|
You last visited: Today at 17:14
Advertisement
Can you guys share more information?
Discussion on Can you guys share more information? within the Flyff Private Server forum part of the Flyff category.
04/17/2020, 23:34
|
#1
|
elite*gold: 0
Join Date: May 2019
Posts: 74
Received Thanks: 5
|
Can you guys share more information?
Hi,
Can you guys share more information as to why this error pops up? I've been receiving this error few times that causes core server to crash. Any information is very very well appreciated.
Error:
Code:
CClientSocket.Fetch: ip = 54.245.49.145, size = 790647882
This is only my own theory:
When you use any hosting services, random snapshots of bots maybe or services as well that pings your server in a certain port and thus making your core server crash. I might really be wrong but I hope you get what I want to tell.
|
|
|
04/18/2020, 04:34
|
#2
|
elite*gold: 0
Join Date: Jul 2010
Posts: 174
Received Thanks: 329
|
possible a DDoS attack you must secure your server if you buy vps/dedicated server make sure that it has Anti-DDoS protection and for your website use SSL protection (CloudFlare) for Anti-SQL Injection. Hope it helps.
|
|
|
04/18/2020, 08:51
|
#3
|
elite*gold: 0
Join Date: Aug 2016
Posts: 308
Received Thanks: 366
|
A DDoS attack would rather make you lose the connection. Since the erros is throwing an enourmos packet size, it has to do with somehow an enourmous or just invalid packet is being received.
Funny enough the Core shouldn't be accessible from an open network, so the packet has to come from some other server instance. Quite fun to debug tho.
|
|
|
04/18/2020, 09:22
|
#4
|
elite*gold: 0
Join Date: May 2019
Posts: 74
Received Thanks: 5
|
Thank you both for your own opinions, I really appreciate it. Im still figuring this out because just about few hours the database crashed with the same error and the same packet size, now I have to know where and what port might this packet came from and I might as well check my packet encryption system.
|
|
|
04/18/2020, 10:17
|
#5
|
elite*gold: 2
Join Date: Jan 2008
Posts: 778
Received Thanks: 983
|
Quote:
Originally Posted by pbben15
possible a DDoS attack you must secure your server if you buy vps/dedicated server make sure that it has Anti-DDoS protection and for your website use SSL protection (CloudFlare) for Anti-SQL Injection. Hope it helps.
|
DDoS Protection, Yes, makes sense.
SSL to prevent SQL Injection? What kind of bullshit are you talking about, how can a service prevent ur files to be vulnerable? Lol. If they're exploitable, they're exploitable. Thats how it works lol.
Quote:
Originally Posted by Naltalah
A DDoS attack would rather make you lose the connection. Since the erros is throwing an enourmos packet size, it has to do with somehow an enourmous or just invalid packet is being received.
Funny enough the Core shouldn't be accessible from an open network, so the packet has to come from some other server instance. Quite fun to debug tho.
|
Agreeing fully, apart of thinking it would be fun, i bet its a pain lol
Quote:
Originally Posted by Fatcode
Thank you both for your own opinions, I really appreciate it. Im still figuring this out because just about few hours the database crashed with the same error and the same packet size, now I have to know where and what port might this packet came from and I might as well check my packet encryption system.
|
Go for Naltalah's advice, also block port 29000 (Secondary port, i think it was used for cash-shop instances, atleast creating items was possible using it, i barely remember which server instance it runs in, either cache or core server if i remember correctly)
|
|
|
04/18/2020, 11:13
|
#6
|
elite*gold: 0
Join Date: May 2019
Posts: 74
Received Thanks: 5
|
Hi netHoxInc,
Thank you for the suggestion. I will add that to my list. Right now am figurint things out. Currently am enabling the firewall to only allow the login server and the world server, I might be wrong on this but I feel so dumb as I have accidentally checked the "block incoming for all" for both private and public. I have seen that my other server executables was open to the public. I hope this is the answer to my problem. I will be updating this thread if it fixes my problem or it doesn't.
|
|
|
04/18/2020, 11:22
|
#7
|
elite*gold: 2
Join Date: Jan 2008
Posts: 778
Received Thanks: 983
|
Quote:
Originally Posted by Fatcode
Hi netHoxInc,
Thank you for the suggestion. I will add that to my list. Right now am figurint things out. Currently am enabling the firewall to only allow the login server and the world server, I might be wrong on this but I feel so dumb as I have accidentally checked the "block incoming for all" for both private and public. I have seen that my other server executables was open to the public. I hope this is the answer to my problem. I will be updating this thread if it fixes my problem or it doesn't.
|
Yea would be kinda cool to know, im personally not working with server's so im not really that well informed about all of these stuff, but i know how to exploit certain stuff quite well and can probably relate in this way to problems.
