| 
View
 

Memopad

Page history last edited by Pneuma 6 years, 3 months ago

jtales

 

00BFCF44~00BFCF51     jMAX_LEVEL 255     can change max lvl?

00BFD3C2~00BFD3D8     BASIC_ITEM_INVENTORY 64     can change inventory size?

BFD44E~BFD45D     USER_MAX_HP 9999     Max HP?

other stuff like max EXP, max stat, max deposit around these addr

Similar lines are found in various addresses, probably just an included header?

 

Data Encrytion key? (starting 0x00BFF167)

 

MINUSKVAR "CrYpTkEy"

CRYPTION_MARK "crypted\n"

ROTORSZ 256

MASK 0377

 

http://www.tuhs.org/Archive/PDP-11/Trees/V7/usr/src/cmd/crypt.c

Googling show something like enigma.c, probably just a bunch of included files?

 

 

 

 

Ticks

 

CT0         * Clock, ・醐血 48・ рR月 14日 15時 24分, tc = 1489472640.

CT0         * Clock, ・醐血 48・ рR月 14日 15時 36分, tc = 1489473360.

 

Works out to 720tcs in 12 minutes, or 60tcs per minute. So 1tc per second

 

Game server also seems to poll to get the current time in Lunar Calendar, regardless of server time, to make things more confusing.

 

 

 

d2d structure

 

0009.d2d

 

             columns?       rows?     datatype   datasize       column1
000000h   56 00 00 00    F1 03 00 00    01       09 00    4D 6F 6E 73 74 65 72   V...ñ......Monster
000012h   00 00    43 63 68 6B 00 CD CD CD 00    43 67 65 6E 00 CD CD            ..Cchk.ÍÍÍ.Cgen.ÍÍ
000024h   CD 00    4D 6F 6E 73 74 65 72 00 00    4D 6F 6E 73 74 65 72            Í.Monster..Monster
000036h   00 00    4D 6F 6E 73 74 65 72 00 00    4D 6F 6E 73 74 65 72            ..Monster..Monster

.

.

002370h   00 00    4D 6F 6E 73 74 65 72 00 00    4D 6F 6E 73 74 65 72   ..Monster..Monster
002382h   00 00    00    04    00 00 00 00    21 0B 20 00    22 0B 20 00    23 0B   ........!. .". .#.
              datatype datasize    column1        column2        column3

 

 

 

 

 

Data Type?  dataSize 
0x00 = int? 1b
0x01 = str? 2b

 


 

Quite an old post (back in 04). I wonder if structure has changed in 4.04? Apparently not changed in 4.04

 

https://www.logsoku.com/r/2ch.net/mmosaloon/1091879727/

 

680 : ネトゲ廃人@名無し[sage] 投稿日:04/11/06 19:35:18 ID:???

まぁd2dの解析とプログラム書くほうで分かれたらいいんじゃねぇの 

ついでに暇だからd2dの基本構成書いといてやると 
始め4byteがテーブルの数 
次の4byteが各テーブルのデータの数 

次からがデータ部分だが 
データ部分は最初1byteが識別コードになってる 
識別コードが0x01ならstringで次2byteがbyte数って感じ 
でその後データが続いてデータの数だけ読めばまた識別コード。 

でそれをテーブルの数ぶんやれば終わりと。 

 

681 : 676[sage] 投稿日:04/11/06 19:49:14 ID:???

>>680 
飯をまったり食ってる最中にまとめられてしまった… 
ちなみに、識別コード0x01は文字列型と思えばいいと思います 
他は大体数字なんで 
byte数なのは0x01だけだったかも(他もあったかも知れないけど) 
識別0x01なだとbyte数が2バイトでしたが 
それ以外は大体1byteだったはず 

デコード時はMoDにあるtxtを参考にしていけばいいと思います


Above structure seems only to apply to 0103.d2d which has to do with the patcher. Client seems to adopt a different structure now

Above structure applies to 4.04 as well

 

 

eg. 0014.cnd index file?

