Hello, I currently have a problem, someone is using a packet loggerto crash the server. I know he's using a flaw with the new packet login
but I do not know exactly what I have to do.
here is the code:
/// <summary>
/// login packet
/// </summary>
/// <param name="loginPacket"></param>
public void VerifyLogin(LoginPacket loginPacket)
{
if (loginPacket == null)
{
return;
}
UserDTO user = new UserDTO
{
Name = loginPacket.Name,
Password = ConfigurationManager.AppSettings["UseOldCrypto"] == "true"
? CryptographyBase.Sha512(LoginCryptography.GetPassw ord(loginPacket.Password)).ToUpper()
: loginPacket.Password
};
AccountDTO loadedAccount = DAOFactory.AccountDAO.LoadByName(user.Name);
if (loadedAccount?.Password.ToUpper().Equals(user.Pas sword) == true)
{
string ipAddress = _session.IpAddress;
DAOFactory.AccountDAO.WriteGeneralLog(loadedAccoun t.AccountId, ipAddress, null,
GeneralLogType.Connection, "LoginServer");
//check if the account is connected
if (!CommunicationServiceClient.Instance.IsAccountCon nected(loadedAccount.AccountId))
{
AuthorityType type = loadedAccount.Authority;
PenaltyLogDTO penalty = DAOFactory.PenaltyLogDAO.LoadByAccount(loadedAccou nt.AccountId)
.FirstOrDefault(s => s.DateEnd > DateTime.Now && s.Penalty == PenaltyType.Banned);
if (penalty != null)
{
_session.SendPacket(
$"fail {string.Format(Language.Instance.GetMessageFromKey ("BANNED"), penalty.Reason, penalty.DateEnd.ToString("yyyy-MM-dd-HH:mm"))}");
}
else
{
switch (type)
{
case AuthorityType.Unconfirmed:
{
_session.SendPacket($"fail {Language.Instance.GetMessageFromKey("NOTVALIDATE" )}");
}
break;
case AuthorityType.Banned:
{
_session.SendPacket(
$"fail {string.Format(Language.Instance.GetMessageFromKey ("BANNED"), "Unknown", "Unknown")}");
}
break;
case AuthorityType.Closed:
{
_session.SendPacket($"fail {Language.Instance.GetMessageFromKey("IDERROR")}") ;
}
break;
default:
{
if (loadedAccount.Authority == AuthorityType.User
|| loadedAccount.Authority == AuthorityType.BitchNiggerFaggot)
{
MaintenanceLogDTO maintenanceLog = DAOFactory.MaintenanceLogDAO.LoadFirst();
if (maintenanceLog != null && maintenanceLog.DateStart < DateTime.Now)
{
_session.SendPacket(
$"fail {string.Format(Language.Instance.GetMessageFromKey ("MAINTENANCE"), maintenanceLog.DateEnd, maintenanceLog.Reason)}");
return;
}
}
int newSessionId = SessionFactory.Instance.GenerateSessionId();
Logger.Debug(string.Format(Language.Instance.GetMe ssageFromKey("CONNECTION"), user.Name,
newSessionId));
try
{
ipAddress = ipAddress.Substring(6, ipAddress.LastIndexOf(':') - 6);
CommunicationServiceClient.Instance.RegisterAccoun tLogin(loadedAccount.AccountId,
newSessionId, ipAddress);
}
catch (Exception ex)
{
Logger.Error("General Error SessionId: " + newSessionId, ex);
}
string[] clientData = loginPacket.ClientData.Split('.');
if (clientData.Length < 2)
{
clientData = loginPacket.ClientDataOld.Split('.');
}
bool ignoreUserName = short.TryParse(clientData[3], out short clientVersion)
&& (clientVersion < 3075
|| ConfigurationManager.AppSettings["UseOldCrypto"] == "true");
_session.SendPacket(BuildServersPacket(user.Name, newSessionId, ignoreUserName));
}
break;
}
}
}
else
{
_session.SendPacket($"fail {Language.Instance.GetMessageFromKey("ALREADY_CONN ECTED")}");
}
}
else
{
_session.SendPacket($"fail {Language.Instance.GetMessageFromKey("IDERROR")}") ;
}
}
#endregion
}
}
but I do not know exactly what I have to do.
