lion wrote:we not a spammer on other forum and not donator members, if you want show to us something then copy/paste here, you put link for nothing, no one can read it
Leluche wrote: So there was that issue going around, and apparently anti-target was and is the hot topic around. I talked with some "server admins" most of them had the exploit, could use it, couldnt not fix it ( shouldnt wonder why not ... ) but they didnt reply back cause they didnt probably believe that i can fix it or find it. Some others, which i thank, contacted me in msn ( about 8 guys in total ) , sent me the phx script ( which was so messy coded, whos the noob that created it ? ). Anyway one thing i didnt like about the contacts was that they didnt prepare the ground for me to fix it, so i had to try the exploit myself, get phx, get interlude , etc. At least flash got most of the parts ready, so after a good 3 hours of testing we managed to get it working. For that mysticism and the behaviour of most admins i wont release a patch that fixes it, i will just share the "idea" and the "solution" behind it so as only good packs get it fixed ( aCis etc ) and the garbages ( l2jfrozen/brazil/teon and so on have it running and rot to the hack-hell they deserve to).
So the famous anti-target exploit.
Where does it work ?
Every server that supports freight system atm.
Versions: L2J/L2Jfree's and their forks.
How does it work ?
The idea behind the exploit, is that with a certain packet crafting, you can force the server to create a new L2PcInstance of you while you are already ingame. There is a section in the code where that can happen. In the same section of the code, few lines lower, the game calls .deleteMe() on that object. The object gets removed, but due to same id with your , the real l2pcinstance that is attacked to the client , it removes you from the L2World since L2World maps the objects based on the id. That makes the player appear missing from L2World as a result, no kicks no targets etc. ( Parodically it gets removed from knownlists too till they get updated ). For more spoiling : RequestPackageSend.java
How to fix it ?
Do not allow L2PcInstance creation if for the requested id, another character exists in the game ( check l2world for it ).
Tested on:
aCis pack latest revision.
Verdict:
I hope that way only the good cheaters will get to do the exploit ( i did it without the script that goes around so if you cant do it, you are probably a noobish script-kiddo) and only the professional and serious developers making packs will have it fixed in their packs. I may release a patch in the future, but not right now, since both communities ( cheaters and admin-wannabes ) are way too immature to even cooperate with me for their own good. I dive in the mud for 1 week to get the exploit and for another 3 hours to make it working and fix it.
Cya
EDIT: Since im a good guy, here's the fix:And here is the exploit:Code: Select all
### Eclipse Workspace Patch 1.0#P gameserverIndex: java/net/sf/l2j/gameserver/network/clientpackets/RequestPackageSend.java===================================================================--- java/net/sf/l2j/gameserver/network/clientpackets/RequestPackageSend.java (revision 70)+++ java/net/sf/l2j/gameserver/network/clientpackets/RequestPackageSend.java (working copy)@@ -24,6 +24,7 @@ import net.sf.l2j.Config; import net.sf.l2j.gameserver.model.ItemContainer; import net.sf.l2j.gameserver.model.L2ItemInstance;+import net.sf.l2j.gameserver.model.L2World; import net.sf.l2j.gameserver.model.PcFreight; import net.sf.l2j.gameserver.model.actor.L2Npc; import net.sf.l2j.gameserver.model.actor.instance.L2PcInstance;@@ -78,6 +79,9 @@ if (player == null) return; + if(L2World.getInstance().getPlayer(_objectID) != null)+ return;+ L2PcInstance target = L2PcInstance.load(_objectID); PcFreight freight = target.getFreight(); getClient().getActiveChar().setActiveWarehouse(freight);
9F + yourCharId+ somerandomitems = RequestPackageSend = Send a freight to yourself, not the other chars
yourCharId , get it with phx its a 4 byte number like 4D AA 00 12. So the packet will look like this :
9F 4D AA 00 12 01 00 00 00 5D 14 08 32 02 00 00 00
