jtales
00BFCF44~00BFCF51 jMAX_LEVEL 255 can change max lvl?
00BFD3C2~00BFD3D8 BASIC_ITEM_INVENTORY 64 can change inventory size?
BFD44E~BFD45D USER_MAX_HP 9999 Max HP?
other stuff like max EXP, max stat, max deposit around these addr
Similar lines are found in various addresses, probably just an included header?
Data Encrytion key? (starting 0x00BFF167)
MINUSKVAR "CrYpTkEy"
CRYPTION_MARK "crypted\n"
ROTORSZ 256
MASK 0377
http://www.tuhs.org/Archive/PDP-11/Trees/V7/usr/src/cmd/crypt.c
Googling show something like enigma.c, probably just a bunch of included files?
Ticks
CT0 * Clock, ・醐血 48・ рR月 14日 15時 24分, tc = 1489472640.
CT0 * Clock, ・醐血 48・ рR月 14日 15時 36分, tc = 1489473360.
Works out to 720tcs in 12 minutes, or 60tcs per minute. So 1tc per second
Game server also seems to poll to get the current time in Lunar Calendar, regardless of server time, to make things more confusing.
d2d structure
0009.d2d
columns? rows? datatype datasize column1
000000h 56 00 00 00 F1 03 00 00 01 09 00 4D 6F 6E 73 74 65 72 V...ñ......Monster
000012h 00 00 43 63 68 6B 00 CD CD CD 00 43 67 65 6E 00 CD CD ..Cchk.ÍÍÍ.Cgen.ÍÍ
000024h CD 00 4D 6F 6E 73 74 65 72 00 00 4D 6F 6E 73 74 65 72 Í.Monster..Monster
000036h 00 00 4D 6F 6E 73 74 65 72 00 00 4D 6F 6E 73 74 65 72 ..Monster..Monster
.
.
002370h 00 00 4D 6F 6E 73 74 65 72 00 00 4D 6F 6E 73 74 65 72 ..Monster..Monster
002382h 00 00 00 04 00 00 00 00 21 0B 20 00 22 0B 20 00 23 0B ........!. .". .#.
datatype datasize column1 column2 column3
Data Type? |
dataSize |
0x00 = int? |
1b |
0x01 = str? |
2b |
Quite an old post (back in 04). I wonder if structure has changed in 4.04? Apparently not changed in 4.04
https://www.logsoku.com/r/2ch.net/mmosaloon/1091879727/
680 : ネトゲ廃人@名無し[sage] 投稿日:04/11/06 19:35:18 ID:???
まぁd2dの解析とプログラム書くほうで分かれたらいいんじゃねぇの
ついでに暇だからd2dの基本構成書いといてやると
始め4byteがテーブルの数
次の4byteが各テーブルのデータの数
次からがデータ部分だが
データ部分は最初1byteが識別コードになってる
識別コードが0x01ならstringで次2byteがbyte数って感じ
でその後データが続いてデータの数だけ読めばまた識別コード。
でそれをテーブルの数ぶんやれば終わりと。
681 : 676[sage] 投稿日:04/11/06 19:49:14 ID:???
>>680
飯をまったり食ってる最中にまとめられてしまった…
ちなみに、識別コード0x01は文字列型と思えばいいと思います
他は大体数字なんで
byte数なのは0x01だけだったかも(他もあったかも知れないけど)
識別0x01なだとbyte数が2バイトでしたが
それ以外は大体1byteだったはず
デコード時はMoDにあるtxtを参考にしていけばいいと思います
Above structure seems only to apply to 0103.d2d which has to do with the patcher. Client seems to adopt a different structure now
Above structure applies to 4.04 as well
eg. 0014.cnd index file?
01 00 00 00 02 00 00 00 EE B6 BD 28 00 00 00 CB 8F 88 90 01 00 00
tableCount? entryCount data pointer? entryNumber unused? gotodirlvl data pointer? entryNumber unused? gotodirlvl
0014.d2d data file
64 D6 6E 8D 27 70 B7 E6 A8 D4 D9 45 ED 00 17 86
first exact 16 bytes seems to exist in all d2d files
5B FD 17 FE C7 1F 9B D7 AC DA 68 FF BC AD 7F 15
7B BC A5 90 A2 58 08 82 DE 2F 4A CA E1 7D 3B E3
CA 8C FD 86 53 C9 97 90 A7 15 CD 3F 36 A3 78 FC
D6 4C 12 9E 69 EA 37 43 14 D4 0A 28 2C E2 D6 A4
64 0B 50 BC 43 E8 3F 27 B8 FA 14 7E 32 4B 86 66 46 37 43 63
? seems always present at end of d2d files (also exists in gTW d2ds)
Interesting files:
0068.CND
About AdvWebQuery
In Options.jtales there are a few definitions that open up certain ports for what it calls AdvWebQuery. It's probably related to some remote GM tools?
