // [sp+28h] [bp-18h]@6
  char v18; // [sp+2Ch] [bp-14h]@1
  int v19; // [sp+30h] [bp-10h]@1
  int v20; // [sp+3Ch] [bp-4h]@6

  v2 = *(_DWORD *)(CWvsContext::GetCharacterData(this, (int)&v18) + 4);
  if ( v19 )
  {
    v3 = v19 - 16;
    if ( !InterlockedDecrement((volatile LONG *)(v19 - 16 + 4)) )
    {
      InterlockedIncrement((volatile LONG *)(v3 + 4));
      if ( v3 )
        (**(void (__thiscall ***)(_DWORD, _DWORD))v3)(v3, 1);
    }
    v19 = 0;
  }
  v15 = 0;
  v20 = 0;
  v17 = 0;
  v4 = a2;
  LOBYTE(v20) = 1;
  v5 = CInPacket::Decode4(a2);
  v12 = CInPacket::Decode4(v4);
  v6 = CInPacket::Decode1(v4);
  v13 = (unsigned __int16)CInPacket::Decode2(v4);
  a2 = v5;
  if ( !sub_7E3510(&a2, &v14) )
  {
    sub_5432E0(&v14);
    *(_DWORD *)v15 = v5;
    a2 = v5;
    sub_53D5D0(&a2, &v14);
  }
  a2 = (unsigned __int8)v6;
  result = sub_7E34B0(&a2, &v16);
  if ( result )
  {
    v8 = v17;
  }
  else
  {
    sub_53FEF0(&v16);
    v8 = v17;
    *(_DWORD *)v17 = v5;
    *(_DWORD *)(v8 + 6) = v12;
    *(_WORD *)(v8 + 4) = (unsigned __int8)v6;
    a2 = (unsigned __int8)v6;
    result = sub_53D430(&a2, &v16);
  }
  if ( !v8 )
  {
    v20 = -1;
    if ( !v15 )
      return result;
    v9 = v15 - 16;
    v10 = (volatile LONG *)(v15 - 16 + 4);
    result = InterlockedDecrement((volatile LONG *)(v15 - 16 + 4));
    goto LABEL_19;
  }
  *(_DWORD *)(v8 + 10) = v13;
  v11 = v8 - 16;
  LOBYTE(v20) = 0;
  result = InterlockedDecrement((volatile LONG *)(v11 + 4));
  if ( !result )
  {
    result = InterlockedIncrement((volatile LONG *)(v11 + 4));
    if ( v11 )
      result = (**(int (__thiscall ***)(_DWORD, _DWORD))v11)(v11, 1);
  }
  v20 = -1;
  if ( v15 )
  {
    v9 = v15 - 16;
    v10 = (volatile LONG *)(v15 - 16 + 4);
    result = InterlockedDecrement((volatile LONG *)(v15 - 16 + 4));
LABEL_19:
    if ( !result )
    {
      result = InterlockedIncrement(v10);
      if ( v9 )
        result = (**(int (__thiscall ***)(_DWORD, _DWORD))v9)(v9, 1);
    }
  }
  return result;
}

How do I go about creating handlers for the magic wheel. Or if someone has already done it, I need some help with it.

**MentaL**

**kevintjuh93** · 12-08-13

Magic Wheel..

When you die and you revive yourself with the magic wheel, then there is a recvop sent to the server, you respond to it with an animation (broadcasted to others).

Here is my handler for it:

PHP Code:


public final class UpgradeTombEffect extends AbstractMaplePacketHandler {
    
    @Override
    public final void handlePacket(SeekableLittleEndianAccessor slea, MapleClient c) {
        final MapleCharacter chr = c.getPlayer();
        if (slea.readInt() == 5510000 && !chr.isAlive() && chr.haveItem(5510000)) {
            //not checking x,y if people seriously packet edit that then they are fucking stupid :)
            c.getPlayer().getMap().broadcastMessage(chr, MaplePacketCreator.showUpgradeTombEffect(chr.getId(), slea.readInt(), slea.readInt()));
        }        
    }
}

Not sure if mine is 100% correct, because there also exists that packet that tells you the remaining wheels (though that's client sided too if I am not mistaken).

