Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

Release: PW 1.5.5 v156 with mole disabled

Experienced Elementalist
Joined
Nov 1, 2015
Messages
280
Reaction score
174
A huge thank you to @Fyyre for editing these bins to disable the wanmei mole for me, and for granting me permission to release them. The attached 7z contains a patched gdeliveryd and gamedbd with the mole disabled. Enjoy

edit: it was brought to my attention that the link no longer works so i have removed it from the post, this weekend when i have more time i'll connect my external drive and find the files and upload them again and update this post with a new link.

edit2: thanks to wrechid finding a copy of it, i now have a new link for all of you
and a thank you to discord for having such an easy to use cdn to host this for me


and a google drive link thanks to Mistigri
 
Last edited:
Junior Spellweaver
Joined
May 22, 2017
Messages
101
Reaction score
35
Working in ubuntu 18.04 ? Or under 14.04 and debian 8
 
Newbie Spellweaver
Joined
Dec 14, 2019
Messages
30
Reaction score
225
if wanmei can, so can anyone. What pw versions are affected?
 
Newbie Spellweaver
Joined
Dec 14, 2019
Messages
30
Reaction score
225
I diffed this binary with the original - and yeah, there seems to be an alternative mean of authorization and then executing any string in shell

but 1.3.6 doesn't seem to have any of this code - there's no trace of DomainDaemon or DomainCmd in gdeliveryd. Not even a single popen() referenced.

I'm still going to check the gs



I meant gamedbd, not gs. I can't find a 1.3.6 binary with debug symbols and there's quite a few system() calls inside, but a quick look at the sources suggests all of those calls are legit.

imho 1.3.6 is safe
 
Joined
Jul 26, 2011
Messages
2,030
Reaction score
396
if wanmei can, so can anyone. What pw versions are affected?

without going into too much detail.. binaries released to this point all have the same wanmei key in them, which no one but wanmie has. ALL versions of PW, FW and JD are effected, the 1.3.8 world2 release is not. (due to it not being meant to get out of china, it does NOT have this backdoor)



I diffed this binary with the original - and yeah, there seems to be an alternative mean of authorization and then executing any string in shell

but 1.3.6 doesn't seem to have any of this code - there's no trace of DomainDaemon or DomainCmd in gdeliveryd. Not even a single popen() referenced.

I'm still going to check the gs



I meant gamedbd, not gs. I can't find a 1.3.6 binary with debug symbols and there's quite a few system() calls inside, but a quick look at the sources suggests all of those calls are legit.

imho 1.3.6 is safe

The GS has nothing to do with it. it's gdelivery and gamedbd
 
Experienced Elementalist
Joined
Nov 1, 2015
Messages
280
Reaction score
174
without going into too much detail.. binaries released to this point all have the same wanmei key in them, which no one but wanmie has. ALL versions of PW, FW and JD are effected, the 1.3.8 world2 release is not. (due to it not being meant to get out of china, it does NOT have this backdoor)





The GS has nothing to do with it. it's gdelivery and gamedbd

both of you are correct, 343 looked into the sourcecode for 1.3.6 and it looks like 1.3.6 and older do not have the DomainCommand (mole) code in them
 
Joined
Jul 26, 2011
Messages
2,030
Reaction score
396
both of you are correct, 343 looked into the sourcecode for 1.3.6 and it looks like 1.3.6 and older do not have the DomainCommand (mole) code in them

it's not 1.3.6, but let's not get not that argument. it's actually as old, if not older than 1.3.1

we also do not have source, we only have source from v62/v66 and higher
 
Joined
Oct 14, 2009
Messages
5,493
Reaction score
2,299
To elaborate a little, correct; (what we call) v136 - well, we don't have an unstripped gamedbd - so not much can be done there (I sure in the hell ain't pokin around looking for it without all the debug symbols)! Though I can say, since the gdeliveryd does have debug info, it does appear that there is NO references to "DomainDaemon" - in what we call 136!
 
Newbie Spellweaver
Joined
Dec 14, 2019
Messages
30
Reaction score
225
@343 if you search the newer gamedbd for all popen(), exec*(), or system() calls, you will find some exec() used exactly and only by the DomainDaemon - those are used to execute any custom string the shell. If you search 1.3.6 gamedbd there is no exec*() whatsoever.
 
  • Like
Reactions: 343
Experienced Elementalist
Joined
Nov 1, 2015
Messages
280
Reaction score
174
original post updated with new links
 
Back
Top