Being a packet editor user, having 3~4 years of wonderful packet editing experiences on many mmorpg games. It's time for me to share my packet editing knowledge to everyone.
This guide comprised of information gathered from other packet editing guides on the net combined with my own knowledge of packet editing. I'm an adept packet editor user, my collection of packet editors is more than a hundred stored on my computer.
If you have spare time, try reading up this guide below.
Packet editing is when you edit the packets coming to/from the Nexon/Asiasoft servers. You are basically decrypting encrypted data and changing it to whatever you want, then you send the edited packet and the effects take place.
So, basically, Packet Editing is using packets to trick the server into doing things it shouldn't, or couldn't, normally change it to what you want, then taking advantage of the effects. e.g. IRM hacking. When you have something like Maplestory, the posibilities are endless.
What are the Pros of packet editing?
You have MapleStory in your hands when you packet edit. Basically anything you want to do, be careful. By packet editing, you can easily get banned. Recently, I have been banned for 3 days for blocking the damage received packet using packet editor. Do not block any unknown packets received from the server*, high chances you will get banned instantly based on my 3 years of packet editing experiences. By packet editing, you can achieve something that is almost impossible. By packet editing you can easily exploit the game: create lots of currency in game, duping items, disconnect other players(spamming chat messages' packets on them(game client only able to receive certain amount of packets, if exceeded you will be disconnected from the game).
What are the Cons of packet editing?
Your Account will be banned. No IP ban will be set as Gameguard(IP Ban) has been replaced by hackshield(No IP Ban).
What am I doing when im packet editing?
You are taking data from Nexon/Asiasoft and decoding it to where you can change the packet, edit the packet to your own, and send a newly edited packet.
What will I need?
You'll need a packet editor, silly!
Where can I get a working packet editor on MapleStory?
I know the next question you will ask this.
If you are not playing on MapleStory, and you want to try out packet editing, try this
[Tutorial on Packet Editing]
-Allows you to log and block headers
-Packets that your client receives.
-Packets that your client sends.
1. Basic Information:Despite of being called packet editing, in most cases we cannot edit packets in our desired way. That being said, scroll hack, mesos hack and such do not exist, instead similiar effects can be possibly achieved by exploit which can be found by packet edit.
There are two types of packet, send packet and receive packet. The connection between our client and server is called a socket, and transmission of data happens when our client sends packets to/receives packets from the server.
2. Logging:When we log packets, we are not receiving them, instead we intercept them before certain event takes place. In the case of logging send packets, before they are sent to the server, we intercept them (bytes data) inside the client memory (MapleStory), and then dispatch them to the GUI (send log). While in the case of logging receive packets, before they are processed by our client, we intercept them inside the client, and then dispatch them to the GUI (receive log).
3. Sending/Receiving/Blocking:In a map with mobs around, the PE will log alot of send packets starting with header CB 00, which indicates those packets contain information of mobs movement. Before the mobs start to move, our client first sends those packets to the server, the server processes them and send receive packets back to our client which contain information such as mobs move left, move right, jump etc. Our client then processes these packets and apply them in the memory, there is when the mob start to move, and this process repeats.
When we block those packets from being sent, the server will not receive any send packets, so it won't send receive packets back to our client, hence the mobs will not move (mob freeze).
Packet blocking can also be used to defend against DC-attack. A typical DC-attack would be spamming a series of packets to the victim in very short delay interval, while in the case of MapleStory, when you spam packets to disconnect another user, you are not actually sending those packets to that user, instead you are sending to the server. Since the server does not care about intervals, it will transmits all your packets to your target. The client can only handle a certain number of receive packets at a time, when the limit is exceeded, the connection between client and server is terminated. To defend ourself from being DC-attacked, we will be blocking the receive packets involved in DC-attack.
Thus, there are whisper DC, Chat DC and ... trade DC.. they just spam the those packets to the target.....using packet editor.
4. Ignoring:Ignoring packets does not cause any effect, it ignores the packets instead of logging as to prevent mass flooding on the logger. The packets are still being sent/received and processed.
5. Analyze packets:
Usually a packet can be broke into several key parts.
A simple example, send packet of dropping 50000 mesos:
5D 00 AF 41 3B 01 50 C3 00 00
5D 00 is packet header, it indicates the type of packet.
AF 41 3B 01 is timestamp, it denotes the time at which a certain event occured, can be randomized.
