Jump to content

dextroy

Members
  • Posts

    43
  • Credits

  • Joined

  • Last visited

  • Feedback

    0%

About dextroy

Profile Information

  • Gender
    Male

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

dextroy's Achievements

Contributor

Contributor (5/16)

  • Reacting Well Rare
  • First Post Rare
  • Collaborator Rare
  • Conversation Starter Rare
  • Week One Done Rare

Recent Badges

1

Reputation

  1. Ok fine, thanks for the support, with all the information i think i can make a plausible solution. @melron I did read all of your post, i appreciate the information and the lesson. But about what you said in the beginning: the code may have breaches? Yeah, it might, but it's still essentially a 3rd party programming sending information it's NOT supposed to be sent to the server, so it is hacking, you just prefer to interprete as codes and lines, which is essentially what everything on the internet is. As for paying, then what's the point of having a "Free" Forum with a Help section if you lot don't wanna help whatsoever? Why the heck are you "mods" or whatever role you have are so dissatisfied having to reply what's supposed to be a "Free" forum? I get not wanting to help, maybe thinking the question is simple for you, but if you don't want to, then skip. If you want to be paid, then talk to the Forum owners to make this a paid section. But why do you lot feel the need to come here to say "you're wrong, you know nothing, what you use is shit, i'm superior, bla bla"? Ya'll need to chill, so much arrogance from you lot over a question. For whoever it fits: If you're so dissatisfied with a question but still feel the need to come out and say things like that, here's a tip: the problem ain't with me. Feel free to close the thread. Peace
  2. Alright, in the meantime i was testing l2phx with my previous code. And it also seems like my protection worked. I used it's injection to learn Super Haste and got this: So i'll use your code that fits plus the one i added previously. I guess this should fix this particular issue. Additionally, would you know how i could make it create a simple log file, or add it's messages to the server log? This way i can keep up with players that are trying to exploit the server easily, because as of it is, there's no logs being generated, just kicking out.
  3. There's still an issue, possibly with the e->e due to the java version. Can i replace that with something else?
  4. Ok, so the RequestAquireSkill.java. I'll send below what i did and the full code aswell: The first line is the 'If' you've suggested, but as you can see, there's an incompatibility with that "Lambda expression". What can i replace it with? The second if is the skill_id verification i implemented, and it appears to be working on skill masters (i tested with < 1500 and it didn't allow me to learn the skill) Here's the full code: /* * L2jFrozen Project - www.l2jfrozen.com * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA * 02111-1307, USA. * * http://www.gnu.org/copyleft/gpl.html */ package com.l2jfrozen.gameserver.network.clientpackets; import org.apache.log4j.Logger; import com.l2jfrozen.Config; import com.l2jfrozen.gameserver.datatables.SkillTable; import com.l2jfrozen.gameserver.datatables.sql.SkillSpellbookTable; import com.l2jfrozen.gameserver.datatables.sql.SkillTreeTable; import com.l2jfrozen.gameserver.model.L2PledgeSkillLearn; import com.l2jfrozen.gameserver.model.L2ShortCut; import com.l2jfrozen.gameserver.model.L2Skill; import com.l2jfrozen.gameserver.model.L2SkillLearn; import com.l2jfrozen.gameserver.model.actor.instance.L2FishermanInstance; import com.l2jfrozen.gameserver.model.actor.instance.L2FolkInstance; import com.l2jfrozen.gameserver.model.actor.instance.L2ItemInstance; import com.l2jfrozen.gameserver.model.actor.instance.L2NpcInstance; import com.l2jfrozen.gameserver.model.actor.instance.L2PcInstance; import com.l2jfrozen.gameserver.model.actor.instance.L2VillageMasterInstance; import com.l2jfrozen.gameserver.network.SystemMessageId; import com.l2jfrozen.gameserver.network.serverpackets.ExStorageMaxCount; import com.l2jfrozen.gameserver.network.serverpackets.PledgeSkillList; import com.l2jfrozen.gameserver.network.serverpackets.ShortCutRegister; import com.l2jfrozen.gameserver.network.serverpackets.StatusUpdate; import com.l2jfrozen.gameserver.network.serverpackets.SystemMessage; import com.l2jfrozen.gameserver.util.IllegalPlayerAction; import com.l2jfrozen.gameserver.util.Util; public class RequestAquireSkill extends L2GameClientPacket { private static Logger LOGGER = Logger.getLogger(RequestAquireSkill.class); private int _id; private int _level; private int _skillType; @Override protected void readImpl() { _id = readD(); _level = readD(); _skillType = readD(); } @Override protected void runImpl() { final L2PcInstance player = getClient().getActiveChar(); if (player == null) return; final L2FolkInstance trainer = player.getLastFolkNPC(); if (trainer == null) return; final int npcid = trainer.getNpcId(); if (!player.isInsideRadius(trainer, L2NpcInstance.INTERACTION_DISTANCE, false, false) && !player.isGM()) return; if (!Config.ALT_GAME_SKILL_LEARN) { player.setSkillLearningClassId(player.getClassId()); } if (player.getSkillLevel(_id) >= _level) // already knows the skill with this level return; if(SkillTreeTable.getInstance().getAllowedSkills(player.getClassId()).stream().noneMatch(e->e.getId == _skillId)) return; // test block sills 1500+ if ((_id) > 1500) { player.sendMessage("You are trying to learn an illegal skill"); Util.handleIllegalPlayerAction(player, "Player " + player.getName() + " tried to learn skill that he can't!!!", IllegalPlayerAction.PUNISH_KICK); // illegal skill return; } final L2Skill skill = SkillTable.getInstance().getInfo(_id, _level); int counts = 0; int _requiredSp = 10000000; if (_skillType == 0) { final L2SkillLearn[] skills = SkillTreeTable.getInstance().getAvailableSkills(player, player.getSkillLearningClassId()); for (final L2SkillLearn s : skills) { final L2Skill sk = SkillTable.getInstance().getInfo(s.getId(), s.getLevel()); if (sk == null || sk != skill || !sk.getCanLearn(player.getSkillLearningClassId()) || !sk.canTeachBy(npcid)) { continue; } counts++; _requiredSp = SkillTreeTable.getInstance().getSkillCost(player, skill); } if (counts == 0 && !Config.ALT_GAME_SKILL_LEARN) { player.sendMessage("You are trying to learn skill that u can't.."); Util.handleIllegalPlayerAction(player, "Player " + player.getName() + " tried to learn skill that he can't!!!", IllegalPlayerAction.PUNISH_KICK); return; } if (player.getSp() >= _requiredSp) { int spbId = -1; // divine inspiration require book for each level if (Config.DIVINE_SP_BOOK_NEEDED && skill.getId() == L2Skill.SKILL_DIVINE_INSPIRATION) { spbId = SkillSpellbookTable.getInstance().getBookForSkill(skill, _level); } else if (Config.SP_BOOK_NEEDED && skill.getLevel() == 1) { spbId = SkillSpellbookTable.getInstance().getBookForSkill(skill); } // spellbook required if (spbId > -1) { final L2ItemInstance spb = player.getInventory().getItemByItemId(spbId); if (spb == null) { // Haven't spellbook player.sendPacket(new SystemMessage(SystemMessageId.ITEM_MISSING_TO_LEARN_SKILL)); return; } // ok player.destroyItem("Consume", spb, trainer, true); } } else { final SystemMessage sm = new SystemMessage(SystemMessageId.NOT_ENOUGH_SP_TO_LEARN_SKILL); player.sendPacket(sm); return; } } else if (_skillType == 1) { int costid = 0; int costcount = 0; // Skill Learn bug Fix final L2SkillLearn[] skillsc = SkillTreeTable.getInstance().getAvailableSkills(player); for (final L2SkillLearn s : skillsc) { final L2Skill sk = SkillTable.getInstance().getInfo(s.getId(), s.getLevel()); if (sk == null || sk != skill) { continue; } counts++; costid = s.getIdCost(); costcount = s.getCostCount(); _requiredSp = s.getSpCost(); } if (counts == 0) { player.sendMessage("You are trying to learn skill that u can't.."); Util.handleIllegalPlayerAction(player, "Player " + player.getName() + " tried to learn skill that he can't!!!", IllegalPlayerAction.PUNISH_KICK); return; } if (player.getSp() >= _requiredSp) { if (!player.destroyItemByItemId("Consume", costid, costcount, trainer, false)) { // Haven't spellbook player.sendPacket(new SystemMessage(SystemMessageId.ITEM_MISSING_TO_LEARN_SKILL)); return; } final SystemMessage sm = new SystemMessage(SystemMessageId.DISSAPEARED_ITEM); sm.addNumber(costcount); sm.addItemName(costid); sendPacket(sm); } else { final SystemMessage sm = new SystemMessage(SystemMessageId.NOT_ENOUGH_SP_TO_LEARN_SKILL); player.sendPacket(sm); return; } } else if (_skillType == 2) // pledgeskills TODO: Find appropriate system messages. { if (!player.isClanLeader()) { // TODO: Find and add system msg player.sendMessage("This feature is available only for the clan leader"); return; } int itemId = 0; int repCost = 100000000; // Skill Learn bug Fix final L2PledgeSkillLearn[] skills = SkillTreeTable.getInstance().getAvailablePledgeSkills(player); for (final L2PledgeSkillLearn s : skills) { final L2Skill sk = SkillTable.getInstance().getInfo(s.getId(), s.getLevel()); if (sk == null || sk != skill) { continue; } counts++; itemId = s.getItemId(); repCost = s.getRepCost(); } if (counts == 0) { player.sendMessage("You are trying to learn skill that u can't.."); Util.handleIllegalPlayerAction(player, "Player " + player.getName() + " tried to learn skill that he can't!!!", IllegalPlayerAction.PUNISH_KICK); return; } if (player.getClan().getReputationScore() >= repCost) { if (Config.LIFE_CRYSTAL_NEEDED) { if (!player.destroyItemByItemId("Consume", itemId, 1, trainer, false)) { // Haven't spellbook player.sendPacket(new SystemMessage(SystemMessageId.ITEM_MISSING_TO_LEARN_SKILL)); return; } final SystemMessage sm = new SystemMessage(SystemMessageId.DISSAPEARED_ITEM); sm.addItemName(itemId); sm.addNumber(1); sendPacket(sm); } } else { final SystemMessage sm = new SystemMessage(SystemMessageId.ACQUIRE_SKILL_FAILED_BAD_CLAN_REP_SCORE); player.sendPacket(sm); return; } player.getClan().setReputationScore(player.getClan().getReputationScore() - repCost, true); player.getClan().addNewSkill(skill); if (Config.DEBUG) { LOGGER.debug("Learned pledge skill " + _id + " for " + _requiredSp + " SP."); } final SystemMessage cr = new SystemMessage(SystemMessageId.S1_DEDUCTED_FROM_CLAN_REP); cr.addNumber(repCost); player.sendPacket(cr); final SystemMessage sm = new SystemMessage(SystemMessageId.CLAN_SKILL_S1_ADDED); sm.addSkillName(_id); player.sendPacket(sm); player.getClan().broadcastToOnlineMembers(new PledgeSkillList(player.getClan())); for (final L2PcInstance member : player.getClan().getOnlineMembers("")) { member.sendSkillList(); } if (trainer instanceof L2VillageMasterInstance) { ((L2VillageMasterInstance) trainer).showPledgeSkillList(player); } return; } else { LOGGER.warn("Recived Wrong Packet Data in Aquired Skill - unk1:" + _skillType); return; } player.addSkill(skill, true); if (Config.DEBUG) { LOGGER.debug("Learned skill " + _id + " for " + _requiredSp + " SP."); } player.setSp(player.getSp() - _requiredSp); final StatusUpdate su = new StatusUpdate(player.getObjectId()); su.addAttribute(StatusUpdate.SP, player.getSp()); player.sendPacket(su); final SystemMessage sp = new SystemMessage(SystemMessageId.SP_DECREASED_S1); sp.addNumber(_requiredSp); sendPacket(sp); final SystemMessage sm = new SystemMessage(SystemMessageId.LEARNED_SKILL_S1); sm.addSkillName(_id); player.sendPacket(sm); // update all the shortcuts to this skill if (_level > 1) { final L2ShortCut[] allShortCuts = player.getAllShortCuts(); for (final L2ShortCut sc : allShortCuts) { if (sc.getId() == _id && sc.getType() == L2ShortCut.TYPE_SKILL) { final L2ShortCut newsc = new L2ShortCut(sc.getSlot(), sc.getPage(), sc.getType(), sc.getId(), _level, 1); player.sendPacket(new ShortCutRegister(newsc)); player.registerShortCut(newsc); } } } if (trainer instanceof L2FishermanInstance) { ((L2FishermanInstance) trainer).showSkillList(player); } else { trainer.showSkillList(player, player.getSkillLearningClassId()); } if (_id >= 1368 && _id <= 1372) // if skill is expand sendpacket :) { final ExStorageMaxCount esmc = new ExStorageMaxCount(player); player.sendPacket(esmc); } player.sendSkillList(); } @Override public String getType() { return "[C] 6C RequestAquireSkill"; } } I'll Google it myself, but i'll just ask: do know a link to any tutorial on how to use this hack? This way i can use it myself to test if the fix worked.
  5. In order for me to understand, isn't the "Allowed Skills" list the skill tree sql table? If so, as i mentioned the skill tree only marks skills up to 1430. I don't get how they'd see any different. Here, i found the get allowed skills on the following java files: Would it be on the L2PcInstance then? Here's the bit marked: /** * check player skills and remove unlegit ones (excludes hero, noblesse and cursed weapon skills). */ public void checkAllowedSkills() { boolean foundskill = false; if (!isGM()) { Collection<L2SkillLearn> skillTree = SkillTreeTable.getInstance().getAllowedSkills(getClassId()); // loop through all skills of player for (final L2Skill skill : getAllSkills()) { final int skillid = skill.getId(); // int skilllevel = skill.getLevel(); foundskill = false; // loop through all skills in players skilltree for (final L2SkillLearn temp : skillTree) { // if the skill was found and the level is possible to obtain for his class everything is ok if (temp.getId() == skillid) { foundskill = true; } } // exclude noble skills if (isNoble() && skillid >= 325 && skillid <= 397) { foundskill = true; } if (isNoble() && skillid >= 1323 && skillid <= 1327) { foundskill = true; } // exclude hero skills if (isHero() && skillid >= 395 && skillid <= 396) { foundskill = true; } if (isHero() && skillid >= 1374 && skillid <= 1376) { foundskill = true; } // exclude cursed weapon skills if (isCursedWeaponEquiped() && skillid == CursedWeaponsManager.getInstance().getCursedWeapon(_cursedWeaponEquipedId).getSkillId()) { foundskill = true; } // exclude clan skills if (getClan() != null && skillid >= 370 && skillid <= 391) { foundskill = true; } // exclude seal of ruler / build siege hq if (getClan() != null && (skillid == 246 || skillid == 247)) if (getClan().getLeaderId() == getObjectId()) { foundskill = true; } // exclude fishing skills and common skills + dwarfen craft if (skillid >= 1312 && skillid <= 1322) { foundskill = true; } if (skillid >= 1368 && skillid <= 1373) { foundskill = true; } // exclude sa / enchant bonus / penality etc. skills if (skillid >= 3000 && skillid < 7000) { removeSkill(skill); LOGGER.warn("Character " + getName() + " of Account " + getAccountName() + " got skill " + skill.getName() + ".. Removed!"