Wednesday, December 30, 2015

Tree of Savior Released

You would think the release of the game would be happy times but the game releasing like less then a week and it already has major problems not just with bugs but also with cash shop prices that have Korean players protesting. And one of the things that I really don't understand is why people on the American forums are defending Nexon and IMCgames for all the bad things they are doing and ruining the game. Its like people enjoy punishment. But explain a bit of what's happening in Korea.

First thing is to me it sounds like they rushed a release without fixing most of the problems which they collected from the closed beta's they had. They did small fixes but ignored most of the reports or choose to release the game anyway. So you have some people using exploits such as the ones with Jukpoong, or Glyquare which are bugged mobs that don't attack but give tons of money and experience. They also decreased the rates of the game so low in order to force people to buy experience.

Remember how Ragnarok Online had the in-game shops well this feature was removed from the game after release to prevent people from being able to buy and sell products because of the mobs which are easy to kill that give tons of money. So instead of fixing the problems they are making it cost money to use the auction 20 dollars to pay for use of the auction then every item posted gets increasingly expensive the more you post.

If that isn't bad enough how about 30 dollar haircuts? You could go to great clips and use a coupon for a haircut in real life which is cheaper then a haircut in Tree of Savior. The experience rate is low so buying experience boosts is also very expensive too. With an expensive shop that means as more things get added the prices for them will just be more expensive cause the base line price is very high. Most players don't have 30 dollars to drop in a game for cosmetics. People bash on Archeage for being pay to win shop wise but at least your not spending 30 dollars for a hair change. And they've actually done a good job making it more balanced for F2P players a little too late though.

So how broken is the game? During the last two days of open beta I reported on a bug that I found allowing someone from hot keying any window by knowing what that window is called so they patched it so you can't hotkey the windows anymore to pull them open. But what people don't understand there's another part of it which I pmed privately because I didn't want people flipping out over how broken it is. But aside from hot key pulling open the menu which I pulled the GM menu opened you couldn't access it without changing the game files. But it can be done if you know how to LUA and you can bypass the security check loading the changes after the security check. Which makes the following possible:

One shot a boss but maybe just telling you about it isn't enough maybe I have to actually prove it too you. Cause maybe it sounds like I'm just lieing to you.
This picture might appear to small for most people to read but I opened addon.ipf which has most of the LUA of the client features then opened paramcontrol.lua. I'm going to paste the script here so you can see what I'm explaining:

function PARAMCONTROL_ON_INIT(addon, frame)

end



function OPEN_PARAMCONTROL()
    local frame = ui.GetFrame('paramcontrol');
    if session.IsGM() ~= 1 then
        frame:ShowWindow(0);
        return;
    end

    frame:ShowWindow(1);
    local cnt = frame:GetChildCount();
    for i = 0, cnt - 1 do
        local ctrl = frame:GetChildByIndex(i);
        local name = ctrl:GetName();
        local uiType = ctrl:GetClassName();
        if uiType == "slidebar" then
            local constName = name;
            local sl = tolua.cast(ctrl, "ui::CSlideBar");
            sl:SetMinSlideLevel(0);
            sl:SetMaxSlideLevel(1000);

            local text = frame:GetChild(constName .. "_text");
            local cls = GetClass("SharedConst", name);
            text:SetTextByKey("title", cls.Desc);
        end
    end

    cnt = frame:GetChildCount();
    for i = 0, cnt - 1 do
        local ctrl = frame:GetChildByIndex(i);
        local name = ctrl:GetName();
        local uiType = ctrl:GetClassName();
        if uiType == "edit" then
            local constName = string.sub(name, 1, string.len(name) - 5);
            local cls = GetClass("SharedConst",constName);
            local val = cls.Value;
            local valStr = string.format("%.2f", val);
            ctrl:SetText(valStr);
        elseif uiType == "slidebar" then
            local constName = name;
            local cls = GetClass("SharedConst",constName);
            local slideValue = cls.Value * 100;
            local sl = tolua.cast(ctrl, "ui::CSlideBar");
            sl:SetLevel(slideValue);
        end
    end