50 C3 00 00 is integer value where C3 50 equals to 50000 in decimal, this is amount of mesos.
Another example, send packet of moving inventory items:
42 00 A7 6D 22 00 01 04 00 0D 00 FF FF
42 00 is packet header.
A7 6D 22 00 is timestamp, can be randomized.
01 is ID of tab, Equip: 1, Use: 2, Set-up: 3, Etc: 4, Cash: 5
01 is source position number of item.
00 is unknown, probably a boolean indicating 'true' or 'false'.
0D is target position number to be moved to.
00 is unknown, probably a boolean indicating 'true' or 'false'.
FF FF is unknown, can be randomized.
The above packet will move an equipment from slot 1 to slot 13.
A slightly more complicated example, send packet of whispering which can be used to DC others:
81 00 06 EC 28 89 00 09 00 4A 75 7A 44 43 4D 65 30 34 0E 00 48 69 2C 20 44 43 20 50 6C 65 61 73 65 2E
81 00 is packet header.
06 is static byte, cannot be changed.
EC 28 is timestamp, can be randomized.
89 is a byte that must be certain, if this byte is wrong, whisper won't work.
00 is static byte, cannot be changed.
09 00 is WORD value indicating the number of ASCII chars of the target IGN.
4A 75 7A 44 43 4D 65 30 34 is a sequence of ASCII chars of the target IGN in hex.
0E 00 is WORD value indicating the number of ASCII chars of the sentence to be whispered.
48 69 2C 20 44 43 20 50 6C 65 61 73 65 2E is a sequence of ASCII chars of the sentence to be whispered in hex.
The above packet will whisper a guy named JuzDCMe04 with 'Hi, DC Please.'.
Every character is given an unique ID (UID) by the server.
An example, send packet of opening character info, we can get character's UID by this:
6D 00 4A B6 31 00 A8 9C 26 00 FF
6D 00 is packet header.
4A B6 31 00 is timestamp, can be randomized.
A8 9C 26 00 is unsigned integer indicating the UID of a character.
FF is unknown, can be randomized.
Every mob is also assigned an UID by the server.
An example, send packet of taking damage from a mob, we can get mob's UID by this:
29 00 4D 75 BA 01 FF 00 03 00 00 00 04 87 01 00 BD 14 5B 00 00 00 00 00
29 00 is packet header.
4D 75 BA 01 is timestamp, can be randomized.
FF 00 is unknown, can be randomized.
03 00 00 00 is integer indicating damage dealt by mob.
04 87 01 00 is some certain bytes. (static yet dynamic)
BD 14 5B 00 is is unsigned integer indicating the mob UID.
00 00 00 00 is unknown, probably boolean indicating 'true' or 'false'.
6. Manipulating packets:
We can manipulate a packet and make it becomes real.
A simple example, send packet of taking physical damage (fall from high platform, damaged by obstacle etc):
29 00 F1 F2 04 01 FD 00 13 00 00 00 00 00 00 00
29 00 is packet header.
F1 F2 04 01 is timestamp, can be randomized.
FD 00 is static bytes.
13 00 00 00 is integer indicating the damage dealt to your character.
00 00 00 00 is unknown.
if my DK falls from a high platform to the bottom in Ellinia, the above packet is sent to the server. So if I change the damage part 13 00 00 00 to FF FF FF FF (4,294,967,295 in decimal) and send it, will my DK takes 4,294,967,295? No, I will DC. Why? Because the damage is in the form of integer type, meaning to say it is ranging in value from -2,147,483,648 through 2,147,483,647. Once I send 4,294,967,295 as damage, the server processes the packet and found that it causes an int overflow, which in turn becomes -2 in damage, and that is invalid, eventually the connection between my client and server terminates.
So I would change 13 00 00 00 to FF FF FF 7F (2,147,483,647 in decimal), and send it, bang my character dies and loses exp. Note that you won't be able to see the damage on your client, but others can see it, and they will be surprised on the 2 bil damage. And after you are a ghost, you can still send or spam the same packet, which will freak people out . Also, changing the damage part to 00 00 00 00 will be a 'miss'.
|This is another example, send packet of chatting to all: |
2B 00 63 F0 83 01 0F 00 42 3E 4E 52 5A 47 61 6D 69 6E 67 20 56 49 50 00 00
2B 00 is packet header.
63 F0 is timestamp.
83 is certain byte.
00 is unknown, can be 01.