I've gotten the server to respond and accept ssh connections, but haven't had much luck getting pass authentication.
My hunch is, if it's possible to successfully login, it's probably possible to manage the server remotely, and apply changes on-the-fly without restarting?
Similarly, there's also XML_RPC, but haven't had any luck getting that to respond at all.
TEX.DAT (From GTales V1.01)
Looks like they changed the format of the packing. It appears that TEX.DAT only contains the file structure, and the other files are raw data; while the old format packs the structure and raw together.
3305 files
000028 85 85 85 85 9B F1 E1 ED .....ñáí
0 0 0 0 . d t x
000056 85 85 85 84 9B F1 E1 ED .....ñáí
0 0 0 1 . d t x
000084 85 85 85 87 9B F1 E1 ED .....ñáí
0 0 0 2 . d t x
000112 85 85 85 86 9B F1 E1 ED .....ñáí
0 0 0 3 . d t x
000140 85 85 85 81 9B F1 E1 ED .....ñáí
{} Shows 0000.DTX data block
D2PACKFILE2
000000 44 32 50 41 43 4B 46 49 4C 45 32 01 00 00 D2PACKFILE2...
000014 00 B5 14 00 00 00 E9 0C 00 00 { 08 00 00 00 .µ....é.......
xor key Total File Count { Filename Length
Filename Empty? Start Offset(->)
000028 85 85 85 85 9B F1 E1 ED 00 00 00 00 00 00 .....ñáí......
000042 00 00 02 86 01 00 DE 2B 00 00 } 08 00 00 00 ......Þ+......
Start offset uncompressed size Packed Size }
000056 85 85 85 84 9B F1 E1 ED 00 00 00 00 DE 2B .....ñáí....Þ+
000070 00 00 72 25 00 00 32 07 00 00 08 00 00 00 ..r%..2.......
000084 85 85 85 87 9B F1 E1 ED 00 00 00 00 10 33 .....ñáí.....3
000098 00 00 F8 9B 02 00 2B 38 00 00 08 00 00 00 ..ø...+8......
000112 85 85 85 86 9B F1 E1 ED 00 00 00 00 3B 6B .....ñáí....;k
000126 00 00 38 4D 04 00 86 8F 00 00 08 00 00 00 ..8M..........
000140 85 85 85 81 9B F1 E1 ED 00 00 00 00 C1 FA .....ñáí....Áú
Then proceed to TEX0.DAT from 0x0000 to 0x2BDE is plain data for 0000.DTX, 0x28DE to 0x2572 is 0001.DTX, etc.
The 4byte header 02860100 is the uncompressed size in big endian for 0000.dtx.zip if you strip it you can decompress it with zlib
zlib magic headers
78 01 - No Compression/low
78 9C - Default Compression * used by tw from what i can tell
78 DA - Best Compression
After unpacking TEX folder from Global Client 1.01, turns out the compression algorithm is different from JP Client 4.04
On a side note, Luna version 0.03beta can open 4.04 client but not Global 1.01, vice versa for Luna 0.04beta
Offzip
http://aluigi.altervista.org/mytoolz.htm#offzip
God's tool. Scans data file for zlib-able things
offzip just invalidated 5 hours of my work -__-
a very useful tool to unpack the zip (zlib/gzip/deflate) data contained in any type of file like raw files, packets, zip archives, executables and everything else.
it's needed only to specify the offset where the zip data starts or using the useful -S search option able to scan the file for possible deflate (-z -15) and zlib data.
there are also other options for extracting all the compressed streams (-a) or dumping them compressed (-A).
it's also possible to choose a windowBits value for scanning both the zlib (RFC1950) and deflate (RFC1951) blocks.
the -c option allows to work with chunked files and trying to build the original files.
the files will be dumped with a guessed extension that can be useful for their quick identification.
the tool has also a reimport option (-r) like QuickBMS.
how to dump all the zlib compressed files in an archive:
- offzip.exe -a input_archive output_folder 0
how to dump all the deflate compressed files in an archive:
- offzip.exe -z -15 -a input_archive output_folder 0
8008.exe
TEX Version Conversion Tool from Clients 4.97+
把TalesWeaver\TEX目录下所有文件复制到8008文件夹下,然后运行8008.exe
Weight Display to Crit Display (Old client? 2006/10/16)
・重量表示を致命打撃率に変更
0008B38A - 85 D2 75 04 33 C0 -> 8B 85 EC 00 00 00
0008B3C0 - 35 -> 52
0008B3CD - 68 68 6B 5B 00 -> 68 38 45 5D 00(ADDR:0016BFCB)
5 名前: 名無しさん 投稿日:2006/06/12 15:31
;多重起動
0000407E-EB
;AUTO OBJECTで環境効果OFF
000288e1-becb
000288ec-C890
;重量→致命打撃率
0008939A-8B85EC000000
000893CF-6A52
000893DD-6820F55C00
;環境OFF
000288F0-E94801000090
;USE_PACK反映
000DC656-A2B0E45E0090
4.12?
