Jump to content

Recommended Posts

Posted (edited)

as the title says this bug causes massive critical errors to everyone online, no clue will be given here, can be used to boot top servers.

i can guarantee that no server has protection for it yet.

also offering a protection(fix) against it.

Edited by BruT
Posted

Is it the same with the old chat exploit? There were scripts for l2net and phx tho people just forgot about it and some servers fixed it.

Posted (edited)

It means it has to be doable from client side, right? The set crest packet (as far as i remember) is just a byte array of constant size. What can go wrong here?

Actaully it is just a unbound byte array both for clan and ally, just checked.

A video proof would be fun to watch :)

Edited by Szakalaka
Posted
41 minutes ago, Szakalaka said:

It means it has to be doable from client side, right? The set crest packet (as far as i remember) is just a byte array of constant size. What can go wrong here?

Actaully it is just a unbound byte array both for clan and ally, just checked.

A video proof would be fun to watch :)

i tried it by changing _data = new byte[_length]; to   _data = "testtests".getBytes();  in clientpacket>RequestSetPledgeCrest 

when uploading crest it just doesnt appear instad of crashing

i prob missing something but if i were to test if this exploit works or not is this the correct approach or (if it works by changing packet on server side it would work if i change it on client?)

Posted (edited)
8 hours ago, Fyyre said:

Guild crest exploit.  Sending of malformed image, cause critical error for other players.

But a guild crest exploit cannot be broadcast-ed to the world, only to it's known list of players. Also as i heard it affects servers with global chat, and there was a l2net script that allowed the crash on shout range.

 

MXC Share: 

 

l2Net ref: 

 

 

Hmmm wat? when did i fix that?

 

Edited by Setekh
Posted (edited)

Can be fixed in client by writing single jmp on the right place (d3ddrv.dll)

EDIT: BTW does anyone have link and/or more info for that chat message crash? (link in the topic points to rapidshare which doesn't exist anymore)

Edited by eressea
Posted
2 hours ago, Fyyre said:

Validate the DDS header for Crest on server side.

Best practise would be fixing both server and client side, that way you can give players fix without server restart and later apply server fix during regular restart :)

Posted

author said "massive" = effect is not always triggered right away

and "to everyone online" = affects everyone

that's lot of info to narrow search to just few possible packets

 

crest seems reasonable, but it could be anything else, client is full of hardcoded constrains :P

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...