Server dc packet patch.

[Deagan ツ]

Yes, I released this on kdev, I just didn't want anyone else to release it here again without credits. (you know how noobs these days are)

As most of you guys might have noticed there is a packet which dc's your whole server... I don't know if people released this already or if it is added to sources but the search button didn't show me anything.

The server dc packet someone told me was being used to dc the whole server is :

Code:

49 00 04 00 C0 3E 52 00 05 00 6F 6B 20 3B 64 00 00 00 00 00 00 01 00 00 89 4E 00 00 00 3A 76 00 00 01 5F 42 0F 00 05 BC 0D 10 00 06 19 2D 10 00 07 9A 5C 10 00 09 0F D1 10 00 0B 0C 28 16 00 0C 8A F8 10 00 FF FF E8 F8 19 0

49 00 = 0x49 which was USE_CASH_ITEM meaning this packet leads to usecashitemhandler.java.

Now I got confused about how I could find the itemid and moogra helped me out. he explained me some stuff which I will, since I think it might help people understand packets, share this with you.

Moogra told me the itemid used in this packet was 5390016 and he explained to me how he found it.

If you look into usecashitemhandler you see that there are several noticable things :

Code:

        slea.readByte();
        slea.readByte();
        int itemId = slea.readInt();

Moogra explained me that this meant that the first 2 bytes after 49 00 we're not important for the itemid, the next 4 bytes were. (int itemId = slea.readInt(); << 4 bytes).

So he grabbed C0 3E 52 00 and told me to flip all the arrays.
C0 3E 52 00 became 00523EC0.
He told me to convert from hex to decimal and 00523EC0 became 5390016.

I now searched through my source and other places looking for this item, it didn't exist. Now the only thing that needed to be done was make sure usecashitemhandler.java checks if you actually have the item before you get to send the packet.

This is my solution :

Add :

Code:

        if (player.haveItem(itemId)) {

Above :

Code:

        try {
            if (itemType == 505) { // AP/SP reset

and add :

Code:

    } else {
    c.disconnect();
    return;
    }

OR (you decide what you want to do) :

Code:

    } else {
    player.dropMessage(6, "You are packet editing aren't you.");
    return;
    }

Under :

Code:

        } catch (Exception e) {
            c.getChannelServer().reconnectWorld();
            e.printStackTrace();
        }

What this does is basically check for you having the item and then let's you move on.

Credits to me for the java part and writing this.
Credits to Moogra for explaining me more about packets and helping me find out more about this.

Part 2!

There is another packet, this one only dc's the map you're at, but is also very annoying :

Code:

2D 00 84 A6 B5 05 FF 00 3F 02 00 00 84 CD 6D 00 90 85 05 00 00 00 00 00

0x2d is TAKE_DAMAGE, leads to takedamagehandler.java... now let's take a look at java there.

Code:

        MapleCharacter player = c.getPlayer();
        slea.readInt(); // 4 bytes.
        int damagefrom = slea.readByte(); // 1 byte
        slea.readByte(); // 1 byte
        int damage = slea.readInt(); // 4 bytes.
        int oid = 0;
        int monsteridfrom = 0;
        int pgmr = 0;
        int direction = 0;
        int pos_x = 0;
        int pos_y = 0;
        int fake = 0;
        boolean is_pgmr = false;
        boolean is_pg = true;
        int mpattack = 0;
        MapleMonster attacker = null;
        if (damagefrom != -2) {
            monsteridfrom = slea.readInt(); // 4 bytes
            oid = slea.readInt(); // 4 bytes
            attacker = (MapleMonster) player.getMap().getMapObject(oid);
            direction = slea.readByte(); // 1 byte

Now let's seperate the packet into pieces :

Code:

[2D 00] [84 A6 B5 05] [FF] [00] [3F 02 00 00] [84 CD 6D 00] [90 85 05 00] [00] 00 00 00

Red = not used in this thread, cyan = further discussed.

[ff] = damagefrom
[3f 02 00 00] = damage
[84 CD 6D 00] = monsterid the attack came from.

Now if you flip these over damagefrom is unclear but we assume it's alright when you change it to decimals.

damage = 00 00 02 3f => 575 damage = alright.

monsteridfrom = 00 6d cd 84 => 7196036 < seems alright but the monster doesn't exist, hehe =)

This means in this packet the first thing that is messed the monsterid the attack came from.

Now to patch this packet, I did the following :

Add :

Code:

            if (MapleLifeFactory.getMonster(monsteridfrom) != null) {

Under :

Code:

       if (!player.isHidden() && !smokescreen) {

And add :

Code:

        } else {
        //player.ban("Packet editing", true); 
            player.dropMessage(6, "No packet editing my dear");
        }

Under :

Code:

            player.updateSingleStat(MapleStat.HP, player.getHp());
            player.updateSingleStat(MapleStat.MP, player.getMp());
            player.checkBerserk();

Add import :

Code:

import server.life.MapleLifeFactory;

Thanks so much to Moogra for explaning me about this packet shit.
Also thanks to Anujan for showing me a better way to check for the monsterid in part 2!
Press the thanks button if this is usefull at all or helped you out!

