Register for your free account! | Forgot your password?

You last visited: Today at 22:09

  • Please register to post and access all features, it's quick, easy and FREE!

 

Angel Create Dupe Fix

Reply
 
Old   #1
 
elite*gold: 0
Join Date: Jan 2015
Posts: 110
Received Thanks: 388
Angel Create Dupe Fix

Fix for this Dupe here: https://www.elitepvpers.com/forum/fl...t-servers.html

It is possible to dupe every item in your inventory so here is the fix for it.

Replace your this whole function with mine and define __FIX_ANGEL_DUPE in your WorldServer

Code:
void CDPSrvr::OnCreateAngel( CAr & ar, DPID dpidCache, DPID dpidUser, LPBYTE lpBuf, u_long uBufSize )
{
	int nOrichalcum, nMoonstone;
	ItemCountSet itemset[20];
	float greenAngelRate, whiteAngelRate, blueAngelRate, redAngelRate;
	FLOAT fRate[4];
	static DWORD adwItemId[4]	= { II_SYS_SYS_QUE_ANGEL_RED, II_SYS_SYS_QUE_ANGEL_BLUE, II_SYS_SYS_QUE_ANGEL_GREEN,  II_SYS_SYS_QUE_ANGEL_WHITE };

	BOOL isSummonWhite = FALSE;
	BOOL isSummonSuccess = FALSE;
	TCHAR sendstr[1024];
	TCHAR tempchr[10];
	CHAR temp[2];
//	TCHAR createAngel[12];
	int j, k, itemcount;
	CItemElem* pItemElem;

	ar.ReadString( sendstr, 1024 );
	CString infostr = sendstr;
	
	int strlen = infostr.GetLength();
	j = 0;
	k = 0;
	itemcount = 0;
	memset(tempchr, 0, sizeof(TCHAR)*10);
	
	for(int i=0; i<strlen; i++)
	{
		temp[0] = infostr.GetAt(i);
		temp[1] = NULL;
		if(strcmp(temp, "D") == 0)
		{
			CString tempstr;
			tempstr.Format("%s", tempchr);
			
			temp[0] = infostr.GetAt(i+1);
			temp[1] = NULL;
			if(strcmp(temp, "D") == 0)
			{
				if(k <= 20)
				{
					itemset[k].extracount = atoi(tempstr);
					memset(tempchr, 0, sizeof(TCHAR)*10);
					k++;
					i++;
					itemcount++;
					j = 0;
#ifdef __FIX_ANGEL_DUPE
					if (itemset[k].extracount <= 0 || itemset[k].extracount > 10)
					{
						return;
					}
#endif // __FIX_ANGEL_DUPE
				}
				else
					return; //k값은 MAX인 20을 넘을 수 없다.
			}
			else
			{
				itemset[k].itemid = atoi(tempstr);
				memset(tempchr, 0, sizeof(TCHAR)*10);
				j = 0;
			}
		}
		else
		{
			tempchr[j] = temp[0];
			j++;
		}
	}
	
	nOrichalcum = 0;
	nMoonstone = 0;

	CUser* pUser = g_UserMng.GetUser( dpidCache, dpidUser );
	if( !IsValidObj( pUser ) )
		return;

#ifdef __FIX_ANGEL_DUPE
	if (CNpcChecker::GetInstance()->IsCloseNpc(MMI_SUMMON_ANGEL, pUser->GetWorld(), pUser->GetPos()) == FALSE)
		return;
#endif // __FIX_ANGEL_DUPE

	
	for( int i=0; i<itemcount; i++)
	{
		pItemElem = (CItemElem*)pUser->GetItemId( itemset[i].itemid );
		if(pItemElem != NULL)
		{
			switch(pItemElem->GetProp()->dwID) 
			{
				case II_GEN_MAT_ORICHALCUM01:
				case II_GEN_MAT_ORICHALCUM01_1:
					nOrichalcum += itemset[i].extracount;
					break;
				case II_GEN_MAT_MOONSTONE:
				case II_GEN_MAT_MOONSTONE_1:
					nMoonstone += itemset[i].extracount;
					break;
#ifdef __FIX_ANGEL_DUPE
				default:
				{
					return;
				}
#endif // __FIX_ANGEL_DUPE
			};
		}
		else
			return;
	}
#ifdef __FIX_ANGEL_DUPE
	if (pUser->GetItemNum(II_GEN_MAT_ORICHALCUM01) + pUser->GetItemNum(II_GEN_MAT_ORICHALCUM01_1) < nOrichalcum
		|| pUser->GetItemNum(II_GEN_MAT_MOONSTONE) + pUser->GetItemNum(II_GEN_MAT_MOONSTONE_1) < nMoonstone
		)
	{
		return;
	}
#endif // __FIX_ANGEL_DUPE