;多重
0000336E - 75 -> EB
;POTディレイ無視
0004E2A4 - 72 10 -> 90 90
;バナーなし
000E83D4 - 74 23 -> 90 90
;射程無視
00086222 - 0F 84 AE -> E9 AF 00
;環境効果オフ
000294C0 - 0F 84 47 01 00 00 -> E9 48 01 00 00 90
;解像度変更(従来の方法で解像度変更可能になる)
000E8142 - 7D 07 -> EB 14
000E8163 - 7D 07 -> EB 13
;移動速度UP
0007B800 - 8A 54 24 18 -> B2 FF 90 90
4.04j Multibox+α
InphaseNXD.exe
0000410E 75 -> EB
Client Ver.4.05 (inphasenxd.exe same as 4.04?)
・多重起動
0000410E - 75 -> EB
・射程無視
00085642 - 0F 84 AE -> E9 AF 00
・環境OFF
00029E20 - A1 E4 62 5F 00 -> A1 B6 9B 5F 00
00029E2B - 8A 48 55 -> 8A C8 90
・MOB座標HP表示
00056A4A - 0F 85 44 02 00 00 -> 90 90 90 90 90 90
00056B93 - 0F 84 99 00 00 00 -> 90 90 90 90 90 90
・クリ率表示
0008E33A - 85 D2 75 04 33 C0 -> 8B 85 EC 00 00 00
0008E370 - 35 -> 52
・装備非表示
0002844D - 74 -> EB
・影非表示
00057D64 - 74 1F -> 74 29
・エフェクト非表示
00057DE5 - 74 -> EB
・アイテム無視
000E8B86 - 74 1F -> EB 1F
dates 2012
1月25日 ver.5.26
2月22日 ver.5.28
3月28日 ver.5.30
4月25日 ver.5.32
5月30日 ver.5.34
6月27日 ver.5.36
[Target]
Version=4.04
[Address]
Send=0x004A8BA7
Recv=0x004BE01D
多重起動
0000410E - 75 -> EB
AUTO OUBJECTで環境効果オフ
00029E20 - A1 E4 62 5F 00 -> A1 B6 9B 5F 00
00029E2B - 8A 48 55 -> 8A C8 90
MOB座標HP表示(PC表示無し)
00056A4A - 0F 85 44 02 00 00 -> 0F 84 44 02 00 00
00056B93 - 0F 84 99 00 00 00 -> 90 90 90 90 90 90
重量→致命打撃率
0008E33A - 85 D2 75 04 33 C0 -> 8B 85 EC 00 00 00
0008E36F - 6A 35 -> 6A 52
0008E37D - 68 A8 ED 5B 00 -> 68 90 C9 5D 00
射程無視
00085642 - 0F 84 AE -> E9 AF 00
ログインID表示(同一鯖・禁止リスト)
00188ED6 - 8D 4C 24 34 -> 8B 4C 24 28
全キャラ作成可能(TWのフォルダにDACを作成し、TWのフォルダにある0103.d2dを2つにコピーして8185.d2a、8183.d2aにリネーム)
0015F4D0 - 77 -> EB
0015F540 - 77 -> EB
Change max stats
http://akaikage-kira.info/blog-entry-536.html
前の記事でEXPテーブルの読み込み数いじろうとしたら今までバックアップとってた起動ファイルが全て起動できなくなってたのでまた一からいじり直す羽目に・・・。今後もこのようなことがあると思われるので下記にまとめておきました。
MAX重量の書き換え
81 7D 10 0F 27 00 00 7E 07 C7 45 10 0F 27 00 00 83 7D 10 00
MAXHPの書き換え
81 7d 10 0f 27 00 00 7e 2d 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 b4 92 14 00 83 c4 10 6a 03 68 5d 0b 36 08 68 10 0f 42 08 53 ff d0 83 c4 10 c7 45 10 0f 27 00 00
81 7d 10 0f 27 00 00 7e 2d 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 3d 92 14 00 83 c4 10 6a 03 68 5d 0b 36 08 68 10 0f 42 08 53 ff d0 83 c4 10 c7 45 10 0f 27 00 00
MAXMPの書き換え
81 7d 10 e7 03 00 00 7e 2d 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 c6 91 14 00 83 c4 10 6a 03 68 21 0d 36 08 68 10 0f 42 08 53 ff d0 83 c4 10 c7 45 10 e7 03 00 00
81 7d 10 e7 03 00 00 7e 2d 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 4f 91 14 00 83 c4 10 6a 03 68 21 0d 36 08 68 10 0f 42 08 53 ff d0 83 c4 10 c7 45 10 e7 03 00 00
MAXSPの書き換え
81 7d 10 0f 27 00 00 7e 2d 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 d8 90 14 00 83 c4 10 6a 03 68 87 ca 35 08 68 10 0f 42 08 53 ff d0 83 c4 10 c7 45 10 0f 27 00 00
81 7d 10 0f 27 00 00 7e 2d 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 61 90 14 00 83 c4 10 6a 03 68 87 ca 35 08 68 10 0f 42 08 53 ff d0 83 c4 10 c7 45 10 0f 27 00 00
MAXDEFの書き換え
81 7d 10 ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 9a a3 14 00 83 c4 10 6a 03 68 22 ac 35 08 68 10 0f 42 08 53 ff d0
3d ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 0a a3 14 00 83 c4 10
81 7d 10 ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 9a a2 14 00
