• You've discovered RedGuides, an EverQuest multi-boxing and scripting community 🧙‍♀️⚙️. We want you to play several EQ characters at once, come join us and say hello! 👋

  • A TLP without truebox has thawed (Very Vanilla ready)
    Frostreaver

MQ2uDupe [for EQEmu]

U

unknown405

Active member
Joined
Nov 17, 2006
RedCents
100¢
Here is the source code to the infamous dupe you guys always heard me talking about. This isn't the most user friendly plugin in the world. Why? Because it was made 100% solely for testing. This is basically an "all in one" type of plugin. This has 9, I believe, different packet hacks in it.

I commented every single one so you could know how to use it. I was working on a help command but figured I already commented it, so if you guys want to add a /help command then go for it. It's already there, you just need to update it.

MQ2uDupe.cpp
Rich (BB code): 
//UnKnoWn405 @ WWW.NOTADDICTED.COM

/*

  This was made by UnKnoWn405. It was originally made with ONLY PlatDupe but eventually
  got turned in to some massive plugin with tons of different dupe methods I've tried. I
  usually ended up putting a lot of packet hacks that didn't have to do with dupe, such as
  training without any GM points in here. I hope everyone enjoys it, feel free to edit it or 
  add on to it as long as you leave my name in it then I have no problem.

*/




#include "../MQ2Plugin.h"
#include "uDupe.h"

//Sets up all of the variables that can be changed in game
int SlotNum = 1;
int Quantity = 0;
int Price = 0;

int SpellID = 1;
int APICheck = 1;
int ItemID = 1;

PreSetup("MQ2UDupe");

// Command:  /plat
// How to:   /slotnum <Slot number of item on merchant you wanted to buy>
//           /uquantity <set to 0 for no quantity, 1 for things that you could stack>
//			 /uprice <set to 0, if it didn't work set to 1>
//		     /echo ${Merchant[Name].ID} to print out the ID of the item you declare
//			 /echo $Merchant.Item[#].ID} to print out the name of the item ID you declare
// -------------------------------------------------------------------------------------//
// NOTES:
// EQEmu broke this about a week ago. I'm sorry the source is released after it's broke
// but maybe you can still do something with it. You would just find the ID of the item on the
// merchant and then declare it with /slotnum, then set price to 0 and quantity to whatever
// amount you wanted. Then type /plat and it would buy from the merchant for free. This was great
// on KMRA, I made a macro to buy 8 bags full of water flasks (sell for like 600 plat there) and
// then sell them all back, it was all profit. I made over a million in minutes with a macro 
// running.

VOID PlatDupe(PSPAWNINFO pChar, PCHAR szLine){

	PSPAWNINFO pMyTarget = (PSPAWNINFO)pTarget;
	PSPAWNINFO pMe = GetCharInfo()->pSpawn;

	    if (!pTarget || !ppTarget)
		return;

BuyPkt mp;
ZeroMemory(&mp, sizeof(mp));

mp.Price = Price;
mp.Quantity = Quantity;
mp.SlotNum = SlotNum;
mp.SpawnID = pMe->SpawnID;
mp.TargetID = pMyTarget->SpawnID;
		SendEQMessage(uBUY, &mp,sizeof(mp));

}

// REMOVED BECAUSE ITS GLITCHY BUT WORKS ON LIVE
*/
-----------------
-----------------
-----------------
/*

// Command:  /coindupe
// How to:   Target coin person and type /coindupe
// -------------------------------------------------------------------------------------//
// NOTES:
// Was made to dupe GUK coins on KMRA server.

