Regarding 2.2.3.2 Server Free hack possibility

Page 1 of 2 12 LastLast
Results 1 to 25 of 31
  1. #1
    Retired Developer Magenik is offline
    MemberRank
    Jun 2005 Join Date
    next to youLocation
    782Posts

    Regarding 2.2.3.2 Server Free hack possibility

    Hello guys as 2.2.3.2 is so dam vulnerable
    we have to catch hacker by our own

    atm i'm working on all server side for able to re-enable log that we missing for check who is hacking

    so in wait i've decide to make it public on SVN so owner of server can block account and search also who is hacking

    atm i can catch hacker by SQL query that i run on server for know who has item i 'm don't give to players its how i catched him

    https://www.assembla.com/spaces/rf-p...s_Black_listed

    so here i will post his info IP/MAIL used and password he used also

    And moderators here can search also who use that IP so he will have an eyes on him on forum


  2. #2
    Retired Developer Magenik is offline
    MemberRank
    Jun 2005 Join Date
    next to youLocation
    782Posts

    Re: Regarding 2.2.3.2 Server Free hack possibility

    just catch that guy on RZ

    he was on my Facebook page so i pmed him and link him here

    he is BlackMax here from RZ communauty :) lamer man

  3. #3
    Account Upgraded | Title Enabled! Busman is offline
    MemberRank
    Sep 2009 Join Date
    LondonLocation
    1,385Posts

    Re: Regarding 2.2.3.2 Server Free hack possibility

    Yeah some people have no respect for others and basically some servers turn into war zones and people trying ti close them down with hacks.

  4. #4
    Retired Developer Magenik is offline
    MemberRank
    Jun 2005 Join Date
    next to youLocation
    782Posts

    Re: Regarding 2.2.3.2 Server Free hack possibility

    Well i just catch him
    right now my server is not protected as it should be because i just came back after 3 years of inactivity on RF

    so first i need implement things for make ppl come back ect

    then when players will be happy i'll work on security etc....


    but this guy is so lame he can't even think that if he hack with low population we wont catch him

    in DB all his stuff was from GM command lolll well i got him on facebook and here on RZ ppl will know that is this guy who try hack :) (maybe hakced their server too)

  5. #5
    Account Upgraded | Title Enabled! Busman is offline
    MemberRank
    Sep 2009 Join Date
    LondonLocation
    1,385Posts

    Re: Regarding 2.2.3.2 Server Free hack possibility

    Yeah one of the reasons i don't work on 2.2.3.1 just so many unknowns and a lot of bugs.

    Should be a fix for the none gms spawning gm items.
    Last edited by Busman; 24-08-12 at 08:24 PM.

  6. #6
    Retired Developer Magenik is offline
    MemberRank
    Jun 2005 Join Date
    next to youLocation
    782Posts

    Re: Regarding 2.2.3.2 Server Free hack possibility

    I will post a Tutorial how implement "ipsec Policies" for block Hacker

    So far you can see on his picture he posted on his facebook
    that he use GM command from his client

    https://fbcdn-sphotos-a-a.akamaihd.n...95824223_o.jpg

    so the only way for now for block it is change all GM command on Zone

    atm i dunno how this is possible but i'll work on it :)

  7. #7
    Account Upgraded | Title Enabled! Busman is offline
    MemberRank
    Sep 2009 Join Date
    LondonLocation
    1,385Posts

    Re: Regarding 2.2.3.2 Server Free hack possibility

    I think nova posted a fix for it basically stopping unauthorized users form being able to use gm commands.

  8. #8
    Retired Developer Magenik is offline
    MemberRank
    Jun 2005 Join Date
    next to youLocation
    782Posts

    Re: Regarding 2.2.3.2 Server Free hack possibility

    Found the thread but not sure if it's what you are talking about
    http://forum.ragezone.com/f152/help-...7/#post7116850

  9. #9
    !Unhandled Exception 0xFF ROSLAW is offline
    MemberRank
    Dec 2009 Join Date
    .\..\SysWOW64Location
    340Posts

    Re: Regarding 2.2.3.2 Server Free hack possibility

    I've warned you in a previous thread, be careful in sharing information and files on RF.
    Many people from my country is a member here just to be a leecher and use it for something bad.

