|
You last visited: Today at 11:27
Advertisement
How to dupe items? My findings
Discussion on How to dupe items? My findings within the Flyff Hacks, Bots, Cheats, Exploits & Macros forum part of the Flyff category.
06/22/2017, 00:08
|
#1
|
elite*gold: 0
Join Date: Nov 2009
Posts: 627
Received Thanks: 686
|
How to dupe items? My findings
Hello sexy cheaters,
I was wondering how people can dupe items since years in FlyFF without any problem even in the official servers and my questions became bigger when some noble guys asked me to find the trick and inform Webzen because their official server is crowded by dupers, they were so desperate
I also saw some players in the black market making tons of €uros in a completely illegal way that could bring them many legal concerns..
Having said that, I have discovered how to dupe items and the hint was a sentence pronounced by someone in the forums and it was like :
Quote:
"you need to connect a deleted char"
|
I searched a lot and my little experience as a hacker (and not as a developer as I am not a game dev) helped me to find the trick, so I decided to release it in order to force the devs to fix it.
I did not reproduce the exploit in any pserver unless someone give me his validation to do it in his pserver, so I just did it in my own local pserver.
Other dupe methods could exist but this exploit is really epic and can be done easily with Cheat Engine (no need to make a PE).
1. Idea
The idea is to connect a "zombie" char (that was already deleted but its player_id and player_name saved somewhere in a post-it).
The zombie will "move" real items (already deposited by a real character) from his bank to his inventory.
Real character connects to the game, takes off and puts back items into his own bank.
zombie character takes them off again etc...
When creating the zombie char and the real char, both characters should be in the same account and have the same information except the name.
2. You will need..
Any memory editor, for example Cheat Engine.
You will need to identify, using CE features, the 3 slots that appear at the login screen and especially the player_id and player_name.
3. How to proceed?
See the picture below, I put all the instructions to dupe.
Have fun duping and have fun fixing this epic bug.
You can hit the thank button below
Edit (Corrections):
- The slot number does not count, so you can connect a deleted char (which has been deleted from slot#1) in slot #2 or #3 but you need to connect him from the same slot in order to access the items (or use shared bank acess)
- In the image below (step 4), I wanted to say "Character selection window" and not "Login window"
|
|
|
06/22/2017, 01:34
|
#2
|
elite*gold: 70
Join Date: Apr 2015
Posts: 421
Received Thanks: 1,023
|
Well done, kudos to you for releasing it instead of abusing it privately, it would've been hard not to. Even though I am not playing the game anymore I sure hope servers owner will take actions to futher prevent this from happening.
Once again, well done!
|
|
|
06/22/2017, 07:46
|
#3
|
elite*gold: 0
Join Date: Jan 2013
Posts: 39
Received Thanks: 6
|
Hi is it possible to make a video or explain in more detail how to do that ^^. Never use Cheat engine kind of lost
|
|
|
06/22/2017, 09:34
|
#4
|
elite*gold: 0
Join Date: Nov 2009
Posts: 627
Received Thanks: 686
|
Quote:
Originally Posted by BestEloJobs
Hi is it possible to make a video or explain in more detail how to do that ^^. Never use Cheat engine kind of lost
|
Surely when I have time :-)
|
|
|
06/22/2017, 09:36
|
#5
|
elite*gold: 0
Join Date: Oct 2014
Posts: 3
Received Thanks: 0
|
Quote:
Originally Posted by cookie69
Hello sexy cheaters,
I was wondering how people can dupe items since years in FlyFF without any problem even in the official servers and my questions became bigger when some noble guys asked me to find the trick and inform Webzen because their official server is crowded by dupers, they were so desperate
I also saw some players in the black market making tons of €uros in a completely illegal way that could bring them many legal concerns..
Having said that, I have discovered how to dupe items and the hint was a sentence pronounced by someone in the forums and it was like :
I searched a lot and my little experience as a hacker (and not as a developer as I am not a game dev) helped me to find the trick, so I decided to release it in order to force the devs to fix it.
I did not reproduce the exploit in any pserver unless someone give me his validation to do it in his pserver, so I just did it in my own local pserver.
Other dupe methods could exist but this exploit is really epic and can be done easily with Cheat Engine (no need to make a PE).
1. Idea
The idea is to connect a "zombie" char (that was already deleted but its player_id and player_name saved somewhere in a post-it).
The zombie will "move" real items (already deposited by a real character) from his bank to his inventory.
Real character connects to the game, takes off and puts back items into his own bank.
zombie character takes them off again etc...
When creating the zombie char and the real char, both characters should be in the same account and have the same information except the name.
2. You will need..
Any memory editor, for example Cheat Engine.
You will need to identify, using CE features, the 3 slots that appear at the login screen and especially the player_id and player_name.
3. How to proceed?
See the picture below, I put all the instructions to dupe.