/* + IllegalPlayerAction.PUNISH_KICK */); foundskill = true; } // exclude Skills from AllowedSkills in options.properties if (Config.ALLOWED_SKILLS_LIST.contains(skillid)) { foundskill = true; } // exclude Donator character if (isDonator()) { foundskill = true; } // exclude Aio character if (isAio()) { foundskill = true; } // remove skill and do a lil LOGGER message if (!foundskill) { removeSkill(skill); if (Config.DEBUG) { // sendMessage("Skill " + skill.getName() + " removed and gm informed!"); LOGGER.warn("Character " + getName() + " of Account " + getAccountName() + " got skill " + skill.getName() + ".. Removed!"/* + IllegalPlayerAction.PUNISH_KICK */); } } } // Update skill list sendSkillList(); skillTree = null; } } How would i insert your code there? I tried but got some errors, so, i'm sending the source code and trying to understand the code's logic.
  6. I appreciate that, but being honest i still couldn't understand what my next steps should be. Tracing the code could literally be looking into every single .java file, and as i said, i'm not a programmer/developer. That's why i've been asking as least for a countermeasure, if someone is sending illegal packets that i can't track (i don't know how or it'd require too much programming knowlege), wouldn't a block on it's effects at least partially solve the issue? I still don't know where to look at. If you could pinpoint something like: "You can add some code lines on WhateverFile.java and it will verify the skills" and somewhat of what the code would look like, then i can attempt a solution here. But i'm not at advanced knowledge with java. Tracing everything, check packets, hacking, those are not things i'm experenced at, so i just honestly don't know where to start looking. With the information i'm receiving. Zake told me to look on RequestAquireSkill.java and i was able to put an extra code line there. But i don't know if that's enough or where else i could put an extra verification.
  7. Ok, but what should i be looking into then? What java file? I'm trying to understand within my knowledge, which is not that advanced, so i ask for some patience. I did what i said about skills > 1500 on RequestAquireSkill.java. Is that enough? And is there a way i can verify/block what that phx sends? I'm not experienced with hack systems, so i don't know exactly how it's done. Where would i put that verification, considering the server is multiskill and it should allow all classes skills (skills under 1500)? And i don't know exactly where to put the method i asked for, that's why i'm here, i don't know which java file or how to code as i'm not an experienced developer/programmer.
  8. I understand, but i'm not sure if i can cover every single possibility of "how he did it" as there were no specific logs generated. The normal learn skill process on my server calls for the database skill tree on class masters, and the db skill tree only displays skills under 1500, which are the regular skill classes. If he used a class master to learn the skill, the new line i added on my previous post should already block them from learning. But if he did some other way, i can't figure out 'cause there were no logs. And i think i can assume it's not addSkill command 'cause only GM/ADM access level can call for those. And i'm assuming it's nothing of the sort, because if it was, he could've cause more damage than simply learning monster/items skills.
  9. If you have any suggestions i'm happy to listen and try. I did find somewhat of a fix of my own already. I entered the clientpack RequestAquireSkill.java and added the simple line: if ((_id) > 1500) return; I tested the code the other way around <1500 and it didn't allow me to learn any skills. So, If the hacker was using the skill masters packets to learn skills this should block them already. But if it's some other way, they can still get around. That's why i wanted a way to kick/ban players who have those skills learned on their character, because if it is something else, then a countermeasure to block characters with illegal skills would work for all situations. I just don't know which java file and what code could do that automatic verification.