VOID CoinDupe(PSPAWNINFO pChar, PCHAR szLine){

	PSPAWNINFO pMyTarget = (PSPAWNINFO)pTarget;
	PSPAWNINFO pMe = GetCharInfo()->pSpawn;

	    if (!pTarget || !ppTarget)
		return;

CoinsPkt cp;
ZeroMemory(&cp, sizeof(cp));
cp.Chksum = 12;

		SendEQMessage(uCOINS, &cp,sizeof(cp));

}

// Command:  /dupeit
// How to:   /slotnum <slot number of item you want sold>
//           /uprice <set to 0 for bags and such, 1 for things with more than 1 quantity>
//		     /uquantity <ammount you want to sell, 0 for things not stackable>
// -------------------------------------------------------------------------------------//
// NOTES:
// EQEMu fucking broke this about a week ago, sorry that I release the source AFTER it's broke
// but maybe you can still do something with it. This also let you sell NO DROP items, then buy
// on a different toon who didn't even have to be hacking because merchant would sell for nothing.

VOID DupeIt(PSPAWNINFO pChar, PCHAR szLine){

	PSPAWNINFO pMyTarget = (PSPAWNINFO)pTarget;
	PSPAWNINFO pMe = GetCharInfo()->pSpawn;
    if (!pTarget || !ppTarget) return;

SellPkt sp;
ZeroMemory(&sp, sizeof(sp));

sp.TargetID = pMyTarget->SpawnID;
sp.SlotNum = SlotNum;
sp.Price = Price;
sp.Quantity = Quantity;

		SendEQMessage(uSELL, &sp,sizeof(sp));
}

// Command:  /trickcast
// How to:   /slotnum <slot number of spell you want to cast>
//           /uspell <id of spell you want to cast>
//		     /echo ${Spell[Name].ID} to print out the ID of the spell you declare
//		     /uAPI <API Check number of spell you are casting>
// -------------------------------------------------------------------------------------//
// NOTES:
// The meaning of this was to cast a spell that you're not actually allowed to cast.
// Even with a working API Check, this doesn't seem to work unless you actually are able to cast
// the spell. I'm sure with more testing something like this could be possible, but at this
// time it's just not working. Feel free to work on this and send me the results. 
// UnKnoWn405 on WWW.NOTADDICTED.COM

VOID TrickCast(PSPAWNINFO pChar, PCHAR szLine) {
		PSPAWNINFO pMyTarget = (PSPAWNINFO)pTarget;
		    if (!pTarget || !ppTarget) return;
CastPkt cs;
	cs.SlotNum = SlotNum;
	cs.SpellID = SpellID;
	cs.Unknown_Mask = 29;
	cs.TargetID = pMyTarget->SpawnID;
	cs.APICheck = APICheck;			//2330500735
			SendEQMessage(uCASTSPELL, &cs,sizeof(cs));
}


// Command:  /forcesplit
// How to:   /uquantity <amount in platinum you want to split>
// -------------------------------------------------------------------------------------//
// NOTES:
// I made this for yet another attempt at a possible dupe plugin that would be easier. 
// I almost knew it would not work but decided to keep it here anyway, just in case I
// ever wanted it. There is a server side check comparing amount you are splitting to amount'
// on your persons.

VOID AutoSplit(PSPAWNINFO pChar, PCHAR szLine) {
		PSPAWNINFO pMyTarget = (PSPAWNINFO)pTarget;
		    if (!pTarget || !ppTarget) return;
SplitPkt sp;
sp.Platinum = Quantity;
sp.Gold = 0;
sp.Silver = 0;
sp.Copper = 0;
			SendEQMessage(uAUTOSPLIT, &sp,sizeof(sp));
}

// Command:  /autospend
// How to:   /slotnum <ID of the AA you want to train>
//           /uspell <id of spell you want to memorize>
//		     /echo ${Spell[Name].ID} to print out the ID of the spell you declare
// -------------------------------------------------------------------------------------//
// NOTES:
// This is actually quite useless. I made it to test if you could send a packet request to
// train in a certain AA without having enough AA's to train it. But it ended up not working,
// there is a server side check comparing your AA's to how much AA's it costs to upgrade.

