ahmetozgur Posted July 6, 2014 Posted July 6, 2014 I feel like a retard because i didn'T get it actually.. Because u use N01 n0 etc. wtf which char is it my mind blown xD
PowPanda Posted July 22, 2014 Posted July 22, 2014 Nice one! I didnt test it but im sure 99% that its working cuz i played a few servers and some players had unlimited vote/farm items etc. They said that they hack it but i didnt believe them ( cuz i thought they cant hack database). Well thanks i will try it soon!
text Posted September 14, 2014 Posted September 14, 2014 Hello guys , I'd like to share with you one intresting dupe. In what we need? (In offline trade) 1 – Windows XP(better) 2 – Hide toolz (in some case) 3- Kill GGuard (also if you have the problems) Items dupe What to do? Run l2phx , run game. For dupe we need in 2 la2 boxes. We will dupe counting items, in my case Donate coins. IMPORTANT!!! We must have at least 5 items!!! 1)Char №1 must give trade to char №2 , and give him 1 donate coin. 2)Char N1 must sit on selling, char №2 must buy 1 donate coin. Catch packet like this 79 46 92 03 10 01 00 00 00 66 B8 04 10 01 00 00 00 01 00 00 00 ,where 46 92 03 10 - ОID char 66 B8 04 10 - OID item 01 00 00 00 - price! 3) Char №2 give back to char №1 1 boughted item. (it’s look like char №1 - 4 items, and char №2 – 1 item) Next, char №1 make relog till the window , where we can choose character by which one we would like to login. NOW! For dupe we need in script. begin if FromClient and (pck[1]=#$03) then pck:=#$30 end.Open ph, "automatisation" - "scripts", and add script.When you complete it, tick it. And log in by character №1 in game. Yoy must see something like this. Char officially not in game. But we online.There is 1 minus – we couldn’t move , but we could sit on selling and write to PM. Stay to selling Donate Coins, and together you mus add any item (for exaple Tutorial Guide book). Sit down to offline trade. Open new window of Lineage 2. Log in to charecter №1. Enter till CHOOSING OF CHAR! Turn off the script in L2phx. And log in game. (After log in you will get invisible + antitarget) Now let’s configurate catched packet(On chars on which I make test , I have char №1 - 8199 Don.Coin, char №2 – 1 Don.Coin) Was: 79 46 92 03 10 01 00 00 00 66 B8 04 10 01 00 00 00 01 00 00 00 Will be 79 46 92 03 10 01 00 00 00 66 B8 04 10 06 20 00 00 01 00 00 00 06 20 00 00 - 8198 Donate Coins We will buy all items -1 ! Send it , and we will seen: Char №2purchase items from char№1) but in window with char №2 we wouldn’t see that we bought something… http://i003.radikal.ru/1108/9b/5af525b85dd8.jpg[/img] ------------------------------------------------------------------------------------------------------------------------------------ Washing off: On every char we must delete by 1 item and Importand! 1stly by char №1 , and after by char №2 make relog. Enter in game , and we will see that items - DUPED. ------------------------------------------------------------------------------------------------------------------------------------ By this way you can dupe - items, which can be traded. Weapon (tide off :drawing CA- drawing out СА), and parts of А armor (Seald – unseald ) ------------------------------------------------------------------------------------------------------------------------------------ Bypassing FIX, if on server offline trade with command .offline or smt. else: 1 - Char №2 must write in game (NOT sitting in trading!!!!) command of offline selling. Catch packet(for example such packet 74 00 00 00 00 01 00 00 00 25 11 0B 10 01 00 00 00 01 00 00 00 ) 2 Char №1 enter in game with script. And sit on selling. But instead of writing command of offline trade , we must send PACKET! Also we could use it, if for offline trade on server used scrolls. Catch packe and..by steps. ************************************************** ****************************** ************************** Adena dupe Meaning the same.Also this script and other. BUT! In this case we will sit on offline BUYING! NOT SELLING!! We have : Char A and Char On char А --- 1кк adena +++ 1к of arrows On char Б --- minimum adena and 2 orrows Char А must sit on buying ARROWS (ON BUYING!!!!) 999к999 aden Char B sell him 1 arrow. Char Б give back 999к999 aden to char А Char А make relog, enter in game with script. Sit on offline trade buying 1 arrow per 999к999. Next enter to the game by fake char. Char B send packet . Washing off by the same way. Char А delete 1 adena, and char B delete 1 adena. RELOG and voila –adena is duped!!. (Working everywhere , where offline trade!!!!! 99% of server is work!) (In case , when you enter in game with this script , you get black window, what to do? Solution: Send the packet on buying\selling 74 00 00 00 00 01 00 00 00 68 62 18 40 01 00 00 00 01 00 00 00 Tested on lin2crazy.ru online 1к There is video : http://adf.ly/4Qjqb this is not how dupe is going on :)