  10. I do understand that finding exactly how the hacker did would be the best solution, but i'm not a programmer. I wouldn't know how to do that bypass track, and that would involve having to wait for another player to come in again and use the same or a similar hacking tool and then looking all over the code to possibly fix multiple things. Here's the error log i got when the guy started hacking: He also learned STR as a skill and had it maxed, that's probably why the server couldn't identify the limitation. There are no other logs about learning the skills or detected illegal activity on the gameserver. I don't have a professional server nor want to, it's just a fun side project, i know L2JFrozen has it's limitations and i've covered most i found over the months i've worked, that's why the guy that hacked wasn't able to completely ruin the server and compromise other accounts. I just want a way to immediately block the account if such thing happen again. Like: if the guy has one of the illegal skills learned, the character automatically gets kicked or banned. That would solve the root? No, but that would not allow them to exploit any skill related bug anymore. As for the learning skills process, it's not stack sub, not autolearn, just class masters, as i replied to Zake on a previous post, there are these lines on one of the config files: # Alternative skill learn rules: # - all classes can learn all skills # - skills of another class costs x2 SP # - skills of another race costs x2 SP # - skills of fighters/mages costs x3 SP AltGameSkillLearn = True With this active the player get to the class master/magister and learn their skills. Stack sub is not activated. They just can learn any class skill on any class master. If you need any other information to help understand the issue, i'll gladly provide, but i just want a countermeasure to block if such thing happens again. Yes man, i know those have safer and better coding, but i'm not throwing away all my work to learn how to code every single change i did on another type of java server from scratch. Especially since it's just a fun server. If you can assist with this version, great, i'd thank you. Otherwise i don't see the point in coming to do posts like this.
  11. Like you even tried. Please. Trying to spam multiple times to get that post number of urs up and some sort of "reputation". The details are there, the source code is there, what i asked is there. You keep evading the question and boasting. You probably just get other people's work and try to re-sell to others from what i see in your profile. If you knew anything you'd have asked for the specific code lines long ago. Here's some news for you: you're at the Help section of the forum. If you got nothing to add, move along. Bye.
  12. If he had access to my database directly he would've given himself the best items in the game, he could've made himself a GameMaster, but no, he was farming for items with monster skills. Or could've done much worse by erasing it. Plus i keep daily backups. So yeah, if my server got attacked directly on the database, i could give 0 f*cks. And if that happened, THEN i'd be looking for database protection. THEN your comment would make any sense. Not now. For NOW i asked a way to instantly block players that could use the same hack. See the difference? Really, what's wrong with YOU? Clearly you don't want to help, only want to find ways to boast and criticize to make yourself feel superior. If you have nothing to add, move on to another thread and let someone else assist.
  13. Yes, but whatever way it is, i'm not asking to know what the hacker did. I'm asking for a countermeasure. Which would be the automatic ban or kick, or whatever when a player with those skills learned log in the game, or whichever type of verification.
  14. Again, it's not a server-side mistake. You talk about checking my source, the source code i already posted on my previous reply if that would help it's there. The L2JFrozen one, it's the same thing: http://subversion.assembla.com/svn/L2jFrozenInterlude/trunk/gameserver Someone used some type of hack bypass to inject themselves with those skills. How? I don't know, i'm not a hacker. And again, i'm not even asking to find the root of the issue. If there's a way to add an extra layer of security that wouldn't be complicated like a gameguard, or a simple way to find it, what a bonus. But I'm asking for a simple solution in the form of a code: If a non GM player have those skills learned on their character skill list, they get banned. It's easier to unban later (if it was some sort of mistake) than allowing them exploit for whatever time until i find them exploting and manually ban. That shouldn't be something so complicated. Which would possibly look something like the line from the code on my first post: if (skillid >= 3000 && skillid < 7000) { foundskill = true; } I just don't know where i'd add it or how to code it to make it automatic.
×
×
  • Create New...