Good luck on it, let us know how it ends up ^^
If you need somewhat of a penetration test for your website (SQLi) and your game files (only game breaking stuff, duplications, item creations, etc) hit me up on discord (check sig).
Cheers
|
|
|
04/18/2020, 12:00
|
#8
|
elite*gold: 0
Join Date: Aug 2016
Posts: 308
Received Thanks: 366
|
From what I have found, the crash results in the closing of the connection if an invalid packet is received.
Code:
if( &pClientSock->m_ovRecv == lpov ) // receive i/o completed
{
CBuffer* pBuffer = pClientSock->Fetch( dwBytes );
if( pBuffer )
{
if( pBuffer->cb > 0 ) {
pBuffer->dpid = hSocket;
pDPSock->m_lspRecvBuffer.AddTail( pBuffer );
SetEvent( pDPSock->GetRecvHandle() );
}
else {
SAFE_DELETE( pBuffer );
}
}
else if( WSAGetLastError()
== ERROR_BAD_NET_NAME )
{
pDPSock->CloseConnection( hSocket );
continue;
}
Found in dpsock.cpp IoWorkerThread
This basically results in the connection being terminated, then the pings going on won't be able to communicate resulting in the "TRANS not alive" or "CORE not alive" errors.
Why a crash happens can have multiple issues. Can't really pinpoint it right now. But basically what could happen is that
Code:
m_pRecvBuffer = CBufferFactory::GetInstance().CreateBuffer( m_nBufferType, uPacketSize );
might cause some memory violation or just returning NULL. If you look at it you'll see that CreateBuffer takes a buffer-type and the packet-size. I don't know if you can somehow manipulate the buffer-type but when actually creating the buffer, there is a check for MAX_BUFFER on the supplied buffer-size. If that fails it's trying to allocate memory on the heap with the supplied buffer-size. So I guess it just busts up the heap rather than dropping the message received.
Code:
CBuffer::CBuffer( u_long uBufSize )
{
if( uBufSize > MAX_BUFFER ) {
m_lpBufStart = (LPBYTE)CBuffer::m_pHeapMng->Malloc( uBufSize );
Since all of this happens as a void* operation, it might as well crash when trying to actually convert the memory data to something it wasn't intended to be.
Those are just some guesses from a quick look at what the code actually does, but I guess debugging will be your best bet to see if it actually crashes on the error or tries to do something else, in which case it would be easier to pinpoint where the exploit is coming from.
Because in theory, the packet has to get corrupted somewhere along the way on a message received from probably cache or worldserver.
If the program just shuts down without throwing an error message or an exception, I would suppose it's this part:
Code:
fOk = GetQueuedCompletionStatus( pDPSock->GetCompletionPort( lIoWorker - 1 ), &dwBytes, (LPDWORD)&hSocket, &lpov, INFINITE );
if( dwBytes == CLOSEIOWORKERMSG )
{
InterlockedDecrement( &pDPSock->m_lActiveIoWorker );
return( 0 );
}
So basically someone is sending the exact package to turn off the instance. But that's some WinAPI stuff I'm not really familiar with.
|
|
|
04/18/2020, 19:15
|
#9
|
elite*gold: 50
Join Date: Feb 2014
Posts: 288
Received Thanks: 245
|
The problem is someone sends you a reallllyyy big packet (look at the size, its in bytes if i remember correctly)
|
|
|
04/19/2020, 16:15
|
#10
|
elite*gold: 0
Join Date: May 2019
Posts: 74
Received Thanks: 5
|
Hi @ ,
That's some really rare talents right there. I would love to work with you on those kind of things. Im going to hit you up on discord when I fly back to my country.
Hi @ ,
I really appreciate the effort you did on this. This is very informative thus giving me more power and understanding on how the source is written. It looks like you are good with network programming as well.
Hi @ ,
The packets that I am receiving is indeed not normal. Thank you for the attention that you gave in my post.
--
UPDATE:
What I want you guys to know is that the server is running without players connected as I have turned it up only for testing. What I have found out though is that I need to re-do the packet encryption system and it fixes my problem. So I guess this thread ends here. I'd really like to thank you all for the attention and efforts.
|
|
|
04/22/2020, 03:28
|
#11
|
elite*gold: 0
Join Date: Mar 2018
Posts: 155
Received Thanks: 54
|
Quote:
Originally Posted by Fatcode
Hi,
Can you guys share more information as to why this error pops up? I've been receiving this error few times that causes core server to crash. Any information is very very well appreciated.