VOID AASpend(PSPAWNINFO pChar, PCHAR szLine) {
		PSPAWNINFO pMyTarget = (PSPAWNINFO)pTarget;
		    if (!pTarget || !ppTarget) return;
AASpendPkt sp;
sp.FunctionM = 3;
sp.Index = SlotNum;
sp.unk1 = 0;
sp.unk2 = 0;
			SendEQMessage(uAASPEND, &sp,sizeof(sp));
}

// Command:  /trainit
// How to:   /slotnum <ID of the skill you want to train> -- see Skills.h for full list

VOID Trainer(PSPAWNINFO pChar, PCHAR szLine) {
		PSPAWNINFO pMyTarget = (PSPAWNINFO)pTarget;
		    if (!pTarget || !ppTarget) return;
TrainPkt tp;
tp.SlotID = SlotNum;
tp.Some_Flag = 0;
tp.TargetID = pMyTarget->SpawnID;
			SendEQMessage(uTRAINING, &tp,sizeof(tp));
}

// Command:  /iscribe
// How to:   /slotnum <slot number you want scribed>
//           /uspell <id of spell you want to scribe>
//		     /echo ${Spell[Name].ID} to print out the ID of the spell you declare
// -------------------------------------------------------------------------------------//
// NOTES:
// There is no point in scribing a spell unless you want to, because you can memorize it
// even if it's not scribed on EQ Emu

VOID InstaScribeSpell(PSPAWNINFO pChar, PCHAR szLine) {
	PSPAWNINFO pMyTarget = (PSPAWNINFO)pTarget;

    ScribeSpellPkt sp;
	ZeroMemory(&sp,sizeof(sp));
sp.SpellBookSlot = SlotNum;
sp.SpellID = SpellID;
sp.unknown0x1 = 0;
			SendEQMessage(uMEMSPELL, &sp,sizeof(sp));
}


// Command:  /imem
// How to:   /slotnum <slot number you want memorized>
//           /uspell <id of spell you want to memorize>
//		     /echo ${Spell[Name].ID} to print out the ID of the spell you declare

VOID InstaMemSpell(PSPAWNINFO pChar, PCHAR szLine) {
	PSPAWNINFO pMyTarget = (PSPAWNINFO)pTarget;
	PSPAWNINFO pMe = GetCharInfo()->pSpawn;
			MemSpellPkt mp;
			ZeroMemory(&mp,sizeof(mp));
		mp.SpellBookSlot = SlotNum;
		mp.SpellID = SpellID;
		mp.unknown0x1 = 1023;
		mp.some_flag = 1;
			SendEQMessage(uMEMSPELL, &mp,sizeof(mp));
}

// I made a help command, so you can do /udupehelp but I never actually finished it.
// This plugin was for my personal use to dupe a bunch of different things, and have
// an advantage without fucking up the economy. I never really planned on releasing this,
// and because I know how my own plugin works I just never bothered finishing a /help command.
// feel free to add this if you want, and re-release it.

VOID uDupeHelp(PSPAWNINFO pChar, PCHAR szLine) {

WriteChatColor("MQ2uDupe Help",CONCOLOR_YELLOW);
WriteChatColor("------------------",CONCOLOR_YELLOW);;
}

//Here is where all of the variables can be changed in game. You can change Spell ID, 
//API Check (absolutely no point, you can't trick the server even with the right API),
//Slot number, Price, and Quantity. 

VOID uSpellID(PSPAWNINFO pChar, PCHAR szLine) {
	CHAR szMsg[MAX_STRING] = {0};
	CHAR szArg[MAX_STRING] = {0};
	GetArg(szArg,szLine,1);

	if(IsNumber(szArg)){
		SpellID = atoi(szLine);
        sprintf(szMsg,"Spell ID set to: %d",SpellID);
        WriteChatColor(szMsg, CONCOLOR_YELLOW);
	} else {
        sprintf(szMsg,"Spell ID is currently: %d",SpellID);
        WriteChatColor(szMsg, CONCOLOR_YELLOW);
    }
    return;
}

VOID uItemID(PSPAWNINFO pChar, PCHAR szLine) {
	CHAR szMsg[MAX_STRING] = {0};
	CHAR szArg[MAX_STRING] = {0};
	GetArg(szArg,szLine,1);

	if(IsNumber(szArg)){
		ItemID = atoi(szLine);
        sprintf(szMsg,"Item ID set to: %d",ItemID);
        WriteChatColor(szMsg, CONCOLOR_YELLOW);
	} else {
        sprintf(szMsg,"Item ID is currently: %d",ItemID);
        WriteChatColor(szMsg, CONCOLOR_YELLOW);
    }
    return;
}

