NEW - AgentServer exploit

[Jangan]

Packet Routing server is the only solution. Could be easily made in c#, it just comes down to how fast and synchronous + threaded the connection is. Generally it will work like this.

Sro-client connects to 》Transport server 》connects to gameserver

Transport server functionality is to accept all good packets and drop bad packets.

Very simple, just needs a good c# coder.

Note: TServer is actually a gateway server, you will need to have a socket listen and socket send functions.

If someone has the exploit send it to me, and give me access to a server and i can make this program.

[Molten]

Packet Routing server is the only solution. Could be easily made in c#, it just comes down to how fast and synchronous + threaded the connection is. Generally it will work like this.

Sro-client connects to 》Transport server 》connects to gameserver

Transport server functionality is to accept all good packets and drop bad packets.

Very simple, just needs a good c# coder.

Note: TServer is actually a gateway server, you will need to have a socket listen and socket send functions.

If someone has the exploit send it to me, and give me access to a server and i can make this program.

There are several problems with your solution, even though, it has been introduced before in C# :


-Stability issues. The coded solution was poorly coded, hence it was lagging with any large of connections(players) at the same time.

-You'll have to find a way to figure which packet exactly crashed your module, and filter it.

-Some exploits depend on a bad opcode, like a certificate opcode that should only be sent from the certification machine, while some exploits are just modified legit packets with different structure, so filtering out these opcodes will result in a non-working client functions.


What we really need, is a temporary solution. I got some ideas, but it would require a highly skilled C++ and ASM developer, and it could also obstruct bot usage.

[tschulian]

me and a schoolsmate coded a simple tool which has nothing to do with opcodes/modified legit packets.
Its even more simple and most effective.

once I release it, you guys will think: damn, easiest way mafackA :D

[lemoniscool]

me and a schoolsmate coded a simple tool which has nothing to do with opcodes/modified legit packets.
Its even more simple and most effective.

once I release it, you guys will think: damn, easiest way mafackA :D

that autoit script will be usefull for most of the people, until you release it .. the attackers will find a way around it, cuz it it so simple.
what really works is the tool Jangan was talking about .. i got my hands on the source of something called detGuard made by detCode (a turk who is selling it on VMs as some kind of proxy) and was working on it for quite some while, but it still has problems with big amounts of players .. i mean it works just fine for ~200 players but after that it starts to lag and at approx. 500 players it will start crashing and creates a shitload of lag
it will work against 7007 dos tho so .. i wont release it to public but if Jangan is willing to rewrite or enhance it i will send it to him, and let him decide to release it or not. the reason for this is that it is not working 100% as i already said and would just create confusion instead of help people.

[ModGift]

Packet Routing server is the only solution. Could be easily made in c#, it just comes down to how fast and synchronous + threaded the connection is. Generally it will work like this.

Sro-client connects to 》Transport server 》connects to gameserver

Transport server functionality is to accept all good packets and drop bad packets.

Very simple, just needs a good c# coder.

Note: TServer is actually a gateway server, you will need to have a socket listen and socket send functions.

If someone has the exploit send it to me, and give me access to a server and i can make this program.

detGuard do it ;)

- - - Updated - - -

that autoit script will be usefull for most of the people, until you release it .. the attackers will find a way around it, cuz it it so simple.
what really works is the tool Jangan was talking about .. i got my hands on the source of something called detGuard made by detCode (a turk who is selling it on VMs as some kind of proxy) and was working on it for quite some while, but it still has problems with big amounts of players .. i mean it works just fine for ~200 players but after that it starts to lag and at approx. 500 players it will start crashing and creates a shitload of lag
it will work against 7007 dos tho so .. i wont release it to public but if Jangan is willing to rewrite or enhance it i will send it to him, and let him decide to release it or not. the reason for this is that it is not working 100% as i already said and would just create confusion instead of help people.

We are owner of detGuard. You has got very very old version.I know some fucking people shared with you. But you has got failed version. And dont release it other people. We selling(rent by ip) this is service.

[lemoniscool]

We are owner of detGuard. You has got very very old version.I know some fucking people shared with you. But you has got failed version. And dont release it other people. We selling(rent by ip) this is service.

as i said, i'd only give it to Jangan to rewrite it as im not using it anymore. Jangan wasnt supposed to use it or release it, he was supposed to pull out informations of the exploits that can be fixed with it, which includes the exploit discussed in this thread

[ModGift]

as i said, i'd only give it to Jangan to rewrite it as im not using it anymore. Jangan wasnt supposed to use it or release it, he was supposed to pull out informations of the exploits that can be fixed with it, which includes the exploit discussed in this thread

if Jangan use our tool for rewrite. Must give us credit.