Error:
Code:
CClientSocket.Fetch: ip = 54.245.49.145, size = 790647882
This is only my own theory:
When you use any hosting services, random snapshots of bots maybe or services as well that pings your server in a certain port and thus making your core server crash. I might really be wrong but I hope you get what I want to tell.
|
Oh I just experience this right now haha
Code:
2020/ 4/21 23:16:29 CClientSocket.Fetch: ip = 64.225.76.244, size = 1571870089
2020/ 4/21 23:16:29 CClientSocket.Fetch: ip = 64.225.76.244, size = 1953706093
2020/ 4/21 23:16:29 CClientSocket.Fetch: ip = 64.225.76.244, size = 1814967609
2020/ 4/21 23:16:30 CClientSocket.Fetch: ip = 64.225.76.244, size = 1946157061
2020/ 4/21 23:16:30 CClientSocket.Fetch: ip = 64.225.76.244, size = 1634563174
2020/ 4/21 23:16:30 CClientSocket.Fetch: ip = 64.225.76.244, size = 1946157320
2020/ 4/21 23:16:34 CClientSocket.Fetch: ip = 64.225.76.244, size = 1866611479
2020/ 4/21 23:17:43 CClientSocket.Fetch: ip = 167.172.48.101, size = 1915224069
2020/ 4/21 23:17:51 CClientSocket.Fetch: ip = 167.172.48.101, size = 1761607688
2020/ 4/21 23:17:52 CClientSocket.Fetch: ip = 167.172.48.101, size = 1785790469
2020/ 4/21 23:19:38 CORE : is not alive
2020/ 4/21 23:20:38 CORE : is not alive
2020/ 4/21 23:21:38 CORE : is not alive
And it crashes my coreserver.exe
additional logs.
21/04/2020 - 17:27:42
Code:
[CRASH] - C:\Users\Admin\Desktop\ServerFlyFF\Source\WorldServer\DPSrvr.cpp : CDPSrvr::UserMessageHandler (Ln. 704)
Code:
void CDPSrvr::UserMessageHandler( LPDPMSG_GENERIC lpMsg, DWORD dwMsgSize, DPID idFrom )
{
TRY
LPBYTE lpBuffer = (LPBYTE)lpMsg + sizeof(DPID);
u_long uBufSize = dwMsgSize - sizeof(DPID);
CAr ar( lpBuffer, uBufSize );
GETTYPE( ar )
void ( theClass::*pfn )( theParameters ) = GetHandler( dw );
if( pfn )
{
( this->*( pfn ) )( ar, idFrom, *(UNALIGNED LPDPID)lpMsg, lpBuffer, uBufSize );
}
CATCH
}
|
|
|
09/06/2020, 11:33
|
#12
|
elite*gold: 0
Join Date: Sep 2020
Posts: 12
Received Thanks: 0
|
--
UPDATE:
What I want you guys to know is that the server is running without players connected as I have turned it up only for testing. What I have found out though is that I need to re-do the packet encryption system and it fixes my problem. So I guess this thread ends here. I'd really like to thank you all for the attention and efforts.[/QUOTE]
Can give advise which file you did look for packet encryption? - i think we have same issue.
|
|
|
11/11/2022, 05:30
|
#13
|
elite*gold: 0
Join Date: Jul 2022
Posts: 21
Received Thanks: 4
|
Quote:
Originally Posted by Fatcode
Hi @ ,
That's some really rare talents right there. I would love to work with you on those kind of things. Im going to hit you up on discord when I fly back to my country.
Hi @ ,
I really appreciate the effort you did on this. This is very informative thus giving me more power and understanding on how the source is written. It looks like you are good with network programming as well.
Hi @ ,
The packets that I am receiving is indeed not normal. Thank you for the attention that you gave in my post.
--
UPDATE:
What I want you guys to know is that the server is running without players connected as I have turned it up only for testing. What I have found out though is that I need to re-do the packet encryption system and it fixes my problem. So I guess this thread ends here. I'd really like to thank you all for the attention and efforts.
|
Hi @ can you share what or how did you fix it please?
|
|
|
11/11/2022, 07:24
|
#14
|
elite*gold: 0
Join Date: Mar 2022
Posts: 45
Received Thanks: 27
|
Do you use that file? I get the impression that this kind of problem occurs with the sources of ketchup, these are the sources you use?
Send me you discord in private
|
|
|
11/11/2022, 09:16
|
#15
|
elite*gold: 0
Join Date: Jul 2022
Posts: 21
Received Thanks: 4
|
Quote:
Originally Posted by Ruby-FlyFF
Do you use that file? I get the impression that this kind of problem occurs with the sources of ketchup, these are the sources you use?
Send me you discord in private
|
yes im using ketchup's release on the other forum. I sent a friend request in discord sir
|
|
|
All times are GMT +2. The time now is 17:14.
|
|