    That's why I do not like when there are people who always give answers, information, and file for any problems in RF Online without letting them try to solve it first.

    because things like that just makes them so dependent with all the files and information from us

  10. #10
    Retired Developer Magenik is offline
    MemberRank
    Jun 2005 Join Date
    next to youLocation
    782Posts

    Re: Regarding 2.2.3.2 Server Free hack possibility

    Quote Originally Posted by roslaw View Post
    I've warned you in a previous thread, be careful in sharing information and files on RF.
    Many people from my country is a member here just to be a leecher and use it for something bad.

    That's why I do not like when there are people who always give answers, information, and file for any problems in RF Online without letting them try to solve it first.

    because things like that just makes them so dependent with all the files and information from us
    and who the hell are you for saying me / judge me about if i want share or not

    let me tell you something if from the past we never share file no one today will have RF server

    sharing info = make you able to fix things
    how u can fix something if no one know about it ? u will keep it for u ? then fine also tell me why you are on ragezone then if u wont share? leeching ?

    and you say be carefull !!! loll i dev RF since 2004 i stopped 3 years for sure but i'm one of the old RF dev around here
    the first one passed away aka Akaruz we was in same team when started dev RF
    we had hackers and found always the way for block them

    so year sharing is always good make you with more knowledge else i don't know why you try to be a developper if u can't fix things :)

  11. #11
    !Unhandled Exception 0xFF ROSLAW is offline
    MemberRank
    Dec 2009 Join Date
    .\..\SysWOW64Location
    340Posts

    Re: Regarding 2.2.3.2 Server Free hack possibility

    Since I joined here I also learned from you guys, I'm trying to learn every explanation and tutorial of you. I just made a thread to ask if I find a problem I can not solve.
    That's why the number of my posts to date only 50.

    until now I finally know and understand how to make RF Online Private Server. thank you to you all

    reading and trying the best thing to be able to understand anything.

    Ask before trying or studying will not solve the problem. That's what the new members at this time, they only know how to ask. but they do not want to try and learn it first.

    Quote Originally Posted by magenik View Post
    and who the hell are you for saying me / judge me about if i want share or not

    let me tell you something if from the past we never share file no one today will have RF server

    sharing info = make you able to fix things
    how u can fix something if no one know about it ? u will keep it for u ? then fine also tell me why you are on ragezone then if u wont share? leeching ?

    and you say be carefull !!! loll i dev RF since 2004 i stopped 3 years for sure but i'm one of the old RF dev around here
    the first one passed away aka Akaruz we was in same team when started dev RF
    we had hackers and found always the way for block them

    so year sharing is always good make you with more knowledge else i don't know why you try to be a developper if u can't fix things :)
    no no i`m not judge u... u miss undestanding with me
    sorry for that. i just wont u becarefull if share anything

  12. #12
    Retired Developer Magenik is offline
    MemberRank
    Jun 2005 Join Date
    next to youLocation
    782Posts

    Re: Regarding 2.2.3.2 Server Free hack possibility

    You should be happy that i share here^^

    and please stay on topic its about hacking not sharing

  13. #13
    !Unhandled Exception 0xFF ROSLAW is offline
    MemberRank
    Dec 2009 Join Date
    .\..\SysWOW64Location
    340Posts

    Re: Regarding 2.2.3.2 Server Free hack possibility

    Okay sorry for that

    Back to topic

    I know the ip is from my country
    This is the information

    inetnum: 115.124.76.156 - 115.124.76.159
    netname: TACHYON-SUBNET-CLIENT
    descr: G_Games.Net
    descr: Bandung
    descr: Bandung
    country: ID
    admin-c: BA96-AP
    tech-c: RK2011-AP
    status: ASSIGNED NON-PORTABLE
    remarks: Send Spam & Abuse report to: abuse@tachyon.net.id
    mnt-by: MAINT-ID-TACHYON
    mnt-irt: IRT-ID-TACHYON
    changed: hostmaster@tachyon.net.id 20110127
    source: APNIC

