Help Automatic verify and ban unauthorized skills - L2JFrozen

dextroy · January 10, 2022

Hello, i need some help if anyone know:

I have a multiskill server (L2JFrozen rev) and I've recently had some hacker enter my server and he was able to learn monster passive skills/active skills and some skills that aren't in any character skill tree, like valakas buff, super haste, etc.

Since it happened i activated the AllowedSkills function (plus also activating it on the Protected folder CheckSkillsOnEnter), and added on the list only the character skills on the list (1-500 and 1000-1500), however, the function doesn't seem to be working.

Is there a way a can put a verification on L2PcInstance or some other java instance to automatically ban player/delete skills between 3000-7000 or something like that? My source code already has something like this (i'll be posting below), but it doesn't seem to be working (i tested with another character and nothing happened to it).

	/**
	 * check player skills and remove unlegit ones (excludes hero, noblesse and cursed weapon skills).
	 */
	public void checkAllowedSkills()
	{
		boolean foundskill = false;
		if (!isGM())
		{
			Collection<L2SkillLearn> skillTree = SkillTreeTable.getInstance().getAllowedSkills(getClassId());
			// loop through all skills of player
			for (final L2Skill skill : getAllSkills())
			{
				final int skillid = skill.getId();
				// int skilllevel = skill.getLevel();
				
				foundskill = false;
				// loop through all skills in players skilltree
				for (final L2SkillLearn temp : skillTree)
				{
					// if the skill was found and the level is possible to obtain for his class everything is ok
					if (temp.getId() == skillid)
					{
						foundskill = true;
					}
				}
				
				// exclude noble skills
				if (isNoble() && skillid >= 325 && skillid <= 397)
				{
					foundskill = true;
				}
				
				if (isNoble() && skillid >= 1323 && skillid <= 1327)
				{
					foundskill = true;
				}
				
				// exclude hero skills
				if (isHero() && skillid >= 395 && skillid <= 396)
				{
					foundskill = true;
				}
				
				if (isHero() && skillid >= 1374 && skillid <= 1376)
				{
					foundskill = true;
				}
				
				// exclude cursed weapon skills
				if (isCursedWeaponEquiped() && skillid == CursedWeaponsManager.getInstance().getCursedWeapon(_cursedWeaponEquipedId).getSkillId())
				{
					foundskill = true;
				}
				
				// exclude clan skills
				if (getClan() != null && skillid >= 370 && skillid <= 391)
				{
					foundskill = true;
				}
				
				// exclude seal of ruler / build siege hq
				if (getClan() != null && (skillid == 246 || skillid == 247))
					if (getClan().getLeaderId() == getObjectId())
					{
						foundskill = true;
					}
				
				// exclude fishing skills and common skills + dwarfen craft
				if (skillid >= 1312 && skillid <= 1322)
				{
					foundskill = true;
				}
				
				if (skillid >= 1368 && skillid <= 1373)
				{
					foundskill = true;
				}
				
				// exclude sa / enchant bonus / penality etc. skills
				if (skillid >= 3000 && skillid < 7000)
				{
					foundskill = true;
				}
				
				// exclude Skills from AllowedSkills in options.properties
				if (Config.ALLOWED_SKILLS_LIST.contains(skillid))
				{
					foundskill = true;
				}
				
				// exclude Donator character
				if (isDonator())
				{
					foundskill = true;
				}
				
				// exclude Aio character
				if (isAio())
				{
					foundskill = true;
				}
				
				// remove skill and do a lil LOGGER message
				if (!foundskill)
				{
					removeSkill(skill);
					
					if (Config.DEBUG)
					{
						// sendMessage("Skill " + skill.getName() + " removed and gm informed!");
						LOGGER.warn("Character " + getName() + " of Account " + getAccountName() + " got skill " + skill.getName() + ".. Removed!"/* + IllegalPlayerAction.PUNISH_KICK */);
						
					}
				}
			}
			
			// Update skill list
			sendSkillList();
			
			skillTree = null;
		}
	}

HyperBlown · January 10, 2022

7 minutes ago, dextroy said:

Alright, in the meantime i was testing l2phx with my previous code. And it also seems like my protection worked. I used it's injection to learn Super Haste and got this:

So i'll use your code that fits plus the one i added previously. I guess this should fix this particular issue.