01 00 00 00      02 00 00 00      EE B6 BD 28       00       00       00         CB 8F 88 90     01          00     00

tableCount?      entryCount     data pointer? entryNumber  unused? gotodirlvl   data pointer? entryNumber  unused? gotodirlvl

 

0014.d2d data file

 

64 D6 6E 8D 27 70 B7 E6 A8 D4 D9 45 ED 00 17 86 

first exact 16 bytes seems to exist in all d2d files 

 

5B FD 17 FE C7 1F 9B D7 AC DA 68 FF BC AD 7F 15

7B BC A5 90 A2 58 08 82 DE 2F 4A CA E1 7D 3B E3

CA 8C FD 86 53 C9 97 90 A7 15 CD 3F 36 A3 78 FC

D6 4C 12 9E 69 EA 37 43 14 D4 0A 28 2C E2 D6 A4 

64 0B 50 BC 43 E8 3F 27 B8 FA 14 7E 32 4B 86           66 46 37 43 63

                                                           ? seems always present at end of d2d files (also exists in gTW d2ds)

Interesting files:

0068.CND

 

About AdvWebQuery

 

In Options.jtales there are a few definitions that open up certain ports for what it calls AdvWebQuery. It's probably related to some remote GM tools?

I've gotten the server to respond and accept ssh connections, but haven't had much luck getting pass authentication.

My hunch is, if it's possible to successfully login, it's probably possible to manage the server remotely, and apply changes on-the-fly without restarting?

 

Similarly, there's also XML_RPC, but haven't had any luck getting that to respond at all.

 

 

TEX.DAT (From GTales V1.01)

 

Looks like they changed the format of the packing. It appears that TEX.DAT only contains the file structure, and the other files are raw data; while the old format packs the structure and raw together.

 

 

3305 files

 

000028   85 85 85 85 9B F1 E1 ED                     .....ñáí
          0  0  0  0  .  d  t  x
000056   85 85 85 84 9B F1 E1 ED                     .....ñáí
          0  0  0  1  .  d  t  x
000084   85 85 85 87 9B F1 E1 ED                     .....ñáí
          0  0  0  2  .  d  t  x
000112   85 85 85 86 9B F1 E1 ED                     .....ñáí
          0  0  0  3  .  d  t  x
000140   85 85 85 81 9B F1 E1 ED                     .....ñáí

 


{} Shows 0000.DTX data block
  
                D2PACKFILE2
000000   44 32 50 41 43 4B 46 49 4C 45 32                         01 00 00   D2PACKFILE2...
000014   00      B5      14 00 00 00     E9 0C 00 00         { 08 00 00 00   .µ....é.......
               xor key               Total File Count        { Filename Length
               Filename                Empty?          Start Offset(->)
000028   85 85 85 85 9B F1 E1 ED     00 00 00 00           00 00   .....ñáí......
000042   00 00       02 86 01 00     DE 2B 00 00  }  08 00 00 00   ......Þ+......
 Start offset   uncompressed size    Packed Size  }
000056   85 85 85 84 9B F1 E1 ED     00 00 00 00 DE 2B   .....ñáí....Þ+
000070   00 00 72 25 00 00 32 07 00 00     08 00 00 00   ..r%..2.......
 
000084   85 85 85 87 9B F1 E1 ED     00 00 00 00 10 33   .....ñáí.....3
000098   00 00 F8 9B 02 00 2B 38 00 00     08 00 00 00   ..ø...+8......
 
000112   85 85 85 86 9B F1 E1 ED     00 00 00 00 3B 6B   .....ñáí....;k
000126   00 00 38 4D 04 00 86 8F 00 00     08 00 00 00   ..8M..........
 
000140   85 85 85 81 9B F1 E1 ED     00 00 00 00 C1 FA   .....ñáí....Áú

 

 

Then proceed to TEX0.DAT from 0x0000 to 0x2BDE is plain data for 0000.DTX, 0x28DE to 0x2572 is 0001.DTX, etc.