[lemoniscool]

if Jangan use our tool for rewrite. Must give us credit.

i dont think that would be much of a problem, but he didnt ask for the source yet, so i didnt give it to him until now ^^

[SuperHer0]

is detgaurd working for this exploit
i heard that attacker :D can't do nothing if the server has proxy and it has advanced firewall traffic
it gotta be with something to sort out
also chernobyl told me the last exploit can be solved by disabling the bot and changing some dll's

[SuperHer0]

well i had my hands on detgaurd the special version and i gotta test it out

[tschulian]

I have a gigabit connection to test my antiexploit tools.
Atm it works fine, but sometimes it blocks all connections ... I think I made a small mistake need some more time to fix it.
But as you see it works for gigabit "dos" exploit attacks ;)

UR tool seems a bit more complicated than the shit I am doin.

Sro-client connects to 》Transport server 》connects to gameserver

Lets see when we finally found a solution to kick those exploit kids like Wismo from droad.net in his ass ;)

@Jangan
I could give u access to a working sro server running on my root on a special VM. But there is win7x64 running not server2k12. and you can only try 300mbit attacks.

[SuperHer0]

i found this on my fatallogs
my server has lasted modulefixes Chernobyl and the littlehook.dll and i have TCP limit Traffic by a paid software
and i found this
you will see account id called: gm3 it is already not in my database

2014-08-02 18:49:51 [AgentServer] 713:SR_GameServer is blind : 0 users are banned
2014-08-02 18:49:51 [GlobalManager] agent server is broken !!. all associated user is unregistered : 0
2014-08-02 18:49:51 [AgentServer] server cord closed : 19
2014-08-02 18:49:55 [SR_ShardManager] server cord closed : 8
2014-08-02 18:49:55 [AgentServer] server cord closed : 20
2014-08-02 18:49:58 [FarmManager] server cord established : 23 (My Server IP:49469)
2014-08-02 18:49:58 [SR_GameServer] server cord established : 1 (My Server IP:15882)
2014-08-02 18:49:59 [SR_ShardManager] server cord established : 9 (My Server IP:49485)
2014-08-02 18:49:59 [SR_GameServer] server cord established : 2 (My Server IP:15883)
2014-08-02 18:49:59 [FarmManager] server cord established : 24 (My 2x game server IP:54892)
2014-08-02 18:50:00 [AgentServer] server cord established : 23 (My 2x game server IP:15779)
2014-08-02 18:50:00 [SR_ShardManager] server cord established : 10 (My 2x game server IP:54908)
2014-08-02 18:50:01 [SR_GameServer] server cord established : 3 (My Server IP:49486)
2014-08-02 18:51:54 [SR_GameServer] At initialize Server, Loading Siege data :: CurrentTax = 0
2014-08-02 18:51:54 [SR_GameServer] At initialize Server, Loading Siege data :: CurrentTax = 0
2014-08-02 18:51:54 [SR_GameServer] At initialize Server, Loading Siege data :: CurrentTax = 0
2014-08-02 18:51:59 [SR_GameServer] false codename[ ITEM] in Quest : QEV_CH_EVENT_KISAENG_GLOBAL2011_2[10168] -> ITEM_ETC_ARCHEMY_AWAKEN_RECIPE_01_12
2014-08-02 18:51:59 [SR_GameServer] Not found RefServerEvent[30001]. Check service and date value. progress next data
2014-08-02 18:51:59 [SR_GameServer] Not found RefServerEvent[30002]. Check service and date value. progress next data
2014-08-02 18:51:59 [SR_GameServer] Not found RefServerEvent[30003]. Check service and date value. progress next data
2014-08-02 18:51:59 [SR_GameServer] Not found RefServerEvent[30004]. Check service and date value. progress next data
2014-08-02 18:51:59 [SR_GameServer] SR_GameServer is initialized successfully
2014-08-02 18:52:18 [GatewaySvr] Official IP Detected, Official IP Pass the 'In Service' Check (197.38.104.81)
2014-08-02 18:52:30 [GatewaySvr] Official IP Detected, Official IP Pass the 'In Service' Check (197.38.104.81)
2014-08-02 18:52:41 [AgentServer] [For Xtrap] SessionInit ½??? ?¯?? : gm
2014-08-02 18:53:01 [GatewaySvr] Official IP Detected, Official IP Pass the 'In Service' Check (197.38.104.81)
2014-08-02 18:53:06 [AgentServer] [For Xtrap] SessionInit ½??? ?¯?? : gm5
2014-08-02 18:55:16 [GatewaySvr] Official IP Detected, Official IP Pass the 'In Service' Check (87.202.31.211)
2014-08-02 18:55:20 [GatewaySvr] Official IP Detected, Official IP Pass the 'In Service' Check (87.202.31.211)
2014-08-02 18:56:01 [AgentServer] [For Xtrap] SessionInit ½??? ?¯?? : gm3
2014-08-02 18:56:24 [GatewaySvr] Official IP Detected, Official IP Pass the 'In Service' Check (197.38.104.81)
2014-08-02 18:56:49 [GatewaySvr] Official IP Detected, Official IP Pass the 'In Service' Check (197.38.104.81)
2014-08-02 18:57:02 [AgentServer] [For Xtrap] SessionInit ½??? ?¯?? : gm5
2014-08-02 18:57:36 [GatewaySvr] Official IP Detected, Official IP Pass the 'In Service' Check (87.202.31.211)
2014-08-02 18:57:41 [GatewaySvr] Official IP Detected, Official IP Pass the 'In Service' Check (87.202.31.211)
2014-08-02 18:57:56 [AgentServer] [For Xtrap] SessionInit ½??? ?¯?? : gm3
2014-08-02 18:59:25 [GatewaySvr] Official IP Detected, Official IP Pass the 'In Service' Check (87.202.31.211)
2014-08-02 18:59:30 [GatewaySvr] Official IP Detected, Official IP Pass the 'In Service' Check (87.202.31.211)
2014-08-02 19:02:12 [AgentServer] [For Xtrap] SessionInit ½??? ?¯?? : gm3
2014-08-02 19:17:50 [GatewaySvr] Official IP Detected, Official IP Pass the 'In Service' Check (197.120.46.185)
2014-08-02 19:18:05 [GatewaySvr] Official IP Detected, Official IP Pass the 'In Service' Check (197.120.46.185)
2014-08-02 19:18:16 [AgentServer] [For Xtrap] SessionInit ½??? ?¯?? : gm5
2014-08-02 19:30:01 [SR_GameServer] Unique Monster Entered! UNIQUE[MOB_SD_ANUBIS] POS[rid:32780 (243.63,43.59,-2992.13)]
2014-08-02 19:30:01 [SR_GameServer] Unique Monster Entered! UNIQUE[MOB_SD_ISIS] POS[rid:32781 (2666.42,33.47,-930.65)]
2014-08-02 19:38:11 [AgentServer] 713:SR_GameServer is blind : 1 users are banned
2014-08-02 19:38:11 [FarmManager] server cord closed : 23
2014-08-02 19:38:11 [GlobalManager] agent server is broken !!. all associated user is unregistered : 0
2014-08-02 19:38:11 [AgentServer] server cord closed : 24
2014-08-02 19:38:12 [SR_ShardManager] server cord closed : 9
2014-08-02 19:38:43 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:38:45 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:38:47 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:38:50 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:38:51 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:38:53 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:38:55 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:38:57 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:38:59 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:39:01 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:39:03 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:39:05 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:39:07 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:39:09 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:39:11 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:39:13 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:39:15 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:39:17 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:39:19 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:39:21 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:39:23 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:39:25 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:39:27 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:39:29 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:39:31 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:39:33 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:39:35 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:39:37 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:39:39 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:39:41 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:39:43 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:39:45 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:39:47 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:39:49 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:39:51 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:39:53 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:39:55 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:39:58 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:40:00 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:40:02 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:40:04 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:40:06 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:40:08 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:40:10 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:40:12 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:40:14 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:40:16 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:40:18 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:40:20 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:40:22 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:40:24 [AgentServer] cannot establish keep alive session : My Server IP 15885 (bind 0.0.0.0)
2014-08-02 19:40:24 [FarmManager] server cord established : 28 (My Server IP:49654)
2014-08-02 19:40:24 [SR_GameServer] server cord established : 1 (My Server IP:15882)
2014-08-02 19:40:25 [SR_GameServer] server cord established : 2 (My Server IP:49670)
2014-08-02 19:40:25 [SR_ShardManager] server cord established : 11 (My Server IP:49671)
2014-08-02 19:40:25 [SR_GameServer] server cord established : 3 (My Server IP:15883)
2014-08-02 19:40:29 [AgentServer] 715:SR_GameServer is blind : 0 users are banned
2014-08-02 19:40:29 [FarmManager] server cord closed : 24
2014-08-02 19:40:29 [AgentServer] server cord closed : 23
2014-08-02 19:40:38 [FarmManager] server cord established : 29 (My 2x game server IP:54958)
2014-08-02 19:40:39 [AgentServer] server cord established : 33 (My 2x game server IP:15779)

