Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

GunZ Patch Library (27 patches and counting)

Junior Spellweaver
Joined
Feb 14, 2013
Messages
129
Reaction score
1
Re: GunZ Patch Library (16 patches and still counting)

in my source :
PHP:
                // Patch
                if (MGetBlobArraySize(pLoginParam) != (8 + MAX_MD5LENGH)) {
                    break;
                }
                
                LOG(LOG_PROG, "Dump: %i - %i\n", MGetBlobArraySize(pLoginParam), MAX_MD5LENGH);

CORRECT?


@EDIT CANNOT ACESS SERVER... NOT CONNECTING
 
Last edited:
Newbie Spellweaver
Joined
Jun 6, 2013
Messages
93
Reaction score
74
Re: GunZ Patch Library (16 patches and still counting)

wrote wrong code, ignore this.
 
Last edited:
Junior Spellweaver
Joined
Feb 14, 2013
Messages
129
Reaction score
1
Re: Patch for 16 exploits

// Patch
if (MGetBlobSize(pLoginParam) != (8 + MAX_MD5LENGTH)) {
break;
}

LOG(LOG_PROG, "Dump: %i - %i\n", MGetBlobArraySize(pLoginParam), MAX_MD5LENGH);


CORRECT?

fail to compile :\
 
Junior Spellweaver
Joined
Jun 29, 2007
Messages
147
Reaction score
53
Re: GunZ Patch Library (16 patches and still counting)

Code:
				char *szEncryptMD5Value = (char *)MGetBlobArrayElement(pLoginBlob, 0);
				
				if(strlen(szEncryptMD5Value) > MAX_MD5LENGH) //Exploit patch
					break;

Where did that 8 come from?
 
Praise the Sun!
Loyal Member
Joined
Dec 4, 2007
Messages
2,502
Reaction score
986
Re: GunZ Patch Library (16 patches and still counting)

Code:
                char *szEncryptMD5Value = (char *)MGetBlobArrayElement(pLoginBlob, 0);
                
                if(strlen(szEncryptMD5Value) > MAX_MD5LENGH) //Exploit patch
                    break;

Where did that 8 come from?

Blob header. But I'm not sure whether it should be 8 or 12.
 
Newbie Spellweaver
Joined
Jun 6, 2013
Messages
93
Reaction score
74
Re: GunZ Patch Library (16 patches and still counting)

// Patch
if (MGetBlobSize(pLoginParam) != (8 + MAX_MD5LENGTH)) {
break;
}

LOG(LOG_PROG, "Dump: %i - %i\n", MGetBlobArraySize(pLoginParam), MAX_MD5LENGH);


CORRECT?

fail to compile :\
Just ask : Have you build MatchServer.exe? not only Gunz.exe.
(and yes revert back my wrong code.)
 
Last edited:
Junior Spellweaver
Joined
Feb 14, 2013
Messages
129
Reaction score
1
Re: GunZ Patch Library (16 patches and still counting)

I compiled the two MatchServer and theduel.exe, going back to the same old code; \ nothing works.
 
Junior Spellweaver
Joined
Jun 29, 2007
Messages
147
Reaction score
53
Re: GunZ Patch Library (16 patches and still counting)

Blob header. But I'm not sure whether it should be 8 or 12.
Oh right..
Code:
	unsigned char* pBlob = new unsigned char[sizeof(nOneBlobSize)+sizeof(nBlobCount)+nOneBlobSize*nBlobCount];
It should be 8 indeed (nOneBlobSize and nBlobCount are integers).
 
Newbie Spellweaver
Joined
Jun 6, 2013
Messages
93
Reaction score
74
Re: GunZ Patch Library (16 patches and still counting)

I compiled the two MatchServer and theduel.exe, going back to the same old code; \ nothing works.
If you not going to use MD5 check, the most good way is just remove that MD5 exploit patch.
(If this isn't working, it is an another problem.)
 
