Help Automatic verify and ban unauthorized skills - L2JFrozen

[dextroy]

Hello, i need some help if anyone know:

 

I have a multiskill server (L2JFrozen rev) and I've recently had some hacker enter my server and he was able to learn monster passive skills/active skills and some skills that aren't in any character skill tree, like valakas buff, super haste, etc.

 

Since it happened i activated the AllowedSkills function (plus also activating it on the Protected folder CheckSkillsOnEnter), and added on the list only the character skills on the list (1-500 and 1000-1500), however, the function doesn't seem to be working.

 

Is there a way a can put a verification on L2PcInstance or some other java instance to automatically ban player/delete skills between 3000-7000 or something like that? My source code already has something like this (i'll be posting below), but it doesn't seem to be working (i tested with another character and nothing happened to it).

 

	/**
	 * check player skills and remove unlegit ones (excludes hero, noblesse and cursed weapon skills).
	 */
	public void checkAllowedSkills()
	{
		boolean foundskill = false;
		if (!isGM())
		{
			Collection<L2SkillLearn> skillTree = SkillTreeTable.getInstance().getAllowedSkills(getClassId());
			// loop through all skills of player
			for (final L2Skill skill : getAllSkills())
			{
				final int skillid = skill.getId();
				// int skilllevel = skill.getLevel();
				
				foundskill = false;
				// loop through all skills in players skilltree
				for (final L2SkillLearn temp : skillTree)
				{
					// if the skill was found and the level is possible to obtain for his class everything is ok
					if (temp.getId() == skillid)
					{
						foundskill = true;
					}
				}
				
				// exclude noble skills
				if (isNoble() && skillid >= 325 && skillid <= 397)
				{
					foundskill = true;
				}
				
				if (isNoble() && skillid >= 1323 && skillid <= 1327)
				{
					foundskill = true;
				}
				
				// exclude hero skills
				if (isHero() && skillid >= 395 && skillid <= 396)
				{
					foundskill = true;
				}
				
				if (isHero() && skillid >= 1374 && skillid <= 1376)
				{
					foundskill = true;
				}
				
				// exclude cursed weapon skills
				if (isCursedWeaponEquiped() && skillid == CursedWeaponsManager.getInstance().getCursedWeapon(_cursedWeaponEquipedId).getSkillId())
				{
					foundskill = true;
				}
				
				// exclude clan skills
				if (getClan() != null && skillid >= 370 && skillid <= 391)
				{
					foundskill = true;
				}
				
				// exclude seal of ruler / build siege hq
				if (getClan() != null && (skillid == 246 || skillid == 247))
					if (getClan().getLeaderId() == getObjectId())
					{
						foundskill = true;
					}
				
				// exclude fishing skills and common skills + dwarfen craft
				if (skillid >= 1312 && skillid <= 1322)
				{
					foundskill = true;
				}
				
				if (skillid >= 1368 && skillid <= 1373)
				{
					foundskill = true;
				}
				
				// exclude sa / enchant bonus / penality etc. skills
				if (skillid >= 3000 && skillid < 7000)
				{
					foundskill = true;
				}
				
				// exclude Skills from AllowedSkills in options.properties
				if (Config.ALLOWED_SKILLS_LIST.contains(skillid))
				{
					foundskill = true;
				}
				
				// exclude Donator character
				if (isDonator())
				{
					foundskill = true;
				}
				
				// exclude Aio character
				if (isAio())
				{
					foundskill = true;
				}
				
				// remove skill and do a lil LOGGER message
				if (!foundskill)
				{
					removeSkill(skill);
					
					if (Config.DEBUG)
					{
						// sendMessage("Skill " + skill.getName() + " removed and gm informed!");
						LOGGER.warn("Character " + getName() + " of Account " + getAccountName() + " got skill " + skill.getName() + ".. Removed!"/* + IllegalPlayerAction.PUNISH_KICK */);
						
					}
				}
			}
			
			// Update skill list
			sendSkillList();
			
			skillTree = null;
		}
	}
	

 

 

[Zake]

Imho, you should detect the source of the problem rather than banning players. For example if skills are learned through a bypass, you should check if this bypass can be manipulated.

