Reversing Spellborn
Started by Saltiel


Rate this topic
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5


249 posts in this topic
acid-burn
Moderator
*****


0
207 posts 11 threads Joined: Sep 2010
18-09-2014, 01:26 AM -
#51
Quote:Think the maps will be stored on the client, the npc's presumably placed with S2C_NPC_ADD etc. etc.
After playing arround reading our reversed file data, I'll enumerate just some facts:

 

1. All the maps are within the client installation.

2. All the spawn point of NPC's are in the maps

3. The character information required to create the NPC's the way they looked like is missing as it was stored either in the database or in the server code which we don't have. (it might be possible though to fake the information required )

4. The Spawn locations , look, AI, ... of mobs is in the client.

 

As you progress in your code I might be able to give out additional facts.

 

Nice to see that some programmers with more knowledge and experience than mine in C/C++ have joined the team.

 

I hope Saltiel, that the data I gave you to crawl through was usefull.

This post was last modified: 18-09-2014, 10:08 AM by JW-NL.
[Image: banner10.jpg]
Saltiel
Retired dev
***


0
122 posts 3 threads Joined: Sep 2014
18-09-2014, 10:55 AM -
#52
Yes the TCOS SDK is really a gold mine! Thanks again for pointing it to me. [Image: default_smile.png] The .u files you achieved to analyze sadly cannot help me without the scripts inside. :/

 

About the C2S_CS_CREATE_CHARACTER, I have the doc but I'm interested to see what you find Slink, since this is all bitwise operation stuff so mistakes are easily made!

About the S2C_CS_CREATE_CHARACTER_ACK, I am currently reversing it, part of it are the same as in the world login I had started to reverse.

The thing is, the data is not layouted in the same way than in the C2S packet. For instance I think I will skip the arms tattoo part for a moment because it's tricky and not major stuff. (hello I shift the bits 5 to right, then 3 to left, then 4, lalala).

 

Edit: well, I should really update the doc because I'm stuck on the S2C_CS_SELECTED_CHARACTER_ACK message... The status code seems to be a unconventional one. The client just wants one DWORD, but I don't know what to put in it. The code analyzing the message is in a script, so I can't reverse it easily... The only value between 0 and 100 generating a specific error message is "2" while all the others I tried generate the same generic error message (character ID or account id does not work either). Maybe it wants a checksum, but a checksum of what, I don't know!

This post was last modified: 18-09-2014, 03:58 PM by Saltiel.
acid-burn
Moderator
*****


0
207 posts 11 threads Joined: Sep 2010
18-09-2014, 05:58 PM -
#53
Are you working on this function?

 

<pre class="_prettyXprint _lang-auto _linenums:0">
void cl_OnCharacterCreated(struct S2C_CS_CREATE_CHARACTER_ACK const &);
</pre>
[Image: banner10.jpg]
Polymo
Someone who thinks he can code
****


0
328 posts 39 threads Joined: Sep 2014
18-09-2014, 06:28 PM -
#54
it would be really nice if you updated, where you are now.

In no way meant to complain, but i think i can maybe be a little more help, if if can skip, what you already solved [Image: default_smile.gif]

(i'm currently at CS_LOGIN, trying to understand how characters can be packed into it, but it seems you already know how it works).

I'm really slow, because i still have to first understand how c++ does things (i'm only experienced in c#)

CowMooFlage
Administrator
*******


0
396 posts 7 threads Joined: Aug 2010
18-09-2014, 06:54 PM -
#55
Yes it'd be nice if you could maybe work together on this and divide tasks. Then put every piece together later? I don't know how viable this is, but it sure seems a lot nicer for both of you not to repeat each other's work.

Polymo
Someone who thinks he can code
****


0
328 posts 39 threads Joined: Sep 2014
18-09-2014, 07:31 PM -
#56
i dont want to sound as if i'm very good at reversing (i only have basic remove-nagscreen-crackme-knowledge).. i just think i'm beginning to understand how things may work, and that, if he's stuck at something

it could be helpful if i dedicated my learning process towards that current problem. And i want to be able to help.


