[Share]Fix for steal anything exploit.

[Azumaril$]

Source-> http://maxcheaters.com/forum/index.php?topic=205271.0 So..this exploit can be done only when a player trades a party member.So,we wanna to dissalow players to trade when they are in a party mode.

It is so simple all can do this, but anyway i will just share it for really really newbies.

 

net.sf.l2j.clientpackets.TradeRequest.java

sm.addString(partner.getName());
		player.sendPacket(sm);
           return;
	}
+
+		if (player.isInParty() || partner.isInParty())
+		{
+			player.sendMessage("Cannot trade in party mode for security reasons");
+			partner.sendMessage("Cannot trade in party mode for security reasons");
+			return;
+		}
if (partner.getTradeRefusal())
       {

 

net.sf.l2j.clientpackets.RequestJoinParty.java

requestor.sendPacket(new SystemMessage(SystemMessageId.INCORRECT_TARGET));
		return;
	}
+if (target.getActiveTradeList() != null || requestor.getActiveTradeList() != null)
+	        {
+	        	requestor.sendMessage("Cannot party when having active trade");
+	        	requestor.sendMessage("Cannot party when having active trade");
+	        	return;
+	        }
if (target.isInJail() || requestor.isInJail())
        {

 

it should work.

 

PS:the good is to fix this exploit without disallow this abillity,but till now noone has shared the "good fix",i know it may sucks but servers with new developers that are in danger from this exploit?

 

[Reptant_]

This fix (disabling trade while in party) is retarded.

[Azumaril$]

This fix (disabling trade while in party) is retarded.

yes i know, this is  not good.the good is to fix this bug without disallow this.But actually for servers that are in danger from this bug(see superpower server) is good for begin.

[Reptant_]

yes i know, this is  not good.the good is to fix this bug without disallow this.But actually for servers that are in danger from this bug(see superpower server) is good for begin.

Υοu can still trade him,then ask him for party,so you can still do this bug

[Azumaril$]

Υοu can still trade him,then ask him for party,so you can still do this bug

fixed added and second part

[Xanderॐ]

Should i release the "right" fix, or let the exploit run some more days :) ?

[Azumaril$]

Should i release the "right" fix, or let the exploit run some more days :) ?

yes i know this "fix" really sucks. so dont let the days to run :P just share it :)) ( i know many servers are in danger from this).Even

l2vitality, l2core, l2flector

[Reptant_]

Should i release the "right" fix, or let the exploit run some more days :) ?

Ιt's maxcheaters, don't do it faidon ,don't ruin the only good exploit working :(

[Xanderॐ]

okz :) PS i didnt test it , but from the code i saw ( l2jbrazil ) it seems it does not need any party or trade to work. Im not that sure, but my intuition says that :) So the previous code is really doing nothing.

[Azumaril$]

okz :) PS i didnt test it , but from the code i saw ( l2jbrazil ) it seems it does not need any party or trade to work. Im not that sure, but my intuition says that :) So the previous code is really doing nothing.

i tried the code with party and without party, with party ofc work but without party it did not work in all the servers :S

[Xanderॐ]

i tried the code with party and without party, with party ofc work but without party it did not work in all the servers :S

 

But it work in some without party ? If so, that means some servers tried to fix it the way you did. Should be cool if we can get to know what l2j version they are using to check their code. So far l2jbrazil seems totally vulnerable, latest revision.

 

[Azumaril$]

But it work in some without party ? If so, that means some servers tried to fix it the way you did. Should be cool if we can get to know what l2j version they are using to check their code. So far l2jbrazil seems totally vulnerable, latest revision.

 

Actually l2jbrazil always sucked,your signature means L2J Brasil , you have right.They always use actions failed,that i did too but at least i dont know java,they have "serious" project and java developers(that's i think)

[Xanderॐ]

Anyway if someone wants it private-fixed, since im interested into trying it and finding possibilities to expland the exploit give me a pm but be sure to have in your teamviewer pc :

 

1)Ready running interlude server.

2)Eclipse with source code of your pack.

3)The exploit working. (Not necessary i can do that too ).

4)A phx working.

 

Dont bother pming me if you dont have the following, cause im too lazy to set them up for you and for me ( i dont have il in my pc for obvious reasons ). :)

[Azumaril$]

Anyway if someone wants it private-fixed, since im interested into trying it and finding possibilities to expland the exploit give me a pm but be sure to have in your teamviewer pc :

 

1)Ready running interlude server.

2)Eclipse with source code of your pack.

3)The exploit working. (Not necessary i can do that too ).

4)A phx working.

 

Dont bother pming me if you dont have the following, cause im too lazy to set them up for you and for me ( i dont have il in my pc for obvious reasons ). :)

check your Pms

[xtremex]

Code_ex the "RequestAnswerJoinParty.java" is not the best file for fix that

 

that make a target bug exploit (player cannot target the requestor without restart)

 

so this is the right fix:

 

Index: java/net/sf/l2j/gameserver/clientpackets/RequestJoinParty.java
===================================================================
--- java/net/sf/l2j/gameserver/clientpackets/RequestJoinParty.java	(revision 4430)
+++ java/net/sf/l2j/gameserver/clientpackets/RequestJoinParty.java	(working copy)
@@ -69,6 +69,18 @@
             return;
         }

        if (requestor.getFactionId() != target.getFactionId())
        {
        requestor.sendMessage("You cannot invite players from another faction.");
        return;
        }
       
+        if (target.getActiveTradeList() != null || requestor.getActiveTradeList() != null)
+		{
+			requestor.sendMessage("You can't invite players with active trade");
+			return;
+		}
+		
		if (target.isInParty())
         {
			SystemMessage msg = new SystemMessage(SystemMessageId.S1_IS_ALREADY_IN_PARTY);

 

I tested and work!