Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Can someone check if the Holiday Tree Ring throws an exception in this condition?
#1
Posted this on /r/maplestory and my post got removed by mods. Reposting it here!

Anyway, for some odd reason I have nothing to do so I'm looking at the game data again and rehashing my scripts. I seem to have discovered some undefined behavior in the equipment data that I wanted to see if anyone could figure out what happens... for SCIENCE.

Warning:
Proceeding with this could cause undefined behavior on the client and may cause your game to crash or autoban you. This is not an exploit which would give you any advantage in the game. It's for this reason that I'm deciding to share this at all. Proceed at your own risk.

Explanation (TL;DR below):
Suppose there's an image in the game data called walk/1

The game data allows you to define "walk/1/_inlink" if you want to the client to use a different image within the same game data file. Or, you could specify "walk/1/_outlink" to point to an image located in a different game data file. In either case, because an _inlink or _outlink parameter is defined for the image, "walk/1" is for sure a placeholder image.

In the creation of my scripts, I was performing some tests to make sure my scripts were correct. The particular test I was running was, "Can I have an _outlink point to another image with an _outlink? Are there any circular references?" So I was blazing through the game data to test if this could actually happen, and my parser crashed.

Why? Well, an _inlink was defined to point to an image that did not exist. So the game data was referencing an image that's simply not there.

In this case, the itemID is Character.wz/Weapon/01702168.img and the image is "49/swingP1/0/effect/_inlink" which points to "48/backspin/1/effect", and 48/backspin/1/effect does not exist within that file.

"49" here is a reference to the Gun type weapon. SwingP1 is used when you try to perform a basic attack with a Gun that happens to be a swing (not a stab or slash - a swing). The "0" refers to this being the first image in the animation, and "effect" just means it's the effect that's rendered.

TL;DR:
Nexon makes bad data.

Does anyone have the item "Holiday Tree Ring"? It's a cash shop weapon. I'm guessing if you equip that weapon over a gun and try to continue to perform basic attacks until your character swings with it, that will cause the game data to point to an image which doesn't exist, potentially causing undefined behavior leading to an unwanted game crash, autoban, or something-or-another I don't know. Or maybe the image doesn't render or something.

Here's the icon for the Holiday Tree Ring:
[Image: unIYFGh.png]

EDIT: Problem appears to be partially solved thanks to a friend:

https://mapletip.com/maplestory-equipment/Holi

Looks like in later versions of GMS, they disallow this item on guns and knucklers (where the problem is). So I'm guessing someone discovered a problem with this item on guns and knucklers, it was reported, and instead of fixing the problem on the item they just left the data and coded an exception to not allow guns/knucklers to equip it.

The problem is that handcannons also link to this:

_inlink not exist! :: 49/swingP1/0/effect/_inlink --> 48/backspin/1/effect
_inlink not exist! :: 49/swingP1/1/effect/_inlink --> 48/backspin/2/effect
_inlink not exist! :: 53/swingP1/0/effect/_inlink --> 48/backspin/1/effect
_inlink not exist! :: 53/fly/0/effect/_inlink --> 49/doublefire/0/effect
_inlink not exist! :: 53/fly/1/effect/_inlink --> 49/doublefire/1/effect


53 here relates to hand cannons. So it's a swing on a hand cannon or flying (jumping in the air). Maybe if someone equips a hand cannon then tries to jump or swing, this will throw some weird exception and still crash.
Reply
#2
What version of GMS are you using? I just checked GMS v226, the current version, and they removed any references for effect in the ones you listed, leaving them as a 1px file with no data.

Guns:
[Image: 1AFGEvp.png]

Hand Cannons:
[Image: h7WJsc0.png]
[Image: E1jhEjl.png]

One thing I've noticed as a side note is that in all non-KMS versions, they keep swapping outlinks for some strange reason. For example, GMS v225 could have Character.wz/Weapon/01702168.img/49/walk1/1/weapon/_outlink point to Character.wz/Weapon/01702168.img/30/walk1/0/weapon, and then in v226 it could swap so that Character.wz/Weapon/01702168.img/30/walk1/0/weapon/_outlink references Character.wz/Weapon/01702168.img/49/walk1/1/weapon. Nexon doesn't just make bad data but also makes a bunch of useless changes that serve no purpose. Again, I've never dealt with this in KMS.
Reply
#3
Thanks for checking! I was working with v213 data since it was the most recent stuff I had. Great detective work. Maybe they fixed it?

If they keep updating the img files like that, it will make it a bit harder for me to find meaningful differences in files.

The way I currently determine if a file was changed or not:
- Calculate the sha1 of the previous packed img file
- Calculate the sha1 of the new packed img file
- If the two sha1's are different, unpack them and output the differences

Since the sha1 will be different... that's a lot of bloat. Sad

Then again, I'm already finding a lot of bloat when it comes to images in the game data. I submitted 1.34M images to unpack across all WZ files. After doing some legwork, I determined that 50k of these images are duplicates (same sha) and I do not unpack the 1x1 placeholder images. I've detected about 20k duplicate images within character.wz alone. I think their algorithm is a bit screwy or something.

