Page 3 of 3

Re: Some players can see stuff they should not.

Posted: Thu Apr 07, 2011 2:25 pm
by mgbhard
lion wrote:we not a spammer on other forum and not donator members, if you want show to us something then copy/paste here, you put link for nothing, no one can read it
Leluche wrote: So there was that issue going around, and apparently anti-target was and is the hot topic around. I talked with some "server admins" most of them had the exploit, could use it, couldnt not fix it ( shouldnt wonder why not ... ) but they didnt reply back cause they didnt probably believe that i can fix it or find it. Some others, which i thank, contacted me in msn ( about 8 guys in total ) , sent me the phx script ( which was so messy coded, whos the noob that created it ? ). Anyway one thing i didnt like about the contacts was that they didnt prepare the ground for me to fix it, so i had to try the exploit myself, get phx, get interlude , etc. At least flash got most of the parts ready, so after a good 3 hours of testing we managed to get it working. For that mysticism and the behaviour of most admins i wont release a patch that fixes it, i will just share the "idea" and the "solution" behind it so as only good packs get it fixed ( aCis etc ) and the garbages ( l2jfrozen/brazil/teon and so on have it running and rot to the hack-hell they deserve to).


So the famous anti-target exploit.

Where does it work ?

Every server that supports freight system atm.
Versions: L2J/L2Jfree's and their forks.

How does it work ?

The idea behind the exploit, is that with a certain packet crafting, you can force the server to create a new L2PcInstance of you while you are already ingame. There is a section in the code where that can happen. In the same section of the code, few lines lower, the game calls .deleteMe() on that object. The object gets removed, but due to same id with your , the real l2pcinstance that is attacked to the client , it removes you from the L2World since L2World maps the objects based on the id. That makes the player appear missing from L2World as a result, no kicks no targets etc. ( Parodically it gets removed from knownlists too till they get updated ). For more spoiling : RequestPackageSend.java :)

How to fix it ?

Do not allow L2PcInstance creation if for the requested id, another character exists in the game ( check l2world for it ).

Tested on:

aCis pack latest revision.

Verdict:

I hope that way only the good cheaters will get to do the exploit ( i did it without the script that goes around so if you cant do it, you are probably a noobish script-kiddo) and only the professional and serious developers making packs will have it fixed in their packs. I may release a patch in the future, but not right now, since both communities ( cheaters and admin-wannabes ) are way too immature to even cooperate with me for their own good. I dive in the mud for 1 week to get the exploit and for another 3 hours to make it working and fix it.

Cya :)

EDIT: Since im a good guy, here's the fix:

Code: Select all

### Eclipse Workspace Patch 1.0#P gameserverIndex: java/net/sf/l2j/gameserver/network/clientpackets/RequestPackageSend.java===================================================================--- java/net/sf/l2j/gameserver/network/clientpackets/RequestPackageSend.java    (revision 70)+++ java/net/sf/l2j/gameserver/network/clientpackets/RequestPackageSend.java    (working copy)@@ -24,6 +24,7 @@ import net.sf.l2j.Config; import net.sf.l2j.gameserver.model.ItemContainer; import net.sf.l2j.gameserver.model.L2ItemInstance;+import net.sf.l2j.gameserver.model.L2World; import net.sf.l2j.gameserver.model.PcFreight; import net.sf.l2j.gameserver.model.actor.L2Npc; import net.sf.l2j.gameserver.model.actor.instance.L2PcInstance;@@ -78,6 +79,9 @@         if (player == null)            return;         +        if(L2World.getInstance().getPlayer(_objectID) != null)+           return;+                L2PcInstance target = L2PcInstance.load(_objectID);        PcFreight freight = target.getFreight();        getClient().getActiveChar().setActiveWarehouse(freight); 
And here is the exploit:

9F + yourCharId+ somerandomitems = RequestPackageSend = Send a freight to yourself, not the other chars ;)

yourCharId , get it with phx its a 4 byte number like 4D AA 00 12. So the packet will look like this :

9F 4D AA 00 12 01 00 00 00 5D 14 08 32 02 00 00 00

Re: Some players can see stuff they should not.