Praise the Sun!
Loyal Member
Joined
Dec 4, 2007
Messages
2,502
Reaction score
986
Re: GunZ Patch Library (16 patches and still counting)

Oh right..
Code:
    unsigned char* pBlob = new unsigned char[sizeof(nOneBlobSize)+sizeof(nBlobCount)+nOneBlobSize*nBlobCount];
It should be 8 indeed (nOneBlobSize and nBlobCount are integers).

Would you mind posting the output of

PHP:
                LOG(LOG_PROG, "Dump: %i - %i\n", MGetBlobArraySize(pLoginParam), MAX_MD5LENGH);

So I can verify?
 
Junior Spellweaver
Joined
Jun 29, 2007
Messages
147
Reaction score
53
Re: GunZ Patch Library (16 patches and still counting)

Would you mind posting the output of

PHP:
                LOG(LOG_PROG, "Dump: %i - %i\n", MGetBlobArraySize(pLoginParam), MAX_MD5LENGH);

So I can verify?
Dump: 197905768 - 16
I think something went wrong.

EDIT: You've used pLoginParam instead of pLoginBlob.
 
Praise the Sun!
Loyal Member
Joined
Dec 4, 2007
Messages
2,502
Reaction score
986
Re: GunZ Patch Library (16 patches and still counting)

Dump: 197905768 - 16
I think something went wrong.

Yeah, I guess. Your method using strlen() wouldn't work either considering the MD5 hash is not zero terminated.
 
Junior Spellweaver
Joined
Jun 29, 2007
Messages
147
Reaction score
53
Re: GunZ Patch Library (16 patches and still counting)

Yeah, I guess. Your method using strlen() wouldn't work either considering the MD5 hash is not zero terminated.
Yeah figured. Anyways the real problem you're facing is that you've used the wrong variable.
 
Praise the Sun!
Loyal Member
Joined
Dec 4, 2007
Messages
2,502
Reaction score
986
Re: GunZ Patch Library (16 patches and still counting)

Yeah figured. Anyways the real problem you're facing is that you've used the wrong variable.

I didn't test any of the patches as I don't have anything related to GunZ anymore other than the sourcecode. Yeah, I should be using pLoginBlob rather than pLoginParam.

Thanks for your help, first post updated.
 
Junior Spellweaver
Joined
Jun 29, 2007
Messages
147
Reaction score
53
Re: GunZ Patch Library (16 patches and still counting)

I didn't test any of the patches as I don't have anything related to GunZ anymore other than the sourcecode. Yeah, I should be using pLoginBlob rather than pLoginParam.
pLoginParam should be pLoginBlob.

Code:
				MCommandParameter* pLoginParam = pCommand->GetParameter(4);
				if (pLoginParam->GetType() != MPT_BLOB) break;
				void *pLoginBlob = pLoginParam->GetPointer();
 
Praise the Sun!
Loyal Member
Joined
Dec 4, 2007
Messages
2,502
Reaction score
986
Re: GunZ Patch Library (16 patches and still counting)

pLoginParam should be pLoginBlob.

Code:
                MCommandParameter* pLoginParam = pCommand->GetParameter(4);
                if (pLoginParam->GetType() != MPT_BLOB) break;
                void *pLoginBlob = pLoginParam->GetPointer();

Yeah, I took the effort of opening it in Notepad++ and pointed that out already. Thanks for the help though.
 
Junior Spellweaver
Joined
Feb 14, 2013
Messages
129
Reaction score
1
Re: GunZ Patch Library (16 patches and counting)

af now ta giving another error I get in if I click in gunz out, and log in again is my second character in the lobby, and if I keep leaving and entering the amount goes up WTF?





HELP ME? WTF O_O'
[/URL]
 
Praise the Sun!
Loyal Member
Joined
Dec 4, 2007
Messages
2,502
Reaction score
986
Re: GunZ Patch Library (16 patches and counting)

af now ta giving another error I get in if I click in gunz out, and log in again is my second character in the lobby, and if I keep leaving and entering the amount goes up WTF?

Try reversing patch 11 and see if that solved the issue.
 
Junior Spellweaver
Joined
Feb 14, 2013
Messages
129
Reaction score
1
Re: GunZ Patch Library (16 patches and still counting)

patch 11, return to old code?
 
Back
Top