AristaClassic - True Classic to Play!

~~TaTLine~~ · 03/31/2016, 20:32

#Removed

Pancakesz · 03/31/2016, 20:50

After joining the PvP server created by TaTLine & team, i decided to join the classic server as wel. First impressions are good, this is what classic ought to be. No cp's, bp, stupid new jump and some more ****..

If you want to relive your classic days as a conquer player you should definitely come and try this server out.

Spirited · 03/31/2016, 21:00

On your last advertisement, we decided that your server was highly exploitable and didn't do much to serve the community a unique or consistent gameplay experience. The project supporting the server is crippled, the programmers you have working for you are untrustworthy, and you have failed to respond appropriately to server feedback. Unless I'm misunderstanding the prior situation, nothing indicated our desire for this server to return.

Looking at your advertisement now, it seems nothing has been changed, and the overall focus is still monetary value. A quick buck for a quick and dirty server. Just analyzing these features you're advertising, you've had "New Custom Quests, Events & Tournaments" on your ad and website for a month now but nothing about those custom events. Even the forums where you announce these events are completely empty. It seems to be just more empty promises on an undesirable and broken server. Nothing unique and less stable than the eyg sources out there. It looks like you even removed all prior accounts. What does that say about those players whom have invested time in your server? What does that say about your ability to maintain a server and make appropriate decisions for your players? This will always concern me - and I feel deeply sorry for any member of this community who gives your server a try. Much better servers with more dedicated and devoted server owners deserve their attention.

Edit: Please don't advertise on my board. My concerns still stand, and I do not believe you are able to deliver any promises on player security. I hope this won't be a repeat of last time regarding your advertisement campaign.

~~TaTLine~~ · 03/31/2016, 21:53

We learned & adjusted.

Romen wasn't build in 1 day, a good server isn't either.
This project is for years, and we will change over the years.

My last post on this thread, thanks.

Spirited · 03/31/2016, 22:13

Quote:

Originally Posted by TaTLine

We learned & adjusted.

Romen wasn't build in 1 day, a good server isn't either.
This project is for years, and we will change over the years.

My last post on this thread, thanks.

It wasn't built in a day, no; but it had good foundation and was definitely spelled correctly. Making similarities between your server and Rome seems like a poor comparison. If this project really is for years, what changes have you made? I don't think you're in any position to be anything but transparent.

Ultimation · 03/31/2016, 22:30

Quote:

Originally Posted by TaTLine

We learned & adjusted.

Romen wasn't build in 1 day, a good server isn't either.
This project is for years, and we will change over the years.

My last post on this thread, thanks.

His last post on the thread?, I guess that means he wont be taking any more feedback.. RIP another server.

Spirited · 04/01/2016, 05:58

Xio. · 04/01/2016, 19:04

Quote:

Originally Posted by Spirited

PM me how you did that, or post it here please.

Spirited · 04/01/2016, 19:23

Quote:

Originally Posted by Xio.

PM me how you did that, or post it here please.

I'd do it again, but I deleted everyone's characters (with the exception of SpiritDviL, who I made a Wood Master at Lvl 189). I also traded her some nice gear. I have a question for you. Who ****** wrote this:

Xio. · 04/01/2016, 19:41

Quote:

Originally Posted by Spirited

I'd do it again, but I deleted everyone's characters (with the exception of SpiritDviL, who I made a Wood Master at Lvl 189). I also traded her some nice gear. I have a question for you. Who ****** wrote this:

That was me lol. Was synchronized to a song we played using that command. Was never meant to be used lol.

Still, how did you delete the chars? I can't think of a way .. haven't worked on that source in too long to be aware of anything that could be exploited in that way.

Edit: you won, tateline won't run a server anymore. Just would like to know how you did it anyway in case its something I am prone to doing again on my private project

Spirited · 04/01/2016, 19:56

Quote:

Originally Posted by Xio.

That was me lol. Was synchronized to a song we played using that command. Was never meant to be used lol.

Still, how did you delete the chars? I can't think of a way .. haven't worked on that source in too long to be aware of anything that could be exploited in that way.

Edit: you won, tateline won't run a server anymore. Just would like to know how you did it anyway in case its something I am prone to doing again on my private project

Well, that explains why it's called "drop". I'll private message you. My goal was indeed to discourage TaTaline from running a server with that source code and the attitude he had against feedback. Maybe in the future when multiple people warn you (the team) about security, you all will listen.

Edit: Your server isn't the only one I can exploit in this manor. It's most servers out there. In fact, the modified Trinity servers from those egy websites all fall under this same trap, or a variation that causes a denial of service. I once worked on a tool that exploited them, but I never had the internet bandwidth to do anything about it until now. Not to say I will; there are far more exciting projects I rather work on.

_DreadNought_ · 04/02/2016, 01:54

That messy chat screenshot you sent can also be achieved with most ****** public sources out there with an exploit and it's probably my favourite one. I remember using it on Snow's server back in the day, 2 line code fix haha

Spirited · 04/02/2016, 04:26

Quote:

Originally Posted by _DreadNought_

That messy chat screenshot you sent can also be achieved with most ****** public sources out there with an exploit and it's probably my favourite one. I remember using it on Snow's server back in the day, 2 line code fix haha

Definitely. What bothers me is these servers are so common, where servers owners really don't have a proper understanding of programming, let alone networking and security. Even with encrypting these ids, it's not enough. You can simply flip a bit in the cipher-text and a lot of the time it'll also flip a bit in the plain text and allow you to login with another account. Encryption is not authentication (nor is plaintext for this case). Anyways, what's done is done; hopefully this can be a lesson learned for future endeavors.

CptSky · 04/02/2016, 16:23

Quote:

Originally Posted by Spirited

[...]You can simply flip a bit in the cipher-text and a lot of the time it'll also flip a bit in the plain text [...]

That's an issue with any block cipher mode or stream cipher that isn't dependent on the previous data. CFB allows for loosing less than a block of data without desynchronizing itself. That's good for some things, but in a reliable stream like TCP, it allows for packet tampering (except if you have an integrity protection)...

The current exploit can be fixed with a proper authentication on the game server side, but at the same time, it shouldn't be doable if TQ had a proper protection in the protocol/cipher against packet tampering (and replay attacks).