Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

exploit code

Status
Not open for further replies.
Initiate Mage
Joined
Jul 17, 2013
Messages
90
Reaction score
18
lol hahaha

Let me tell you why you don't want to bother with "clientside" fixing...

What happens when someone else uses a different client exe but yours to connect?
What happens when someone uses your client and just sends the packets directly without relying on the client?

The real solution at this point is to filter the string out of your packets serverside, that way you can prevent the crashing, log who does it, disconnect just them etc.

Enough of the source code for tantra was released that you can have a look and write new code to handle it. The same goes for all these dupes that people are exploiting, all you really need to do is save the character data right after they do anything important, eg: trading, buying, selling.
 
Tantra Freelancer
Joined
Apr 9, 2014
Messages
541
Reaction score
23
Client side blocking is a very crappy way to do it, instead why not filter packets like the big servers do??

struct MSG_STANDARD
{
WORD wType;
WORD wSeq;
WORD wPDULength;
WORD wDummy;
DWORD dwClientTick;
int nID;
};

Code:
bool ValidString(char * cString){
    string lFilter = "!@#$^&*()_+-=[]{}|;:,./<>?`~ ";
    int iResult = 1;
    int i, j;
    bool Continue = false;
    const char * cFilter = "!@#$^&*()_+-=[]{}|;:,./<>?`~ ";


    string sString = string(cString);


    if(sString.size() == 0)
    {
        return true;
    }


    for ( i = 0; i <= sString.size() - 1 && iResult == 1; i++)
    {
        if(cString[i] < 0)
        {
            return false;
        }
        else if(!isalnum(cString[i]))
        {
            Continue = true;
            for( j = 0; j <= lFilter.size() - 1 && Continue == true; j++)
            {
                Continue = true;
                iResult = 0;
                if(cFilter[j] == cString[i])
                {
                    iResult = 1;
                    Continue = false;
                    break;
                }
            }
        }
    }


    if(iResult == 1)
    {
        return true;
    }
    else
    {
        return false;
    }
};


bool ValidName(char * cName, int cSize)
{
    int cResult = 0;
    for (int i = 0; i <= cSize - 1; i++)
    {
        if(cName[i] < 0)
        {
            return false;
        }
        else if(!isalnum(cName[i]))
        {
            return false;
        }
    }
    return true;
}

I think this code is strong enough to handle those exploit but the problem is I don't know how to implement this thing. I have been looking everywhere to find a solution and I guess yours is the strong one. Please shred us some light regarding this code you have shared.

Ciao!
 
Status
Not open for further replies.
Back
Top