You don't even need to unpack the executable to find the opcodes.
Otherwise you also could just hook the themida functions, like an certain bot creator probably did.
(Olly plugins won't work on win 7/8 64 bit+)
If you think IDA will help you that much, then, there is an unpack script which can be found with google. (For me it needed an rework at some lines, thanks to the ultra smart dude who created it)
With an unpacked exe you can easily do some hex edit and shit like hooks, but you will
not get around finding out all offsets by yourself, if no one is gentle enough to
do the work for you. I found the refresh position of characters myself - used this
to teleport me - and also the UseSkill and such functions.
Till now I didn't finish to use skills by Id. (Weird functions and a huge amount of
skills + levels -> too much work for a game which is only hyped in ru atm)
@@
Those opcodes are quite useless, since you need the structs of the packets and
without reserve engineering you can't get those which aren't used ordinary
by the client. - In the hope to find a packet that actually gives you a kind
of super boost like teleport or the removal of an instance's cd.
(If you are not about to make an emulator)
I have used to find the packets opcodes and structs myself.
I don't exactly know how the client generates the structures, like for the target packet,
but I managed to use the decrypt function itself to send this packet.
Just had some failures there with some other packets, like join instance packet, maybe it was also just because the function is called by two different threads.
However this is how the structure looked like for me, when sending the skill + target list
Code:
typedef struct SAttackPacket
{
uint16_t size; //0x17
uint16_t opcode; //58453
uint16_t skillId; //Id+levelOfSkill
uint16_t unknown; //1024
uint8_t charge; //0/1
float x;
float y;
float z;
uint16_t dir;
} TAttackPacket;
struct SUB_SECTION_TARGET
{
SUB_SECTION_TARGET(uint32_t num, uint32_t id, uint32_t _type)
{
step = num;
head = num * 0x10 + 0x1F;
head_1 = num * 0x10 + 0x3F;
target = id;
type = _type;
};
SUB_SECTION_TARGET()
{
}
~SUB_SECTION_TARGET()
{
}
uint16_t head;
uint16_t head_1;
uint32_t step;
uint32_t target;
uint32_t type;
};
struct SUB_SECTION_POS
{
SUB_SECTION_POS(uint32_t num, uint32_t next, float x, float y, float z)
{
head = num * 0x10 + 0x2F;
head_1 = next * 0x10 + 0x3F;
};
SUB_SECTION_POS()
{
}
~SUB_SECTION_POS()
{
}
uint16_t head;
uint16_t head_1;
float x;
float y;
float z;
};
struct TSECTION
{
SUB_SECTION_TARGET _target[4];
SUB_SECTION_POS _pos;
};
struct SECTION
{
SECTION()
{
}
~SECTION()
{
}
SUB_SECTION_TARGET _1;
SUB_SECTION_POS _2;
TSECTION _3[5];
};
typedef struct STargetListPacket
{
uint16_t size; //6f (0x15 targets)
uint16_t opcode; //31096
uint16_t unknown; //84
uint16_t seg_0; //0x1F 0x00
uint16_t amount;
uint16_t seg_1; //0x2F 0x00
uint16_t skillId; //skillId+10+stage
uint16_t unknown_1; //1024
float x;
float y;
float z;
uint16_t dir;
uint8_t hit;
SECTION segments;
} TTargetListPacket;
I'd like to use ns-3 (c++ lib) to make myself an own send function
with the decrypt function included.
An sticky thread where people post their results by finding packets and it's structures, would be amazing, too.
@P-Servers
That will be a HUGE amount of work for sure if you want something decent.
Btw. the direction in degrees = dir/180, if I remember right.
Reply With Quote![[Release] Tera Live Packet Sniffer](http://ragezone.com/hyper728.png)
Originally Posted by CrystalCoder