0F 00 is WORD value indicating the number of ASCII chars of the sentence to be chatted.
42 3E 4E 52 5A 47 61 6D 69 6E 67 20 56 49 50 is a sequence of ASCII chars of the sentence to be chatted in hex.
00 is either null or boolean.
When I chat to all 'B>NRZGaming VIP', the above packet is sent. What can be manipulated with this, if I change the number of ASCII chars from 0F 00 to 46 00 (70 in decimal, maximum number of chars in MapleStory), and randomize all the ASCII chars in hex from 42 3E 4E 52 5A 47 61 6D 69 6E 67 20 56 49 50 to ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ('**' is randomized, 70 chars in total), and then spam it, these will be the effects:
That concludes the end of my tutorial, I have tried to summarize the important thing I know, feel free to ask questions here. Also, I am new to packet edit so if anyone found any mistake just correct me.
How to set-up and use a packet editor on MapleStory : Comprehensive RiPE Tutorial
Skip this if you already know how to inject dll :D
To begin this process, you need to have the following;
- RiPE (Packet Editor)
- Bypass (Crc) (You need a CRC Bypass in order to do memory editing in game. Otherwise, you will not be able to receive packets(DC instantly), but you are still able to send packets. Certainly, you need a CRC bypass to log received packets and get the headers of new packets after the game has been just updated.
Start Maplestory from the Nexon/Asiasoft folder, wherever you installed MapleStory you want to start up your injector. Make sure that you inject the Bypass first! After the bypass is injected, inject RiPE.
Most injectors function the same, so there are only a few slight differences. There should often be a process listing. If you have this option, always make sure MapleStory.exe is the process you are injecting to. There is also a button to browse for the .DLL that you are injecting. Click the browse
button and navigate to where your desired .DLL is. And finally, click "Inject"
Congrats! You injected without a Doctorates degree
Packet Logging and Sending
So you injected without a Doctorates. Now we get to the real "hard" work. RiPE has a "Tree" view for packets. The Tree view catagorizes
the packets by;
- Packet Received
- Packet Header
- -No Clue :P-
- Packet Itself
When "Hook Send" and "Enable Logging" are both ticked, you will see the white box start filling up with packet headers when an interaction with the game is done. These are the packets that you will be using for your exploits and such.
At the bottom of the injector, there is a text box in which you input the packet you wish to send. This process is very simple. There are a couple of things you can do to input the packet.
- Double clicking on a packet in the R- List
- Manual Input
Example of using Packet Logging and Packet SendingHere is a simple example of how these two functions are used in conjunction to make life that much easier. What I'm going to do is get the packet to open the Dimensional Mirror, from ANYWHERE in the map.
First, were going to click on "Enable Logging" and "Hook Send" to be able to get the packets that we want. We are looking for the packet to open the Mirror, so what we do is click on the Mirror, and keep an eye on the logged packets. You will be able to see that when the portal opens up, more packets will appear.
You may want to expand some of the headers in order for you to make sure you have the packet that you want.
In my example, below you will see that I had expanded 49 00 and header 4B 00. Because 49 00 was the packet that I received more of at the exact time that I opened the Mirror, I concluded that I had found what I'm looking for. 4B 00 seemed to be the packet that closed the Mirror.
Now to test out if it works!
Bazam!!! It worked! Now if I am ever so lazy that I don't want to walk to the Mirror, I can just send the packet!
MultiThe Multi tab is another unique tool that is disposable for us. It allows us to send a group of packets at once, or send a packet one at a time, at its own timing. At the top there are the few input boxes;
- Name [Name the specific packet for organization]
- Packet [Input the packet here]
- Delay [Amount of delay before the packet is sent]
- Send [Adds the packet to the list]
Clicking on "Start Spamming" will begin spamming the list of packets from top to bottom, and if you have the "Act as group" ticked, it will send all the packets at once.
I personally love using this tab as a list of all the packets I have. Because of RiPE's save feature, any time I need a packet, I load my data,
Go to this list, and double click the packet to send it.
Here you see me sending a packet just by double clicking it. This packet takes me to the Dimensional Mirror
Packet ModificationThis is my favorite use of RiPE. What packet modification does is when you send/receive a specified packet, RiPE will discard it and send/receive another packet of your choice. The packet modification is on the right of the packet editor, and has two input boxes, the top one will be the "waited on" packet, and the one below it, is the "Replacement." Once you have both of those inputs, click "Modify" and the modification will be listed in the box above the input.