end

function REQ_SERVER_UPDATE_PARAM_CTRL(frame, clsName)
    
    if session.IsGM() ~= 1 then
        return;
    end

    local text = frame:GetChild(clsName .. "_edit");
    local val = tonumber(text:GetText());
    local valStr = string.format("%.2f", val);
    local cls = GetClass("SharedConst", clsName);
    iesman.ChangeIESProp("SharedConst", cls.ClassID, "Value", valStr, "Change By Tool", 1);
end

function PARAM_CONTROL_EDIT(frame, ctrl, str, num)
    local ed = tolua.cast(ctrl, "ui::CEditControl");
    local name = ctrl:GetName();
    local constName = string.sub(name, 1, string.len(name) - 5);
    local sl = GET_CHILD(frame, constName, "ui::CSlideBar");
    local val = tonumber(ed:GetText());
    sl:SetLevel(val * 100);
    REQ_SERVER_UPDATE_PARAM_CTRL(frame, constName);
end

function PARAM_CONTROL_SLIDE_RESET(frame, ctrl, str, num)
    local sl = tolua.cast(ctrl, "ui::CSlideBar");
    local clsName = sl:GetName();
    local edit = frame:GetChild(clsName .. "_edit");
    edit:SetText("1.00");
    sl:SetLevel(100);
    REQ_SERVER_UPDATE_PARAM_CTRL(frame, sl:GetName());
end

function PARAM_CONTROL_SLIDE(frame, ctrl, str, num)
    local sl = tolua.cast(ctrl, "ui::CSlideBar");
    local val = sl:GetLevel();
    local text = frame:GetChild(ctrl:GetName() .. "_edit");
    local str = string.format("%.2f", val * 0.01);
    text:SetText(str);
end

function PARAM_SLIDE_END(frame, ctrl, str, num)
    local sl = tolua.cast(ctrl, "ui::CSlideBar");
    REQ_SERVER_UPDATE_PARAM_CTRL(frame, sl:GetName());
end
So as you can see from the above this script has a check to tell whether a person is able to access the gm menu so if you pull the menu up by using hotkeys it would check to see if your marked as a gm and then tell you no you can't access it. But the problem with this is that if we know how to edit LUA we can decrypt the client files modify then load them in after the security check is passed. It gives us the ability to increase level to 1000 change stat's and other things making it possible and easy to one shot bosses in dungeons. I won't be telling you how to load changes like these cause its pretty stupid. But I do like that I get ignored by IMCgames and they release the game anyways. It makes me really disappointed so I most likely won't be waiting around for the game anymore. 

Who knows maybe someone will take the game and make a private server but with the game client being the reason behind the games failure and lacking Meruru from the xray project and his ability to make a custom client we won't see a successful private server of the game either. 

Also if your interested in seeing any of the information from the Korean players forums Nexon and IMCgames has been deleting most of the posts made on the forums but you can access a backup of them from this link But the frustration is real especially for the Korean players. But on a positive note we can come up with fun new names for what the game should be named. I have a few:

Tree of Payments
Tree of Cashshop
Tree of Exploits
Tree of GM menu
Tree of No Trade

I'm sure people could easily do better then me. But anyhow I'm going back to Archeage till Moonlight Blade comes out. Hopefully won't be disappointing like the last 5 mmorpg's that came out.

Monday, December 7, 2015

Client Exploits

I posted yesterday about the quest bug that allowed you to load any quest in the game and repeat it. But there's another way that people can bug or exploit things in the game using the same kind of option. Most likely this is because many of the features are coded client side and only seek server side for small parts of code.  I will be posting this on the forum's because I want them to get this straightened out so botters and hackers can't use it in the future.