	// R/B/G/W
	greenAngelRate = (nOrichalcum * 1.0f) + (nMoonstone * 1.0f);
	whiteAngelRate = greenAngelRate / 10.0f;
	blueAngelRate = greenAngelRate * 2.0f;
	redAngelRate = 100.0f - ( whiteAngelRate + greenAngelRate + blueAngelRate );
	
	fRate[0]	= redAngelRate;
	fRate[1]	= fRate[0] + blueAngelRate;
	fRate[2]	= fRate[1] + greenAngelRate;
	fRate[3]	= fRate[2] + whiteAngelRate;

	float rand = xRandom(1000) / 10.0f;
	DWORD dwItemId	= 0;
	for( int i = 0; i < 4; i++ )
	{
		if( rand <= fRate[i] )
		{
			dwItemId = adwItemId[i];
			break;
		}
	}	

	if( dwItemId > 0 )
	{
		if( IsValidObj(pUser) )
		{
			for( int i=0; i<itemcount; i++)
			{
				pItemElem = (CItemElem*)pUser->GetItemId( itemset[i].itemid );
				if( !IsUsableItem( pItemElem ) ) //소비될 아이템의 유효성 검사. 실패 시 RETURN
					return;
			}

			if( pUser->m_Inventory.GetEmptyCount() < 1 )
			{
				pUser->AddDiagText(  prj.GetText( TID_GAME_LACKSPACE ) );
				return;
			}

			LogItemInfo aLogItem;
			aLogItem.Action = "&";
			aLogItem.SendName = pUser->GetName();
			aLogItem.RecvName = "ANGEL_MATERIAL";
			aLogItem.WorldId = pUser->GetWorld()->GetID();
			aLogItem.Gold = aLogItem.Gold2 = pUser->GetGold();
			for( int i=0; i<itemcount; i++)
			{
				pItemElem = (CItemElem*)pUser->GetItemId( itemset[i].itemid );
				if( pItemElem->GetExtra() > 0 )
					pItemElem->SetExtra(0);
//#ifdef __ANGEL_LOG				
				OnLogItem( aLogItem, pItemElem, itemset[i].extracount );	
//#endif // __ANGEL_LOG
				pUser->RemoveItem( (BYTE)( pItemElem->m_dwObjId ), itemset[i].extracount );	
			}

		}
		CItemElem itemElem;
		itemElem.m_dwItemId	= dwItemId;
		itemElem.m_nItemNum	= 1;
		if( pUser->CreateItem( &itemElem ) )
		{
//#ifdef __ANGEL_LOG
			LogItemInfo aLogItem;
			aLogItem.Action = "&";
			aLogItem.SendName = pUser->GetName();
			aLogItem.RecvName = "ANGEL_CREATE";
			aLogItem.WorldId = pUser->GetWorld()->GetID();
			aLogItem.Gold = aLogItem.Gold2 = pUser->GetGold();
			OnLogItem( aLogItem, &itemElem, 1 );
//#endif // __ANGEL_LOG
		}
	}
}



Blouflash is offline  
Thanks
16 Users
Old   #2

 
elite*gold: 158
Join Date: Feb 2010
Posts: 360
Received Thanks: 160
So you decide to release it, well nice for new/bad server who don't fix it !


naruto66620 is offline  
Old   #3
 
elite*gold: 0
Join Date: Nov 2009
Posts: 367
Received Thanks: 346
Or you could just fix the RemoveItem() function...Remove a negative value or a value in overflow should not be possible.
cookie69 is online now  
Old   #4

 
elite*gold: 158
Join Date: Feb 2010
Posts: 360
Received Thanks: 160
Quote:
Originally Posted by cookie69 View Post
Or you could just fix the RemoveItem() function...Remove a negative value or a value in overflow should not be possible.
Code:
void CMover::RemoveItem( BYTE nId, short nNum )
{
    CItemBase* pItemBase = GetItemId(nId);
    if (pItemBase && nNum >= 0 )
    {
        short nItemNum = ((CItemElem*)pItemBase)->m_nItemNum;
        short nCheck = nItemNum - nNum;
        if (nCheck < 0)
            nCheck = 0;
        UpdateItem(nId, UI_NUM, nCheck);
    }
}
Can check if > 9999 to, but some server have Npc trade with a bigger quantity so i don't write it.