3d ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 0a a2 14 00
81 b8 44 01 00 00 ff 00 00 00 7e 09 c7 45 f4 ff 00 00 00 eb 47 8b 45 08 83 b8 44 01 00 00 00 79 09 c7 45 f4 00 00 00 00 eb 32
MAXMRの書き換え
81 7d 10 ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 30 a1 14 00
3d ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 a0 a0 14 00
81 7d 10 ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 30 a0 14 00
3d ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 a0 9f 14 00
81 b8 4c 01 00 00 ff 00 00 00 7e 09 c7 45 f4 ff 00 00 00 eb 47 8b 45 08 83 b8 4c 01 00 00 00
MAXSTABの書き換え
81 7d 10 ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 c6 9e 14 00
3d ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 36 9e 14 00
81 7d 10 ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 c6 9d 14 00
3d ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 36 9d 14 00
66 81 b8 8c 01 00 00 ff 00 7e 09 c7 45 f4 ff 00 00 00 eb 48 8b 45 08 66 83 b8 8c 01 00 00
MAXHACKの書き換え
81 7d 10 ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 5c 9c 14 00
3d ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 cc 9b 14 00
81 7d 10 ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 5c 9b 14 00
3d ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 cc 9a 14 00
66 81 b8 90 01 00 00 ff 00 7e 09 c7 45 f4 ff 00 00 00 eb 48 8b 45 08 66 83 b8 90 01 00 00
MAXINTの書き換え
81 7d 10 ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 f2 99 14 00
3d ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 62 99 14 00
81 7d 10 ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 f2 98 14 00
3d ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 62 98 14 00
66 81 b8 2c 01 00 00 ff 00 7e 09 c7 45 f4 ff 00 00 00 eb 48 8b 45 08 66 83 b8 2c 01 00 00
MAXDEXの書き換え
81 7d 10 ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 88 97 14 00
3d ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 f8 96 14 00
81 7d 10 ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 88 96 14 00
3d ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 f8 95 14 00
66 81 b8 30 01 00 00 ff 00 7e 09 c7 45 f4 ff 00 00 00 eb 48 8b 45 08 66 83 b8 30 01 00 00
MAXAGIの書き換え
81 7d 10 ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 1e 95 14 00
3d ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 8e 94 14 00
81 7d 10 ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 1e 94 14 00
3d ff 00 00 00 7e 26 83 ec 08 68 10 0f 42 08 8b 5d 08 53 e8 8e 93 14 00
66 81 b8 34 01 00 00 ff 00 7e 09 c7 45 f4 ff 00 00 00 eb 48 8b 45 08 66 83 b8 34 01 00 00
置き換え機能で赤文字の所を変更する。
あと書き換えたjtalesファイルを起動するとPermision Deniedと言われて起動できない場合、権限を変更すれば できると思うので
chmod 700 /tw404/jtales0/jtales
chmod 700 /tw404/jtales1/jtales
chmod 700 /tw404/jtales2/jtales
を実行した上げて下さい。
もうLvの上限は諦めようかな・・・Lvの上限変えられてもEXPで扱える値が32ビットだから本鯖基準で考えると280くらいまでしか上げることが出来ないんですよね。もう根本的に起動ファイルの構造を変えないと駄目っぽい。さすがに素人がそこまでできるわけがないのであ~どっかの社員がまた鯖流出してくれないかな~
そう言えば手動振りの部分まとめるの忘れた・・・080cd475 <_c_LevelManager__increaseUserVital_vitalType_value_>:付近のをいじれば手動で振れるようになります。
かばんバグ2 Edit
バインドストーンを大量に所持+鞄に入れる→持っていたアイテムを投げる→予め地面にあるBSを拾う
これにより鯖落ちが起こり、数分巻き戻る。これにより投げたアイテムが増える。
これにより魔石999個やSHI上限装備が大量に出回った。バグ修正済み。
Comments (0)
You don't have permission to comment on this page.