    route: 115.124.64.0/19
    descr: Route object of PT Remala Abadi
    descr: Broadband Internet Service Provider
    descr: Jakarta Selatan
    origin: AS38511
    country: ID
    mnt-by: MAINT-ID-TACHYON
    changed: hostmaster@idnic.net 20110526
    notify: noc@tachyon.net.id
    source: APNIC

    person: Budi Aditya
    address: JL Kejaksaan 201-202
    address: Pondok Bambu - 13430, Jakarta - Timur
    address: DKI - Jakarta, Indonesia
    country: ID
    phone: +62-21-8611746
    fax-no: +62-21-84994564
    e-mail: hostmaster@tachyon.net.id
    nic-hdl: BA96-AP
    mnt-by: MAINT-ID-TACHYON
    changed: hostmaster@tachyon.net.id 20060801
    source: APNIC

    person: Rianto Kurniawan
    address: Graha Mustika Ratu
    address: JL Gatot Subroto Kav 74-75 12780, Indonesia
    country: ID
    phone: +62 21 8611746
    fax-no: +62 21 84994564
    e-mail: rianto@tachyon.net.id
    nic-hdl: RK2011-AP
    notify: hostmaster@tachyon.net.id
    mnt-by: MAINT-ID-TACHYON
    changed: rianto@tachyon.net.id 20110124
    source: APNIC
    I think i know who he is
    he use WPE packet to run command GM in normal account and the value of the packet is obtained after recording the GM account when performing command GM

    by filtering out some of the value of the packet, it can create a normal account to get permission to run the command GM

    just my opinion
    CMIIW

  14. #14
    iam still Noob novanakal is offline
    MemberRank
    Nov 2009 Join Date
    Jaka, IndonesiaLocation
    1,164Posts

    Re: Regarding 2.2.3.2 Server Free hack possibility

    all files from rf-dev just pure files, not edited for separating Account Normal and GM Account.

    lets talk about it,..
    everythings in Serverside, CCR have do this from thief.
    different with 223 files...

    1 offset from zoneserver , can solve this prob.


    and for you magenik.
    its has been ascertained, he use WPE, RPE, SPE, Charles Proxy, NPE and other like that. Sending Packet.

    change GM Command not 100% protect your Command GM.
    i have all Hex Bad Packet for GM Command, not recording from WPE like Roslaw said
    Last edited by novanakal; 24-08-12 at 05:32 PM.

  15. #15
    Omega Ron is offline
    MemberRank
    Apr 2005 Join Date
    Location
    8,990Posts

    Re: Regarding 2.2.3.2 Server Free hack possibility

    Why not share the method in a tutorial? Don't spoonfeed by giving everyone files, just post up how to do it. Once hackers know the fix then they will find a way around it. If they do eventually find a way to bypass it then we know the method isn't 100% secure.

    By sharing knowledge regarding hacking we can work to prevent them. Sharing fixes forces hackers to find new methods. Eventually they wont be able to find a new method for hacking and they'll be forced to play on servers whos owners are too lazy to learn to fix their files.

  16. #16
    iam still Noob novanakal is offline
    MemberRank
    Nov 2009 Join Date
    Jaka, IndonesiaLocation
    1,164Posts

    Re: Regarding 2.2.3.2 Server Free hack possibility

    iam not sure bout this method...

    some ppl have selling this method for own self.
    and they say "This is my work"
    and this method, not my work. but some offset i 've reconfig for some improvement

    my big thx for Edaks, Emka and Trirozhka
    their's my teacher, how to use IDA PRO
    you save my server


    only a few ppl that I'll tell ,...
    Ron / Magenik , You can PMing Me.
    Last edited by novanakal; 24-08-12 at 08:10 PM.