[dextroy]

14 minutes ago, Zake said:

Imho, you should detect the source of the problem rather than banning players. For example if skills are learned through a bypass, you should check if this bypass can be manipulated.

I don't disagree, but the thing is, i don't keep up with L2 hacks, was never interested in them, i always played legit, so i don't truly understand how the bypass is done. And i've had my server up for a few months, this was clearly not a mistake and an intentional hack.

 

If you have any suggestions as to how i could detect the source of the problem and how i could protect my server i'm happy to try/look up, but having a check for those skills on players and having an automatic ban seems like an easier solution.

 

Keep in mind i'm not really a programmer/developer, i'm more of an enthusiast, so i can understand the logic behind it and edit codes, but i don't know how to code it from scratch myself. That's why i'm asking for some support here.

[BruT]

if you have such common bugs in your server then what about the rest ?

[dextroy]

4 minutes ago, BruT said:

if you have such common bugs in your server then what about the rest ?

It's not a bug. It's someone hacking, there's a big difference. And if it's been up and running for months, clearly "the rest" is not an issue.

[Zake]

5 minutes ago, dextroy said:

I don't disagree, but the thing is, i don't keep up with L2 hacks, was never interested in them, i always played legit, so i don't truly understand how the bypass is done. And i've had my server up for a few months, this was clearly not a mistake and an intentional hack.

 

If you have any suggestions as to how i could detect the source of the problem and how i could protect my server i'm happy to try/look up, but having a check for those skills on players and having an automatic ban seems like an easier solution.

 

Keep in mind i'm not really a programmer/developer, i'm more of an enthusiast, so i can understand the logic behind it and edit codes, but i don't know how to code it from scratch myself. That's why i'm asking for some support here.

How do people learn skills in your server? Is this an npc/community board button? a client packet? Or they just add subclasses and get them automatically?

[BruT]

Just now, dextroy said:

It's not a bug. It's someone hacking, there's a big difference. And if it's been up and running for months, clearly "the rest" is not an issue.

this is what exactly bug means or glitch, and believe me the rest is scarier

[dextroy]

1 minute ago, Zake said:

How do people learn skills in your server? Is this an npc/community board button? a client packet? Or they just add subclasses and get them automatically?

No auto skill learned, it's learned thru the normal class masters.

 

There's this option on the L2JFrozen rev i use:

 

# Alternative skill learn rules:
# - all classes can learn all skills
# - skills of another class costs x2 SP
# - skills of another race costs x2 SP
# - skills of fighters/mages costs x3 SP
AltGameSkillLearn = True

 

This allow characters to go to any master/magister, as long as they have the level/sp and it's on the class skill tree, they can learn. But Super Haste/Valakas Buff/Zariche passive buffs and others aren't on the database list, so they would certainly not appear on any class master without some sort of hacking (and i've already checked them all).

3 minutes ago, BruT said:

this is what exactly bug means or glitch, and believe me the rest is scarier

Well, "believing" in you doesn't exactly help me sort the issue, does it? Do you have any information you can provide to assist? Otherwise it just feels like you came here to boast for no reason other than trying to be arrogant.

[BruT]

12 minutes ago, dextroy said:

No auto skill learned, it's learned thru the normal class masters.

 

There's this option on the L2JFrozen rev i use:

 

# Alternative skill learn rules:
# - all classes can learn all skills
# - skills of another class costs x2 SP
# - skills of another race costs x2 SP
# - skills of fighters/mages costs x3 SP
AltGameSkillLearn = True

 

This allow characters to go to any master/magister, as long as they have the level/sp and it's on the class skill tree, they can learn. But Super Haste/Valakas Buff/Zariche passive buffs and others aren't on the database list, so they would certainly not appear on any class master without some sort of hacking (and i've already checked them all).