[MentaL]

[CarterFTWWW]

Bleh.... good job I guess for first release ^_^

[JusticeDK]

Does this mean u can buy nx item? and it will save into ur cash shop inventory + no dc while buying it?

[Traitor]

Does this mean u can buy nx item? and it will save into ur cash shop inventory + no dc while buying it?

how is that even relevant

[Deagan ツ]

Bleh.... good job I guess for first release ^_^

Second release*
I released... *http://forum.ragezone.com/f428/custo...timed-594663/* before, but thanks anyways :)

@JusticeDK, no, this means that if you use a packet which uses a non existant item you get dc'ed or get a message.

[XxОsirisxX]

Ya Moogra is prao. BTW, this looks like more like a tutorial IMO. :x

[Deagan ツ]

Ya Moogra is prao. BTW, this looks like more like a tutorial IMO. :x

Well, it's just a little bit of text to describe what has been done, it's not the center of the thread, but.. your opinion :O

*I Lol'ed at your sig*

[WlZET]

Well, it's just a little bit of text to describe what has been done, it's not the center of the thread, but.. your opinion :O

*I Lol'ed at your sig*

There's one problem, if you have more than one it would DC you because that form of the method doesn't check for a greater value than one.

So use this:

Code:

if (player.haveItem(itemId, 1, true, true)) {

[waijooben]

Nice release Deagan.

[joelohss]

WIZET mind helping me with something real fast?

---------- Post added at 12:10 AM ---------- Previous post was at 12:09 AM ----------

And nice release Deagan,

[XiuzSu]

Wizet you beat me to saying that...

[joelohss]

lol haha he beat yu Xiuz

[joelohss]

joelohss, what a useless post

im sorry

[Deagan ツ]

I don't get how everybody talks about the quantity, the haveItem function checks if you have the item or not, if not, it drops a message, if you do have it, doesn't matter how many, it continues executing the script.

[Deagan ツ]

You can use this as well.

Code:

IItem toUse = c.getPlayer().getInventory(ii.getInventoryType(itemId)).getItem(slot);
if (toUse == null || toUse.getItemId() != itemId || toUse.getQuantity() < 1) {
	return;
}

PS: Not entirely sure.

Idk what's wrong with it checking for 1 quantity anyways.

@Thread-related, I updated it and added a second packet patch, which is famous.

[Deagan ツ]

For the 2nd one, you can do this as well (I think):

Code:

if (c.getPlayer().getMap().getMapObject(oid) == null || !c.getPlayer().getMap().getMapObject(oid).getType().equals(MapleMapObjectType.MONSTER)) {
		c.getSession().write(MaplePacketCreator.enableActions());
		return;
}

That checks for all map objects, and according to anujan, it's better to check if the monster exists at all :O

[lxCrAzYsEl]

Code:

!c.getPlayer().getMap().getMapObject(oid).getType().equals(MapleMapObjectType.MONSTER)

O.O
Checks for monster mapobject

[XiuzSu]

I actually needed that second one, thanks.

[ToyFork]

Lol ch1nkayy owns rydahms? :p

You go on worldofgosu and you don't even know that........?

[Deagan ツ]

You go on worldofgosu and you don't even know that........?

Nope 0_0? got any problems with it? huh huh huhuhuh!?

And thanks 0_0

[MrTommy]

Thanks :D I'll use this on my server.

[RMZero213]

Code:

			monsteridfrom = slea.readInt();
			oid = slea.readInt();
			attacker = player.getMap().getMonsterByOid(oid);
			if (attacker != null && attacker.getId() != monsteridfrom) {
				c.writePacket(MaplePacketCreator.enableActions());
				return;
			}

or just do that, and the monster has to exist because it is in the map

[Deagan ツ]

Thanks :D I'll use this on my server.

No problemo :O

I MEAN THANKS BUTTON PLAWKS!

[jasontjakra]

this would be funny :

if (!player.haveItem(itemId)) {
} else {
player.dropMessage(6, "You have just used item" + itemId + "it is used to open the RickRoll NPC);
//well the code to open the rickroll npc or w/e npc goes here rofl
player.dropMessage(6, "That will teach u not to use exploits")
return;
}

[Deagan ツ]

this would be funny :

if (!player.haveItem(itemId)) {
} else {
player.dropMessage(6, "You have just used item" + itemId + "it is used to open the RickRoll NPC);
//well the code to open the rickroll npc or w/e npc goes here rofl
player.dropMessage(6, "That will teach u not to use exploits")
return;
}

how about player.ban...