Additionally, would you know how i could make it create a simple log file, or add it's messages to the server log? This way i can keep up with players that are trying to exploit the server easily, because as of it is, there's no logs being generated, just kicking out.

You can check how other logs are made.
If your issue has been resolved, please lock the topic or will assume it is and close it later.

Edited January 10, 2022 by HyperBlown

dextroy · January 10, 2022

Ok fine, thanks for the support, with all the information i think i can make a plausible solution.

@melron I did read all of your post, i appreciate the information and the lesson. But about what you said in the beginning: the code may have breaches? Yeah, it might, but it's still essentially a 3rd party programming sending information it's NOT supposed to be sent to the server, so it is hacking, you just prefer to interprete as codes and lines, which is essentially what everything on the internet is.

As for paying, then what's the point of having a "Free" Forum with a Help section if you lot don't wanna help whatsoever?

Why the heck are you "mods" or whatever role you have are so dissatisfied having to reply what's supposed to be a "Free" forum?

I get not wanting to help, maybe thinking the question is simple for you, but if you don't want to, then skip. If you want to be paid, then talk to the Forum owners to make this a paid section.

But why do you lot feel the need to come here to say "you're wrong, you know nothing, what you use is shit, i'm superior, bla bla"?

Ya'll need to chill, so much arrogance from you lot over a question.

For whoever it fits: If you're so dissatisfied with a question but still feel the need to come out and say things like that, here's a tip: the problem ain't with me.

Feel free to close the thread. Peace

melron · January 10, 2022

2 minutes ago, dextroy said:

Ok fine, thanks for the support, with all the information i think i can make a plausible solution.

@melron I did read all of your post, i appreciate the information and the lesson. But about what you said in the beginning: the code may have breaches? Yeah, it might, but it's still essentially a 3rd party programming sending information it's NOT supposed to be sent to the server, so it is hacking, you just prefer to interprete as codes and lines, which is essentially what everything on the internet is.

As for paying, then what's the point of having a "Free" Forum with a Help section if you lot don't wanna help whatsoever?

Why the heck are you "mods" or whatever role you have are so dissatisfied having to reply what's supposed to be a "Free" forum?

I get not wanting to help, maybe thinking the question is simple for you, but if you don't want to, then skip. If you want to be paid, then talk to the Forum owners to make this a paid section.

But why do you lot feel the need to come here to say "you're wrong, you know nothing, what you use is shit, i'm superior, bla bla"?

Ya'll need to chill, so much arrogance from you lot over a question.

For whoever it fits: If you're so dissatisfied with a question but still feel the need to come out and say things like that, here's a tip: the problem ain't with me.

Feel free to close the thread. Peace

From all the things i said, thats your final answer?

Quote

I get not wanting to help, maybe thinking the question is simple for you, but if you don't want to, then skip. If you want to be paid, then talk to the Forum owners to make this a paid section.

Why so much hate mate?

I didn't want to offend you but i'll answer your questions.

The forum doesn't have any "Free codes" section but instead, a help section. When ever you receiving a help by a hint or by a single line of code and then you have to complete by your own, you writing im not dev. So what? You are just want the rest of the code! So what? You are just want the full code. I don't really care, i always providing codes here and there, but i can't see someone who asking for help in a help section and not on FREE CODE SECTION and saying give me the solution.

As for paying, what's wrong with that? What's wrong to give some bucks (probably 2 euro was that) and clean your head with all these shits? What's wrong to prove your self that you respect some people who knows better a few things that you don't? Ok now, you got what you want TWICE.

BruT · January 10, 2022

@melron is the last guy in this forum who would need your silly 5 usds which u cant even afford, this bug will probly take him seconds to figure out and max 5 mins to fix

actually you arent asking for a help because u have no idea what to do with the info you get, but u are asking someone to fix it for you for free.

Edited January 10, 2022 by BruT

HyperBlown · January 11, 2022

Taking in consideration that the post question has been answered I will be closing the topic. If the owner wants to unlock, he can do it so.

Help Automatic verify and ban unauthorized skills - L2JFrozen

Question

dextroy

50 answers to this question

Recommended Posts

HyperBlown

dextroy

melron

BruT

HyperBlown

AchYlek

Posts

Topics

Browse

Activity

Store