How to dupe items? My findings

Hello sexy cheaters,

I was wondering how people can dupe items since years in FlyFF without any problem even in the official servers and my questions became bigger when some noble guys asked me to find the trick and inform Webzen because their official server is crowded by dupers, they were so desperate :(

I also saw some players in the black market making tons of €uros in a completely illegal way that could bring them many legal concerns..

Having said that, I have discovered how to dupe items and the hint was a sentence pronounced by someone in the forums and it was like :

Quote:

"you need to connect a deleted char"

I searched a lot and my little experience as a hacker (and not as a developer as I am not a game dev) helped me to find the trick, so I decided to release it in order to force the devs to fix it.

I did not reproduce the exploit in any pserver unless someone give me his validation to do it in his pserver, so I just did it in my own local pserver.

Other dupe methods could exist but this exploit is really epic and can be done easily with Cheat Engine (no need to make a PE).

1. Idea
The idea is to connect a "zombie" char (that was already deleted but its player_id and player_name saved somewhere in a post-it).
The zombie will "move" real items (already deposited by a real character) from his bank to his inventory.
Real character connects to the game, takes off and puts back items into his own bank.
zombie character takes them off again etc...

When creating the zombie char and the real char, both characters should be in the same account and have the same information except the name.

2. You will need..
Any memory editor, for example Cheat Engine.
You will need to identify, using CE features, the 3 slots that appear at the login screen and especially the player_id and player_name.

3. How to proceed?
See the picture below, I put all the instructions to dupe.

Have fun duping and have fun fixing this epic bug.
You can hit the thank button below ;)

Edit (Corrections):
- The slot number does not count, so you can connect a deleted char (which has been deleted from slot#1) in slot #2 or #3 but you need to connect him from the same slot in order to access the items (or use shared bank acess)
- In the image below (step 4), I wanted to say "Character selection window" and not "Login window"

[Only registered and activated users can see links. Click Here To Register...]

Well done, kudos to you for releasing it instead of abusing it privately, it would've been hard not to. Even though I am not playing the game anymore I sure hope servers owner will take actions to futher prevent this from happening.

Once again, well done!

Hi is it possible to make a video or explain in more detail how to do that ^^. Never use Cheat engine kind of lost

Quote:

Originally Posted by BestEloJobs Hi is it possible to make a video or explain in more detail how to do that ^^. Never use Cheat engine kind of lost

Surely when I have time :-)

Quote:

Originally Posted by cookie69 Hello sexy cheaters, I was wondering how people can dupe items since years in FlyFF without any problem even in the official servers and my questions became bigger when some noble guys asked me to find the trick and inform Webzen because their official server is crowded by dupers, they were so desperate :( I also saw some players in the black market making tons of €uros in a completely illegal way that could bring them many legal concerns.. Having said that, I have discovered how to dupe items and the hint was a sentence pronounced by someone in the forums and it was like : I searched a lot and my little experience as a hacker (and not as a developer as I am not a game dev) helped me to find the trick, so I decided to release it in order to force the devs to fix it. I did not reproduce the exploit in any pserver unless someone give me his validation to do it in his pserver, so I just did it in my own local pserver. Other dupe methods could exist but this exploit is really epic and can be done easily with Cheat Engine (no need to make a PE). 1. Idea The idea is to connect a "zombie" char (that was already deleted but its player_id and player_name saved somewhere in a post-it). The zombie will "move" real items (already deposited by a real character) from his bank to his inventory. Real character connects to the game, takes off and puts back items into his own bank. zombie character takes them off again etc... When creating the zombie char and the real char, both characters should be in the same account and have the same information except the name. 2. You will need.. Any memory editor, for example Cheat Engine. You will need to identify, using CE features, the 3 slots that appear at the login screen and especially the player_id and player_name. 3. How to proceed? See the picture below, I put all the instructions to dupe. Have fun duping and have fun fixing this epic bug. You can hit the thank button below ;) Edit (Corrections): - The slot number does not count, so you can connect a deleted char (which has been deleted from slot#1) in slot #2 or #3 but you need to connect him from the same slot in order to access the items (or use shared bank acess) - In the image below (step 4), I wanted to say "Character selection window" and not "Login window" [Only registered and activated users can see links. Click Here To Register...]

