Solution against Crash

[PX2000]

...

command 6 can restart worldsvr >.<

cabal packet header E2B7 followed by 6bytes contains packet total length again followed by another 6bytes that contains the command.

example a 14bytes sending command 6 on worldsvr
E2B70E0000000000060000000000

note this example is for development purpose only but it can restart a worldsvr >.<

It is possible to filter the packet length in iptables.. but cabal packet structure don't have a static bytes lenght?

bcuz I can send different commands in packets
E2B70E0000000000010000000000E2B70E00000000000A0000000000E2B70E0000000000060000000000
like above bin will recognize the packet with 3 commands 1, 10, 6

>.<

 

[PwrDex]

E2 B7 0C 00 00 00 00 00 0A 00 00 49

Packet Size:12
Opcode: 0x0A - 10

 

[x30unlimited]

E2B70E0000000000010000000000E2B70E00000000000A0000000000E2B70E0000000000060000000000

E2 B7 0C 00 00 00 00 00 0A 00 00 49

you do realize that by posting this info, every tard can now make his own packet sender, right ? so much for a "anti-crash thread" just lol

btw, mental, u're wrong

 

[PwrDex]

you do realize that by posting this info, every tard can now make his own packet sender, right ? so much for a "anti-crash thread" just lol

btw, mental, u're wrong

1 They can't do
2 Iif the problem resolved than these packets gone to void

 

[x30unlimited]

They can't do

and ... on what exactly r ya basin that statement ?

 

[estsoft]

Sometimes, risks need to be taken to make things better, like when I released my tmap tool.

 

[Pupacila]

risks need to be taken to make things better

said every evil mastermind ever

 

[PX2000]

you do realize that by posting this info, every tard can now make his own packet sender, right ? so much for a "anti-crash thread" just lol

I think it will only work on servers with default cryptxor, packetxor..

There would be more chance to solve the problem if everybody knows how the crash works..

There are more critical commands that it should work for bin<->bin only but it can be sent from the internet, that's would be risky to post here.

If we activate the UseEncryptedPacket to all bins it wont work since the released bins is mix of BR and KOR.
AuthDBAgent is from KR when useencrypted packets GlobalMgr & AuthDBAgent cant understand each other,
globalmgr is speaking portuguese while authdbagent is korean.. lol

 

[PwrDex]

These files are leak of BR cabal and only some main files kept as KOR...
I'm currently trying to search a ffunction in WorldSvr with IDA and may get chance for handle..

 

[x30unlimited]

There would be more chance to solve the problem if everybody knows how the crash works..

i think that's the reason the crash tool is on epvp how could ya have fixed it if you weren't able to test it

btw: my suggestion, if ya really wanna make a fix, start an open src project and make a packet proxy

 

[PwrDex]

Currently i see the only one solution if we do a handle in a GlobalMgrProxy which filter an opcode 10 and 12 byte long packets...

But packet extending is easy.. may should look a pattern like this..

 

[PwrDex]

Client side not enough.. You can use ANY cabalmain against ANY server. XOR can be find easily and after get magic key and IP is nothing...

 

[FelipeLuzentti]

I understand .. but they have a way of hiding the xorkey, making it difficult to use a different Cabalmain..

I know it's not a permanent solution, but could be useful to figure out how to modify the server

 

[Kome Keto]

....
There are more critical commands that it should work for bin<->bin only but it can be sent from the internet, that's would be risky to post here....

Yes, this is true...

....
If we activate the UseEncryptedPacket to all bins it wont work since the released bins is mix of BR and KOR.
AuthDBAgent is from KR when useencrypted packets GlobalMgr & AuthDBAgent cant understand each other,
globalmgr is speaking portuguese while authdbagent is korean.. lol

I think this is a Repack problem, since when working with default nodes configs i saw the AuthDBAgent looks exactly with EP7 bins, so only get an EP8 one and replaced it, i use like that and still working.

Like RockAndRollITS in my opnion is EP7 too but we dont have EP8 need to stick with EP7 one.

Also UseEnc...=true is not a good solution, because i think (dont checked) you still allow the restricted commands, and they will be abble to change the client to send it, it is only hiding the dirty.

Currently i see the only one solution if we do a handle in a GlobalMgrProxy which filter an opcode 10 and 12 byte long packets...

But packet extending is easy.. may should look a pattern like this..

Why not start WorldSvr with GDB, set correctly the follow forks and crash it, after that you only need to get the backtrace and registers on gdb so you can work faster. Only a small tip.

 

[PX2000]

You don't need to make a proxy to do that. You are all making things far more complicated than they need to be.

estsoft is right... We are just making things more complicated..
da****t its just a very common way to stop this...

This is the result of dropping any packets with bin2bin command that its being received from the internet..
I haven't patch anything on the bins or even using packet proxy.. its just a common iptables blocking..

