[Exploits] In-game MagicOpt Hack

Yoo, I've found this hack sometime ago BUT since it's lame, I decided to share it. Sadly, the only way to fix this it processing the incoming requests and comparing them to a list.

First, I'll explain how it works then how you (a server manager can fix this).

What does it do?
Simply, you add different MagicOptions to avatars, yes options that are not in the normal NPC list.


Yes, that's it, of course there are other magic opts that work, just try them out.

How it works:

First, you have to select the blacksmith npc and then you are ready to inject the packet manually.

PS: If there are multiple entries for the same MagOpt it's possible to keep trying infinitely and you will still get a random value each time.

Example: "MATTR_STR" has 3 entries +1, +2, +3. You will get one of these each time you try.

Breaking the MAX value of MagicOptions is not possible tho, you can add only 4 on avatars (normal ones).

How to fix this?
Until now, by processing the incoming packets, parsing them and comparing them to the allowed list of strings.

Theory:
Fixing it @ the database, but I didn't really take a look yet. Will do it later I guess.

Enjoy.

bull***t

Here we are again another exploit , these things are really rare .. Thanks for sharing

Quote:

Originally Posted by Chainer* Here we are again another exploit , these things are really rare .. Thanks for sharing

They're not rare ;) Some things are better unreleased.

well , nothing is secret ever !!

was doing some shitty avatars in x Servers and selling them xDD

how i can inject the packet manually ?

Quote:

Originally Posted by BlastWarrior how i can inject the packet manually ?

Well, use phAnalyzer if you don't have your own proxy server.

This might actually be a little harder to fix than the most common crap around.

I personally would just go with a array of whitelisted magopt-strings. This works properly only if you've got inv-movement properly parsed tho.

Otherwise you may check for any procs being run while granting those blues. Ooor just run a performance draining query on each incing 3409 and grab refobjcom.typeids and joining on magopts available to it where string == packets string. It'll drain performance if someone spam it a bit.

Quote:

Originally Posted by Royalblade* This might actually be a little harder to fix than the most common crap around. I personally would just go with a array of whitelisted magopt-strings. This works properly only if you've got inv-movement properly parsed tho. Otherwise you may check for any procs being run while granting those blues. Ooor just run a performance draining query on each incing 3409 and grab refobjcom.typeids and joining on magopts available to it where string == packets string. It'll drain performance if someone spam it a bit.

[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]

Edit:
Syloxx said something about injecting the one-time blues several times, not sure if you can do that but I can prevent bots from adding avatar blues to start with, so me fine :3

Well, an avatar can only have one entry from each Magic, in case of magics that has same code but different levels, the blue is altered!

Quote:

Originally Posted by ​Goofie​ [Only registered and activated users can see links. Click Here To Register...] [Only registered and activated users can see links. Click Here To Register...] [Only registered and activated users can see links. Click Here To Register...] Edit: Syloxx said something about injecting the one-time blues several times, not sure if you can do that but I can prevent bots from adding avatar blues to start with, so me fine :3

I wanna download where is the link

Quote:

Originally Posted by Zyad ahmed I wanna download where is the link

link for what? the owner of the comment banded

Quote:

Originally Posted by Zyad ahmed I wanna download where is the link

[Only registered and activated users can see links. Click Here To Register...]