**blkancientss** · 12-08-13

Originally Posted by kevintjuh93

Magic Wheel..

When you die and you revive yourself with the magic wheel, then there is a recvop sent to the server, you respond to it with an animation (broadcasted to others).

Here is my handler for it:

PHP Code:


public final class UpgradeTombEffect extends AbstractMaplePacketHandler {
    
    @Override
    public final void handlePacket(SeekableLittleEndianAccessor slea, MapleClient c) {
        final MapleCharacter chr = c.getPlayer();
        if (slea.readInt() == 5510000 && !chr.isAlive() && chr.haveItem(5510000)) {
            //not checking x,y if people seriously packet edit that then they are fucking stupid :)
            c.getPlayer().getMap().broadcastMessage(chr, MaplePacketCreator.showUpgradeTombEffect(chr.getId(), slea.readInt(), slea.readInt()));
        }        
    }
}

Not sure if mine is 100% correct, because there also exists that packet that tells you the remaining wheels (though that's client sided too if I am not mistaken).

That is the Wheel of Destiny. I am talking about the Magic Wheel which is a gachapon like system that came out in v109

MapleStory - Shop - Magic Gachapon Wheel

**kevintjuh93** · 12-08-13

Originally Posted by blkancientss

That is the Wheel of Destiny. I am talking about the Magic Wheel which is a gachapon like system that came out in v109

MapleStory - Shop - Magic Gachapon Wheel

Oh lol, I am sorry...

I sniffed that and it seems that it sends the item id's... let me search my sniffing logs!
(It sends them in a string)

EDIT: I checked your IDA methods..
The one you call OnMagicWheelStart is actually; CWvsContext::OnLinkSkillResult
It has nothing to do with MagicWheel...

**blkancientss** · 12-08-13

Originally Posted by kevintjuh93

Oh lol, I am sorry...

I sniffed that and it seems that it sends the item id's... let me search my sniffing logs!
(It sends them in a string)

EDIT: I checked your IDA methods..
The one you call OnMagicWheelStart is actually; CWvsContext::OnLinkSkillResult
It has nothing to do with MagicWheel...

Ooo, I'm just running with a v117 idb I found, so I'm not sure if anything is correct with it.

Looking in my sendops I found:

Code:

GIVE_CHARACTER_SKILL = 180
MULUNG_DOJO_RANKING = 207 
MULUNG_MESSAGE = 178 
MAGIC_WHEEL_START = 180 
MAGIC_WHEEL_RECEIVE = 181

Is the MAGIC_WHEEL_RECIEVE opcode correct, or are both of them wrong.

**AristoCat** · 13-08-13

Magic Wheel in v117 is only one opcode, and it does sends string but if you want to make sure players don't abuse it with packet editor you will need to store the item as a variable for character. There is a mode when it sends up to 10 items (if you put less the slots will be blank) and when it finishes rolling the wheel you receive a packet that contains a string.

**blkancientss** · 13-08-13

Any clue what the sendop for it is.
For sending the packet, Am I just combinding 10 item ids into a mapleasciistring and sending that as the packet, or is there more too it.

**kevintjuh93** · 13-08-13

Originally Posted by blkancientss

Any clue what the sendop for it is.
For sending the packet, Am I just combinding 10 item ids into a mapleasciistring and sending that as the packet, or is there more too it.

It doesn't work that way.... it's a special string, if someone gets me the opcode I can find it out. Can't be bothered to search that opcode.

**blkancientss** · 13-08-13

Damn, anyone have the opcode for this? I'm not very experienced with IDA, so I can't really find it.

v117 Magic Wheel

Thread Tools

v117 Magic Wheel

Re: v117 Magic Wheel

Re: v117 Magic Wheel

Re: v117 Magic Wheel

Re: v117 Magic Wheel

Re: v117 Magic Wheel

Re: v117 Magic Wheel

Re: v117 Magic Wheel

Re: v117 Magic Wheel

Advertisement