Community Development - Fixing Exploits and Bugs

[GlaphanKing]

Before I state the obvious of what this thread is all about, note that this is a VERY serious thread. That means:

1. No fighting of any kind. That includes instigating, trolling, etc.

2. No negative comments like "No one is going to post anything" or "I've fixed them but I'm not giving out my secrets!".

3. Only post something related to the thread. No long ass stories, or reasons why this thread is dumb. Just something that helps get rid of the obvious shitty programming that was FlyFF.

The purpose of this thread is to put to rest the need for current and obsolete client file that is Neuz.exe.

Another reason is to give incentives to skiddies and hackers that this communities knows where they will strike and how to better protect and if possible eliminate the need.


So start posting the bugs and exploits. Also start posting how they are fixed. Include the file or snippet how ever you want.

Do not just say how to do it without supplying code or the edited file.

Do include how you did it and what steps can be taken in the future to ensure it won't happen again.


Get started kids. This will be stuck for now.

---------- Post added at 08:58 PM ---------- Previous post was at 08:57 PM ----------

Table of Contents to better find the stuff goes here.

[MentaL]

[Cookiezzz]

look for unsigned varibles is my tip, aeonsoft not scard to use them o.O

[GlaphanKing]

can you elaborate on that? not everyone knows what the difference is between signed and unsigned variables.

[Improved]

The best solution would be fixing the pre-made exploits and backdoors in the released ones (Not from Aeonsoft, but the ones the guy who released it putted in them)

[Dell Honne]

It will take a lot of time to go through the entire source to find exploits/bugs. If I find any I'll post em here since I'm starting to work on the source mahself.

hint: Remember that obvious is obvious :P

[MisterKid]

One of the most aske questions to me here the fix.

GameMaster Auth Fix

Look for

Code:

        if( ::GetLanguage() == LANG_ENG && ::GetSubLanguage() == LANG_SUB_USA )
        {
            CString strIp    = pUser->m_playAccount.lpAddr;
            if( strIp.Find( "116.125.62.148" ) < 0 && strIp.Find( "64.71.27.34" ) < 0 )
                pUser->m_dwAuthorization    = AUTH_GENERAL;
        }

You can read what it does ? then you know what to do :P
It checks if your ip isn't 116.125.62.148 or 64.71.27.34
If it isn't 116.125.62.148 or 64.71.27.34 then your auth is AUTH_GENERAL

change to

Code:

        if( ::GetLanguage() == LANG_ENG && ::GetSubLanguage() == LANG_SUB_USA )
        {
            CString strIp    = pUser->m_playAccount.lpAddr;
        }

Now your auth goes trough the database

[Improved]

Search for C1, then change the C1 to U1.

(One part of the CHARACTER_STR error i believe.)

[xsilentx]

Exploit used on my server, Fantasy and Insanity uses the Billing Server on the Account Server which can send items to players. Won't give specific details simply because its too vague, just disable the billing services. Lol;

Class Name: CDPAdbill

- Crashes I've fixed in World Server-

Add this line to OnBuyChipItem & OnBuyItem

Code:

	if( cTab >= MAX_VENDOR_INVENTORY_TAB || cTab < 0 || nNum < 1 || nId < 0)
		return;

Add this line to OnMoveItemOnPocket

Code:

		if( nPocket1 < 0 || nPocket2 < 0 )
			return;

and 

		if( nNum < 0 )
			return;

Note: Code my require some alterations; so please don't just copy & paste.

- I will be releasing the bugs and/or exploits I can find as they come.