Have fun duping and have fun fixing this epic bug.
You can hit the thank button below
Edit (Corrections):
- The slot number does not count, so you can connect a deleted char (which has been deleted from slot#1) in slot #2 or #3 but you need to connect him from the same slot in order to access the items (or use shared bank acess)
- In the image below (step 4), I wanted to say "Character selection window" and not "Login window"
|
Thanks by the way for this but what version of flyff will this work?
|
|
|
06/22/2017, 11:11
|
#6
|
elite*gold: 0
Join Date: Jan 2013
Posts: 39
Received Thanks: 6
|
Re there no need for a video but just a little tutorial on how to identify, using CE features, the 3 slots that appear at the login screen and especially the player_id and player_name. Will this work on InsanityFlyff ? Im willing to pay for your time in private
if you really dont have time to explain here
|
|
|
06/22/2017, 11:35
|
#7
|
elite*gold: 50
Join Date: Jun 2015
Posts: 100
Received Thanks: 210
|
Possible fixes:
Code:
CString strQuery;
DBQryCharacter(strQuery, "S8", idPlayer, g_appInfo.dwSys, lpDBOP->AccountInfo.szAccount);
if (!qry->Exec(strQuery))
{
FreeRequest( lpDBOP );
return;
}
if( !qry->Fetch() )
{
FreeRequest( lpDBOP );
return;
}
// fix
if (qry->GetChar("isblock") != 'F')
{
// Maybe ban?
FreeRequest(lpDBOP);
return;
}
In S8 section of CHARACTER_STR
Code:
FROM CHARACTER_TBL A
inner join TASKBAR_TBL B on A.m_idPlayer = B.m_idPlayer and A.serverindex = B.serverindex
inner join TASKBAR_ITEM_TBL C on B.m_idPlayer = C.m_idPlayer and B.serverindex = C.serverindex
inner join INVENTORY_TBL D on C.m_idPlayer = D.m_idPlayer and C.serverindex = D.serverindex
inner join SKILLINFLUENCE_TBL E on C.m_idPlayer = E.m_idPlayer and C.serverindex = E.serverindex
inner join INVENTORY_EXT_TBL F on E.m_idPlayer = F.m_idPlayer and E.serverindex = F.serverindex
left outer join GUILD_MEMBER_TBL G on E.serverindex = G.serverindex and E.m_idPlayer = G.m_idPlayer
left outer join BILING_ITEM_TBL H on E.serverindex = H.serverindex and E.m_idPlayer = H.m_idPlayer
left outer join tblRestPoint R on E.serverindex = R.serverindex and E.m_idPlayer = R.m_idPlayer
WHERE A.m_idPlayer = @im_idPlayer
AND A.serverindex = [MENTION=3453071]iServe[/MENTION]rindex
AND A.account = lower(@iaccount)
-- fix
AND A.isblock = 'F'
The latter might yield weird results since it still fetches something.
|
|
|
06/22/2017, 15:05
|
#8
|
Trade Restricted
elite*gold: 0
Join Date: May 2011
Posts: 551
Received Thanks: 336
|
Quote:
Originally Posted by FlyffServices
I used this bug 18 months before on Official Flyff and it is already fixxed on thousands of pServers.
You are very late bro.
LOL You leaked this Bug because 100+ peoples know this.
So i bet u know this other bugs LOL? If u know the 3-4 other Dupe bugs then u know this dupe bug is ****** i found it after 1-2 minutes thinking about the old char overwrite bug LOL "epic bug"
@
You dont add a new query. You always add the check to the existing Query. Its the only right fix.
|
Like FlyFFServices said, the bug has been known for a very long time. People like Yannick & me were the first one to use it. (Yannick found the bug) and meanwhile its almost fixed everywhere.
Im not sure what you are saying about the 'bank dupe' since u cant dupe with this method on the regular bank because it wont allow you to open the bank....
but yeah its fixed on 90% of the server. Have fun duping on pinoy servers with brainless admins
Credits to YannickMAMA for finding the bug 100%
FlyFF is already dead
|
|
|
06/22/2017, 15:21
|
#9
|
elite*gold: 0
Join Date: May 2015
Posts: 6
Received Thanks: 0
|
So it does not work on the official servers right?
|
|
|
06/22/2017, 15:34
|
#10
|
elite*gold: 32
Join Date: Dec 2015
Posts: 2,275
Received Thanks: 1,113
|
Quote:
Originally Posted by Luemmeln
So it does not work on the official servers right?
|
No :/ I called the Admins how to fixx because my partner shared the bug with his friends and i want to be the only duper on Official Flyff.
