[LEAK] MapleStory Korea Test v.1029 raw EXE w/ debuggables

[Diamondo25]

Amazing release per usual, Diamondo. I attempted to gather an enumeration list from STREDIT for this, but it looks like it fails to open it. Would you by chance have a fix for this, or a work around? I attempted to use all three variations of STREDIT without any luck, just to see if they work.

Code:

---------------------------

---------------------------
System.IO.EndOfStreamException: Unable to read beyond the end of the stream.

   at System.IO.BinaryReader.FillBuffer(Int32 numBytes)

   at System.IO.BinaryReader.ReadSByte()

   at STREDIT.frmMain.Decode(BinaryReader br, Int32 stringPos, Boolean& _bstr_td_text)

   at STREDIT.frmMain.LoadFile(String pFilename)
---------------------------
OK   
---------------------------

The stringpool is corrupt in that version. I have no idea what they did, but it says it has 11200 strings, but after 10500, the pointers to the strings stop (and you get references to out-of-bounds strings). I cannot really do anything about it and it even seems that its impossible to fix it (because it would require exporting strings from a newer version and dump it somewhere in memory of this version).

[Chikn]

Little confused.

Can't you just create C header file? It should export all defined structures and enums

I knew about it. But how about the import? It will throw lot of errors if you import the exported file. Fix it manually will take forever ...

[Rezand]

Hi, I just had a quick question. I wanted to try to understand how to use IDA so I thought I would try to find the ping/pong packets. I look at all the methods in CLogin, but I didn't find anything about ping. Is it not located there?

[sunnyboy]

Hi, I just had a quick question. I wanted to try to understand how to use IDA so I thought I would try to find the ping/pong packets. I look at all the methods in CLogin, but I didn't find anything about ping. Is it not located there?

CClientSocket::ProcessPacket

CClientSocket::OnAliveReq < Will be the send packet

Inside that is the recv COutPacket::COutPacket_0(a1, 0x10u, 0);

handler recv = 0x10 ( this is an example of my old IDB, but the same method to get it is in any)

An example of from the kmst leak

Code:

case 0x12:
        CClientSocket::OnAliveReq(v2, v4);
        break;

Code:

COutPacket::COutPacket(&oPacket, 0x94);
  v16 = 0;
  v3 = TSingleton<CSecurityClient>::GetInstance();
  v4 = CSecurityClient::_ZtlSecureGet_m_usSeq(v3);
  COutPacket::Encode2(&oPacket, v4);
  v5 = TSingleton<CSecurityClient>::GetInstance();
  v6 = CSecurityClient::_ZtlSecureGet_m_dwPos(v5);
  COutPacket::Encode4(&oPacket, v6);
  (v2->vfptr->InspectGetCrc32Function)(v2);
  (v2->vfptr->EncodeEncryptedMRCA)(v2);
  CClientSocket::SendPacket(v2, &oPacket);

This is the handler, 0x94 and has a short and int

[Rezand]

CClientSocket::ProcessPacket

CClientSocket::OnAliveReq < Will be the send packet

Ahh, thanks for this. I was looking in the wrong place.

[Tyler1q1q]

The stringpool is corrupt in that version. I have no idea what they did, but it says it has 11200 strings, but after 10500, the pointers to the strings stop (and you get references to out-of-bounds strings). I cannot really do anything about it and it even seems that its impossible to fix it (because it would require exporting strings from a newer version and dump it somewhere in memory of this version).

Thanks for the insight on that. Would it not be possible to still build the list and silently eat the exception? Having a partial list of 10500 and losing 700 or so strings seems like a better idea then not being any to view any strings!

[topkek]

Thanks for the insight on that. Would it not be possible to still build the list and silently eat the exception? Having a partial list of 10500 and losing 700 or so strings seems like a better idea then not being any to view any strings!

Works fine for me lol

Formatted for that cute IDA trick with the enum thing:
https://ghostbin.com/paste/5nz8z

Regular with no formatting & reverse IME:
https://ghostbin.com/paste/9cgm9

shameless plug for rust

[Tyler1q1q]

Works fine for me lol

Formatted for that cute IDA trick with the enum thing:
https://ghostbin.com/paste/5nz8z

Regular with no formatting & reverse IME:
https://ghostbin.com/paste/9cgm9

shameless plug for rust

ayy. Although it isn't much due to it being KMS, atleast we have directories. Appreciate it

[eddynator]

I'm a little confused here. A noob in this kinda stuff, actually.
I've been learning C# in my first year and Java this year in university, I'm coding with the v83 Solaxia source right now which has been a real pleasure so far. Everyone seems so excited about this so I'm kinda eager to learn more about this. So my question is, what is this release? Like.. is it a high version korea MS client written in C++? Is it C++ at all? Is it the the testing files of server side classes?
Thanks in advance.

[topkek]

I'm a little confused here. A noob in this kinda stuff, actually.I've been learning C# in my first year and Java this year in university, I'm coding with the v83 Solaxia source right now which has been a real pleasure so far. Everyone seems so excited about this so I'm kinda eager to larn more about this. So my question is, what is this release? Like.. is it a high version korea MS client written in C++? Is it C++ at all? Is it the the testing files of server side classes?Thanks in advance.

more to do with reverse engineering, less to do with coding. in fact this has absolutely nothing to do with coding lol

[MrStormccH]

wow man nice release
it will make maple story section MORE POWERFULL
WAKAKAKAKA

[PrinceReborn]

Anyone managed to decompile the DecodeForLocal function yet?

[topkek]

Anyone managed to decompile the DecodeForLocal function yet?

build it yourself in ida68, diamond's db is fucked

also lol it's 22925 lines long in c pseudo, i hope they're at least using macros

[Savage]

Damn good work, @Diamondo25

[CodySP]

Do you hear that?

That's the sound of a dying husk taking it's first deep breath in a long time. That husk is the /f425