Speed Hack Fix

[Tweek]

Many people know that you can increase the Movement Speed of your character in the PropMover file.
You simply change the value in the propmover file which is used in the source code to calculate your speed.


This is what you have to do, to fix it!


Go in mover.cpp and search for this:

[COLOR=#000000]m_pActMover[/COLOR][COLOR=#666600]->[/COLOR][COLOR=#000000]m_fSpeed [/COLOR][COLOR=#666600]=[/COLOR][COLOR=#000000] pProp[/COLOR][COLOR=#666600]->[/COLOR][COLOR=#000000]fSpeed[/COLOR][COLOR=#666600];[/COLOR]

replace it with this

Code:

    m_pActMover[COLOR=#666600]->[/COLOR]m_fSpeed [COLOR=#666600]=[/COLOR] [COLOR=#006666]0.1f[/COLOR][COLOR=#666600];[/COLOR]

The neuz will no longer calculate the Speed by using the Value in propmover.

Thegodisherebrah

 

[jtb1]

Or crypt your .res ...

Or Make Other format ...

Or cheak with server not client ...

Very crapy way

 

[Tweek]

Are you so discontented?
I wanted to know only mine further give you discontented person

 

[SirTwistedStorm]

Or crypt your .res ...

Or Make Other format ...

Or cheak with server not client ...

Very crapy way

This way is checking the server instead of the client

Are you so discontented?
I wanted to know only mine further give you discontented person

Your English is hard to understand.

 

[raventh1984]

Or crypt your .res ...

Or Make Other format ...

Or cheak with server not client ...

Very crapy way

It may be an crappy way but for those that cant encrypt/make new format its an easy fix.
Its working so i dont think its an crappy way. Cause in fact you can do an lot inside the project.cpp/.h

 

[jtb1]

It's crappy because your speed it's fixed at 0.1f , you need make lot's of "else if" you use like me, the speed --'

I'm not discontented, just i say you can make better of this, because make a fast fix it's never a good way ... Exemple: Infiltration

420twisted1 -> is used by client and server , but it's better if the server send speed to the client if you have fix speed hack correctly ans crypt your packet

 

[caja]

The speed fix script you posted, should be only applied to characters, not all NPC. A fix for server might be to calculate how the player moves from one point to another, by checking how much the position is increased. With that you can check if the speed is correct or not.

 

[Worf]

The speed fix script you posted, should be only applied to characters, not all NPC. A fix for server might be to calculate how the player moves from one point to another, by checking how much the position is increased. With that you can check if the speed is correct or not.

... Wich would greatly improve the memory usage/lagg. Best way sofar is to encrypt your .res files and make sure that the resource files can only be read from within those .res names (to make sure people not just put a propmover next to it).

 

[Mootie]

SO easy to bypass. Do you people even know how to edit memory? I swear, it seems like all RaGEZONE devs understand as far as exploits are resource modifications. You do realize the user can edit every single byte of the memory on their client, including the code section, right?

By editing the code section, I can completely remove range restrictions(skills, attacking) all together. I could asal a Basilisk(in desert) from Flarine with the object id. I could increase my speed arbitrarily. I could teleport on demand. I could make a PvP bot that made the player invincible via teleporting to ridiculous coords(inaccessible to normal players) right before another pvper arrived, then asal them from that ridic location via their object id.

All of that without res edits(obviously) or server hacking. The only solution to these hacks is serversided verification, which done properly, will not increase overhead significantly. Encrypting resource is the most basic form of obfuscation; it'll only stop idiots. Security via obfuscation is not ideal, especially not when fixing huge holes like this.

 

[Tweek]

there are not really many people the experience have
this do not need(require) I to you, however, say if I you would be I would look once more in the World server folder DPClient

Disconnect All Player
Server Crash

 

[Worf]

SO easy to bypass. Do you people even know how to edit memory? I swear, it seems like all RaGEZONE devs understand as far as exploits are resource modifications. You do realize the user can edit every single byte of the memory on their client, including the code section, right?

