RiPE 1

RiPE
Official Guide

Table of Contents:
Injecting RiPE.................2

Selecting a Game.............2

Logging Packets...............3

Sending Packets...............3-4

Dynamic Packets..............5

Packet Blocking...............6

Packet Modification........6

Opcode Labeling..............7

Introduction to RiPEST...7

RiPEST Database.............8

Further Reading................8
 RiPE 2

Injecting RiPE:
If you are using RiPE Launcher:
Select the game or process that you want to inject into, and then
click the "Inject" button. RiPE Launcher comes with RiPE. Make sure
that RiPE Launcher is in the same folder / directory as RiPE.dll.

If you are using Injector Gadget:

Select the game or process that you want to
inject into from the left. Add RiPE.dll to the DLLs to
Inject list by browsing for it or dragging the .dll and
dropping it into the DLLs to Inject box. After that is
done, click the "Inject" button. Do NOT check
"Cloak DLL." RiPE uses its own cloaking methods.

Selecting a Game:
After injecting, you should now see a "Game Selection" dialog.
Select the game that you want to use RiPE for from the left, and the
version from the right. Click on "Continue." You may additionally
"Search for a Plugin" to search the RiPEST plugin database for other
plugins. Plugins appear on the Game Selection menu just like any other
game.
 RiPE 3

Logging Packets:
To log packets, simply click "Hook Send" or
"Hook Recv." Hook Send will log packets sent FROM
the client TO the server. Hook Recv will log packets
sent FROM the server TO the client.

You must also make sure that "Enable Logging" is checked for packets to appear. The
difference between Tree and List views is simply the order that packets appear. In a tree view,
packets are ordered first by their header and second by their return address. In a list view,
packets are ordered based on the time that they were logged.

Double-clicking on a packet once it is logged will add it to the "Send Packets" window.
You can clear the logged packets by right-clicking anywhere on RiPE and selecting the
appropriate option from the menu.

Sending Packets:
With the Send Packets window:

Place the packet in the "Packet" textbox, and

click either "Send" to send a packet to the server or
"Recv" to send a packet from the server to the client. Note that Recv packets modify the client,
while Send packets modify the server.

You may use * or ? to randomize parts of a packet, such as "0A 00 ?? *? ** 0? 0A 00 00

00". Notice how * and ? work exactly the same, and you are able to randomize a single nibble
(character between 0~F; 4 bits).

Spacing is ignored in packets.

 RiPE 4

Sending Packets (Cont.):

With the Multi tab:

The Multi tab offers a wide range of

flexibility for sending and receiving packets.
This tab is usually used to save and load
groups of packets, or to send a group of packets to other people via a .ini file. You may add a
small name to each packet to remember what it's used for.

To add a packet to the Multi tab,

place the packet in "Packet" textbox as
shown above, and set the delay to the
amount of time between successive
sends / receives of that packet. For
example, if I have a packet to drop in-
game money and I set the delay to 2500,
then I will drop in-game money every
2.5 seconds.

Packets are appended to the bottom of the Multi list. If you want to add multiple packets,
then they should be added in the order that they'll be used. Note that order only matters if you
have "Act as Group" enabled.

If "Act as Group" is enabled, then the first packet will be sent after its delay (in the above
screenshot, it would be sent after 1000 milliseconds). The second packet would be sent 123
milliseconds after the first packet was sent.

If "Act as Group" is disabled, packets will be sent based on their own delay, without any
regard for the delay of other packets. In the above example, this would mean that "A0 00" would
be sent every 1000 milliseconds, and the longer packet would be sent every 123 milliseconds.

In order to actually spam packets, you will need to click on "Start Spamming," which will
initiate the sending of the packets in the Multi tab. To stop spamming, click the "Start
Spamming" button again (it should be changed to "Stop Spamming").

You may quickly send (or receive) a packet by double-clicking it in the Multi tab.

If you see a spin control between "Act as Group" and "Start Spamming," then that is the
socket number to use for sending the packets. As of now, this only shows up when "Other" is
selected at the Game Selection dialog.
 RiPE 5

Dynamic Packets:
Unknown to many, RiPE supports something known as "dynamic packets." These are
packets that change in a predefined way each time they're sent or received. Although dynamic
packets are evaluated in the "Send Packets" window, they will only work properly in the "Multi"
tab. This is because the "Send Packets" window is stateless.

A dynamic packet is identified by containing square brackets [] somewhere in the packet.

The portion of the packet inside of the square brackets is the dynamic portion. For example:

0A 00 [10000000, 00000000, 7FFFFFFF, +???]

In the above packets, we see that [10000000, 00000000, 7FFFFFFF, +2???] is the dynamic
portion of this packet. A packet can have as many dynamic portions as needed.

The structure of a dynamic portion is [current, minimum, maximum, expression]. In the

above packet, this means that the packet starts at 10000000, slowly increases to 7FFFFFFF, and
then loops back around to 00000000. The ?'s in the expression mean that the value will be
increased from 000 to FFF (since there are three of them).

