• Unfortunately, we have experienced significant hard drive damage that requires urgent maintenance and rebuilding. The forum will be a state of read only until we install our new drives and rebuild all the configurations needed. Please follow our Facebook page for updates, we will be back up shortly! (The forum could go offline at any given time due to the nature of the failed drives whilst awaiting the upgrades.) When you see an Incapsula error, you know we are in the process of migration.

exploit code

Status
Not open for further replies.
D

dTantra

Newbie Spellweaver
Joined
Jul 17, 2013
Messages
90
Reaction score
18
noesis123 said:
lol hahaha
Click to expand...

Let me tell you why you don't want to bother with "clientside" fixing...

What happens when someone else uses a different client exe but yours to connect?
What happens when someone uses your client and just sends the packets directly without relying on the client?

The real solution at this point is to filter the string out of your packets serverside, that way you can prevent the crashing, log who does it, disconnect just them etc.

Enough of the source code for tantra was released that you can have a look and write new code to handle it. The same goes for all these dupes that people are exploiting, all you really need to do is save the character data right after they do anything important, eg: trading, buying, selling.
 
The Best DDoS Protected Servers
A v a r a

A v a r a

Tantra Freelancer
Joined
Apr 9, 2014
Messages
541
Reaction score
23
dTantra said:
Client side blocking is a very crappy way to do it, instead why not filter packets like the big servers do??

struct MSG_STANDARD
{
WORD wType;
WORD wSeq;
WORD wPDULength;
WORD wDummy;
DWORD dwClientTick;
int nID;
};

Code: 
bool ValidString(char * cString){
    string lFilter = "!@#$^&*()_+-=[]{}|;:,./<>?`~ ";
    int iResult = 1;
    int i, j;
    bool Continue = false;
    const char * cFilter = "!@#$^&*()_+-=[]{}|;:,./<>?`~ ";


    string sString = string(cString);


    if(sString.size() == 0)
    {
        return true;
    }


    for ( i = 0; i <= sString.size() - 1 && iResult == 1; i++)
    {
        if(cString[i] < 0)
        {
            return false;
        }
        else if(!isalnum(cString[i]))
        {
            Continue = true;
            for( j = 0; j <= lFilter.size() - 1 && Continue == true; j++)
            {
                Continue = true;
                iResult = 0;
                if(cFilter[j] == cString[i])
                {
                    iResult = 1;
                    Continue = false;
                    break;
                }
            }
        }
    }


    if(iResult == 1)
    {
        return true;
    }
    else
    {
        return false;
    }
};


bool ValidName(char * cName, int cSize)
{
    int cResult = 0;
    for (int i = 0; i <= cSize - 1; i++)
    {
        if(cName[i] < 0)
        {
            return false;
        }
        else if(!isalnum(cName[i]))
        {
            return false;
        }
    }
    return true;
}
Click to expand...

I think this code is strong enough to handle those exploit but the problem is I don't know how to implement this thing. I have been looking everywhere to find a solution and I guess yours is the strong one. Please shred us some light regarding this code you have shared.

Ciao!
 
Status
Not open for further replies.

About Us

RaGEZONE® is a website dedicated to the development of massively multiplayer online role-playing games (MMORPGs).

Online statistics

Members online
201
Guests online
11,556
Total visitors
11,757
Totals may include hidden visitors.

Forum statistics

Threads
429,198
Messages
4,590,913
Members
281,305
Latest member
ismodev
Most visitors online was 12720 , on 2 May 2024

RaGEZONE Sponsor

    HyperFilter
Back
Top