[Share]Fix for steal anything exploit.

[Xanderॐ]

Code_ex the "RequestAnswerJoinParty.java" is not the best file for fix that

 

that make a target bug exploit (player cannot target the requestor without restart)

 

so this is the right fix:

 

Index: java/net/sf/l2j/gameserver/clientpackets/RequestJoinParty.java
===================================================================
--- java/net/sf/l2j/gameserver/clientpackets/RequestJoinParty.java	(revision 4430)
+++ java/net/sf/l2j/gameserver/clientpackets/RequestJoinParty.java	(working copy)
@@ -69,6 +69,18 @@
             return;
         }

        if (requestor.getFactionId() != target.getFactionId())
        {
        requestor.sendMessage("You cannot invite players from another faction.");
        return;
        }
       
+        if (target.getActiveTradeList() != null || requestor.getActiveTradeList() != null)
+		{
+			requestor.sendMessage("You can't invite players with active trade");
+			return;
+		}
+		
		if (target.isInParty())
         {
			SystemMessage msg = new SystemMessage(SystemMessageId.S1_IS_ALREADY_IN_PARTY);

 

I tested and work perfect!

 

Nope thats not the right fix :) Good try but it isnt :).

[xtremex]

Nope thats not the right fix :) Good try but it isnt :).

 

also, i did not see the exploit.. i only fixed the code he did

[Xanderॐ]

Ya, he was wrong. I showed him with phx a minute ago. That fix will not work at someone that knows how the exploit actually works. You can bypass it easily. Anyway diving deep in the code to see how else it can be exploited.

[xtremex]

Ya, he was wrong. I showed him with phx a minute ago. That fix will not work at someone that knows how the exploit actually works. You can bypass it easily. Anyway diving deep in the code to see how else it can be exploited.

 

if i get how work this exploit or anyone show to me in pm, maybe i can help or give a try

[Xanderॐ]

In simple words, L2ItemInstance.onAction is called by a spoofed Action packet and the server doesnt check if the item that gets onAction() called is actually allowed to get picked up. So you can pickup items that exist in other players inventories given the right priviladges ( party ). To fix it you need to check restrictions when someone tries to call onAction() of an ItemInstance.

 

I think thats enough information for someone that knows how things work to fix it.

[An4rchy]

In simple words, L2ItemInstance.onAction is called by a spoofed Action packet and the server doesnt check if the item that gets onAction() called is actually allowed to get picked up. So you can pickup items that exist in other players inventories given the right priviladges ( party ). To fix it you need to check restrictions when someone tries to call onAction() of an ItemInstance.

 

I think thats enough information for someone that knows how things work to fix it.

I am not sure if i have understood well, but if did, i have to tell you that in the exploit axaxa(i'm not laughing it's his name :D) doesn't say sth about picking up. Except if the OID thing stands for pick up or sth(?).

[Azumaril$]

I am not sure if i have understood well, but if did, i have to tell you that in the exploit axaxa(i'm not laughing it's his name :D) doesn't say sth about picking up. Except if the OID thing stands for pick up or sth(?).

no....when he send the packet, the items is dropping in the ground and the player drop it auto(without press pick up)

 

PS: THIS FIX SUCKS :P....

 

[mg13gr]

@Code_Ex

Your fix is fail, seriously.

 

 

@Lelouche

 

Come on... We're maxCHEATERS, don't ruin the exploits boards, they're again popular..

[Azumaril$]

@Code_Ex

Your fix is fail, seriously.

 

 

@Lelouche

 

Come on... We're maxCHEATERS, don't ruin the exploits boards, they're again popular..

yeap....you have right..i allready found how to bypass this shit xd ....really sucks

[mg13gr]

yeap....you have right..i allready found how to bypass this shit xd ....really sucks

Exactly, I have bypassed it already.

[An4rchy]

no....when he send the packet, the items is dropping in the ground and the player drop it auto(without press pick up)

 

PS: THIS FIX SUCKS :P....

 

While the player auto picks up, the trade window is still active?

[Azumaril$]

While the player auto picks up, the trade window is still active?

no trade to be active need :)...if the player take the object of weapon then gg. he can go 1 week later and just party him and steal him :D

[An4rchy]

no trade to be active need :)...if the player take the object of weapon then gg. he can go 1 week later and just party him and steal him :D

Hmm then it's more complicated... Anyway, it will be fixed soon. As soon as Leluche releases it or someone else...

[Azumaril$]

Hmm then it's more complicated... Anyway, it will be fixed soon. As soon as Leluche releases it or someone else...

not for sure :D maybe leluche wont post it :)

[mg13gr]

Come on..

Why to post the damn fix?

Keep it for yourself, for fucks sake. We're a goddamn CHEATING community.

 

ffs