Well, "believing" in you doesn't exactly help me sort the issue, does it? Do you have any information you can provide to assist? Otherwise it just feels like you came here to boast for no reason other than trying to be arrogant.

not rly, the thing is that noone here can help you without checking your source and you probly have some sort of custom code which is causing the bug.

 

i myself know atleast few critical bugs on frozen which can literally destroy your server and you wont even realise and its up to you if u want to believe it or not.

Edited January 10, 2022 by BruT

[dextroy]

Just now, BruT said:

not rly, the thing is that noone here can help you without checking your source, you probly have some sort of custom code which is causing the bug, its like to ask someone to fix your car from range.

Well, it's one of the latest L2JFrozen rev as i stated on my initial post. I got it a while ago so i don't remember exactly, possibly the 1132 version. It's Interlude. I've got a clear revision without customizations active so i could make the changes i wanted myself. And i did make a few, but no changes regarding the learn skill process itself, so it's the same as any L2JFrozen Interlude revision.

 

If there are parts of my source code you'd like to see that could help, i'd gladly post them, but clearly you don't expect me to come here and post the entirety of my source code when asking for help on an specific issue, right?

 

Anyway, here's an equivalent of the source code, taken directly from l2frozen website:

http://subversion.assembla.com/svn/L2jFrozenInterlude/trunk/gameserver/head-src/com/l2jfrozen/gameserver/model/actor/instance/L2PcInstance.java

 

I posted the L2PcInstance but the directory is there, and the others are pretty much alike.

 

If you know where in there i could look to fix this, then the help would be appreciated.

[BruT]

there is nothing related to your issue in l2pcinstance, its probly somewhere else and btw can you see these skills in sql?

Edited January 10, 2022 by BruT

[dextroy]

1 minute ago, BruT said:

there is nothing related to your issue in l2pcinstance, its probly somewhere else and btw can you see their skills added in their character skill list in sql?

Already did.

 

3132 
3599 
3603 
3629
4108
4136 
4173
4303
4304 
4318 
4341 
4409
4410 
4412 
4413 
4680 
7029

[BruT]

1 minute ago, dextroy said:

Already did.

 

3132 
3599 
3603 
3629
4108
4136 
4173
4303
4304 
4318 
4341 
4409
4410 
4412 
4413 
4680 
7029

but its in their skill list?

[dextroy]

1 minute ago, BruT said:

but its in their skill list?

Yes.

[BruT]

so i guess unless someone experienced this issue nobody can help you without checking your source, you may keep asking for help but it would be faster if someone check it

Edited January 10, 2022 by BruT

[dextroy]

11 minutes ago, BruT said:

so i guess unless someone experienced this issue nobody can help you without checking your source

Again, it's not a server-side mistake. You talk about checking my source, the source code i already posted on my previous reply if that would help it's there. The L2JFrozen one, it's the same thing:

http://subversion.assembla.com/svn/L2jFrozenInterlude/trunk/gameserver

 

Someone used some type of hack bypass to inject themselves with those skills. How? I don't know, i'm not a hacker.

 

And again, i'm not even asking to find the root of the issue. If there's a way to add an extra layer of security that wouldn't be complicated like a gameguard, or a simple way to find it, what a bonus. But I'm asking for a simple solution in the form of a code:

If a non GM player have those skills learned on their character skill list, they get banned. It's easier to unban later (if it was some sort of mistake) than allowing them exploit for whatever time until i find them exploting and manually ban. That shouldn't be something so complicated. 

 

Which would possibly look something like the line from the code on my first post:

if (skillid >= 3000 && skillid < 7000)
 {
  foundskill = true;
 }

 

I just don't know where i'd add it or how to code it to make it automatic.

Edited January 10, 2022 by dextroy