VOID uAPICheck(PSPAWNINFO pChar, PCHAR szLine) {
	CHAR szMsg[MAX_STRING] = {0};
	CHAR szArg[MAX_STRING] = {0};
	GetArg(szArg,szLine,1);

	if(IsNumber(szArg)){
		APICheck = atoi(szLine);
        sprintf(szMsg,"API Check set to: %d",APICheck);
        WriteChatColor(szMsg, CONCOLOR_YELLOW);
	} else {
        sprintf(szMsg,"API Check is currently: %d",APICheck);
        WriteChatColor(szMsg, CONCOLOR_YELLOW);
    }
    return;
}

VOID uSlotNum(PSPAWNINFO pChar, PCHAR szLine) {
	CHAR szMsg[MAX_STRING] = {0};
	CHAR szArg[MAX_STRING] = {0};
	GetArg(szArg,szLine,1);

	if(IsNumber(szArg)){
		SlotNum = atoi(szLine);
        sprintf(szMsg,"SlotNum set to: %d",SlotNum);
        WriteChatColor(szMsg, CONCOLOR_YELLOW);
	} else {
        sprintf(szMsg,"SlotNum is currently: %d",SlotNum);
        WriteChatColor(szMsg, CONCOLOR_YELLOW);
    }
    return;
}


VOID uQuantity(PSPAWNINFO pChar, PCHAR szLine) {
	CHAR szMsg[MAX_STRING] = {0};
	CHAR szArg[MAX_STRING] = {0};
	GetArg(szArg,szLine,1);

	if(IsNumber(szArg)){
		Quantity = atoi(szLine);
        sprintf(szMsg,"Quantity set to: %d",Quantity);
        WriteChatColor(szMsg, CONCOLOR_YELLOW);
	} else {
        sprintf(szMsg,"Quantity is currently: %d",Quantity);
        WriteChatColor(szMsg, CONCOLOR_YELLOW);
    }
    return;
}

VOID uPrice(PSPAWNINFO pChar, PCHAR szLine) {
	CHAR szMsg[MAX_STRING] = {0};
	CHAR szArg[MAX_STRING] = {0};
	GetArg(szArg,szLine,1);

	if(IsNumber(szArg)){
		Price = atoi(szLine);
        sprintf(szMsg,"Price set to: %d",Price);
        WriteChatColor(szMsg, CONCOLOR_YELLOW);
	} else {
        sprintf(szMsg,"Price is currently: %d",Price);
        WriteChatColor(szMsg, CONCOLOR_YELLOW);
    }
    return;
}

// Called once, when the plugin is to initialize
PLUGIN_API VOID InitializePlugin(VOID)
{
	DebugSpewAlways("Initializing MQ2UDupe");
	AddCommand("/dupeit",DupeIt);
	AddCommand("/slotnum",uSlotNum);
	AddCommand("/uprice",uPrice);
	AddCommand("/uquantity",uQuantity);
	AddCommand("/uapi",uAPICheck);
	AddCommand("/uitemid",uItemID);
	AddCommand("/uspell",uSpellID);
	AddCommand("/platdupe",PlatDupe);
	AddCommand("/coindupe",CoinDupe);
	AddCommand("/trickcast",TrickCast);
	AddCommand("/trainit",Trainer);
	AddCommand("/forcesplit",AutoSplit);
	AddCommand("/autospend",AASpend);
	AddCommand("/iscribe",InstaScribeSpell);
	AddCommand("/imem",InstaMemSpell);
	AddCommand("/dupehelp",uDupeHelp);
WriteChatColor("MQ2uDupe Status :: Loaded!!",CONCOLOR_YELLOW);
WriteChatColor("Created by: UnKnoWn405",CONCOLOR_YELLOW);
WriteChatColor("Type /dupehelp for plugin info",CONCOLOR_YELLOW);
}