Posted: Thu Apr 07, 2011 3:47 pm
by JIV
:roll:

Re: Some players can see stuff they should not.

Posted: Thu Apr 07, 2011 8:05 pm
by msknight
Not a resolution, but there are some scripts here that can help police a server.

http://l2jdropcalc.svn.sourceforge.net/ ... toscripts/

They can be adapted to work even though you're not using the Michelle Dropcalc.

Simply run them every few minutes and they should help out.

autol2jeikill.php should run a check for overly enchanted items.

If you create the table knightdrop in your login database...

Code: Select all

CREATE TABLE `knightdrop` (  `name` varchar(45) NOT NULL DEFAULT '',  `lastaction` int(11) DEFAULT NULL,  `token` varchar(10) DEFAULT NULL,  `mapaccess` int(20) DEFAULT '0',  `recipeaccess` int(20) DEFAULT '0',  `boxingok` int(1) DEFAULT NULL,  `warnlevel` int(1) DEFAULT NULL,  `characcess` int(20) DEFAULT '0',  `lastheard` int(20) DEFAULT '0',  `ipaddr` varchar(30) DEFAULT NULL,  `access_level` int(11) DEFAULT '0',  `email` varchar(50) DEFAULT '',  `request_time` int(20) DEFAULT '0',  `request_key` varchar(45) DEFAULT NULL,  `emailcheck` int(1) NOT NULL DEFAULT '0',  `password` varchar(45) DEFAULT NULL,  `gdaccess` int(20) DEFAULT '0',  `verified` int(1) NOT NULL DEFAULT '0',  PRIMARY KEY (`name`),  UNIQUE KEY `id` (`name`));
... and run the autol2jacc.php program, then that will populate the knightdrop table with a copy of some of the data in your login table.

Then, autol2jcheck.php can check the account level in the login database against the knightdrop table and if there have been any unauthorised changes, it can kick and ban the account.

If you set the $knight_db variable to the same as your login database and create this table...

Code: Select all

CREATE TABLE `accnotes` (  `charname` varchar(45) NOT NULL DEFAULT '',  `notenum` int(5) NOT NULL DEFAULT '0',  `notemaker` varchar(50) DEFAULT NULL,  `note` varchar(300) DEFAULT NULL,  PRIMARY KEY (`charname`,`notenum`));
...then it will record its actions in the table.

Hope this helps anyone who is concerned.

Obviously - test this out on a test server first to make sure you are happy with it and back up your game server database first.

Michelle.

Re: Some players can see stuff they should not.

Posted: Sat Apr 09, 2011 12:22 pm
by momo61
wow, awesome guy o.O

Re: Some players can see stuff they should not.

Posted: Tue Jun 28, 2011 5:39 pm
by Nerimah
I think L2NEt can do all that, no?

Re: Some players can see stuff they should not.

Posted: Thu Sep 01, 2011 3:14 pm
by Trev
I cant find the file to modify.

RequestPackageSend.java

Maybe is fixed in latest server revisions ?

Re: Some players can see stuff they should not.

Posted: Sun Dec 04, 2011 5:36 am
by regenx
momo61 wrote:I found a lot of fixes for a lot of issues :)

read the first topic here (You will need a lot of posts or a donator/premium account there to view the topic):

http://maxcheaters.com/forum/index.php?topic=203627.0



LOL, maxcheaters is DEAD for good (or they are in flood about from few days ago) .. Who knows ..oO

Re: Some players can see stuff they should not.

Posted: Sun Dec 11, 2011 10:36 pm
by JMD
regenx wrote:
momo61 wrote:I found a lot of fixes for a lot of issues :)

read the first topic here (You will need a lot of posts or a donator/premium account there to view the topic):

http://maxcheaters.com/forum/index.php?topic=203627.0



LOL, maxcheaters is DEAD for good (or they are in flood about from few days ago) .. Who knows ..oO
i need 50 more posts to see this damnit.