Size of the generated partial packet is determined by the greatest size between the
minimum and the maximum. In the above example, the size would be 4 bytes.

The current section of the dynamic portion can be left out. In this case, the structure
would be: [current/minimum, maximum, expression]. It is recommended to always include the
current section in a dynamic packet for clarity.

Please note that dynamic packets are in big-ENDian. They are one of the only
hexadecimal values that appears as big-ENDian in RiPE. Everything else is lil-ENDian.
 RiPE 6

Packet Blocking:
To block a packet in RiPE, there are two tabs that you should take a
look at. The "S - Block" tab is used for blocking and modifying send packets
(from the client to the server). The "R - Block" tab is used for blocking and
modifying receive packets (from the server to the client).

Packet blocking goes from left to right. In the example to the right, a
packet would be blocked if it matches: "0A 00 ?? ?? ?? ?? 12 34 56 78". For
example, the packet "0A 00 11 22 33 44 12 34 56 78 FF A0" would be
blocked. However, the packet "00 0A 11 22 33 44 12 34 56 78 FF A0"
would not be blocked. The packet "0A 00 11 22 33 44" would likewise not
be blocked (too short).

Packet blocking only uses the top textbox in the "S - Block" and "R - Block" tabs. The
bottom textbox is only for packet modification. Ignoring a packet is identical to blocking a
packet.

Packet Modification:
Packet modification is similar to packet blocking in that the top textbox works exactly the
same. Of interest is the bottom textbox. There are a few special characters that work a bit
differently in the modify textbox than in the rest of RiPE:

? The ? means "use whatever was in the original packet". So if I had a packet 0A
00 11 22, and I used "FF 00 DD ??" as the replaced packet, my result would give
me: "FF 00 DD 22".

* The * means "randomize this nibble." It works similarly to * and ? in the rest of
RiPE.

. The . means "keep everything else the same as the original packet." It would be
identical to ending the packet with a bunch of ?? characters. For example, if I
have the packet "0A 00 11 22" and I used "0B.", my resulting packet would be
"0B 00 11 22".

It should be noted that you MUST use the . if you don't want your modified packet to be
abruptly cut off. For example, if I have the packet "0A 00 11 22" and I used "0B ??", my end
result would be "0B 00".
 RiPE 7

Opcode Labeling:
Opcode labeling is one of the (unfortunately) widely unused
aspects of RiPE. It allows you to label packets based on their opcode,
or header. For example, I might have send opcode 007F, and I might
name it something like "Drop Money." Now whenever the packet is
logged, it will be something like: "007F - Drop Money" in S - Tree.

To add a new label, simply select the opcode type (Send for S -
Tree, Recv for R - Tree), the opcode (in big-ENDian), and the label that
you want to use.

If there is a conflict in opcodes, then the conflicting opcodes will

be highlighted in coral pink as shown in the image to the right.

To resolve a conflict, you can either click twice on a line to change

its opcode, or you can select as many lines as you want and click the Up or
Down arrows to change the selected lines accordingly.

Once you are done making changes, click "Save". The changes
will take effect immediately, but you may need to clear the S - Tree or R -
Tree tabs if the opcode has already been logged to see the changes.

The labels will be saved to the same file as the rest of the RiPE information, such as the
packets in Multi.

Introduction to RiPEST:
RiPEST is another highly advanced but rarely used feature of RiPE. RiPEST is a
powerful scripting language designed around packets. RiPEST allows you to set up keys for
sending packets or groups of packets. It also allows you to completely change the way that RiPE
functions. You can even make hacks in RiPEST with relative ease.

For in-depth coverage of how to use RiPEST, its functions, and some sample scripts,
check out the RiPEST forums at: http://www.unallied.com/forum/forumdisplay.php?5-RiPE-
Tutorials.
 RiPE 8

RiPEST Database:
The RiPEST online database is a
powerful (though still buggy) way of finding
RiPEST scripts and plugins. To begin
searching the database, access it from the
RiPEST Tab by clicking "Find Scripts" or by
clicking "Search for Plugin" from the Game
Selection dialog.

You can browse the list of available

scripts / plugins by game name. Clicking on a
script or plugin will bring up the script, along
with its author and the number of times it has
been downloaded.

To download a script, simply click

"Add Script." You can also upload your own
scripts.

Scripts will appear in the RiPEST tab, and plugins will appear in the Game Select dialog.

Further Reading:
This guide was designed for people who understand the basics of packet editing and
packet terminology. If you are confused, bewildered, baffled, confounded, perplexed, puzzled,
stumped, or in any way lacking the aforementioned skills and knowledge, then I invite you to
read up more on packet editing from the URLs below:

http://www.godevtool.com/GoasmHelp/usbyte.htm

2's complement and signed vs unsigned values (no URL for this one, sorry! If you know of a good one,
let me know).