But it works on realy small ****** server
|
|
|
06/22/2017, 15:35
|
#11
|
elite*gold: 0
Join Date: Aug 2012
Posts: 37
Received Thanks: 13
|
Cookie tunsian power !
method pro but this is big old ^^
|
|
|
06/22/2017, 16:26
|
#12
|
elite*gold: 0
Join Date: Nov 2009
Posts: 627
Received Thanks: 686
|
I think the subject has been discussed enough and what was intended here is to alert some servers owners to fix or check their security.
If it is already fixed in most servers so it is even better.
As @ said, duping has nothing to be compared with botting.
Duping could kill a server and make some triumphalistic guys rule it undergroundly. @ #closerequest please
|
|
|
06/22/2017, 19:37
|
#13
|
elite*gold: 28
Join Date: Feb 2010
Posts: 463
Received Thanks: 277
|
Quote:
Originally Posted by ディオニュソス
Possible fixes:
Code:
CString strQuery;
DBQryCharacter(strQuery, "S8", idPlayer, g_appInfo.dwSys, lpDBOP->AccountInfo.szAccount);
if (!qry->Exec(strQuery))
{
FreeRequest( lpDBOP );
return;
}
if( !qry->Fetch() )
{
FreeRequest( lpDBOP );
return;
}
// fix
if (qry->GetChar("isblock") != 'F')
{
// Maybe ban?
FreeRequest(lpDBOP);
return;
}
In S8 section of CHARACTER_STR
Code:
FROM CHARACTER_TBL A
inner join TASKBAR_TBL B on A.m_idPlayer = B.m_idPlayer and A.serverindex = B.serverindex
inner join TASKBAR_ITEM_TBL C on B.m_idPlayer = C.m_idPlayer and B.serverindex = C.serverindex
inner join INVENTORY_TBL D on C.m_idPlayer = D.m_idPlayer and C.serverindex = D.serverindex
inner join SKILLINFLUENCE_TBL E on C.m_idPlayer = E.m_idPlayer and C.serverindex = E.serverindex
inner join INVENTORY_EXT_TBL F on E.m_idPlayer = F.m_idPlayer and E.serverindex = F.serverindex
left outer join GUILD_MEMBER_TBL G on E.serverindex = G.serverindex and E.m_idPlayer = G.m_idPlayer
left outer join BILING_ITEM_TBL H on E.serverindex = H.serverindex and E.m_idPlayer = H.m_idPlayer
left outer join tblRestPoint R on E.serverindex = R.serverindex and E.m_idPlayer = R.m_idPlayer
WHERE A.m_idPlayer = @im_idPlayer
AND A.serverindex = [MENTION=3453071]iServe[/MENTION]rindex
AND A.account = lower(@iaccount)
-- fix
AND A.isblock = 'F'
The latter might yield weird results since it still fetches something.
|
The second fix work. I use it on september 2016
|
|
|
06/23/2017, 06:46
|
#14
|
wild wild son
elite*gold: 0
Join Date: Feb 2011
Posts: 5,828
Received Thanks: 3,369
|
#closed [as requested]
|
|
|
|
Similar Threads
|
[CODE]Ingame Functions( POST YOUR FINDINGS HERE )
11/28/2017 - Aura Kingdom - 215 Replies
Hi guys, here is how to send a Skill using SkillId ( not using a keyboard press )
//Retrieves the skill ID from the actual slotbar
ULONG myGetSkillIdFromSlotBar( ULONG lpSlot, ULONG lpBase = 0x0179D9B0 )
{
ULONG dwDelta = ( lpSlot - 1 ) * 4, dwRes = NULL;
__asm
|
Botting 24/7 doubles ban risk, and other findings
10/31/2010 - WoW Bots - 10 Replies
Hi ElitePVPers,
I just ran a statistical analysis on the voter data from this poll of AIO Bot users. The results should be generalizable to other bots. For example, Honorbuddy did a similar poll that showed a 37% overall ban rate, although they didn't collect as much data on other risk factors. AIO Bot's ban rate so far is 30%. Our poll is still open; right now it's at 63 votes.
Here's what I found:
Botting 24/7 doubles the risk of getting banned.
Using additional non-AIO Bot...
|
Cracking CabalRider, need advice (With findings so far)
11/07/2008 - Cabal Online - 26 Replies
First of all, I'm new to cracking, so what I did might sound noobish/stupid.
As CabalRider went p2p I wanted to see how cracking actually works and read some tutorials about it. I ran into some problems and reported my findings below. I hope that someone can give me a pointer or advice on how to solve problems or even telling me I'm taking the right/wrong course.
First I replaced loginfailed.html by loginsuccess.html, but that didn't work (ofcourse).
I then decompiled it using, PE explorer,...
|
SOX findings, place ur sox findiings here
06/04/2007 - Silkroad Online - 8 Replies
place ur sox finds here :D
i just found a sos lvl 8 glaive =P
<hr>Append on Jun 4 2007, 01:11<hr> 20 mins later i find another sos chest.. lvl 13
|
All times are GMT +2. The time now is 11:27.
|
|