- - - Updated - - -

Note: my 2x gameserver ip doesn't have agentserver my 2x game server like this
1 shard 1 agent server - 2 game server :)

- - - Updated - - -

Note: if someone want to make solution i can be the sponsor i can give away 2 roots from ovh 1 gb connection for testing out

[tschulian]

Today is the day I proudly can announce, we have finished the .net Application to avoid stupid exploits.

Some facts:
- can avoid crash exploits of agent,gateway,download,gameserver and shard
- tested upto 10Gbit exploit floods
(via fibre optic on cisco nexus switches - tested in a local network company)
- supports about 5000 unique player connections.
- supports windows server 2003 R2 and newer
- supports windows xp sp 2 and newer

So no1 have to buy expensive exploit fixes and so on :)

[ModGift]

Today is the day I proudly can announce, we have finished the .net Application to avoid stupid exploits.

Some facts:
- can avoid crash exploits of agent,gateway,download,gameserver and shard
- tested upto 10Gbit exploit floods
(via fibre optic on cisco nexus switches - tested in a local network company)
- supports about 5000 unique player connections.
- supports windows server 2003 R2 and newer
- supports windows xp sp 2 and newer

So no1 have to buy expensive exploit fixes and so on :)

I'm sorry to say it but you are be fail.

[tschulian]

I'm sorry to say it but you are be fail.

Yep, of course :D