// Called once, when the plugin is to shutdown
PLUGIN_API VOID ShutdownPlugin(VOID)
{
	DebugSpewAlways("Shutting down MQ2UDupe");
	RemoveCommand("/dupeit");
	RemoveCommand("/slotnum");
	RemoveCommand("/uprice");
	RemoveCommand("/uquantity");
	RemoveCommand("/uapi");
	RemoveCommand("/uitemid");
	RemoveCommand("/uspell");
	RemoveCommand("/platdupe");
	RemoveCommand("/coindupe");
	RemoveCommand("/trickcast");
	RemoveCommand("/trainit");
	RemoveCommand("/forcesplit");
	RemoveCommand("/autospend");
	RemoveCommand("/iscribe");
	RemoveCommand("/dupehelp");
WriteChatColor("MQ2uDupe Status :: Unloaded!!",CONCOLOR_YELLOW);
}
 
This requires uDupe.h which includes all the packets and structures you need for this plugin. I hope you guys enjoy it, please give me redcents for this, thanks ;)

uDupe.h
Rich (BB code): 
#define uBUY		0x221E
typedef struct _BuyPkt {
	/*0000*/ DWORD TargetID;
	/*0000*/ DWORD SpawnID;
	/*0000*/ DWORD SlotNum;
	/*0000*/ DWORD Price;
	/*0000*/ DWORD Quantity;
} BuyPkt;

#define uCOINS 0x5FC7
typedef struct _CoinsPkt {
	BYTE Chksum;
} CoinsPkt;

#define uSELL 0xE13
typedef struct _SellPkt {
	/*0000*/ DWORD TargetID;
	/*0000*/ DWORD SlotNum;
	/*0000*/ DWORD Quantity;
	/*0000*/ DWORD Price;
} SellPkt;

#define uCASTSPELL 0x304B
typedef struct _CastPkt {
  DWORD SlotNum;
  DWORD SpellID;
  DWORD Unknown_Mask; 
  DWORD TargetID; 
  DWORD APICheck;
} CastPkt, *PCastPacket; 

#define uAUTOSPLIT		0x4848
typedef struct _SplitPkt {
	DWORD Platinum;
	DWORD Gold;
	DWORD Silver;
	DWORD Copper;
} SplitPkt;

#define uAASPEND 0x681
typedef struct _AASpendPkt {
/*0000*/ DWORD FunctionM;
/*0004*/ DWORD Index;
/*0008*/ DWORD unk1;
		 DWORD unk2;
} AASpendPkt;

#define uTRAINING		0x11D2
typedef struct _TrainPkt {
	DWORD TargetID;
	DWORD Some_Flag; //set to 0
	DWORD SlotID; //slot ID of the skill
} TrainPkt;

#define uMEMSPELL		0x308E	//also scribe
typedef struct _ScribeSpellPkt {
	DWORD some_flag; //set to 0
	DWORD SpellID;
	DWORD SpellBookSlot;
	DWORD unknown0x1; //set to 0x3ff (1023)
} ScribeSpellPkt;

typedef struct _MemSpellPkt {
	DWORD SpellBookSlot;
	DWORD SpellID;
	DWORD some_flag; //set to 0
	DWORD unknown0x1; //set to 0x3ff (1023)
} MemSpellPkt;

-UnKnoWn
 
Quick run through, here's some cool things you can do with it.

1.) Check out skills.h in MQ2Main for a full list of skills. You can target a GM and type /trainit to train skills without the points, this is glitchy.

2.) /autospend does work, but only if you have enough AA's so it's easier just to do it normally.

3.) /iscribe does work, but theres really no point because check out #4.

4.) /imem does work, and it's pretty damn sick because you can memorize a spell and set which slot you want it memorized in. You're probably thinking ok so what? That saves me like, what, 4 seconds? Wrong. You can do this while running and standing up and it's 100% instant.

5.) Removed directions, didn't realize this semi-works on live.