 

The 4byte header 02860100 is the uncompressed size in big endian for 0000.dtx.zip if you strip it you can decompress it with zlib

 

zlib magic headers

78 01 - No Compression/low
78 9C - Default Compression * used by tw from what i can tell
78 DA - Best Compression 

 


 

After unpacking TEX folder from Global Client 1.01, turns out the compression algorithm is different from JP Client 4.04

On a side note, Luna version 0.03beta can open 4.04 client but not Global 1.01, vice versa for Luna 0.04beta

 


 

Offzip

 

http://aluigi.altervista.org/mytoolz.htm#offzip

God's tool. Scans data file for zlib-able things

offzip just invalidated 5 hours of my work -__-

 

a very useful tool to unpack the zip (zlib/gzip/deflate) data contained in any type of file like raw files, packets, zip archives, executables and everything else.

it's needed only to specify the offset where the zip data starts or using the useful -S search option able to scan the file for possible deflate (-z -15) and zlib data.

there are also other options for extracting all the compressed streams (-a) or dumping them compressed (-A).

it's also possible to choose a windowBits value for scanning both the zlib (RFC1950) and deflate (RFC1951) blocks.

the -c option allows to work with chunked files and trying to build the original files.

the files will be dumped with a guessed extension that can be useful for their quick identification.

the tool has also a reimport option (-r) like QuickBMS.

how to dump all the zlib compressed files in an archive:

- offzip.exe -a input_archive output_folder 0

how to dump all the deflate compressed files in an archive:

- offzip.exe -z -15 -a input_archive output_folder 0

 

 

8008.exe

 

TEX Version Conversion Tool from Clients 4.97+

把TalesWeaver\TEX目录下所有文件复制到8008文件夹下,然后运行8008.exe

 

Weight Display to Crit Display (Old client? 2006/10/16)

 

・重量表示を致命打撃率に変更 
0008B38A - 85 D2 75 04 33 C0 -> 8B 85 EC 00 00 00 
0008B3C0 - 35 -> 52 
0008B3CD - 68 68 6B 5B 00 -> 68 38 45 5D 00(ADDR:0016BFCB) 

 

5 名前: 名無しさん 投稿日:2006/06/12 15:31
;多重起動 
0000407E-EB 

;AUTO OBJECTで環境効果OFF 
000288e1-becb 
000288ec-C890 


;重量→致命打撃率 
0008939A-8B85EC000000 
000893CF-6A52 
000893DD-6820F55C00 


;環境OFF 
000288F0-E94801000090 


;USE_PACK反映 
000DC656-A2B0E45E0090 

 

4.12?

;多重
0000336E - 75 -> EB

;POTディレイ無視
0004E2A4 - 72 10 -> 90 90

;バナーなし
000E83D4 - 74 23 -> 90 90

;射程無視
00086222 - 0F 84 AE -> E9 AF 00

;環境効果オフ
000294C0 - 0F 84 47 01 00 00 -> E9 48 01 00 00 90

;解像度変更(従来の方法で解像度変更可能になる)
000E8142 - 7D 07 -> EB 14
000E8163 - 7D 07 -> EB 13

;移動速度UP
0007B800 - 8A 54 24 18 -> B2 FF 90 90 

 

 

4.04j Multibox+α

 

InphaseNXD.exe

0000410E 75 -> EB

 

Client Ver.4.05 (inphasenxd.exe same as 4.04?)
・多重起動 
0000410E - 75 -> EB 
・射程無視 
00085642 - 0F 84 AE -> E9 AF 00
・環境OFF 
00029E20 - A1 E4 62 5F 00 -> A1 B6 9B 5F 00 
00029E2B - 8A 48 55 -> 8A C8 90
・MOB座標HP表示
00056A4A - 0F 85 44 02 00 00 -> 90 90 90 90 90 90 
00056B93 - 0F 84 99 00 00 00 -> 90 90 90 90 90 90 
・クリ率表示
0008E33A - 85 D2 75 04 33 C0 -> 8B 85 EC 00 00 00 
0008E370 - 35 -> 52
・装備非表示
0002844D - 74 -> EB 
・影非表示 
00057D64 - 74 1F -> 74 29
・エフェクト非表示
00057DE5 - 74 -> EB 
・アイテム無視 
000E8B86 - 74 1F -> EB 1F 

