- Joined
- Jan 14, 2007
- Messages
- 509
- Reaction score
- 85
Just wanted to let people know that there are few GM accounts hard-coded into zoneserver. i.e. even when the accounts are not in GMInfo.ini, they will work as a GM account & players can simply register those accounts and use all GM powers.
To find out those GM accounts, Just use a hex editor to open zoneserver.exe and search for a3gm1
You will be able to see some more GM accounts. Simply edit it and rename it to any other word and/or register those accounts yourself so that people can not misuse it.
I checked the same in 202 , 205 , 219 server files and all of these includes the IDs in their ZS. (120 files were not having these entries in ZS)
The GM ids are not the only security glitch in our files, there are many more to check.. I request people to share the info if they get to know about them. As this forum gave you too many ideas and information, atleast return something to it!
To find out those GM accounts, Just use a hex editor to open zoneserver.exe and search for a3gm1
You will be able to see some more GM accounts. Simply edit it and rename it to any other word and/or register those accounts yourself so that people can not misuse it.
I checked the same in 202 , 205 , 219 server files and all of these includes the IDs in their ZS. (120 files were not having these entries in ZS)
The GM ids are not the only security glitch in our files, there are many more to check.. I request people to share the info if they get to know about them. As this forum gave you too many ideas and information, atleast return something to it!