6.) /trickcast is not fully looked into. Anyone that is good at packets and coding might want to take a look at this, because it definitely has potential. The API check I thought was the problem, so I ran a sniffer and got the API from a certain level 1 SK spell and tried casting with correct API on a druid and it was instantly interrupted so I'm not sure what to do so you can trick the server if it's even possible.

Well that's about it. The best ones were /plat and /dupe but EQEmu broke both of these because my big mouth told a couple of untrustworthy people who blabbed and got it nerfed. That's why I'm releasing this source code mainly.

I wasn't releasing it earlier because I knew the EQEmu guys would know exactly how it works and fix it. Again, I hope everyone enjoys this and gets some use out of it. I still have a lot of stuff, I'm not saying what but I will say it's as powerful as ND plus some. I just can't release the source yet because it will be fixed before you know what hit you.

-UnKnoWn
 
Sorry for my newbness.. It has been a very long time sense I have attempted to do anything but use a pre compiled MQ. Do you think you could instruct me how to add this to your MQ compile for emu?
 
EDITED: Figured out the problem. Working on it.
 
Last edited:
I personally wouldn't try it because it has probably been patched in some way or another with attempt detection stuff.
 
I figured as much. I'll see about trying it with a proxy server on an IP I don't care about. If I manage to test it soon (been playing Payday 2 recently so dunno when I'll get to it) I'll report back.
 
Wow, thanks for the massive necro post... This is a 5 year old exploit that was patched months after it came out. Don't people get warnings around here for necro posting?
 
There's going out of your way to be a dick, and then there is an honest mistake. Chances are they used the forum search, and found a post that they thought was a good match.
Granted they should have looked at the date and just made a new thread, but at least they were searching instead of just asking. The level 2 section is a paid area, so why would they have a system to get rid of paying members?
 
btw this isn't COMPLETELY useless code... the offsets, opcodes, and structs can still be used in tit version of mq2... and i have used a few of the peices from mq2udupe even today :) (and if your smart enough... you'll figure out there is still a exploit to dupe from this code... last i used that exploit was 9/29/13 so i'm positive it still works..(ill retest the code in the morning to make sure)...)

keep looking around ChairGraveyard and try everything you can think of... exploits and duping methods have NEVER been just given to us... we had to search for them and try millions of methods just to get 1 result...

- - - Updated - - -

AS FOR EVERCHEATER, at least chairgraveyard is making a attempt at bringing something to the light... you know how many pieces of code I'VE resurected from the graveyard... IE MQ2AASpend... the code for that was from 2008/2009 by zippzipp... i asked maskoi if he would mind bringing it back into the compile.... now its one of the most commonly used plugins in the compile... so necrothreading or necroing can be a VERY good thing... and i support 100% if anyone does it within reason (IE if its a plugin or macro that has the possibility to be reused... no i don't support "BUMP" =\ that's just retarded and has no real value...) 99% of the macros/plugins today at one time or another were originated from a plugin/macro way back when...

necroing brings old things back to the table... and i believe can be very contributing... its right up there with engineering new, never seen before, plugins/macros... (and if more people attempted to necro things we might have stuff like tradeskill macros, language macros, etc... )

short and simple... don't be an asshole to someone for trying to come up with something to add to the table...
 
rog caught the last method known for duping plat... never hurts to keep trying...

if you guys want to learn how eq packets work i can host a skype conference sometime to teach this... from there its all easy work... (providing that you know how to write code... or atleast know how to use google... )

btw guys the way i learned was looking at other people's plugins and reading line by line... googleing each line that i didn't understand... (then i went and took a computer science course and learned how to write efficient code.. but never learned how to write in vb.net so still have to look at other coder's methods of writing code...)

tinkering is the best way to do things... if anyone wants to take a quick and dirty course on how to read packets and send packets private msg me your skype address and i'll teach you (you will need speakers and perferably a mic since i absolutly hate typing all the stuff out...)

- - - Updated - - -

oh... and if your a cute girl... naked pictures will get you anything... :D
 
You must log in or register to reply here.
MQ2uDupe [for EQEmu]
Next unread thread 🦁

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Back
Top
Cart

Cart

Total -