  17. #17
    Leech feeder. lifestream is offline
    MemberRank
    Oct 2008 Join Date
    855Posts

    Re: Regarding 2.2.3.2 Server Free hack possibility

    what we would need is a public ip blacklist that authorized server owners could update (to avoid randoms adding legal players they don't like to blacklist or hackers screwing it on purpose) so the list could be used for servers around to block listed potential hacker IP-s.
    I just wish that gamecp would save banned user IP-s to the txt log also Oo. Tho... lol could create a simple script to get ip from useraccount table and store it. hmm

  18. #18
    Account Upgraded | Title Enabled! Busman is offline
    MemberRank
    Sep 2009 Join Date
    LondonLocation
    1,385Posts

    Re: Regarding 2.2.3.2 Server Free hack possibility

    There was a anti hack created for another game that was integrated into rf tho it was buggy and had major defects with its run cycle. The anti hack was basically given out to server owners and had 1 master database updated when these owners found new hacks i am sure it could be recoded to have it also IP block and stop people connecting via the client also.

    Doesn't sound all that good but could work also the database was updated and never required a client patch but i could be mistaken.

  19. #19
    Account Upgraded | Title Enabled! jbrannon2 is offline
    MemberRank
    Sep 2008 Join Date
    209Posts

    Re: Regarding 2.2.3.2 Server Free hack possibility

    oh if you want a list of "known' hackers, my I've been running the same firewall for 3+ years now and have a list out of this world.

    Granted, alot of these are now obsolete with the better and better anti-cheat programs out. As far as searching for those utilizing GM commands to get items on 2.2.3.2 a vast majority come from Russia / China IPs. I ended up block nearly all of russia,china, and brazil

    the fastest way to check for them (though not convenient) on 2.2.3.2 is to use TextCrawler and search through the Item logs for the word "Cheat" gets most of them but will pick up your GMs also

    Quote Originally Posted by lifestream View Post
    what we would need is a public ip blacklist that authorized server owners could update (to avoid randoms adding legal players they don't like to blacklist or hackers screwing it on purpose) so the list could be used for servers around to block listed potential hacker IP-s.
    I just wish that gamecp would save banned user IP-s to the txt log also Oo. Tho... lol could create a simple script to get ip from useraccount table and store it. hmm
    woudlnt' be that hard, i can write one up.

    I have so many stupid scripts it's not funny. I actually keep in database old / new passwords upon change password
    in order to track MAVing and scammed accounts as before there was no way to tell.



    Code:
    Use RF_User_GA  /*  Change to your USER Database name*/
    
    SELECT [serial]
          ,convert(varchar(15),[id])
          ,szReason
          ,[lastconnectip]
        
      FROM dbo.tbl_UserAccount
      inner join dbo.tbl_UserBan on dbo.tbl_UserAccount.serial =  dbo.tbl_UserBan.nAccountSerial 
      Where exists
      (select * from dbo.tbl_UserBan
      where dbo.tbl_UserBan.nAccountSerial = dbo.tbl_UserAccount.serial  and nPeriod > '100000') and lastconnectip <> '0'
      order by lastconnectip
    you can put it out as a report and have a hard copy though won't be pretty.

    Ok, editted it to ignore "Temp Bans" and cleaned it up to put them in order to make easier to see.

    I had to add the "lastconnectip <> '0'" because i do dormant blocks and they don't have a connect IP on them. most won't need that
    Last edited by jbrannon2; 24-08-12 at 11:35 PM.

  20. #20
    Leech feeder. lifestream is offline
    MemberRank
    Oct 2008 Join Date
    855Posts

    Re: Regarding 2.2.3.2 Server Free hack possibility

    well i was thinking about it and it will come out more complex then initially thought - cuz of cafes. So id have to add a new column to useraccount (accept nulls to avoid it breaking procedures etc). So the column would be "cafe ID" - if user gets banned ill just let a trigger also remove the cafe id - and when saving ip-s to a file it would skip all with the cafe id anything but NULL (need to still find a nice way to add the cafe id to users, that isn't manual db edit). Then use a nice script to import the ip list to the firewall and block them all. - but that would mean lots of wasted resources. Wonder if there is a decent way to add IP-s to existing rule through DB (could turn it into a nice little trigger).
    Last edited by lifestream; 24-08-12 at 11:01 PM.