naruto66620 is offline  
Thanks
4 Users
Old   #5
 
elite*gold: 0
Join Date: Feb 2018
Posts: 23
Received Thanks: 1
void CMover::RemoveItem( BYTE nId, short nNum )
{
CItemBase* pItemBase = GetItemId( nId );
if( pItemBase )
{
#ifdef __LOG
if (pItemBase->m_dwItemId == II_SYS_SYS_SCR_PERIN && m_dwAuthorization >= AUTH_GAMEMASTER)
{
CString strPacket;
strPacket.Format("[Server-Log] [Player Name: %s], [Amount: %i]", GetName(), nNum);
PerinLog(strPacket, "..\\Logs\\Perin\\RemoveItem.txt");
}
#endif //__LOG

UpdateItem( nId, UI_NUM, ( (CItemElem*)pItemBase )->m_nItemNum - nNum );
}
}
RedBuIl is offline  
Old   #6
 
elite*gold: 0
Join Date: Feb 2017
Posts: 39
Received Thanks: 10
Quote:
Originally Posted by RedBuIl View Post
void CMover::RemoveItem( BYTE nId, short nNum )
{
CItemBase* pItemBase = GetItemId( nId );
if( pItemBase )
{
#ifdef __LOG
if (pItemBase->m_dwItemId == II_SYS_SYS_SCR_PERIN && m_dwAuthorization >= AUTH_GAMEMASTER)
{
CString strPacket;
strPacket.Format("[Server-Log] [Player Name: %s], [Amount: %i]", GetName(), nNum);
PerinLog(strPacket, "..\\Logs\\Perin\\RemoveItem.txt");
}
#endif //__LOG

UpdateItem( nId, UI_NUM, ( (CItemElem*)pItemBase )->m_nItemNum - nNum );
}
}
useless
FlyServices is offline  
Old   #7
 
elite*gold: 0
Join Date: Jan 2008
Posts: 215
Received Thanks: 129
Quote:
Originally Posted by naruto66620 View Post
Code:
void CMover::RemoveItem( BYTE nId, short nNum )
{
    CItemBase* pItemBase = GetItemId(nId);
    if (pItemBase && nNum >= 0 )
    {
        short nItemNum = ((CItemElem*)pItemBase)->m_nItemNum;
        short nCheck = nItemNum - nNum;
        if (nCheck < 0)
            nCheck = 0;
        UpdateItem(nId, UI_NUM, nCheck);
    }
}
Can check if > 9999 to, but some server have Npc trade with a bigger quantity so i don't write it.
Fixing this function aswell is a better solution then Fixing only the Wnd of it / The Server handling of it in my eyes, as it will fix other potential security Issues.

Thanks for posting the fix. Now poor Server's dont just return their funcs hopefully


Im not sure if the topic-post fix will be able to handle creating Angels from 0 suns/moons, havent checked it fully. But if not, i'd suggest to check that aswell somehow. On Some server's angels sell for a good penya amount. So it's not a guud dupe, but a money-creator still.

@FlyServices
(If that check is included, im sry, i just woke up xD Just wanted to add.)
netHoxInc is offline  
Old   #8
 
elite*gold: 0
Join Date: Mar 2018
Posts: 46
Received Thanks: 4
PHP Code:
void CMover::RemoveItemBYTE nIdshort nNum )
{
    
CItemBasepItemBase    GetItemIdnId );
    if( 
pItemBase )
    {
        if( 
pItemBase->m_dwItemId == II_SYS_SYS_SCR_PERIN && m_dwAuthorization >= AUTH_GAMEMASTER )
            
PerinLog"[Perin deleted] -- User: %s -- number: %i"GetName(), nNum );

        
UpdateItemnIdUI_NUM, ( (CItemElem*)pItemBase )->m_nItemNum nNum );
    }

Rhea03 is offline  
Old   #9
 
elite*gold: 0
Join Date: Nov 2009
Posts: 367
Received Thanks: 346
Quote:
Originally Posted by Rhea03 View Post
PHP Code:
void CMover::RemoveItemBYTE nIdshort nNum )
{
    
CItemBasepItemBase    GetItemIdnId );
    if( 
pItemBase )
    {
        if( 
pItemBase->m_dwItemId == II_SYS_SYS_SCR_PERIN && m_dwAuthorization >= AUTH_GAMEMASTER )
            
PerinLog"[Perin deleted] -- User: %s -- number: %i"GetName(), nNum );

        
UpdateItemnIdUI_NUM, ( (CItemElem*)pItemBase )->m_nItemNum nNum );
    }

You are idiot guy who think you are fixing but you are doing bullshit!

Why posting bullshit when you are not a real developer??!!