here is the code:
/// <summary>
/// login packet
/// </summary>
/// <param name="loginPacket"></param>
public void VerifyLogin(LoginPacket loginPacket)
{
if (loginPacket == null)
{
return;
}
UserDTO user = new UserDTO
{
Name = loginPacket.Name,
Password = ConfigurationManager.AppSettings["UseOldCrypto"] == "true"
? CryptographyBase.Sha512(LoginCryptography.GetPassw ord(loginPacket.Password)).ToUpper()
: loginPacket.Password
};
AccountDTO loadedAccount = DAOFactory.AccountDAO.LoadByName(user.Name);
if (loadedAccount?.Password.ToUpper().Equals(user.Pas sword) == true)
{
string ipAddress = _session.IpAddress;
DAOFactory.AccountDAO.WriteGeneralLog(loadedAccoun t.AccountId, ipAddress, null,
GeneralLogType.Connection, "LoginServer");
//check if the account is connected
if (!CommunicationServiceClient.Instance.IsAccountCon nected(loadedAccount.AccountId))
{
AuthorityType type = loadedAccount.Authority;
PenaltyLogDTO penalty = DAOFactory.PenaltyLogDAO.LoadByAccount(loadedAccou nt.AccountId)
.FirstOrDefault(s => s.DateEnd > DateTime.Now && s.Penalty == PenaltyType.Banned);
if (penalty != null)
{
_session.SendPacket(
$"fail {string.Format(Language.Instance.GetMessageFromKey ("BANNED"), penalty.Reason, penalty.DateEnd.ToString("yyyy-MM-dd-HH:mm"))}");
}
else
{
switch (type)
{
case AuthorityType.Unconfirmed:
{
_session.SendPacket($"fail {Language.Instance.GetMessageFromKey("NOTVALIDATE" )}");
}
break;
case AuthorityType.Banned:
{
_session.SendPacket(
$"fail {string.Format(Language.Instance.GetMessageFromKey ("BANNED"), "Unknown", "Unknown")}");
}
break;
case AuthorityType.Closed:
{
_session.SendPacket($"fail {Language.Instance.GetMessageFromKey("IDERROR")}") ;
}
break;
default:
{
if (loadedAccount.Authority == AuthorityType.User
|| loadedAccount.Authority == AuthorityType.BitchNiggerFaggot)
{
MaintenanceLogDTO maintenanceLog = DAOFactory.MaintenanceLogDAO.LoadFirst();
if (maintenanceLog != null && maintenanceLog.DateStart < DateTime.Now)
{
_session.SendPacket(
$"fail {string.Format(Language.Instance.GetMessageFromKey ("MAINTENANCE"), maintenanceLog.DateEnd, maintenanceLog.Reason)}");
return;
}
}
int newSessionId = SessionFactory.Instance.GenerateSessionId();
Logger.Debug(string.Format(Language.Instance.GetMe ssageFromKey("CONNECTION"), user.Name,
newSessionId));
try
{
ipAddress = ipAddress.Substring(6, ipAddress.LastIndexOf(':') - 6);
CommunicationServiceClient.Instance.RegisterAccoun tLogin(loadedAccount.AccountId,
newSessionId, ipAddress);
}
catch (Exception ex)
{
Logger.Error("General Error SessionId: " + newSessionId, ex);
}
string[] clientData = loginPacket.ClientData.Split('.');
if (clientData.Length < 2)
{
clientData = loginPacket.ClientDataOld.Split('.');
}
bool ignoreUserName = short.TryParse(clientData[3], out short clientVersion)
&& (clientVersion < 3075
|| ConfigurationManager.AppSettings["UseOldCrypto"] == "true");
_session.SendPacket(BuildServersPacket(user.Name, newSessionId, ignoreUserName));
}
break;
}
}
}
else
{
_session.SendPacket($"fail {Language.Instance.GetMessageFromKey("ALREADY_CONN ECTED")}");
}
}
else
{
_session.SendPacket($"fail {Language.Instance.GetMessageFromKey("IDERROR")}") ;
}
}
#endregion
}
}
