some kinda cps exploit!!!

Quote:

Originally Posted by argnain nope he traded me only once that's y i trusted him:( if u know this hack maybe u can explain it!!

I just seen ithappen to my GF's son.He traded a item to somone for CP,then the window closed(trade canceled),then I went over there to make sure that they wernt tring to pull off the cp/gold scam.tryed to traded 2 more times(cp was in the trade window) window kept clossing.then like the 3rd time trade went through--but no cp and lost the item

damn he only lost somthing worth 90 CP
I feal for you,bro:( sorry

Quote:

Originally Posted by NovaCygni 1) Theres a server side check for the CPs, 2) Editing the Conquer.exe file doesnt bypass this check, it allows Client sided edits to work, but as for Server side :rolleyes: Not a chance ;) 3) So far as I believe, theres no Public Proxys yet, and as for one that'll let you Send/Recieve Packets as strings :rolleyes: well you havnt a chance in hell :rolleyes: cause there NEVER gonna be public :p

1. I know there's a server-sided check. In the packet, there should be a "MoneyType" boolean or byte that determines whether you're buying for silvers or CPs.
2. There's also a client-side check. When you buy items, it brings the message up.
3. Yep, no public proxies, but there's no need to send packets as strings.

3. Yep, no public proxies, but there's no need to send packets as strings.[/QUOTE]

Actually today CID proxy is hoping to be release.

Quote:

Originally Posted by Lateralus Yep, and I think TQ hasn't added their server-sided checks for CPs.

ive heard they had, we had a discussion on it and and i believe it is server sided

Quote:

Originally Posted by Lateralus 1. I know there's a server-sided check. In the packet, there should be a "MoneyType" boolean or byte that determines whether you're buying for silvers or CPs. 2. There's also a client-side check. When you buy items, it brings the message up. 3. Yep, no public proxies, but there's no need to send packets as strings.

I see where your going with this, but theres DEFIENTLY a server side check though, and even if your client doesnt bring the message up the server side checks still take place, for example "Has user clicked Ok or Cancel", its like sending the "Has Won Monthly PK Tourni" Packet without even doing the Tourni o.o But well thats just my opinion because until tested, it can only be that :D a Theory...

Also, theres a need to send packets as a string if thats how your proxy handles them :p

The "buy-item-from-stall-for-CPs-packet" is exactly the same packet as the "buy-item-from-stall-for-Silvers-packet", so.. yea :)

Quote:

Originally Posted by IAmHawtness The "buy-item-from-stall-for-CPs-packet" is exactly the same packet as the "buy-item-from-stall-for-Silvers-packet", so.. yea :)

My understanding was it Does a check on a stall server side to see what the person was charging for there item IDxxxxxxx (* Cps/Silvers *) and THEN takes it (* Cps/Silver *) from purchaser and gives to stall ... It then Deletes the item from the Stall, Runs a check to make sure no item IDxxxxxxx (* the same item *) is still present on server, If its not (* Obviously in a staight purchase, it wont be*) then upon making the check itll create the item IDxxxxxx for the other person... (* If it is present it ends transaction *) Transaction complete....


Well now :rolleyes: In danger of stating the obvious, the easyist way to exploit this transaction is if the person who owns the stall was say , not honest about the process, it would in theory be possible to block the remove item packet for the item, so when the check for if the items present happens, itll stop as the server thinks its cloning a item already in the server, so the person would pay, but not recieve the goods... but once again, just my opinion :) Now if this was put in the "Trade" scenerio...


Oh heres the best ASM book ive found so far, if your having a look into the exe and wanna have a good read ^^ Enjoy

I heard its possible to change the CP and money on client side but when server checks it, money is realised as CPs (because of the box ID's) and CPs as money. It would take a complete A-Hole to do something like this spending the time searching and putting into effect but not everyone in the world is a nice person.

Quote:

Originally Posted by chrisbond I heard its possible to change the CP and money on client side but when server checks it, money is realised as CPs (because of the box ID's) and CPs as money.

You're right about that. That's only by using a memory editor though.

