Steal anything with ACTION packet!

[nobless94]

why hided?? I want to see..

[Xanderॐ]

I dont think you need either the party or the trade. You can easily get the objectId of the item in other ways. And the party, i dont get why is it needed. From a first look its just that the server thinks you are picking up his object from the ground ... So why would a party be needed ?

[axaxa]

hm

 

when you are in party with him, send packet and (i think) this packet simulates his pick up...

if you aren't in party, you can't get weapon

i tried

[Xanderॐ]

So where did you find that exploit exactly ? Cause judging from what you say, you dont know how exactly it works do you :) ? ( PS texted it with codex_ex , we managed to get consumables deleted from a player without party, no pickup yet cause it still belongs in the target ).

[extatik]

U need to get that person from example weapon objid, than u dont need to do trade :) u just need to invite him to party :)

[Xanderॐ]

Thats a smart guy ;) Exactly. You can get his item objectid even if he has a private shop. YOu check his private shop, get the object id, then make him friend after 4 days, get him too party, do the exploiting packet , bye bye item ;)

[mg13gr]

This is the hidden content, please

• Sign In
• or
• Sign Up

[Xanderॐ]

I wonder what will happen if the item belongs in some clan warehouse ... ;)

[mg13gr]

I wonder what will happen if the item belongs in some clan warehouse ... ;)

Hmm.. You got something in your mind, don't you? ;3

[Xanderॐ]

Im checking atm what ownerId the item gets when its stored to the clan warehouse. If it gets itself or zero, then assuming you know the objectid of the item that is in the clan warehouse, you can pick it up from there without any need for party :)

 

Here's part of l2jbrazil code ( same in other packs too ):

 

if (target.getOwnerId() != 0 && target.getOwnerId() != getObjectId() && !isInLooterParty(target.getOwnerId()))

{

//Here it blocks the item pick up if the above conditions work;

}

 

So it says, that each item has an ownerid. If it is not zero and not itself and the actor of pickup is not in party with the object owner then block it. So if when it gets stored in warehouse it gets a zero or self owner ;) GG.

 

EDIT:

 

Bad news : ClanWarehouse :

 

@Override

public int getOwnerId() { return _clan.getClanId(); }

 

You cant pick the clan warehouse, damn :(

 

EDIT2:

 

By the way , did anyone check freya l2jserver code ? It could be vulnerable too if this is a 0day exploit ;)

[Nefer]

By the way , did anyone check freya l2jserver code ? It could be vulnerable too if this is a 0day exploit ;)

 

Leluche this is a very old exploit. :)

 

With this exploit you can also dupe all the items that you want. The method is the same. If works this works also dupe items.

 

ps: i will send to you the video...

[mg13gr]

Leluche this is a very old exploit. :)

 

With this exploit you can also dupe all the items that you want. The method is the same. If works this works also dupe items.

 

ps: i will send to you the video...

Yeap, I tried it. :p

[Xanderॐ]

Oh ok. How come it was not posted ? Personally i had no knowledge about it. And i wonder why most packs dont have it fixed if it is so old.

[xDafuQ]

can any1 remove this "hide"?=/

[Xanderॐ]

Why , are you from l2jbrazil and wanna fix it :) ?