By editing the code section, I can completely remove range restrictions(skills, attacking) all together. I could asal a Basilisk(in desert) from Flarine with the object id. I could increase my speed arbitrarily. I could teleport on demand. I could make a PvP bot that made the player invincible via teleporting to ridiculous coords(inaccessible to normal players) right before another pvper arrived, then asal them from that ridic location via their object id.

All of that without res edits(obviously) or server hacking. The only solution to these hacks is serversided verification, which done properly, will not increase overhead significantly. Encrypting resource is the most basic form of obfuscation; it'll only stop idiots. Security via obfuscation is not ideal, especially not when fixing huge holes like this.

Being the negative again. If you put it that way 99% of all programs can be changed that way. We are however talking about the general idea that only 0,01% of the world population have this kind of knowledge. Assume that the overall user will not even be able to open a nonencrypted .res if they do not have the neccesary knowledge nor tools to do so.

This is not about this very small part of the world population, it's about the 99,98%.

 

[iNab]

Being the negative again. If you put it that way 99% of all programs can be changed that way. We are however talking about the general idea that only 0,01% of the world population have this kind of knowledge. Assume that the overall user will not even be able to open a nonencrypted .res if they do not have the neccesary knowledge nor tools to do so.

This is not about this very small part of the world population, it's about the 99,98%.

Being negative for telling the truth? O.O
You should take his comment as a "gain of knowledge", not complain about it.
btw, you are totally wrong with your percentage calculation. What you gonna do if someone like him just start Ducking up your crappy private server?
Hm, nothing.

 

[Worf]

Being negative for telling the truth? O.O
You should take his comment as a "gain of knowledge", not complain about it.
btw, you are totally wrong with your percentage calculation. What you gonna do if someone like him just start Ducking up your crappy private server?
Hm, nothing.

I'm not denying what he says, you should read it and read it again. However, people being able to do things as Mootie stated will not bother to spend (read; waste) time on such small matters as a FlyFF private server, nor official server. There are much much more interesting (and especially more profitable) projects to work on. So in that perspective the chance a person with such a vast knowledge attacking a private server will be about 0,001% on the global scale.

 

[raventh1984]

I must agree with Worf.

Sure there are always that people who are willing to have fun with attacking an Private Server. But they wont gain anything from it.
So they dont want to waste precious time on those petty things. Instead they are attacking bigger things so they will gain an profit from it.

I must also agree with Mootie. Cause its always possible to do things true memory resources. So indeed the best way is to build in Server to Client protection.

Also i wonder if it would not be better to have these files Spec_Item/Propmover etc inside an Database?
The downside would be that the client will be an bit slower cause the server must send the value's to the client.
Benefith would be in my tought no more Resource hacking.

 

[jtb1]

I think people forgetten too fast ...

2 People have make infiltration (i take a exemple), and ...

Say me how many private have been attacked ?

How many people have use it ?

You need stop to think "fast fix is better' you know it's bad idea for the simple and good reason that open new exploit or new people make new hack poop ...

I think some people need use brain(.exe ? ) before say "Being the negative again" , world of private server flyff it's negative ...

 

[Mootie]

I think people forgetten too fast ...

2 People have make infiltration (i take a exemple), and ...

Say me how many private have been attacked ?

How many people have use it ?

You need stop to think "fast fix is better' you know it's bad idea for the simple and good reason that open new exploit or new people make new hack poop ...

I think some people need use brain(.exe ? ) before say "Being the negative again" , world of private server flyff it's negative ...

Anyone that can't use the hacks I've mentioned clearly haven't been using their "brain.exe" much either.

Stop focusing on crappy resource mod protection and start looking into serversided verification.

 

[KrYpT0n]

Being the negative again. If you put it that way 100% of all programs can be changed that way. We are however talking about the general idea that [Strike]only 0,01% of the world population have this kind of knowledge[/Strike] anyone that know how to use CE has this kind of knowledge, or anyone that knows anything about unmanaged programming really. Assume that the overall user will not even be able to open a nonencrypted .res if they do not have the neccesary knowledge nor tools to do so.

This is not about this very small part of the world population, it's about the 99,98%.

Even if the average user doesn't know how to develop any kind of bypass, someone else will and they will either describe every step they need to follow, or write a user friendly application to do it for them.