Jump to content

Recommended Posts

Posted (edited)

I think I've fixed it  :) https://bitbucket.org/l2shrine/extender-public/commits/b52a4a15ebcab4567312b262f9518d42f796691f

 

EDIT: I've fixed last second of skill reuse time https://bitbucket.org/l2shrine/extender-public/commits/fc75623fc1c9a85d7d183f53098d8a4e99e1f53d

 

So what next?  :)

Edited by eressea
Posted

Checked over a few of my exts to see if there's any other bugs and came across 2 more, exploits more than bugs really as both require l2phx or the like (not sure if you've fixed these yet or not didn't check)

 

AppearingPacket sent before EnterWorldPacket (causes all kinds of havoc including a few dupes)

MultisellChoosePacket doesn't check whether you were ever sent the multisell id which you're trying to buy from, so you can buy from multisells which aren't in any npcs (debug/test multisells are the usual target) as well as quest multisells which require quests to access

Posted (edited)

Checked over a few of my exts to see if there's any other bugs and came across 2 more, exploits more than bugs really as both require l2phx or the like (not sure if you've fixed these yet or not didn't check)

 

AppearingPacket sent before EnterWorldPacket (causes all kinds of havoc including a few dupes)

MultisellChoosePacket doesn't check whether you were ever sent the multisell id which you're trying to buy from, so you can buy from multisells which aren't in any npcs (debug/test multisells are the usual target) as well as quest multisells which require quests to access

 

Thanks for info, I've fixed both already :)

So are you sure there is no other dupe/exploit/hack/server crashing packet? For example if client sends enchantType > 3, server crashes (already fixed this one, but I'm not sure whether there isn't something similar somewhere).

 

There was for example skill enchant exploit (race condition), when you drop book and immediatelly send RequestExEnchantSkill (via l2ph), it sometimes proceeds with enchant and still keeps the book on the ground so you can pick it back. So I've added some delays (for example you can't enchant skill 2 seconds after you drop item to ground - nothing that would affect normal playing but stops players from exploiting this). It's not perfect (2 second lag of server and you can still use it) but I still don't know how to fix it better.

 

Someone told me about some item dupe involving sin eater, someone told me about some fishing exploit - do you have any info on these?

 

Thanks a lot!

Edited by eressea
Posted

I tried to fish exploit with mac, no luck at all.

 

It was way too unreliable (we didnt manage it once)

 

I dont remember the steps well, but one would spam the fishing skill while the other drop/pick items to try to dupe or something close to it (only sure about the fishing skill part). Even setting the delay to 0 didnt make it happen.

Posted (edited)

Thanks for info, I've fixed both already :)

So are you sure there is no other dupe/exploit/hack/server crashing packet? For example if client sends enchantType > 3, server crashes (already fixed this one, but I'm not sure whether there isn't something similar somewhere).

 

There was for example skill enchant exploit (race condition), when you drop book and immediatelly send RequestExEnchantSkill (via l2ph), it sometimes proceeds with enchant and still keeps the book on the ground so you can pick it back. So I've added some delays (for example you can't enchant skill 2 seconds after you drop item to ground - nothing that would affect normal playing but stops players from exploiting this). It's not perfect (2 second lag of server and you can still use it) but I still don't know how to fix it better.

 

Someone told me about some item dupe involving sin eater, someone told me about some fishing exploit - do you have any info on these?

 

Thanks a lot!

Don't know anything about those but pretty much any npc interaction is one giant race condition because the AI relies on the inventory being valid which relies on the cached returning in a timely manner, but if you induce server lag and spam pretty much any npc function which does OwnItemCount-AddItem-DeleteItem the AI will think the item hasn't been deleted until the cached returns saying it has so you can get repeat rewards from an npc this way, there's a few l2server systems which are vulnerable to this issue also and the easiest solution is to prevent any methods of inducing server lag by players, the main one is packet delay filtering as spamming use/drop/delete/anything with items will hang the server pretty hard and make those kinda dupes as simple as spam clicking an html link

 

A better fix for RequestExEnchantSkill dupe would be to use a cached function to delete the book first and do the actual enchant on the cached reply packet once it's 100% known that the book is deleted

Edited by Anarchy
Posted

A better fix for RequestExEnchantSkill dupe would be to use a cached function to delete the book first and do the actual enchant on the cached reply packet once it's 100% known that the book is deleted

 

I'll have a look at it, thanks again! :)

Posted

with fishing it was some kind of trade (or drop) with -1 (or +1) count value (of bait i think) while guy was fishing (?), some kind of overflow i guess

there was youtube video with proof of concept and they hot fixed it on rpg, but can't really remember anything more

 

sin eater had something to do with pet inventory, but also don't remember more (it was discovered way later than GF leak)

Posted (edited)

Yep, overflow flooding, thanks! Tho, even setting the fishing skill to 0 delay didnt make it happen when testing.

 

Sin Eater was related to enchanting http://www.elitepvpers.com/forum/lin2-exploits-hacks-bots-tools-macros/455783-l2-enchant-bug-gracia-final.html

Edited by ericvini
Posted (edited)

Yep, overflow flooding, thanks! Tho, even setting the fishing skill to 0 delay didnt make it happen when testing.

 

Sin Eater was related to enchanting http://www.elitepvpers.com/forum/lin2-exploits-hacks-bots-tools-macros/455783-l2-enchant-bug-gracia-final.html

 

Can't reproduce / find anything...

 

Btw I've added autoloot system (needs testing!) https://bitbucket.org/l2shrine/extender-public/commits/487de8a1a97963156009f20f951f1a3cc48175bc

 

EDIT: Autoloot seems working fine for solo player. When in party, it doesn't work at all, I'll have to fix it

Edited by eressea
Posted (edited)

Keep up the good job eressea you are making progress. I wish I could help you aswell but i'm not good at coding :(

 

Thanks! You can help by testing it and/or giving ideas what to fix/change/add next... :)

Edited by eressea
Posted

well first should come the basic... meaning fixing any bugs and exploits...  offline shop would be a plus... aswell :D I will install gracia this weekend and try and help you :)

Posted

well first should come the basic... meaning fixing any bugs and exploits...  offline shop would be a plus... aswell :D I will install gracia this weekend and try and help you :)

 

All well-known exploits should be fixed. Offline shop seems working fine :) Try and let me know :)

 

 

NPC.exe no open for extend, l2server is closed ? error to fix ? 

 

have remendo for protocolo vesion 83 ? testing 87? 

 

I'm not sure if I understand what you mean.

NPC doesn't connect to l2server?

I don't have client for protocol 87 but it should work somehow (I've remapped some packets etc.) but it needs testing.

Posted (edited)

All well-known exploits should be fixed. Offline shop seems working fine :) Try and let me know :)

 

 

 

I'm not sure if I understand what you mean.

NPC doesn't connect to l2server?

I don't have client for protocol 87 but it should work somehow (I've remapped some packets etc.) but it needs testing.

Do not worry with gta2, he did not know what you're talking about kk it is br, confused as I .

Edited by Jamba

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.




×
×
  • Create New...