 

dates 2012

1月25日 ver.5.26 
2月22日 ver.5.28 
3月28日 ver.5.30 
4月25日 ver.5.32 
5月30日 ver.5.34 
6月27日 ver.5.36 


[Target] 

Version=4.04 

[Address] 

Send=0x004A8BA7 

Recv=0x004BE01D 

 

多重起動 

0000410E - 75 -> EB 

AUTO OUBJECTで環境効果オフ 

00029E20 - A1 E4 62 5F 00 -> A1 B6 9B 5F 00 

00029E2B - 8A 48 55 -> 8A C8 90 

MOB座標HP表示(PC表示無し) 

00056A4A - 0F 85 44 02 00 00 -> 0F 84 44 02 00 00 

00056B93 - 0F 84 99 00 00 00 -> 90 90 90 90 90 90 

重量→致命打撃率 

0008E33A - 85 D2 75 04 33 C0 -> 8B 85 EC 00 00 00 

0008E36F - 6A 35 -> 6A 52 

0008E37D - 68 A8 ED 5B 00 -> 68 90 C9 5D 00 

射程無視 

00085642 - 0F 84 AE -> E9 AF 00 

ログインID表示(同一鯖・禁止リスト) 

00188ED6 - 8D 4C 24 34 -> 8B 4C 24 28 

全キャラ作成可能(TWのフォルダにDACを作成し、TWのフォルダにある0103.d2dを2つにコピーして8185.d2a、8183.d2aにリネーム) 

0015F4D0 - 77 -> EB 

0015F540 - 77 -> EB


 

Change max stats

 

http://akaikage-kira.info/blog-entry-536.html

 

前の記事でEXPテーブルの読み込み数いじろうとしたら今までバックアップとってた起動ファイルが全て起動できなくなってたのでまた一からいじり直す羽目に・・・。今後もこのようなことがあると思われるので下記にまとめておきました。

MAX重量の書き換え

81 7D 10 0F 27 00 00 7E 07 C7 45 10 0F 27 00 00 83 7D 10 00

MAXHPの書き換え

81 7d 10 0f 27 00 00 7e 2d 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 b4 92 14 00 83 c4 10 6a 03 68 5d 0b 36 08 68 10 0f 42 08 53 ff d0 83 c4 10 c7 45 10 0f 27 00 00
81 7d 10 0f 27 00 00 7e 2d 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 3d 92 14 00 83 c4 10 6a 03 68 5d 0b 36 08 68 10 0f 42 08 53 ff d0 83 c4 10 c7 45 10 0f 27 00 00

MAXMPの書き換え

81 7d 10 e7 03 00 00 7e 2d 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 c6 91 14 00 83 c4 10 6a 03 68 21 0d 36 08 68 10 0f 42 08 53 ff d0 83 c4 10 c7 45 10 e7 03 00 00
81 7d 10 e7 03 00 00 7e 2d 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 4f 91 14 00 83 c4 10 6a 03 68 21 0d 36 08 68 10 0f 42 08 53 ff d0 83 c4 10 c7 45 10 e7 03 00 00

MAXSPの書き換え

81 7d 10 0f 27 00 00 7e 2d 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 d8 90 14 00 83 c4 10 6a 03 68 87 ca 35 08 68 10 0f 42 08 53 ff d0 83 c4 10 c7 45 10 0f 27 00 00
81 7d 10 0f 27 00 00 7e 2d 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 61 90 14 00 83 c4 10 6a 03 68 87 ca 35 08 68 10 0f 42 08 53 ff d0 83 c4 10 c7 45 10 0f 27 00 00