Thanks by the way for this but what version of flyff will this work?

Re there no need for a video but just a little tutorial on how to identify, using CE features, the 3 slots that appear at the login screen and especially the player_id and player_name. Will this work on InsanityFlyff ? Im willing to pay for your time in private
if you really dont have time to explain here

Possible fixes:

In S8 section of CHARACTER_STR

The latter might yield weird results since it still fetches something.

Quote:

Originally Posted by FlyffServices I used this bug 18 months before on Official Flyff and it is already fixxed on thousands of pServers. You are very late bro. LOL You leaked this Bug because 100+ peoples know this. So i bet u know this other bugs LOL? If u know the 3-4 other Dupe bugs then u know this dupe bug is shitty i found it after 1-2 minutes thinking about the old char overwrite bug LOL "epic bug" @[Only registered and activated users can see links. Click Here To Register...] You dont add a new query. You always add the check to the existing Query. Its the only right fix.

Like FlyFFServices said, the bug has been known for a very long time. People like Yannick & me were the first one to use it. (Yannick found the bug) and meanwhile its almost fixed everywhere.

Im not sure what you are saying about the 'bank dupe' since u cant dupe with this method on the regular bank because it wont allow you to open the bank....

but yeah its fixed on 90% of the server. Have fun duping on pinoy servers with brainless admins

Credits to YannickMAMA for finding the bug 100%

FlyFF is already dead

So it does not work on the official servers right?

Quote:

Originally Posted by Luemmeln So it does not work on the official servers right?

No :/ I called the Admins how to fixx because my partner shared the bug with his friends and i want to be the only duper on Official Flyff.

But it works on realy small shitty server :D

Cookie tunsian power ! :D
method pro but this is big old ^^

I think the subject has been discussed enough and what was intended here is to alert some servers owners to fix or check their security.

If it is already fixed in most servers so it is even better.

As @[Only registered and activated users can see links. Click Here To Register...] said, duping has nothing to be compared with botting.

Duping could kill a server and make some triumphalistic guys rule it undergroundly. @[Only registered and activated users can see links. Click Here To Register...] #closerequest please

Quote:

Originally Posted by ディオニュソス Possible fixes: Code: CString strQuery; DBQryCharacter(strQuery, "S8", idPlayer, g_appInfo.dwSys, lpDBOP->AccountInfo.szAccount); if (!qry->Exec(strQuery)) { FreeRequest( lpDBOP ); return; } if( !qry->Fetch() ) { FreeRequest( lpDBOP ); return; } // fix if (qry->GetChar("isblock") != 'F') { // Maybe ban? FreeRequest(lpDBOP); return; } In S8 section of CHARACTER_STR Code: FROM CHARACTER_TBL A inner join TASKBAR_TBL B on A.m_idPlayer = B.m_idPlayer and A.serverindex = B.serverindex inner join TASKBAR_ITEM_TBL C on B.m_idPlayer = C.m_idPlayer and B.serverindex = C.serverindex inner join INVENTORY_TBL D on C.m_idPlayer = D.m_idPlayer and C.serverindex = D.serverindex inner join SKILLINFLUENCE_TBL E on C.m_idPlayer = E.m_idPlayer and C.serverindex = E.serverindex inner join INVENTORY_EXT_TBL F on E.m_idPlayer = F.m_idPlayer and E.serverindex = F.serverindex left outer join GUILD_MEMBER_TBL G on E.serverindex = G.serverindex and E.m_idPlayer = G.m_idPlayer left outer join BILING_ITEM_TBL H on E.serverindex = H.serverindex and E.m_idPlayer = H.m_idPlayer left outer join tblRestPoint R on E.serverindex = R.serverindex and E.m_idPlayer = R.m_idPlayer WHERE A.m_idPlayer = @im_idPlayer AND A.serverindex = [MENTION=3453071]iServe[/MENTION]rindex AND A.account = lower(@iaccount) -- fix AND A.isblock = 'F' The latter might yield weird results since it still fetches something.

The second fix work. I use it on september 2016 ;)

#closed [as requested]