[Fri Apr 11 2014 15:30:30.519687 4151813840]: success accept 13(192.168.1.2:23906)
[Fri Apr 11 2014 15:30:30.520234 4151813840]: 1.open user 13 [84E6190] (192.168.1.2)
[Fri Apr 11 2014 15:30:32.518122 4151813840]: 1.close user 13 [84E6190] (192.168.1.2)
[Fri Apr 11 2014 15:30:46.089192 4151813840]: success accept 13(192.168.1.2:23907)
[Fri Apr 11 2014 15:30:46.089874 4151813840]: 1.open user 13 [84E6190] (192.168.1.2)
[Fri Apr 11 2014 15:30:47.126772 4151813840]: success accept 14(192.168.1.2:23908)
[Fri Apr 11 2014 15:30:47.127362 4151813840]: 2.open user 14 [84EC568] (192.168.1.2)
[Fri Apr 11 2014 15:30:47.654222 4151813840]: success accept 15(192.168.1.2:23909)
[Fri Apr 11 2014 15:30:47.655078 4151813840]: 3.open user 15 [84F2750] (192.168.1.2)
[Fri Apr 11 2014 15:30:47.940479 4151813840]: success accept 16(192.168.1.2:23910)
[Fri Apr 11 2014 15:30:47.940898 4151813840]: 4.open user 16 [84F8968] (192.168.1.2)
[Fri Apr 11 2014 15:30:48.099716 4151813840]: 4.close user 13 [84E6190] (192.168.1.2)
[Fri Apr 11 2014 15:30:48.224928 4151813840]: success accept 13(192.168.1.2:23911)
[Fri Apr 11 2014 15:30:48.225249 4151813840]: 4.open user 13 [84E6190] (192.168.1.2)
[Fri Apr 11 2014 15:30:48.512684 4151813840]: success accept 17(192.168.1.2:23912)
[Fri Apr 11 2014 15:30:48.513200 4151813840]: 5.open user 17 [84FEB80] (192.168.1.2)
[Fri Apr 11 2014 15:30:48.788872 4151813840]: success accept 18(192.168.1.2:23913)
[Fri Apr 11 2014 15:30:48.789529 4151813840]: 6.open user 18 [8504D98] (192.168.1.2)
[Fri Apr 11 2014 15:30:49.127299 4151813840]: 6.close user 14 [84EC568] (192.168.1.2)
[Fri Apr 11 2014 15:30:49.520358 4151813840]: success accept 14(192.168.1.2:23914)
[Fri Apr 11 2014 15:30:49.520549 4151813840]: 6.open user 14 [84EC568] (192.168.1.2)
[Fri Apr 11 2014 15:30:49.664014 4151813840]: 6.close user 15 [84F2750] (192.168.1.2)
[Fri Apr 11 2014 15:30:49.793796 4151813840]: success accept 15(192.168.1.2:23915)
[Fri Apr 11 2014 15:30:49.794055 4151813840]: 6.open user 15 [84F2750] (192.168.1.2)
[Fri Apr 11 2014 15:30:49.939843 4151813840]: 6.close user 16 [84F8968] (192.168.1.2)
[Fri Apr 11 2014 15:30:50.099701 4151813840]: success accept 16(192.168.1.2:23916)
[Fri Apr 11 2014 15:30:50.100141 4151813840]: 6.open user 16 [84F8968] (192.168.1.2)
[Fri Apr 11 2014 15:30:50.234005 4151813840]: 6.close user 13 [84E6190] (192.168.1.2)
[Fri Apr 11 2014 15:30:50.407045 4151813840]: success accept 13(192.168.1.2:23917)
[Fri Apr 11 2014 15:30:50.407365 4151813840]: 6.open user 13 [84E6190] (192.168.1.2)
[Fri Apr 11 2014 15:30:50.512734 4151813840]: 6.close user 17 [84FEB80] (192.168.1.2)
[Fri Apr 11 2014 15:30:50.673297 4151813840]: success accept 17(192.168.1.2:23918)
[Fri Apr 11 2014 15:30:50.673633 4151813840]: 6.open user 17 [84FEB80] (192.168.1.2)
[Fri Apr 11 2014 15:30:50.798959 4151813840]: 6.close user 18 [8504D98] (192.168.1.2)
[Fri Apr 11 2014 15:30:50.929117 4151813840]: success accept 18(192.168.1.2:23919)
[Fri Apr 11 2014 15:30:50.929707 4151813840]: 6.open user 18 [8504D98] (192.168.1.2)
[Fri Apr 11 2014 15:30:51.531916 4151813840]: 6.close user 14 [84EC568] (192.168.1.2)
[Fri Apr 11 2014 15:30:51.804971 4151813840]: 5.close user 15 [84F2750] (192.168.1.2)
[Fri Apr 11 2014 15:30:52.100080 4151813840]: 4.close user 16 [84F8968] (192.168.1.2)
[Fri Apr 11 2014 15:30:52.417442 4151813840]: 3.close user 13 [84E6190] (192.168.1.2)

It is also may be good if we compile iptables source with the edits for blocking an specific cabal packet, just thought not tested yet..

 

[PX2000]

but I knew how to fix.

and now you are asking if anyone have a solution?

 

[Elodie]

estsoft is right... We are just making things more complicated..
da****t its just a very common way to stop this...

This is the result of dropping any packets with bin2bin command that its being received from the internet..
I haven't patch anything on the bins or even using packet proxy.. its just a common iptables blocking..



It is also may be good if we compile iptables source with the edits for blocking an specific cabal packet, just thought not tested yet..

Could you please share ,what the code to block or iptables scripts?
Thanks.

 

[PX2000]

Could you please share ,what the code to block or iptables scripts?
Thanks.

You can find it here

You must be registered to see links

 

[PwrDex]

A bit help:

You must be registered to see links

It will help you to create own rules!

 

[x30unlimited]

its just a common iptables blocking..

you used "bm", right ?