MAXDEFの書き換え

81 7d 10 ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 9a a3 14 00 83 c4 10 6a 03 68 22 ac 35 08 68 10 0f 42 08 53 ff d0
3d ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 0a a3 14 00 83 c4 10
81 7d 10 ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 9a a2 14 00
3d ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 0a a2 14 00
81 b8 44 01 00 00 ff 00 00 00 7e 09 c7 45 f4 ff 00 00 00 eb 47 8b 45 08 83 b8 44 01 00 00 00 79 09 c7 45 f4 00 00 00 00 eb 32

MAXMRの書き換え

81 7d 10 ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 30 a1 14 00
3d ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 a0 a0 14 00
81 7d 10 ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 30 a0 14 00
3d ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 a0 9f 14 00
81 b8 4c 01 00 00 ff 00 00 00 7e 09 c7 45 f4 ff 00 00 00 eb 47 8b 45 08 83 b8 4c 01 00 00 00

MAXSTABの書き換え

81 7d 10 ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 c6 9e 14 00
3d ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 36 9e 14 00
81 7d 10 ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 c6 9d 14 00
3d ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 36 9d 14 00
66 81 b8 8c 01 00 00 ff 00 7e 09 c7 45 f4 ff 00 00 00 eb 48 8b 45 08 66 83 b8 8c 01 00 00

MAXHACKの書き換え

81 7d 10 ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 5c 9c 14 00
3d ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 cc 9b 14 00
81 7d 10 ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 5c 9b 14 00
3d ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 cc 9a 14 00
66 81 b8 90 01 00 00 ff 00 7e 09 c7 45 f4 ff 00 00 00 eb 48 8b 45 08 66 83 b8 90 01 00 00

MAXINTの書き換え

81 7d 10 ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 f2 99 14 00
3d ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 62 99 14 00
81 7d 10 ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 f2 98 14 00
3d ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 62 98 14 00
66 81 b8 2c 01 00 00 ff 00 7e 09 c7 45 f4 ff 00 00 00 eb 48 8b 45 08 66 83 b8 2c 01 00 00

MAXDEXの書き換え

81 7d 10 ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 88 97 14 00
3d ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 f8 96 14 00
81 7d 10 ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 88 96 14 00
3d ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 f8 95 14 00
66 81 b8 30 01 00 00 ff 00 7e 09 c7 45 f4 ff 00 00 00 eb 48 8b 45 08 66 83 b8 30 01 00 00

MAXAGIの書き換え

81 7d 10 ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 1e 95 14 00
3d ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 8e 94 14 00
81 7d 10 ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 1e 94 14 00
3d ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 8e 93 14 00
66 81 b8 34 01 00 00 ff 00 7e 09 c7 45 f4 ff 00 00 00 eb 48 8b 45 08 66 83 b8 34 01 00 00

置き換え機能で赤文字の所を変更する。

あと書き換えたjtalesファイルを起動するとPermision Deniedと言われて起動できない場合、権限を変更すれば できると思うので

chmod 700 /tw404/jtales0/jtales
chmod 700 /tw404/jtales1/jtales
chmod 700 /tw404/jtales2/jtales

を実行した上げて下さい。

もうLvの上限は諦めようかな・・・Lvの上限変えられてもEXPで扱える値が32ビットだから本鯖基準で考えると280くらいまでしか上げることが出来ないんですよね。もう根本的に起動ファイルの構造を変えないと駄目っぽい。さすがに素人がそこまでできるわけがないのであ~どっかの社員がまた鯖流出してくれないかな~

そう言えば手動振りの部分まとめるの忘れた・・・080cd475 <_c_LevelManager__increaseUserVital_vitalType_value_>:付近のをいじれば手動で振れるようになります。

 


かばんバグ2  Edit

バインドストーンを大量に所持+鞄に入れる→持っていたアイテムを投げる→予め地面にあるBSを拾う

これにより鯖落ちが起こり、数分巻き戻る。これにより投げたアイテムが増える。

これにより魔石999個やSHI上限装備が大量に出回った。バグ修正済み。

 

Comments (0)

You don't have permission to comment on this page.