[Release] PT Protector Reloaded!

[Gregoo]

Many of you may know the excellent PT Protector tool made by DKK.
You may also know he decided to release his source code. I studied it and enhanced it (and kinda recoded everything from scratch cause meow-kind of variables are hard to deal with when there's alot of code =P)

So here it is, free of charge, PT Protector Reloaded! . I versioned it 1.3, since the previous version of PT Protector was 1.2.

It's kinda late and I gotta wake up early tomorrow, so I'm not putting any instruction here. But it's kinda easy to understand the tool.
Tomorrow I'll post more detail, instruction, screenshot and everything.

For now, it's just the archive...

Code:

+ pt_protector_reloaded_1_3.7z
`-- extra
| `-- error_list.txt : error masks based on what is inside kpt server
| `-- *.ocx : in case it asks for some OCX files
`-- lng : a translation to french (will detail later how to translate it)
`-- protector
| `-- error_alias.txt : alias
| `-- error_library.txt : error (loaded with some comon errors)
`-- pt_protector_reloaded_1_3.exe

For the error masks, the format is as follow
1. One action
- skip : skips the line if matched
- dc : kills all the connections from the ip if matched (requires %ip)
- ban : ban the account if matched (and disconnect if checked in the options) (requires %id and %ip)

2. The error line with identifiers
- %?? : Alias (?? = number)
- %d : Optional minus sign and digits (0-9)
- %u : Digits (0-9)
- %date : Date (special)
- %i : Integer (0-9 and minus sign)
- %id : Word(special)
- %ip : Word (special)
- %name : String(special)
- %s : String (ungreedy evalutation)
- %w : Word
- %* : Anything (greedy evaluation)

For %d and %u, you can defined a comparison value (positive value). For instance
- %d<100
- %d>100
- %d=100

For those understanding regular expressions, the identifiers are defined as follows :

Code:

%date	= [0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}
%name	= .+?
%id	= [^ ]+
%ip	= [^ ]+
%d	= -?\d+
%u	= \d+
%s	= .+?
%w	= [^ ]+
%*	= .+

[Prout]

[Reserved post =D]

[Gregoo]

[I'm reserving that too =P]

[DarkKnightH20]

VERY nice work :) This version is like PT Protector on steroids!

[BabolPriston]

Ver NICE!

Thanks you sir o_xxx

[OcuK]

why he banned all gm's and chars with 250+ abs , and dont ban speed hacker ?

[brunomomesso]

How do I set PTProtector? exactly

[OcuK]

he banned by logs ? he need check information from logs ?

[bobsobol]

That is how PT Protector has always worked.

The reason many hacks aren't in the defaults (I presume) is that the minimum and maximum threshold for "legitimate" play will depend greatly on the def, abs, spd, exp rates you configure in your server.

You need to know what the "normal" values which show in your logs are, and which ones are "abnormal". PT Protector should be able to filter out, and kick the player(s) associated with only the "abnormal" log entries.

[OcuK]

That is how PT Protector has always worked.

The reason many hacks aren't in the defaults (I presume) is that the minimum and maximum threshold for "legitimate" play will depend greatly on the def, abs, spd, exp rates you configure in your server.

You need to know what the "normal" values which show in your logs are, and which ones are "abnormal". PT Protector should be able to filter out, and kick the player(s) associated with only the "abnormal" log entries.

but logs dont show "Speed hack" =/

[bobsobol]

If it ain't logged, as far as the server is concerned, it didn't happen.

You can't automatically kick or ban a user unless you have a record of the violation they performed.

I have no idea what you mean by "speed hack", but if the server allows it and makes no record of it's occurrence (eg. well programmed Auto-Mouse / bot) then it is not the place of the server to protect against it. That job is left either to client security, or GMs and player community.

It is worth noting that what is, and is not logged, and how, can largely be controlled via the servers hotuk.ini and the SQL.dll and Clan.dll files, and that it's possible to add code to the server executable to log events which it doesn't already log, and to modify it to become more, or less sensitive to the events it logs already.

