The Secret of Rollback / Duping

~~~~~~~~~~~~~~~~~~~
How to Dupe via Mail System
~~~~~~~~~~~~~~~~~~~
There are 2 possible ways.
1. Open Mail in game. In recipient type "%n" without the quotes.
-> Click "Send".
-> Server Crashes, causes Rollback!

2. Open Mail in game. In recipient type "/%" or "%/" without the quotes.
-> Click "Send".
-> Server will not crash but SENDS the item from the MAIL TO EVERY PLAYERS! Undetected!

This information made public so other servers can fix this. That if they are capable of fixing this.

So good luck, happy duping.

yes! this server Tantra Online Philippines - Free To Play Online MMORPG Game fix the damage, and it took them 2 days to fix the bug.

• Fixed 2 BIG EXPLOITS that exists on all K5/K6 based servers.

Exploit 1) Allows any player to crash a Map by just typing %n to ingame MAIL DESTINATARY and ASHRAM BOARD.
Exploit 2) Allows to send an ingame MAIL to all players by typing /% on MAIL DESTINATARY, thats a very easy way to DUPE any ITEMS.
This 2 exploits was the reason why was down all day coding the fix, now we have them blocked and logged , means we will know when a player will try to use them even if they dont work here so we can take actions over them.
Go and have fun with this 2 BIG EXPLOITS at any other server you know, they are not easy to fix.
Changelog For 08/03/2013 - Patch Logs - Tantra Online Philippines

hope other server fix it too. you need a hell of good programmer. :rolleyes:

LeChuck
thank you for the information!

Another exploit since we are tossing them out there, get a master / disciple and level the disciple to 80 and it causes an overflow in the server based on the player name ;)

To further explain on LeChuck, anything that logs a value to the server logs can be exploited and crashed with %d, %i, %u, %o, %x, %X, %f, %F, %e, %E, %g, %G, %a, %A, %c, %s, %p, %n. This includes mail, party board, guild board, master diciple board, chat, and player names to name a few.

It is a problem with the way the server logs some strings with fprintf, you can sanitize all strings to resolve this, but logs will not work correctly and you will have to fix most calls. Or you can fix each individual crash issue by filtering the user packets and removing the characters.

how to fix?

@Tantra PH is your host capable of 2 servers in 1 client....How much is the Investment.....

what are you talking about :p

you know what i mean

I think some players intantra chaos have using of this codes.
I dont know if the developer of the said server have fix the exploit problems.

Quote:

---

Originally Posted by GMDeveloper1

@Tantra PH is your host capable of 2 servers in 1 client....How much is the Investment.....

---

bro i think the server is not on the philippines, tantra-extreme and tantra.ph is same owner and developer.

Quote:

---

Originally Posted by 10dakongyi

how to fix?

---

one of the tantra developer must know this exploit, try to explore it to your self. Its on the code, Explore Explore and you will find the magic tricks. :)

any other way to rollback??

the server is in the philippines... hosted by bayantel communications located in samar. running in win2003 server with iis/6.5... other info by makulitarah. yes duping is now fixed there and the rares are like the old days. ^_^

edit: the text typographically malfunctioning.

Like :)

TIP: To avoid this bug, the server must filter the chats that will disable the % sign. try it ^_^

Chatfilter?funny! :)
Chatfilter only blocks chat messages :)

Quote:

---

Originally Posted by LeChuck

~~~~~~~~~~~~~~~~~~~
How to Dupe via Mail System
~~~~~~~~~~~~~~~~~~~
There are 2 possible ways.
1. Open Mail in game. In recipient type "%n" without the quotes.
-> Click "Send".
-> Server Crashes, causes Rollback!

2. Open Mail in game. In recipient type "/%" or "%/" without the quotes.
-> Click "Send".
-> Server will not crash but SENDS the item from the MAIL TO EVERY PLAYERS! Undetected!

This information made public so other servers can fix this. That if they are capable of fixing this.

So good luck, happy duping.

---

Happy duping in Tantra.ph :D lol