Here is a really cool example :P What were going to be doing is make it so that every time you get damaged, it will always damage you for 1, regardless of anything! So we could almost say this would be a type of GM :P a weird one at that I was lucky enough to be at a noob place, and was able to receive the same packet for 1 damage, and the packet for "Miss".
3D 00 E0 56 91 00 FF 00 01 00 00 00 00 00 F0 49 02 00 25 B4 50 00 01 00 00 00 02 was the packet I received when I got hit for 1
3D 00 5C B3 9A 00 FF 00 00 00 00 00 00 00 2D E9 8D 00 46 42 57 00 00 00 00 00 02 was the packet I received when I was "Missed" on.
Were going to be working on this "1 hit" God mode :P so lets talk about that packet,
First, 3D 00 is the packet header, and the two bites after that are the time stamp. When packet editing, you usually want to randomize the time stamp ( At least I do).
To randomize any assortment of bytes in RiPE, you can use "?" or "*". Because we want to take only 1 damage every time we get hit, we are going to take the header of
the damage packet (3D 00) and put it in the top box. Again, every time a packet is sent with a header of 3D 00, it will replace it with another.
Now, lets take that damage packet and make it replace any other damage packet sent. After randomization, the packet will look like this;
3D 00 ** ** 91 00 FF 00 01 00 00 00 00 00 F0 49 02 00 25 B4 50 00 01 00 00 00 02
We click on the "Modification" button, and it will be added to the list!
Well, thank you if you took the time to read this :P Here is the end result!
Take note, even though it said "Miss" I am still taking 1 damage, ALL "Hits" will make you receive 1 damage!
If you have any questions or comments, please post below I love to respond and talk back to the community as much as I can
Farewell, and as always,
One essential command for packet editors now is byte randomization. Randomization is pretty self explanitory, whenever the command appears to randomize, the byte that was replaced by the command will be randomized. This is often used to get past things that may be limited to a certain amount in a period of time. For example, you could wisper your friend with "@@@@...", log the packet, randomize the time stamp, and this will bypass the limit of 3 (I think?) messages in a row ( <<<Don't do that, It's just an example... Old school D/C anyone? )
The commands to randomize bytes are the following;
Retention of Original Bytes!
When using packet modification, there may be a time when you want to keep the rest of the packet in tact. Instead of having to go through and typing each and every byte from the original packet, you can just add the following command! It can be used in occasions when you have edited the necessary parts, and want the rest unchanged. It makes for neater packet editing! I don't have many examples of this, I may release something that uses this depending on some circumstances. I'm sure many of you would like it but I may end up releasing something else .
The command to retain the rest of the original packet's bytes is;
The [ and ] command is pretty weird, I read and read it and have gotten to this final conclusion on it. Because I haven't been on maple to test this out, someone is going to have to think something up and do this :P What I believe it does, is takes part of the byte, and modifies it by the command given by the user. The example given by Riu involves the meso drop packet. (I'm going to feel like an idiot right now :P)
7E 00 [10000000,7FFFFFFF,+1???] [0A,0000C350,1]
First, we have "7E 00" which is the packet header. We don't want to change the packet header, for obvious reasons :P
Here comes the interesting part, this is all in theorie :P Here is how the command is laid out. [Minimum,Maximum,Expression].
Simply put, the minimum bytes can be "10 00 00 00" the maximum can be "7F FF FF FF" at any point in time. Basically, you are going to be working with the minimum, maximum, and all in-between. The way we get those in-between bytes are by having the "Expression" increase the value of the "Minimum", until it has reached the target value of "Maximum", completing the process, and looping.
Instead of bytes, we will be using pure number to make this a little easier to understand. Lets say we are starting at 1, and we want to get to 30. Here we have are minimum and maximum [1,30,]. Now we need to give it a command to get to 30. If we want to get everything in-between of 1-30, we must simply add "1" until we reach the goal, so the whole command will be [1,30,+1]. This will make us reach to 30, and once the value of 30 has been reached, it will loop, and the process will continue once again.
Here is a list of all the operations that can be used in the "Expression".
Have fun hacking and let me know if I got something wrong!
- "+" This will ADD
- "*" This will MULTIPLY
- "/" This will DIVIDE
- "-" This will SUBTRACT
- If no operation is given, the packet editor will assume you are adding.
If you find this useful, let me know by giving a little "Thanks"