Massive DC exploit (Details)

Hi everyone, to begin i would like to make clear the reason im making this public for good, we all now Joymax doesn't fix bug unless they're being exploited by a wide range of people, and i hope the Elitepvprs admins will support me since on Rev6 my post got deleted, their reasons unacceptable, claiming that Joymax told them they gonna fix it after Legend V plus which didn't happend basically pure bullshit i know they're exploiting it but thats not the topic.

How i found it:
The way i figure out this bug was because the entrance of jobcave was bugged, you got dcd by just walking near, so i took SrProxy log the packets i found that one was making a stall which some strange characters (text) so i took this packet and try to do the same, basically i use the same binary data to create a stall, using this weird characters (text).

Theory:
Im not quite sure but this might be able to be done everywhere where text is used, chat, pm, etc, Seams like sro uses a single byte character set (unicode), but packet wise it uses a double byte per character to allow the use of korean characters which are alot more then the unicode.

So if you send text using a double byte character the game will crash and also all players around :D

Practical:
You have to do this packet wise, basically send text using a double byte character :) like this:

this is the packet to change the stall name, visible for everyone
HEX:

0D 00 BA 70 02 00 07 05 00 67 00 67 00 67 00 20 00 03 03

Packet explanation:
0D 00 = packet size
BA 70 = opcode
02 00 = security bytes
05 00 = size of the new stall name
67 00 67 00 67 00 67 00 03 03 = New stall name

67 00 67 00 67 00 67 00 03 03

Note that the last character "03 03" is using a double byte character set, this will do the trick :)

Tools needed

You will need a Proxy: go to refycer dot info and download that WELL known proxy (SrProxy).

A detour to redirect sro to the proxy (localhost), theres one on this forum, or you can use mediapatcher from agbot releases.

A program to send the packet, it could be either VB, C++ or even autoit.

Instructions

- Open your proxy (start it).
- Open the game with the detour (ie mediapatcher, edxdetour).
- While in game, open a stall.
- Once your stall is open send the packet.

CAUTION DO NOT USE THIS ON YOUR MAIN CHARACTER!!

Then everyone around you will get dc including yourself.

Please im requesting someone to make the program to send the packet and all the links for the tools needed, i wont because everyone will blame that this is a hoax, hax, trojan, virus etc IS NOT!

lol, cool i knew something obout this some weeks ago but i didnt knew how 2 do it, i ll try it.

hablas español?

Cool and thx
but this psro section and we havent even stall :rolleyes:

Yea, unlucky you :D Stall is gone :)

this bugg also works with normal chat, even could work with globals, but dunno how 2 do it.

nice find!

old one is old!

[Only registered and activated users can see links. Click Here To Register...] (for the packet)
[Only registered and activated users can see links. Click Here To Register...] (SrProxy)

Also, arent you talking about "joymax" in your post or did i read it wrong? if you did youre in the wrong section

On rev6 it got deleted cuz kyle wanted it to be fixed
and u come here and post this shit
now this will be the end of all pservers...all turks dcing people andstuff

Quote:

Originally Posted by darkdamp On rev6 it got deleted cuz kyle wanted it to be fixed and u come here and post this shit now this will be the end of all pservers...all turks dcing people andstuff

I think this is a nice find and elitepvpers is not rev6

Quote:

Originally Posted by darkdamp On rev6 it got deleted cuz kyle didnt want it to be fixed and u come here and post this shit now this will be the end of all pservers...all turks dcing people andstuff

fix

Quote:

Originally Posted by bottlehead elitepvpers is not rev6

orly?
cpt obvious here as it seems
and that bug is so freakin old lol

:facepalm: nothing to say. gonna sell my chars asap xD

not that old. i was trying to do the same with WPeditor... Kudos for you pal!

Quote:

Originally Posted by darkdamp On rev6 it got deleted cuz kyle wanted it to be fixed and u come here and post this shit now this will be the end of all pservers...all turks dcing people andstuff

Kyle is using it on venice, all thoguether with brotherhoodz guild dont come with me with bullshit you dont know anything!, btw his char name is NeDra, some people would say how do you know is him? simple he always, ALWAYS miss spell "S", example it would write "there a problem" isntead of "theres a problem" so NeDra speaks the same way, also on private agbot forum it uses also NeDra and NymBle which is his pet name. THIS IS THE REASON HE DONT WANT IT FIX IT!


And this has nothing to do with psro, some mod move it, this is for isro.

also theres a fix, just by inserting a unicode font in the pk2 which can be done on psro files i guess i dont know anything about it sorry.

Quote:

Originally Posted by HaGsTeR [Only registered and activated users can see links. Click Here To Register...] (for the packet) [Only registered and activated users can see links. Click Here To Register...] (SrProxy) Also, arent you talking about "joymax" in your post or did i read it wrong? if you did youre in the wrong section

They claim that Joymax told rev6 to wait for legend 5 plus for the fix which is obviously BULLSHIT thats why i waited until now to make this public, i kind of bealive what kyle told me but is pure crap lies.

I MAKE IT CLEAR THIS IS FOR ISRO, THIS BUG IS CURRENTLY BEING USED BY A MINORITY ON ISRO

This Shit is Old And wont work anymore Reason Stalls Disabled. @ least not for pservers