Quote:

Originally Posted by IAmHawtness The "buy-item-from-stall-for-CPs-packet" is exactly the same packet as the "buy-item-from-stall-for-Silvers-packet", so.. yea :)

;)

Quote:

Originally Posted by NovaCygni Oh heres the best ASM book ive found so far, if your having a look into the exe and wanna have a good read ^^ Enjoy

This is coding in ASM, not reverse engineering. Completely different things.

Quote:

Originally Posted by chrisbond I heard its possible to change the CP and money on client side but when server checks it, money is realised as CPs (because of the box ID's) and CPs as money. It would take a complete A-Hole to do something like this spending the time searching and putting into effect but not everyone in the world is a nice person.

that's what i actually thought but it's hard to dind the memory addresses!

anyone found it?:D

I think it all based in client refresh sometimes when i trade alot various items when i close window with items i didnt wana buy and open a new trade window the items are there so if this posible with items why not with cps the items i c are clientsidet but stil when u put ur items in and click ok then the server dont C ntg worng and u lose on it

Sry for my eanglish its not my native language hope u guys get the point

Quote:

Originally Posted by NovaCygni My understanding was it Does a check on a stall server side to see what the person was charging for there item IDxxxxxxx (* Cps/Silvers *) and THEN takes it (* Cps/Silver *) from purchaser and gives to stall ... It then Deletes the item from the Stall, Runs a check to make sure no item IDxxxxxxx (* the same item *) is still present on server, If its not (* Obviously in a staight purchase, it wont be*) then upon making the check itll create the item IDxxxxxx for the other person... (* If it is present it ends transaction *) Transaction complete.... Well now :rolleyes: In danger of stating the obvious, the easyist way to exploit this transaction is if the person who owns the stall was say , not honest about the process, it would in theory be possible to block the remove item packet for the item, so when the check for if the items present happens, itll stop as the server thinks its cloning a item already in the server, so the person would pay, but not recieve the goods... but once again, just my opinion :) Now if this was put in the "Trade" scenerio... Oh heres the best ASM book ive found so far, if your having a look into the exe and wanna have a good read ^^ Enjoy

If one could do that, couldn't they also create a cloning program if it blocked the remove item packet and then sent a message to the server that it was removed? :p

Quote:

Originally Posted by CONights If one could do that, couldn't they also create a cloning program if it blocked the remove item packet and then sent a message to the server that it was removed? :p

Check the bold bit :D

Quote:

itll stop as the server thinks its cloning a item already in the server

And also....

Quote:

Runs a check to make sure no item IDxxxxxxx (* the same item *) is still present on server

Quote:

Originally Posted by Some-Guy Check the bold bit :D And also....

:p lololololol But yeh im right though arnt I? Sure thats what was patched when *Coughs* Mayfaire had the cloning happening on it...

Quote:

Originally Posted by Lateralus in ASM, not reverse engineering. Completely different things.

You would want someone to attempt to reverse something using ASM when they dont even understand what the code there looking at a) does b) is structured c) Its limitations :rolleyes: Thats either incredibly time-wasting, or incredibly stupid,,, probably equal amounts of both... but then strangely sounds like the sort of thing I wouldve done :rolleyes:

Quote:

Originally Posted by NovaCygni You would want someone to attempt to reverse something using ASM when they dont even understand what the code there looking at a) does b) is structured c) Its limitations :rolleyes: Thats either incredibly time-wasting, or incredibly stupid,,, probably equal amounts of both... but then strangely sounds like the sort of thing I wouldve done :rolleyes:

Why jump into learning how to CODE in ASM when you can learn straight off how to REVERSE? You'd jump into a lot of concepts that you don't need in reversing by using that book (or at least they aren't needed to know in such great detail). Plus, those using the book most likely wouldn't be able to crack obfuscated software.

Now don't get me wrong, you could learn using the book. But if you're not coding in ASM, I'd suggest you go straight into reversing. It's not as hard as everyone thinks, and is a great way to understand concepts in other languages.

Actually, what I plan on doing is getting through this 40 video tutorial (I'm on lesson 19), then learning how to code in ASM, and going back through the tutorial once I understand some coding.

But believe me, I'm fairly good at reversing and I have no clue how to code in ASM.