Hope that help you.
- Adbill;
- OnMoveItemOnPocket;
- OnQueryPostMail;
- OnBuyingInfo;
- OnTeleportPlayer;
- OnSummonPlayer;
- OnModifyMode;
- OnBuyChipItem;
- OnBuyItem;
- OnDoUseItem;
- OnDropGold (if enabled).
Something more?
Printable View
Hope that help you.
- Adbill;
- OnMoveItemOnPocket;
- OnQueryPostMail;
- OnBuyingInfo;
- OnTeleportPlayer;
- OnSummonPlayer;
- OnModifyMode;
- OnBuyChipItem;
- OnBuyItem;
- OnDoUseItem;
- OnDropGold (if enabled).
Something more?
you mean like infil. ??
All those functions can be used as a exploit, some can make itens (like adbill and OnBuyingInfo), some can add penya (like OnDropGold and OnQueryPostMail) and things like that.Quote:
Originally Posted by trashee09
All this functions can be fixxed easy.
OnTeleportPlayer
OnSummonPlayer
OnModifyMode
OnBuyingInfo
and and and.
Thank you :) for some exploitable function time to fix it <3
Thanks, I haven't been playing with packets and such at all, so I don't know which got exploits and which dosen't. This way I can easily change the packet header for them.
<3
Changing the header will do less than nothing to fix it LOL
There are many more, some in core, some in trans. Also, there isn't a server out there protected effectively from detouring(this would require a good rootkit and it still would be fairly easy to bypass). Modding packet structure, adding encryption, and blocking hooks will only get you so far. Application encryption helps, but application encryption is also quite easy to unpack(no matter what software you use).
All of those exploits can be found in a few hours(at most). I recommend looking harder if you want to find the more obscure exploits(there's a large networking flaw related to the cache-world transactions). The exploits that were in the code were unacceptable. If you want to run a server, you should fix all of them then work on the client-server exploitation involving memory modification(position has no security and clientsided auth modification can be dangerous).
Flyff was meant to be run with gameguard(there are huge holes if gameguard isn't there or is bypassed). I don't think that is a good security plan due to the nature of gameguard, but securing the code to work without a clientsided antihack would be more difficult than its worth. If you want to make a secure server, you should add features to detect/block modification on the client end as well as serversided.
The only one that I could find in trans was the modification of the account/password hash on login. Nevermind that.Quote:
Originally Posted by xLethal
And about the rest, thank you, I'd never imagine that core have exploits and that the cache-worldserver communication have a flaw, I'll take deeper look on that.
---------- Post added at 02:36 PM ---------- Previous post was at 02:23 PM ----------
Ah, I forgot something, the map_securyt check can be completely skiped with a simple firewall on the client.
No it wouldn't fix it, it would just hold the skiddies away till I found a better solution for it. How many is actually going to packet sniff?Quote:
Originally Posted by darkalt
There are many trans server functions that are vulnerable to SQLi(you can fix it pretty easily though), but what I was referring to was buffer overflows. For instance, look into "guild penya" functions and you should be able to find at least one overflow.Quote:
Originally Posted by sagenessamerda