Reversing Spellborn

<div>
if someone has or can get access to the database somehow, that would be extremely helpful as all the ids are very unpredictable (for example amplify fear skill is 106928)


</div>

Polymo, come join JW and me on Ventrilo.

 

We might be able to help.

Hi Polymo, have a look at this video about the skilldeck:

 


<iframe width="459" height="344" src="https://www.youtube.com/embed/6FUpLjozYMw?feature=oembed" frameborder="0"></iframe>

yes, i have seen that video some time ago.

You guys are getting through this at a pretty impressive pace!

 

Not got my notes on me atm but when I get home I can fill in some detail on C2S_CS_CREATE_CHARACTER, the character appearance data was interesting, its a packed array where each variable uses a different number of bits, there's a single bit flag in amongst it so all the 8-bit vars after it end up using 7 bits of one byte and 1 bit of the next byte (i.e. Torso clothing ID and Hair Colour).

 

I thought it was a bit odd that all the clothing item ID's are 8-bit but the weapon ID's are 16-bit, may just be that starting characters can only use clothing with ID's < 256? as I thought there were way more clothing options in TCOS?

It's interesting what you found about this packet. Actually the way the data is stored in this packet is not the "final storage way" because then when the server ACK this packet, it sends again the data and it's not formatted in the same way. So it could explain the low ID range for starting characters (you have access to only a few items on the character creation screen).

I started to reversed that one or two weeks ago and had no time on reversing since so I cannot say much more on that. Will get back to it asap. If you look at the doc on the github wiki you will see what I found on this packet.

Aye, it looks like it sends a dword to indicate how many bytes are in the packed structure, then the variables with varying number of bits all packed together.  It makes sense to do that to use as few bits as possible keeping the packet size down, though the use of a dword size value seems a massive waste of space.

I don't know if you saw that but that's what I found about this packet (it's on github). I think, merged with what you found about the "bits packing" we should have the answer:

<pre class="_prettyXprint">
struct C2S_CS_CREATE_CHARACTER (various size)
{
struct PacketHeader header;
DWORD lod0size;
byte[lod0size] lod0;
DWORD lod1size;
byte[lod1size] lod1;
DWORD lod2size;
byte[lod2size] lod2;
DWORD lod3size;
byte[lod3size] lod3;
DWORD charNameNumChars;
BYTE[charNameNumChars*2] characterName;
DWORD classID;
DWORD fixedSkill1ID;//Hack/slash/shoot
DWORD fixedSkill2ID;//Hack/slash/shoot
DWORD fixedSkill3ID;//Hack/slash/shoot
DWORD customSkill1ID;//choosen by player
DWORD customSkill2ID;//choosen by player
DWORD unknwownDword;//=41 it changes when the character has a shield (=43)
};

Note: Lod0 Lod1 Lod2 Lod3 are byte arrays containing appearance information.
WARNING: I am not 100% sure of their layout, so it has to be verified.

/*LOD0 size = 13
* [00] = glove left color 1
* [01] = glove left color 2
* [02] = glove right color 1
* [03] = glove right color 2
* [04] = gauntlet left color 1
* [05] = gauntlet left color 2
* [06] = gauntlet right color 1
* [07] = gauntlet right color 2
* [08] = tattoo chest + left arm (power of 16)
* [09] = tattoo left arm + tatoo right arm
* [10] = unknown (reserved for hood?)
* [11] = unknown (reserved for hood?)
* [12] = voice id
*/

/*LOD1 size = 20
* [00] = Pants color 1
* [01] = pants colour 2
* [02] = shooes color 1
* [03] = shooes color 2
* [04] = helmet color 1
* [05] = helmet color 2
* [06] = left shoulder color 1
* [07] = left shoulder color 2
* [08] = right shoulder color 1
* [09] = right shoulder color 2
* [10] = belt color 1
* [11] = belt color 2
* [12] = Thigh left color 1
* [13] = Thigh left color 2
* [14] = thigh right color 1
* [15] = thigh right color 2
* [16] = shin left color 1
* [17] = shin left color 2
* [18] = shin right color 1
* [19] = shin right color 2
*/


