Jump to content
MaxCheaters Official Group on X
MaxCheaters Official Group on Discord
--> Place your ad text here <--

WTS a massive critical error bug or fix

BruT

By BruT
in Hacks & Cheats [English]

 Share

Recommended Posts

BruT Proficient

BruT

Posted
Posted (edited)

as the title says this bug causes massive critical errors to everyone online, no clue will be given here, can be used to boot top servers.

i can guarantee that no server has protection for it yet.

also offering a protection(fix) against it.

Edited by BruT
Setekh Apprentice

Setekh

Posted
Posted

Is it the same with the old chat exploit? There were scripts for l2net and phx tho people just forgot about it and some servers fixed it.

Szakalaka Newbie

Szakalaka

Posted
Posted (edited)

It means it has to be doable from client side, right? The set crest packet (as far as i remember) is just a byte array of constant size. What can go wrong here?

Actaully it is just a unbound byte array both for clan and ally, just checked.

A video proof would be fun to watch :)

Edited by Szakalaka
GLO Contributor

GLO

Posted
Posted
41 minutes ago, Szakalaka said:

It means it has to be doable from client side, right? The set crest packet (as far as i remember) is just a byte array of constant size. What can go wrong here?

Actaully it is just a unbound byte array both for clan and ally, just checked.

A video proof would be fun to watch :)

i tried it by changing _data = new byte[_length]; to   _data = "testtests".getBytes();  in clientpacket>RequestSetPledgeCrest 

when uploading crest it just doesnt appear instad of crashing

i prob missing something but if i were to test if this exploit works or not is this the correct approach or (if it works by changing packet on server side it would work if i change it on client?)

Setekh Apprentice

Setekh

Posted
Posted (edited)
8 hours ago, Fyyre said:

Guild crest exploit.  Sending of malformed image, cause critical error for other players.

But a guild crest exploit cannot be broadcast-ed to the world, only to it's known list of players. Also as i heard it affects servers with global chat, and there was a l2net script that allowed the crash on shout range.

 

MXC Share: 

 

l2Net ref: 

 

 

Hmmm wat? when did i fix that?

 

Edited by Setekh
eressea Newbie

eressea

Posted
Posted (edited)

Can be fixed in client by writing single jmp on the right place (d3ddrv.dll)

EDIT: BTW does anyone have link and/or more info for that chat message crash? (link in the topic points to rapidshare which doesn't exist anymore)

Edited by eressea
eressea Newbie

eressea

Posted
Posted
2 hours ago, Fyyre said:

Validate the DDS header for Crest on server side.

Best practise would be fixing both server and client side, that way you can give players fix without server restart and later apply server fix during regular restart :)

AlmostGood Enthusiast

AlmostGood

Posted
Posted

author said "massive" = effect is not always triggered right away

and "to everyone online" = affects everyone

that's lot of info to narrow search to just few possible packets

 

crest seems reasonable, but it could be anything else, client is full of hardcoded constrains :P

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing


  • Posts

    • Tryskell
      Multi route walker npc HELP

      By Tryskell · Posted

      Verify if following is supposed to be the way to handle movement npc.getAI().setIntention(CtrlIntention.AI_INTENTION_MOVE_TO, new Location(point.getX(), point.getY(), point.getZ())); For me, it's not enough. And if it's the case, whole AI system is probably buggy.
    • SmurfsZone
      SmurfsZone: Your Best Source for League of Legend

      By SmurfsZone · Posted

      This is a  bump
    • reacheap
      wtt harbor 1x for l2reborn 10x new

      By reacheap · Posted

      hello, i want to wtt my charracter in l2elmorelab 1x harbor for 1.5kkk adena in l2reborn 10x new. Or if you interested tell me your offer. :)) Clean Mail 30 lvl Cleric Naked   Updated.
    • Starfire868686
      Multi route walker npc HELP

