Reversing Spellborn


Thank you for the update and helpful links Saltiel. Really appreciate all you're trying to do.


Hey Saltiel,


I started reading the document from the first link, it has indeed some basic info to start with.


From your previous post I did read you found a large packet which is maybe containing character based information.

Related to this it might be good to take a look at this Youtube video with the Spellborn character creation.


Thank you for the links, Saltiel.

i think, after i'm done with my work for the Uni i will try to get into the files again :-)

I wish i knew more about c++ (i'm only really experienced in .net).

Could you give a little hint for how one finds structs?

(i'm not very experienced with IDA; olly - i learned how to solve crackme's but that didn't help me for spellborn)



Just a quick post to show you a funny things which just happened to me when experimentating witht the world id. xD

Disclaimer: this is purely accidental and I do not understand everything behind that funny bug, do not expect to be able to connect to the world anytime soon (at least through my work).


Realy nice to see something like this back.


It's a view from below the normal world level.


Char name is blank, level and pep are at 0 and the chat channels are offcourse blank.


my guess the client was confused by your packets [Image: default_laugh.gif]


Greetings Jan-Willem.


Yes it's exactly that [Image: default_wink.png] Actually I sended to the client the id of the Hawksmouth map but without all the info about the character (because I skipped the character selection/creation). I thought I knew how to send the last position but in fact it seems to do nothing, so I'll continue to investigate. My first goal is to manage the character creation/selection phase but I would not say no to be able to load a naked character in a choosed map.


[Image: default_thumbsup.gif] Saltiel [Image: default_thumbsup.gif]


Great job!

Looks really nice.

What lies hidden. must be found

TCoS Gameplay Videos:



Well, that escalated quickly. I can access to the character creation. I have to admit that I was on the wrong packet (it was strange that I had to send all these info when I had no character to select...).

I must say that all the packets regarding the player info are a real nightmare to decode. I access to the character creation by sending a packet that I do not completely understand. I hope I will be able to understand the minimum to connect to the world, but it will take me days of work I think.


I will try to upload a small video when I have the time.


