I think I got a good one.

08/31/2011 00:24 BaussHacker#1
Well just an idea, that I might look more into.

If you made a proxy, edited chatpacket from client, made it custom, send it to the server.

Like
Code:
Chatpacket (client) -> Proxy -> Customize it -> Server
Let's say you just changed the chat type, wouldn't it be possible to send system messages, even from a normal player?

Thinking private server.

Looking at the packet from client -> server, it's like this:
Code:
Chatype
fromlength
from
tolength
to
messagelength
message
08/31/2011 06:07 .Kinshi#2
Only thing stopping you would be server side checks.
If the private server sucks and doesn't check various things then it could totally be possible.
08/31/2011 10:23 Korvacs#3
I doubt it would work on Binaries or servers run by intelligent people tbh..
08/31/2011 11:06 BaussHacker#4
Quote:
Originally Posted by .Kinshi View Post
Only thing stopping you would be server side checks.
If the private server sucks and doesn't check various things then it could totally be possible.
Was just looking through some public sources and a lot of them seems to have no checks for it. :D
Quote:
Originally Posted by Korvacs View Post
I doubt it would work on Binaries or servers run by intelligent people tbh..
True at that, I will try at binaries anyways.
09/01/2011 00:36 .Kinshi#5
Quote:
Originally Posted by BaussHacker View Post
Was just looking through some public sources and a lot of them seems to have no checks for it. :D
Yeah a lot of people are like "OMGZ IT WORKZ NAOW GUIES! EXPLOITS? WAT DAT?"
09/01/2011 00:37 BaussHacker#6
Quote:
Originally Posted by .Kinshi View Post
Yeah a lot of people are like "OMGZ IT WORKZ NAOW GUIES! EXPLOITS? WAT DAT?"
Seems to work :D

[Only registered and activated users can see links. Click Here To Register...]

Got some few more things to exploit. Some will be time consuming, but having fun. xD
09/01/2011 03:22 .Kinshi#7
It'll always work client sided, but does it work server sided?
09/01/2011 08:27 BaussHacker#8
Quote:
Originally Posted by .Kinshi View Post
It'll always work client sided, but does it work server sided?
Not sure yet, going to test today.
09/04/2011 18:59 pro4never#9
Quote:
Originally Posted by BaussHacker View Post
Not sure yet, going to test today.
Spoofing stuff client side is super, super easy.

That being said... it can still be fun to screw with people.

I was going to be creating a full spoofing solution for people where you could make someone appear as someone else, record yourself botting and then send the video to tq to get that person jailed.

It's sooo simple to do really. Just record the real person's spawn packet and overwrite target player uid spawn packet with your saved one.

If you want to be fancy, also recalculate the damage they do (client side anyways)