[HELP WANTED]GOLD DUPE // BUG

uhm i have discovered a bug when i topped up to buy item mall items

since whenever i'm playing im always looking for possible bugs so i test a lot of

things.

i topped up enough for me to gain 2000 gold or in game credits

but funny thing is instead of 2000 gold i got 14000 gold O.o !

i believe that this is not a random bug or glitch since when i asked some players

about it they say that there is a trick to bug your gold when you top-up

and some have beed doing it for months now.

im having a hard time on discovering the procedure. if anyone knows the exact procedure? can you please give it to me? either tru post or tru pm thanks..

its a bug in their top up system. thats why there are massive ban.. but i think there is method to do it... im also trying to figure it out.... using my proxy and a help by someone..

pw-ph right? how do you feel if your lvl95 character got banned because of people who abuse those kind of things? and you're not doing anything..

dummy accnts + i lot of trading / conversion / yuan drop / = untraceable

they dont ban scammers anyway

i wish this thread wont die easily.. i already check debug option and hole for the exe file.. but anyway what i notice about the gold bug is that its a bug in their top up database...... so its not done in game but its done in their website... i saw some sql db error shown on their website like
[1] Error Method : Void GetDataSub()
[2] Error Message : Object reference not set to an instance of an object.
[3] Error Trace : at Loadup_usecredits3.GetDataSub() in c:\mylu\LUCode\Loadup\usecredits3.aspx.cs:line 168
at Loadup_usecredits3.Page_Load(Object sender, EventArgs e) in c:\mylu\LUCode\Loadup\usecredits3.aspx.cs:line 71
thats when i used some malicious input...

i wonder if i can use..
some inject like
'; UPDATE account = accountname set gold = 50000 where server = 'servername' ---
just an example.. i trying to figure out on how i could force a
'; select all row and column where= "databasename".

if i knew what is their fire wall their using and the structure of their database well i guess
we can use a database blaster just what we did in a other game... you could do anything you want..

i already check the open ports their using in their websites there are only 2
port: 80
port: 443

and one open port for the game its
port:29000..

another idea is if we can find the packet algorithm of the game.. encrytion and decrypt

then we can send a packet.. without beeing dissconnected from the game...

this could open up duping... but its quite hard to figure whta algorithm it uses

algo? like hexa or something?

Quote:

Originally Posted by ericjohn another idea is if we can find the packet algorithm of the game.. encrytion and decrypt then we can send a packet.. without beeing dissconnected from the game... this could open up duping... but its quite hard to figure whta algorithm it uses

i doubt we will be able to decrypt the packets rofl...

that is almost impossible.

YEAH ITS JUST A SECOND IDEA.. ITS POSSIBLE OK BUT IT WILL TAKE UP A LOT OF TIME.. JUST LIKE OTHER GAMES THAT HAS BEEN DECRYPTED..

Quote:

Originally Posted by sfighter i doubt we will be able to decrypt the packets rofl... that is almost impossible.

oO idk what you think is impossible but, if you think THIS is impossible than you dont have any ambition and you are a pessimist though

so if i could provide the info on what firewall they are using you can do something to go around it?

hmm with that bug. in the site one can resend their top up over and over again??? is that what you mean? or just edit the ingame credits and set it to what ever you want..

its definitely posslible to decrypt those packets... sure it will take a lot of time, but once you discovered the algo, then u dun have to do it again...

i think their currently fixing that gold bug. and its the 2nd time it happened.
do u think someone did it or its just a bug?

i think it was done by some player who was good with debugging or somethin.

coz the 1st time the bug was reported was just a bug the 2nd time around was done intently by a player(s)

Quote:

Originally Posted by kite007 i think it was done by some player who was good with debugging or somethin. coz the 1st time the bug was reported was just a bug the 2nd time around was done intently by a player(s)

your right kite.. someone good in in aspx coding but it left a hole and dmg for other players..

in the site their using some [Only registered and activated users can see links. Click Here To Register...] and java script for encrypt code located in [Only registered and activated users can see links. Click Here To Register...] you can view it.. thats what i think when i saw someone in forum in dragon server with uber rewards points in topup and selling more 10000 pcs of lvl 5 soul stone for only 40k.. just think of that