<HotKey ID="FreeXP" Name="Free XP" DownScp="pc.ReqExecuteTx(&quot;RESTART_Q&quot;, ui.ToggleFrame('warehouse'));" UpScp="None" Key="F" UseShift="NO" UseAlt="NO" UseCtrl="YES" OnEdit="NO" />

The above allows you to pull open the warehouse menu from any map. It works with more windows then just warehouse such as shop and repair and other things.

ui.OpenFrame("itemdungeon");
('cheatlist');
ui.GetFrame("mcy_buyitem");
ui.OpenFrame("operatormode");
ui.GetFrame('paramcontrol');
ui.GetFrame("pcinvite");
ui.GetFrame('questitemuse');
ui.GetFrame("pickitem");
ui.GetFrame("shop");
ui.GetFrame("tournament");
ui.GetFrame('questreward');
ui.GetFrame("puzzlecraft");
ui.GetFrame("postbox");
ui.GetFrame("mixer");
ui.ToggleFrame("minigame");
ui.GetFrame("memberrecommend_popup");
ui.GetFrame("mcy_buyitem");
ui.GetFrame('questinfoset_2');
ui.GetFrame("manufac_renew");
ui.GetFrame("itembuffrepair");
ui.GetFrame("bosslist");



These are some of the ones which work some windows aren't implemented all the way so they crash the game. But you can pull up most of these. Even some of the GM windows open even if they don't display data. But if you edited the clients LUA you could make it display GM's data regardless of permissions or not. Since it seems there's options in the client which choose whether or not to display the data.


function OPEN_PARAMCONTROL()
    local frame = ui.GetFrame('paramcontrol');
    if session.IsGM() ~= 1 then
        frame:ShowWindow(0);
        return;
    end
 
 

Clients most likely encrypted I tried to pack a mod in for it and damaged the files for the game. But I'm sure someone with the right knowledge could figure out a work around. Either way the client should not have such extensive client side effects because people can bypass npc's and system functions in order to do what they want.

Using the shop from anywhere also works too. Which needs to be fixed to prevent bots from selling items without going back to town. Also I noticed using this to sell items it lagged and an item gave me gold without the item selling. Which leads me to believe there's a delay within the system with enough lag allowing people to sell the same item multiple times so the system for the game likely needs to be checked to make sure that it's not effected by lag. Its also possible to pull open the auction as well. All of this needs to be checked much more carefully.

Major Game Breaking Exploit

For some reason Tree of Savior game developers thought it would be a good idea to make the whole quest system client side.  So what is possible is a number of exploits using the command which I will post belong. But you can pick up any quests in the game simply by changing the npc ID number and hitting a hot key.

<HotKey ID="FreeXP" Name="Free XP" DownScp="pc.ReqExecuteTx(&quot;RESTART_Q&quot;, 30007);" UpScp="None" Key="A" UseShift="NO" UseAlt="NO" UseCtrl="YES" OnEdit="NO" />

The above is an example of one of the quests you can pick up. But you can pick up other classes quests and be multi different classes without making new characters. People are using this to level to 200 as well.  Some quests reward items or money and that is also being exploited. But we have no idea how much is possible with client side modifying. Its possible that it is more broken then we know. For example some of what Ive found in the client itself.

ui.OpenFrame("itemdungeon");
ui.GetFrame('questinfoset_2');
ui.LBUTTONUP, "HELP_ALRAMNOTICE_LBTNUP");
ui.GetFrame("bosslist");
ui.GetDropListFrame("SELECT_ZONE_MOVE_CHANNEL")

It might be possible to get items from a command in game. Or possibly to open the GM command window. The bugs from this are also confirmed to be working on Korea so it is not just the English server which has this problem. The bad thing is that the client will need to be reworked or people will still be able to get around and do this using programs like Cheat Engine or LUA modification's. We would not want to see the game get ruined for release. So I hope IMC games takes this seriously.