There are attacks which a Packet Filtering Proxy system like Quantumfusions' can pick up, which PT Protector cannot... but QF never released the source for his solution, asked money for the binaries which he customised for individual servers before compiling, and is not "up-to-date" with the current "state of play". He is (I believe) no longer developing, or supporting his security solution. And no other comparable PT Proxy exists.

Hacks a Proxy can see that PT Protector cannot include, but may not be limited to:-

• Malformed packets
• IP spoofing
• DDoS attacks
• Chat spam
• URL advertising
• Client skill bug (clicking attack skill at precise intervals which fool the client into ignoring the attack delay normally imposed)
• Illegal characters used in chat

It may also catch attacks like brute force password cracking and GM spoofing easier or sooner than checking logs.

[OcuK]

what any error means ?

@#$%!Z :skip %1 Reconnect Server ( %d )
@#$%!Z :skip %1 Compare ClanCode Error %*
@#$%!Z :ban %1 Hacking Alert ( %d ) - Absorption( %d>400 ) Attack Damage( %d>3000 ) Defence( %d>5000 )
@#$%!Z :ban %1 Client Energy Bar Error ( %d )( %d )( %d )
@#$%!Z :ban %1 Client Attack/Defence Error ( %d )( %d )( %d )
@#$%!Z :ban %1 Find Surprise Module ( %s )( %d )
@#$%!Z :ban %1 Client Warning [%s] ( %d )
@#$%!Z :ban %1 Level vs EXP Error ( %d )( %d )
@#$%!Z :ban %1 Crack/Hack Detected ( %s )
@#$%!Z :ban %1 Rapid Level Increase ( %d ) ( %d )
@#$%!Z :ban %1 Restricted Area Trespassed ( %d )( %d )
@#$%!Z :ban %1 Character State Error ( %d )( %d )
@#$%!Z :ban %1 Character SkillPoint Error ( %d )( %d )
@#$%!Z :ban %1 Time Error - Speed Hack ( %d )( %d )
@#$%!Z :ban %1 Warning invincible Mode ( %d )( %d )
@#$%!Z :ban %1 Warning AutoMouse ( %d )
@#$%!Z :ban %1 Damage Packet Error( %d )( %d )( %d )
@#$%!Z :ban %1 Weight Error ( %d )
@#$%!Z :ban %1 Server Potion Error ( %d )( %d )( %d )
@#$%!Z :ban %1 Used Item Code Warning ( %d )( %d )( %d )
@#$%!Z :ban %1 Limit Damage Over ( %d )( %d %d %d )( %d -%u %d )
@#$%!Z :ban %1 Server Inventory [Item] Error ( %d ) - ( *RECORD ITEM )( %d )( %d / %d )
@#$%!Z :ban %1 Item Position Error ( %d )( %d )( %d )

[bkpro]

help me !


Limit Damage Over ( 1 )( 3391 3368 18 )( 153 277 21 )
I want :
Limit Damage = 3000
and I had change %d -----> >3000

it is Limit Damage Over ( 1 )( >3000 >3000 18 )( 153 277 21 )

protector no active .
all most no active


thanks alot

the correct value to enter new activities

when I use Limit Damage Over ( 1 )( 3391 3368 18 )( 153 277 21 ) it to work.


I do not use it.

expect people to help

whoa .
when i hack zise weapon . log off server no check
but file temp.log active
protector don't load file temp.log

19:55:28 - 19:55:28 - ID:( bkpro ) / Name:( bkpro ) / IP ( 127.0.0.1 ) Hacking Alert ( 81 )

i want protect load file temp.lod and file date.log .
it is perfect more old

help !

thanks

[bobsobol]

BTW... I don't understand you.

Just saying. Maybe someone who knows PT Protector does, but I don't.

Also, I expect people to expect nothing, and be pleasantly surprised if they get a response. More so if it's actually helpful and free of charge. It saves disappointment.

[bkpro]

i had detected hack level .
and server no save error by log file .
whoa ! hacker pro !
when I check log server , i had seen level jump 100---->140 cap
. and i check log of server and i don't seen problem in server .
why why why ?
this is hack level new 2012 by

[mod]Link Removed[/mod]Priston Tale Hack 2012 | 2012 hacks

It is very good . when it have function anti autoban .
NO NO NO
I can't do it .