Working with the wz files is not easy lol.
Reply
#4
Meanwhile, I'm hearing something about the new 64bit client in KMS using a completely different format (or encryption?) on the .wz files...
Reply
#5
Well, I haven't heard anything about the new format on the wz files, but they did change to a different format for the .patch files. I tried looking at 01123to01128.patch for KMST and it blew up my patcher because it's using a different format. Did they tell me? No.

Need to figure it out! NXPatcher won't work anymore on this. The changes seem minimal, though.

The method we've used for more than 10 years for patching the game will no longer work very soon.

EDIT: I now have the latest KMST data. I updated my patcher so it would work with the new format. Luckily, they didn't change too much and what they did change was easy to figure out.

Yeah, the WZ files are laid out in a new way. The encryption did not change, from what I can tell. I'm going to parse the data tomorrow to see if there's anything new or interesting.
Reply
#6
This is the new format; they split the WZ files up into folders and multiple partitions. Here's the base Data directory:
[Image: G24PJ0i.png]

and here's Skill as an example
[Image: b6LVqXM.png]

This is the full output (in spoiler tags because it's a colossal list):

 Spoiler

Kagamia and KENNYSOFT were able to get WzComparerR2's Patcher to work with the new 64 bit structure.
Reply
#7
Yeah, overall it's pretty underwhelming the changes they made. The format didn't change much once you read the WZ files. All existing unpackers will work.
Reply
#8
Hey @PirateIzzy, how did you patch your game? Did you have access to some sort of patch reader?
Reply
#9
Fiel Wrote:Hey @PirateIzzy, how did you patch your game? Did you have access to some sort of patch reader?

I use the Nexon Launcher for GMS since pre-patching no longer works with it. Someone else I know looked into it, and this is what he explained:

Quote:Heres the technical details regarding why its no longer possible:

The Nexon Launcher reads a hash, that contains an encrypted URL (and probably the correct GET sequence to grab the patch). The launcher runs this through a subroutine to decode it, and then punches it in directly. I was able to reverse the python bytecode out and get this, but that's not the thing that is blocking prepatching. Nexon pushes this up minutes before the servers come back up, rendering prepatching ineffective.

My guess is the patch is uploaded sometime hours ago, but without this hash we have no direction where to obtain it. So its GG.


However, I use WzComparerR2's built-in patcher for every other version of MS (KMS, JMS, CMS, TMS, and MSEA), since none of them work the same way as GMS.
Reply
#10
That's good to know, but I meant KMST. How did you get those patch files? Like, did Nexon publish an EXE patcher for it?
Reply
#11
Fiel Wrote:That's good to know, but I meant KMST. How did you get those patch files? Like, did Nexon publish an EXE patcher for it?

Nexon still uploads KMS/KMST patches to their CDN servers. The latest versions are:

KMS: https://maplestory.dn.nexoncdn.co.kr/Pat...0354.patch
KMST: https://maplestory.dn.nexoncdn.co.kr/Pat...1129.patch
Reply
#12
We're getting closer! Thank you, Slip.

Yes, KMS and KMST offers their own patch files. Somehow, PirateIzzy was able to patch his game to get the latest files. However, the patch files use a new format. How did he patch his game? I'm looking for Nexon code that was used to patch the game because the patch files use a new format.
Reply
#13
Fiel Wrote:We're getting closer! Thank you, Slip.

Yes, KMS and KMST offers their own patch files. Somehow, PirateIzzy was able to patch his game to get the latest files. However, the patch files use a new format. How did he patch his game? I'm looking for Nexon code that was used to patch the game because the patch files use a new format.

Sorry, I misunderstood your last question. I don't know much about Nexon code other than the WZ files, but here's the codebase for WzComparerR2 that I forked my repo from:
https://github.com/Kagamia/WzComparerR2

And this was his commit that fixed the patching format for 64 bit:
https://github.com/Kagamia/WzComparerR2/...7ca897df33

Here's my fork of it:
https://github.com/PirateIzzy/WzComparerR2


With WzCR2, go to Tools -> Patcher, select the Patch File and the MapleStory Folder, and then you can patch it.
Reply
#14
PirateIzzy Wrote:Sorry, I misunderstood your last question. I don't know much about Nexon code other than the WZ files, but here's the codebase for WzComparerR2 that I forked my repo from:
https://github.com/Kagamia/WzComparerR2

And this was his commit that fixed the patching format for 64 bit:
https://github.com/Kagamia/WzComparerR2/...7ca897df33

Here's my fork of it:
https://github.com/PirateIzzy/WzComparerR2


With WzCR2, go to Tools -> Patcher, select the Patch File and the MapleStory Folder, and then you can patch it.

Ahhhh, that answers my question, thank you! I see that his source code does have the 1125 KMST update in it. Good to know.

I was hoping to find a Nexon EXE patcher so I could make prepatchers from that to update NXPatcher easier.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)