Small anti-cheat idea

[PenguinGuys]

I started to look into the MZFile::Open function, and decided to look into what Linear88 & Guy said on the Innovation thread.

Also, for Gunz's loading time before the Login screen, it reads system.mrs many times. It increases loading time greatly. The fix would be creating your own file system.

Or just caching it....................

Unless you meant "filesystem" - in which case, a whole new FS isn't necessary.

Looking for commands in OllyDbg that calls MZFile::Open, I found CheckFileList and thought of an idea.

CheckFileList

000002c6, bool __cdecl CheckFileList(void)
FuncDebugStart :   static, [0x00087359][0x0001:0x00086359]
FuncDebugEnd   :   static, [0x000875d5][0x0001:0x000865d5]
Data           :   ebp Relative, [0xfffffaa4], Local, Type: class MXmlDocument, aXml
Data           :   ebp Relative, [0xfffffab0], Local, Type: class MZFileSystem *, pfs
Data           :   ebp Relative, [0xfffffee8], Local, Type: char[0x100], szTagName
Data           :   ebp Relative, [0xfffffa98], Local, Type: class MXmlElement, aParent
Data           :   ebp Relative, [0xfffffa90], Local, Type: class MXmlElement, aChild
Data           :   ebp Relative, [0xfffffab8], Local, Type: class MZFile, mzf
Data           :   ebp Relative, [0xfffffde8], Local, Type: char[0x100], szCrc32
Data           :   ebp Relative, [0xfffffce8], Local, Type: char[0x100], szContents
Data           :   ebp Relative, [0xfffffaa0], Local, Type: unsigned int, crc32_current

When this function starts, and it does catch a file with a mis-matched crc, have it set a "tick" in like an array or w/e. After the user logs in, have it store their username, and execute a .php script that will ban the user or w/e. (The tick is used to remember there was a mis-matched crc.) Though, you would have to make it not close GunZ or have any other adnormal effects.

This can help prevent users from editing "system.mrs", and have them banned also.

Discuss.

 

[ThePhailure772]

No need to add PHP in here, hell just write a proxy like I did, lol. Also, anti-cheat side, here's a list of banned packets you should use:

            m_dOperation.Add(0x3E9,  Hacks.OnBannedPacket);
            m_dOperation.Add(0x9C41, Hacks.OnBannedPacket);
            m_dOperation.Add(0x9C42, Hacks.OnBannedPacket);
            m_dOperation.Add(0x9C43, Hacks.OnBannedPacket);
            m_dOperation.Add(0x9C44, Hacks.OnBannedPacket);
            m_dOperation.Add(0xC351, Hacks.OnBannedPacket);
            m_dOperation.Add(0xC352, Hacks.OnBannedPacket);
            m_dOperation.Add(0xC353, Hacks.OnBannedPacket);
            m_dOperation.Add(0xC354, Hacks.OnBannedPacket);
            m_dOperation.Add(0xC355, Hacks.OnBannedPacket);
            m_dOperation.Add(0xC356, Hacks.OnBannedPacket);
            m_dOperation.Add(0xC357, Hacks.OnBannedPacket);
            m_dOperation.Add(0xC358, Hacks.OnBannedPacket);
            m_dOperation.Add(0xC359, Hacks.OnBannedPacket);
            m_dOperation.Add(0x1F41, Hacks.OnBannedPacket);
            m_dOperation.Add(0x1B5D, Hacks.OnBannedPacket);
            m_dOperation.Add(0x791E, Hacks.OnBannedPacket);
            m_dOperation.Add(0x792C, Hacks.OnBannedPacket);
            m_dOperation.Add(0x7D18, Hacks.OnBannedPacket);
            m_dOperation.Add(0x7D19, Hacks.OnBannedPacket);
            m_dOperation.Add(0x7D20, Hacks.OnBannedPacket);
            m_dOperation.Add(0x7D21, Hacks.OnBannedPacket);
            m_dOperation.Add(0x7D22, Hacks.OnBannedPacket);
            m_dOperation.Add(0x7D23, Hacks.OnBannedPacket);
            m_dOperation.Add(0x7D24, Hacks.OnBannedPacket);
            m_dOperation.Add(0x7D25, Hacks.OnBannedPacket);
            m_dOperation.Add(0x7D26, Hacks.OnBannedPacket);
            m_dOperation.Add(0x7D27, Hacks.OnBannedPacket);
            m_dOperation.Add(0x7D28, Hacks.OnBannedPacket);
            m_dOperation.Add(0x7D29, Hacks.OnBannedPacket);
            m_dOperation.Add(0x7D2A, Hacks.OnBannedPacket);
            m_dOperation.Add(0x7D2B, Hacks.OnBannedPacket);

Also, check if 3EA is sent from server or client. Server = Legit, Client = Kore.

 

[PenguinGuys]

Wow, thanks Phail!
Although, I'm still learning about networking, still on basics such as creating a socket..
Those are from the protocol of GunZ, correct?

 

[ThePhailure772]

Yes, they are from the protocol.

Force Create Stage Patch:

using System;
using Envy.Core;
using Envy.Prototypes;

namespace Envy.Packets.Handlers
{
    class Stage
    {
        public static GunzPacket OnStageCreate(ProxyConnection pClient, GunzPacket pPacket, bool bClient)
        {
            MUID uidChar = new MUID();

            if (!pPacket.Read(ref uidChar))
            {
                LogManager.Write(LogLevel.Error, "[{0}]Invalid packet sent.", pClient.m_szClientIP);
                pClient.Disconnect();
                return null;
            }
            if (uidChar.uidHigh == pClient.m_uidPlayer.uidHigh)
                return pPacket;
            
            LogManager.Write(LogLevel.Error, "[{0}]Force Stage Create Detected.", pClient.m_szClientIP);
            pClient.Disconnect();
            Database.getQuery(string.Format("UPDATE Account SET UGradeID=253 WHERE AID={0}", pClient.m_nAID));
            return null;
        }
    }
}

 

[CrashPoint]

Keep Discussing pls

 

[Brandon-Bmx]

Wow man.
Phail you have given out a lot of helpful information here!
Thanks for sharing