Рет қаралды 32,589
Looking for a Tibia bot? Visit validusbot.net
In this video you will learn how to find and call internal functions that are responsible for structuring and sending packets inside Tibia MMORPG. We will use x32 debugger to find these functions, figure out their calling convention, make a prototype of these functions and call them inside our C++ DLL. This video will teach you everything you need to know to be able to reproduce any packet in the game. This will be the base knowledge we will use in further development of our simple Tibia cheat.
Support us on Patreon: bit.ly/38mnveC
Discussion & Download : bit.ly/32XPTli
Tibia is one of the oldest and most successful massively multiplayer online role-playing games (MMORPG) created by a small development studio from Germany called Cipsoft back in 1997. For more than 20 years now, players have been visiting the medieval world of Tibia. It was really popular back in the day and still is cause of it's unique look and user-friendly client. There are 4 vocations (roles) you can play. Druid, knight, sorcerer and paladin. Each has it's strengths and weaknesses in PVP and PVE. Tibia map is HUGE and there are so many spawns, quests and mysteries you can research that you will never get bored.
Tibia, as most of the other MMORPG games has encrypted packets. Packets coming from the server are encrypted with RSA key that we can find in the memory of the client, but when connecting to the game world client receives XTEA key that it uses to encrypt all outgoing packets to the server. This XTEA key is valid as the lifetime of the socket, that means if you log out and login you cannot use that same XTEA key again. If we were to build a proxy we would have to reverse encrypt/decrypt functions and make them inside our proxy. By simply injecting a DLL and calling these functions all of that is taken care for us by the client and we are 100% sure that the client encrypted the packet correctly.
First we find find a follow function through send() function inside ws2_32.dll module. After that we inspect it and compare it with attack functions. We find calls to the same functions at the end of both functions, but with different constant passed as an argument to the first function call. We change it and wee see that follow function is now sending attack packet. So we know that first function takes packet id as argument, second function takes creatureId and third a number that increments with every call to follow function. We make a simple C++ DLL and make a prototypes for all of these functions. We get functions' RVAs and add them to the module base. We call all of these functions 1 by 1 as they are called in the debugger and we reproduce follow and attack packet.
Donate on our Forum : bit.ly/2HkOco9
Support us on Patreon : bit.ly/38mnveC
Reverse Engineering Tibia Packet Function - x64dbg Tutorial
Follow us on Facebook : bit.ly/2vvHfhk
Follow us on Twitter : bit.ly/3bC7J1i
Follow us on Twitch : bit.ly/39ywOZ2
Follow us on Reddit : bit.ly/3bvOB57
Follow us on GitHub : bit.ly/2HoNXIS
Follow us on Instagram : bit.ly/2SoDOlu
guidedhacking.com