And btw, i'm really impressed by your skills, Saltiel [Image: default_thumbsup.gif]

This post was last modified: 18-09-2014, 07:36 PM by Polymo.
Polymo
Someone who thinks he can code
****


0
328 posts 39 threads Joined: Sep 2014
18-09-2014, 10:12 PM -
#57
while looking through the sdk files i noticed some things; maybe they're helpful

<pre class="_prettyXprint">
enum eLoginRequestResult {
    LRR_NONE ,
    LRR_INVALID_REVISION ,
    LRR_INVALID_USERNAME ,
    LRR_INVALID_PASSWORD ,
    LRR_AUTHENTICATE_FAILED ,
    LRR_LOGIN_ADD_FAILED ,
    LRR_LOGIN_CONNECT_FAILED ,
    LRR_INVALID_ACTIVE_CODE ,
    LRR_BANNED_ACCOUNT ,
    LRR_SUSPENDED_ACCOUNT ,
    LRR_DISABLED_ACCOUNT
  };
</pre>
Engine.LoginToWorldByID(world.worldID,mController.CharacterID,Portal.Tag,"");

This post was last modified: 18-09-2014, 10:25 PM by Polymo.
acid-burn
Moderator
*****


0
207 posts 11 threads Joined: Sep 2010
18-09-2014, 11:56 PM -
#58
Just noticed in SBGameClasses.h :

 



struct ACharacter_GameInfo_execHandleCharacterCreationResult_Parms {
BITFIELD aSuccess : 1; // 0 80 CPF_Parm
class FString Message; // 4 400080 CPF_Parm CPF_NeedCtorLink
};
Quote:// Character_GameInfo.HandleCharacterCreationResult 120000 0 ( FUNC_Public FUNC_Delegate )

[Image: banner10.jpg]
Saltiel
Retired dev
***


0
122 posts 3 threads Joined: Sep 2014
19-09-2014, 08:35 AM -
#59
First of all thank you for your support, it's great to see that other people are involved in the process!

 

Sorry for the delay on the update but as I said, I don't have much time these days, and I was focused on reversing when I had.

 

@acid-burn: This is an interesting function to study yes, I had to go through it, but it is for the character creation. The step I am stuck on is the character selection :/ The function to study is onCharacterSelected (something like that). But the handler of the result is a scripted delegate so it's hard to reverse. Actually almost every function sounding like "onXXX"  or "execXXX" with a structure are callback involved in the packet read/write stuff.

 

@Polymo: Interesting! About the CS_LOGIN packet I don't have the exact packet structure but I see what it needs now. Actually this is exactly the type of packet which is easier to reverse after you have reversed the character creation phase (I don't know if I'm very clear on this...). The first time I worked on it I just reversed it enough to go to the next step.

 

@CowMooFlage: yes that's why I'm publishing the doc, to not waste time on reversing things already reversed. [Image: default_wink.png] Indeed if other people start to reverse, a little bit of organization would help, I think we are going to do that. [Image: default_smile.png]

 

I started to update the doc, now here: http://www.notehub.org/2014/9/19/general. I will start to look for a better anonymous wiki website later. For now if you want to edit it, just ask me the password and I will send it to you by mp.

For now look in protocol to have the basics info to get to the "Enter world" phase. I am currently adding packet structure. Most of them are not completely reversed because these days I did not have much time so I focused on the essential.

I will do all I can to finish the update before the end of this week, but with what I published you can already go as far as I am (but you may miss some things).

This post was last modified: 19-09-2014, 08:54 AM by Saltiel.
acid-burn
Moderator
*****


0
207 posts 11 threads Joined: Sep 2010
19-09-2014, 08:55 AM -
#60
Saltiel, do you mean this:

 



delegate HandleCharacterDeletionResult(bool aSuccess,string Message);
delegate HandleCharacterCreationResult(bool aSuccess,string Message);
Quote: delegate HandleCharacterSelectionResult(bool aSuccess,string Message);

 

By the way, I've sent you a new private message, did you check it?

[Image: banner10.jpg]


Forum Jump:


Users browsing this thread: 13 Guest(s)