This dupe is possible because the client sends NEGATIVE nNum that means in stead of sending 0x0001 I send for example 0xD8F1‬ which is -9999 so I create 9999 perins or whatever item i want (beacuse the UpdateItem will add the value instead of removing it)
cookie69 is online now  
Thanks
1 User
Old   #10
 
elite*gold: 0
Join Date: Jan 2008
Posts: 215
Received Thanks: 129
Fixes are properly described in this Thread. If the Threadowner has no problems with it, i'd like to #request close

@Blouflash if thats fine with you ofc. I think the required steps are mentioned and anything else leads into developer discussions with more or less unproper fixing examples as shown above.

Again thanks for this Release. Was quicker then expected :')

(Not that I wouldn't enjoy the usual epvper flaming League but. Seriously i think we had enough of that the past time x) )
netHoxInc is offline  
Old   #11
 
elite*gold: 0
Join Date: Jun 2009
Posts: 334
Received Thanks: 480
Quote:
Originally Posted by netHoxInc View Post
(Not that I wouldn't enjoy the usual epvper flaming League but. Seriously i think we had enough of that the past time x) )
Did someone call?

The best way to fix the RemoveItem function is to remove the RemoveItem function entirely.

Thank ypu for the fix blowfishes
Avalion is offline  
Thanks
2 Users
Old   #12
 
elite*gold: 0
Join Date: Jan 2015
Posts: 110
Received Thanks: 388
Quote:
Originally Posted by netHoxInc View Post
Fixes are properly described in this Thread. If the Threadowner has no problems with it, i'd like to #request close

@Blouflash if thats fine with you ofc. I think the required steps are mentioned and anything else leads into developer discussions with more or less unproper fixing examples as shown above.

Again thanks for this Release. Was quicker then expected :')

(Not that I wouldn't enjoy the usual epvper flaming League but. Seriously i think we had enough of that the past time x) )
All Top Servers fixed this dupe years ago. I coded this fix 1 year ago when a friend told me about this dupe. So I just had to copy paste the function into this post.
Most Top Devs here would fix something like this in less than 1 minute.
Blouflash is offline  
Thanks
7 Users
Old   #13
 
elite*gold: 0
Join Date: Sep 2008
Posts: 553
Received Thanks: 667
pUser->GetItemNum(II_GEN_MAT_ORICHALCUM01)

will get the total number of oris you got in your inventory

but you use

pUser->RemoveItem( (BYTE)( pItemElem->m_dwObjId ), itemset[i].extracount );

Which will only delete off the given item stack.

So that means I can have 2 stacks of oris in my inventory
1x 1 ori
1x 20 oris

So then I enter the 1x ori as first item and set extracount to 9
Then the second ori stack and extracount to 1

It will try to set the ori stack on 1. slot to 1 MINUS 9
and the second one to 19

because GetItemNum(II_GEN_MAT_ORICHALCUM01) returns 21 so it's valid for your code.

As long as RemoveItem is not fixed this is still exploitable with that fix.

You could check where you add the ori/moon counter as in

nOrichalcum += pItemElem->m_nItemNum >= itemset[i].extracount ? itemset[i].extracount : pItemElem->m_nItemNum;
Pumaaa is offline  
Thanks
3 Users
Old   #14


 
elite*gold: 274
Join Date: Dec 2017
Posts: 1,147
Received Thanks: 172
I had so fun duping things in flyff but then this fixes got released rip me.
AnimuNazi is offline  
Old   #15
 
elite*gold: 0
Join Date: Aug 2014
Posts: 393
Received Thanks: 103
very useful


Ecrypter is offline  
Reply



« Previous Thread | Next Thread »

Similar Threads
[04.09.13] GigaByte v2.6 [FIX, FIX, FIX, FIX AND FIX]
http://www.elitepvpers.com/forum/warrock-hacks-bots-cheats-exploits/2843300-11-09-gigabyte-public-v2-7-a.html
79 Replies - WarRock Hacks, Bots, Cheats & Exploits
s>dupe dupe dupe
S>dupe at any server batangas area or meet up PM offer rf philippines only (havent tried on any rf) pm na ^_^
9 Replies - RFO Hacks, Bots, Cheats, Exploits & Guides
DUPE DUPE DUPE...
LUNA ONLINE PH. DUPE??? wanna know about more?? PM.. Ym -> heraldho2 MANDALUYONG ONLY... PC 2 PC TUtORIAL..= NO SUCH THING AS FREE..
1 Replies - General Gaming Discussion
dupe dupe dupe
lkjkljk
1 Replies - Dekaron



All times are GMT +2. The time now is 22:09.


Powered by vBulletin®
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Abuse
Copyright ©2018 elitepvpers All Rights Reserved.