Pere Posted September 24, 2014 Posted September 24, 2014 For admins who have custom shits to trade items, you're still vulnerable to this. There are 2 different fixes to that, only 1 should be enough but of course I applied both: Part 1: This works only with stackable items, and that's because when someone trades all of one stackable item to someone who doesn't have it, the item instance is just moved. That's error-prone, up to the point in which someone can cheat the server and make it believe that the same item exists in 2 different inventories. For stackable items that's too risky, so let's just avoid it. Look for a line of code like this in ItemContainer.java: // If possible, move entire item object if (sourceitem.getCount() == count && targetitem == null) and change it to: // If possible, move entire item object if (sourceitem.getCount() == count && targetitem == null && !sourceitem.isStackable()) That way we will always destroy the original item and create a new one (only if it's stackable), which makes sure that the object id is "refreshed" and cannot be used afterwards, so even if you don't apply the part 2 fix nothing bad should be happening. Part 2: This depends entirely on your custom code. Just make sure to check every single item movement with the l2j function L2PcInstance.checkItemManipulation(int objectId, long count, String action). If it returns null that means that the player who is trying to use the item with the given object id shouldn't be able to, so just abort the code (log cheat attempt and return). So even if someone got to make our server believe that the same item is in 2 different inventories, every single item knows who is its owner, so one of both cannot be its owner, so this checks returns null and he's detected ;) I hope that helps!
Pere Posted November 19, 2014 Posted November 19, 2014 Not working your fix I wouldn't have posted this here without having tested it by myself. Try harder or care to elaborate.
Ayami- Posted January 22, 2015 Posted January 22, 2015 (edited) For admins who have custom shits to trade items, you're still vulnerable to this. There are 2 different fixes to that, only 1 should be enough but of course I applied both: Part 1: This works only with stackable items, and that's because when someone trades all of one stackable item to someone who doesn't have it, the item instance is just moved. That's error-prone, up to the point in which someone can cheat the server and make it believe that the same item exists in 2 different inventories. For stackable items that's too risky, so let's just avoid it. Look for a line of code like this in ItemContainer.java: // If possible, move entire item object if (sourceitem.getCount() == count && targetitem == null) and change it to: // If possible, move entire item object if (sourceitem.getCount() == count && targetitem == null && !sourceitem.isStackable()) That way we will always destroy the original item and create a new one (only if it's stackable), which makes sure that the object id is "refreshed" and cannot be used afterwards, so even if you don't apply the part 2 fix nothing bad should be happening. Part 2: This depends entirely on your custom code. Just make sure to check every single item movement with the l2j function L2PcInstance.checkItemManipulation(int objectId, long count, String action). If it returns null that means that the player who is trying to use the item with the given object id shouldn't be able to, so just abort the code (log cheat attempt and return). So even if someone got to make our server believe that the same item is in 2 different inventories, every single item knows who is its owner, so one of both cannot be its owner, so this checks returns null and he's detected ;) I hope that helps! Your fix works and thank you! Edited January 22, 2015 by Ayami-
DeMeNs0s Posted March 12, 2015 Posted March 12, 2015 (edited) begin if FromClient and (pck[1]=#$03) then pck:=#$30 end. Could someone explain what that code does? Edited March 12, 2015 by DeMeNs0s
koksas Posted March 22, 2015 Posted March 22, 2015 Tested. In l2java.com works. More servers someone know where it working ?
LordRailan Posted May 20, 2015 Posted May 20, 2015 Any video to explain better? I trying to do this in a server without protection, and fail
xblablax Posted April 16, 2016 Posted April 16, 2016 when i'm doing the re-log, i see black screen, but i can't see my char...
Recommended Posts