/*LOD2 size = 15
* [00] = glove left type
* [01] = glove right type + pants type
* [02] = shooes type
* [03] = helmet type
* [04] = shoulder left + right type part 1
* [05] = shoulder right type part 2 + gauntlet left part 1
* [06] = gauntlet left part 2 + gauntlet right
* [07] = belt type + thigh left type part 1
* [08] = Thigh left type part 2 + thigh right part 1
* [09] = thigh right part 2 + shin left
* [10] = shin right + melee weapon part 1
* [11] = melee weapon part 2
* [12] = ranged weapon part 1
* [13] = ranged weapon part 2
* [14] = unknown dword (reserved for hood?)
*/

/*LOD3 size = 10
* [0] = Race+Gender+body
* 0 to 3 = skinny (human male, daevi male, human female, daevi female)
* 4 to 7 = athletic (idem)
* 8 to 11 = fat (idem)
* [01] = skin color1 + headTypeID
* [02] = skin color2 + hairType (power of 16)
* [03] = hair type part 2 + hair color 1
* [04] = hair color 2 + torso cloth
* [05] = torso cloth color 1
* [06] = torso cloth color 2
* [07] = armor chest type + armor chest color 1
* [08] = armor chest color 1 + armor chest color 2
* [09] = armor chest color 2
*/

</pre>

the static resource file is awesomely useful!

 

Your progress is awsome

Right, packed structures then, always start with a dword indicating the number of bytes in the structure, the bytes should be read in reverse order and each variable has a set number of bits (why you read in reverse order becomes apparent with some of the more complex structures). 
 
I'll list the variables in the order you should read them just to be consistent (i.e. first var in LOD0 is Voice ID, this is the 13th byte).
 

<div>LOD0    Size = 13
    8-bits  Voice ID
    8-bits  unused
    8-bits  unused
    4-bits  unused
    4-bits  Right Arm Tattoo (0 - 5)
    4-bits  Left Arm Tattoo (0 - 5)
    4-bits  Chest Tattoo (0 - 5)
    8-bits  Right Gauntlet Colour 1
    8-bits  Right Gauntlet Colour 2
    8-bits  Left Gauntlet Colour 1
    8-bits  Left Gauntlet Colour 2
    8-bits  Right Glove Colour 1
    8-bits  Right Glove Colour 2
    8-bits  Left Glove Colour 1
    8-bits  Left Glove Colour 2
    
LOD1    Size = 20
    8-bits  Shin Right Colour 1
    8-bits  Shin Right Colour 2
    8-bits  Shin Left Colour 1
    8-bits  Shin Left Colour 2
    8-bits  Thigh Right Colour 1
    8-bits  Thigh Right Colour 2
    8-bits  Thigh Left Colour 1
    8-bits  Thigh Left Colour 2
    8-bits  Belt Colour 1
    8-bits  Belt Colour 2
    8-bits  Right Shoulder Colour 1
    8-bits  Right Shoulder Colour 2
    8-bits  Left Shoulder Colour 1
    8-bits  Left Shoulder Colour 2
    8-bits  Helmet Colour 1
    8-bits  Helmet Colour 2
    8-bits  Shoes Colour 1
    8-bits  Shoes Colour 2
    8-bits  Pants Colour 1
    8-bits  Pants Colour 2
 
LOD2    Size = 15
    8-bits  Unused
    4-bits  Unused
    8-bits  Ranged Weapon ID
    6-bits  Shield ID
    8-bits  Melee Weapon ID
    6-bits  Shin Right
    6-bits  Shin Left
    6-bits  Thigh Right
    6-bits  Thigh Left
    6-bits  Belt
    6-bits  Gauntlet Right
    6-bits  Gauntlet Left
    6-bits  Shoulder Right
    6-bits  Shoulder Left
    6-bits  Helmet
    6-bits  Shoes
    8-bits  Pants
    6-bits  Glove right
    6-bits  Glove left
 
LOD3    Size = 10 Bytes
    1-Bit   Unused
    8-bits  Chest Colour 1
    8-bits  Chest Colour 2
    6-bits  Chest Armour
    8-bits  Torso Colour 1
    8-bits  Torso Colour 2
    8-bits  Torso
    8-bits  Hair Colour
    6-bits  Hair Style
    8-bits  Body Colour
    7-bits  Head Type
    2-bits  Body Type
    1-bit   Male = 0 Female = 1
    1-bit   Human = 0 Daevi = 1
 
Not all the bits are used so there may well be unimplemented / reserved flags I've missed but its not going to matter for the server (i.e. head type only uses 6-bits with 1-bit unused after it so may as well read it as 7 bits).
 
</div>