  21. #21
    Account Upgraded | Title Enabled! jbrannon2 is offline
    MemberRank
    Sep 2008 Join Date
    209Posts

    Re: Regarding 2.2.3.2 Server Free hack possibility

    Quote Originally Posted by lifestream View Post
    well i was thinking about it and it will come out more complex then initially thought - cuz of cafes. So id have to add a new column to useraccount (accept nulls to avoid it breaking procedures etc). So the column would be "cafe ID" - if user gets banned ill just let a trigger also remove the cafe id - and when saving ip-s to a file it would skip all with the cafe id anything but NULL (need to still find a nice way to add the cafe id to users, that isn't manual db edit). Then use a nice script to import the ip list to the firewall and block them all. - but that would mean lots of wasted resources. Wonder if there is a decent way to add IP-s to existing rule through DB (could turn it into a nice little trigger).
    could just make it column 'Cafe' make it bit type 0 = user 1 = cafe user

    Then check against 1 during search.

    The trigger wouldn't be too hard. Forcing it to spit out a hard file report that is structured they way you need immediately for a firewall import may be the more pressing matter.

    I have a report that comes out daily and gives me all the temp bans on the server so i keep a hard copy for those "problem" players. but if you're running a job and "append" the file you'll get the
    column heads etc.. in the file which would not meet the format requirements


    The query i had i noticed had alot of false positives, rewriting it to include ban reason and verify it is 100% accurate before posting again

    Code re-written to include ban reason also. And definitely more accurate, my bad if anyone got it before, i put the inner join in wrong spot
    Last edited by jbrannon2; 24-08-12 at 11:20 PM.

  22. #22
    Leech feeder. lifestream is offline
    MemberRank
    Oct 2008 Join Date
    855Posts

    Re: Regarding 2.2.3.2 Server Free hack possibility

    yeh still in case of the 0/1 for cafe id would need a convenient way to update it for players who actually are from cafe.

    im looking if sql triggers support the use of powershell or CMD. the firewall management is using netsh.
    Also id filter by ban type. sometimes char is allowed to play again from scratch, or some of hes accounts are banned.

  23. #23
    Account Upgraded | Title Enabled! jbrannon2 is offline
    MemberRank
    Sep 2008 Join Date
    209Posts

    Re: Regarding 2.2.3.2 Server Free hack possibility

    Quote Originally Posted by lifestream View Post
    yeh still in case of the 0/1 for cafe id would need a convenient way to update it for players who actually are from cafe.

    im looking if sql triggers support the use of powershell or CMD. the firewall management is using netsh.
    Also id filter by ban type. sometimes char is allowed to play again from scratch, or some of hes accounts are banned.
    as for cafe players, i'm assuming you have them PM you in forums or something to give you there accounts.
    a simple page could be written with an insert that GMs have access to. Sure it's manual but easily done in those cases

    I do something similar with password recoveries. Since the GameCP i use only gives the main password to the users, i have a page set up
    that retrieves both the password and Fireguard password / hint and emails it immediately to the address on the account.
    The GMs only have to know the account name and Submit, they're done

  24. #24
    Account Upgraded | Title Enabled! Chobito is offline
    MemberRank
    Aug 2006 Join Date
    289Posts

    Re: Regarding 2.2.3.2 Server Free hack possibility

    I fixxed this fucking hack by editing the zoneserver with IDA.

    damn annoying hack...fixxed one week ago...but I suppose there will be new ones...,,and ill finish deleting the zonseserver xD

  25. #25

    Re: Regarding 2.2.3.2 Server Free hack possibility

    Quote Originally Posted by novanakal View Post
    all files from rf-dev just pure files, not edited for separating Account Normal and GM Account.

    lets talk about it,..
    everythings in Serverside, CCR have do this from thief.
    different with 223 files...

    1 offset from zoneserver , can solve this prob.


    and for you magenik.
    its has been ascertained, he use WPE, RPE, SPE, Charles Proxy, NPE and other like that. Sending Packet.

    change GM Command not 100% protect your Command GM.
    i have all Hex Bad Packet for GM Command, not recording from WPE like Roslaw said
    and don't forget block port 28000



Page 1 of 2 12 LastLast

Advertisement