      By Starfire868686 · Posted

      package ai.npc.NFWalker; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Random; import l2r.gameserver.enums.CtrlIntention; import l2r.gameserver.model.Location; import l2r.gameserver.model.actor.L2Npc; import l2r.gameserver.model.quest.Quest; import l2r.gameserver.network.clientpackets.Say2; import l2r.gameserver.network.serverpackets.NpcSay; public class NFWalkerAI extends Quest { private static final int WALKER_NPC_ID = 20116; private final Map<String, Route> routes = new HashMap<>(); private final Map<Integer, Integer> npcIndexes = new HashMap<>(); private final Map<Integer, Boolean> npcReverse = new HashMap<>(); private final Map<Integer, String> npcCurrentRoute = new HashMap<>(); public NFWalkerAI() { super(-1, NFWalkerAI.class.getSimpleName(), "ai/npc/NFWalker"); loadRoutes(); addSpawnId(WALKER_NPC_ID); } private void loadRoutes() { // Route 1 Data Route route1 = new Route("route1"); route1.addPoint(new RoutePoint(0, 149363, 172341, -941, 0, false, "")); route1.addPoint(new RoutePoint(1, 148568, 172328, -980, 5, true, "Puff")); route1.addPoint(new RoutePoint(2, 148536, 172792, -980, 0, false, "")); // Route 2 Data Route route2 = new Route("route2"); route2.addPoint(new RoutePoint(0, 149363, 172341, -941, 0, false, "")); route2.addPoint(new RoutePoint(1, 150248, 172328, -980, 5, true, "Rise my children! Bring me the servants of the god! Let them be offered to our god Bifrons!")); route2.addPoint(new RoutePoint(2, 150248, 172776, -980, 0, false, "")); // Add routes to the map routes.put("route1", route1); routes.put("route2", route2); } @Override public String onSpawn(L2Npc npc) { if (npc.getId() == WALKER_NPC_ID) { selectInitialRouteForNpc(npc); } return super.onSpawn(npc); } @Override public String onAdvEvent(String event, L2Npc npc, l2r.gameserver.model.actor.instance.L2PcInstance player) { if (event.equalsIgnoreCase("move")) { moveNpc(npc); } else if (event.equalsIgnoreCase("check_reached")) { checkIfReached(npc); } return null; } private void moveNpc(L2Npc npc) { String routeName = npcCurrentRoute.get(npc.getObjectId()); Route route = routes.get(routeName); Integer pointIndex = npcIndexes.get(npc.getObjectId()); if (route != null && pointIndex != null) { RoutePoint point = route.getPoints().get(pointIndex); if (point.isRun()) { npc.setRunning(); } else { npc.setWalking(); } if (!point.getChat().isEmpty()) { npc.broadcastPacket(new NpcSay(npc.getObjectId(), Say2.NPC_ALL, npc.getId(), point.getChat())); } npc.getAI().setIntention(CtrlIntention.AI_INTENTION_MOVE_TO, new Location(point.getX(), point.getY(), point.getZ())); // Log movement intention System.out.println("NPC " + npc.getObjectId() + " moving to " + point.getX() + ", " + point.getY() + ", " + point.getZ()); // Schedule a check to see if the NPC has reached its destination startQuestTimer("check_reached", 1000, npc, null); } } private void checkIfReached(L2Npc npc) { String routeName = npcCurrentRoute.get(npc.getObjectId()); Route route = routes.get(routeName); Integer pointIndex = npcIndexes.get(npc.getObjectId()); if (route != null && pointIndex != null) { RoutePoint point = route.getPoints().get(pointIndex); Location currentLocation = npc.getLocation(); Location targetLocation = new Location(point.getX(), point.getY(), point.getZ()); // Check if the NPC has reached the target location if (currentLocation.equals(targetLocation)) { // Log that the NPC has reached the target System.out.println("NPC " + npc.getObjectId() + " reached target " + targetLocation); // Schedule the next movement startQuestTimer("move", point.getDelay() * 1000, npc, null); if (!npcReverse.get(npc.getObjectId())) { pointIndex++; if (pointIndex >= route.getPoints().size()) { npcReverse.put(npc.getObjectId(), true); pointIndex = route.getPoints().size() - 1; } } else { pointIndex--; if (pointIndex < 0) { npcReverse.put(npc.getObjectId(), false); pointIndex = 0; // Choose a new route after completing the current one in both directions switchRouteForNpc(npc); return; } } npcIndexes.put(npc.getObjectId(), pointIndex); } else { // Check again after 1 second startQuestTimer("check_reached", 1000, npc, null); } } } private void selectInitialRouteForNpc(L2Npc npc) { // Randomly select either route1 or route2 String selectedRouteName = "route" + (new Random().nextInt(2) + 1); npcCurrentRoute.put(npc.getObjectId(), selectedRouteName); npcIndexes.put(npc.getObjectId(), 0); npcReverse.put(npc.getObjectId(), false); startQuestTimer("move", 5000, npc, null); // Log initial route selection System.out.println("NPC " + npc.getObjectId() + " selected initial route " + selectedRouteName); } private void switchRouteForNpc(L2Npc npc) { String currentRoute = npcCurrentRoute.get(npc.getObjectId()); String newRoute = currentRoute.equals("route1") ? "route2" : "route1"; npcCurrentRoute.put(npc.getObjectId(), newRoute); npcIndexes.put(npc.getObjectId(), 0); npcReverse.put(npc.getObjectId(), false); startQuestTimer("move", 5000, npc, null); // Log route switching System.out.println("NPC " + npc.getObjectId() + " switched to route " + newRoute); } private static class Route { private List<RoutePoint> points = new ArrayList<>(); public Route(String name) { } public void addPoint(RoutePoint point) { points.add(point); } public List<RoutePoint> getPoints() { return points; } } private static class RoutePoint { private int id; private int x, y, z, delay; private boolean run; private String chat; public RoutePoint(int id, int x, int y, int z, int delay, boolean run, String chat) { this.id = id; this.x = x; this.y = y; this.z = z; this.delay = delay; this.run = run; this.chat = chat; } public int getId() { return id; } public int getX() { return x; } public int getY() { return y; } public int getZ() { return z; } public int getDelay() { return delay; } public boolean isRun() { return run; } public String getChat() { return chat; } } } I looking for help, with this, the npc not start to move. Im trying to create, an NPC wich have multiple walk routes basic logic is  random pick a route complite the route  like Route 1 start form zero (0 -> 1 -> 2(or more) -> 1 -> 0) When the npc return to 0, the script should pic the other route and start again.  And if there is a message like point 1 here     "route1.addPoint(new RoutePoint(1, 148568, 172328, -980, 5, true, "Puff"));" The npc should display the chat message. Currently my problem is the npc not moving, but if I manage it to start moving its randomly move between the route 1 and 2 set of coordinates. Currently for me its  a nightmare. I hope anyone can help somhow.
    • SXorg
      Proxy Market SX.ORG for any task | Buy and sell IP quickly

      By SXorg · Posted

      We are certainly not an ambulance, but we will definitely cure you of blacklists and empty pockets. Live freely with SX! Each of you will receive a trial version of SX to familiarize yourself with the product, all you have to do is post in this thread

  • Topics

×
×
  • Create New...