Register for your free account! | Forgot your password?


Go Back   elitepvpers > MMORPGs > Flyff > Flyff Private Server > Flyff PServer Guides & Releases
You last visited: Today at 00:45

  • Please register to post and access all features, it's quick, easy and FREE!

Advertisement



[Fix] Create item with Guild Cloak

Discussion on [Fix] Create item with Guild Cloak within the Flyff PServer Guides & Releases forum part of the Flyff Private Server category.

Reply
 
Old   #1

 
elite*gold: 28
Join Date: Feb 2010
Posts: 487
Received Thanks: 267
[Fix] Create item with Guild Cloak

1. Fix the Overflow

In the function "CDPCacheSrvr::OnGuildPenya" from the files CoreServer/DPCacheSrvr.cpp add the following "check".

Code:
	if( dwType < 0 || dwType >= MAX_GM_LEVEL )
		return;
2. Fix the Creation of the Guild Cloak

In the function "CDPSrvr::OnCreateGuildCloak" from the files WorldServer/DPSrvr.cpp change this code.

Code:
		if( pGuild->m_dwLogo == 0 || pGuild->IsMaster( pUser->m_idPlayer ) == FALSE )
		{
			if( pGuild->m_dwLogo == 0 )
			{
				pUser->AddDefinedText( TID_GAME_GUILDSETTINGLOGO, "" );
			}
			else
			{
				pUser->AddDefinedText( TID_GAME_GUILDONLYMASTERLOGO, "" );
			}
			return;
		}
To this one :

Code:
		if( pGuild->m_dwLogo == 0 || pGuild->m_dwLogo > 20 || pGuild->IsMaster( pUser->m_idPlayer ) == FALSE )
		{
			if( pGuild->m_dwLogo == 0 )
			{
				pUser->AddDefinedText( TID_GAME_GUILDSETTINGLOGO, "" );
			}
			else
			{
				pUser->AddDefinedText( TID_GAME_GUILDONLYMASTERLOGO, "" );
			}
			return;
		}
3. Clear the Guild Logo

Use the following request on the CHARACTER_01_DBF.

Code:
UPDATE GUILD_TBL SET m_dwLogo  = '0' where m_dwLogo > 20
4.1 How to found item create with the Guild Cloak System

Use the following request on the LOGGING_01_DBF.

Code:
SELECT        m_idGuild, m_idPlayer, serverindex, m_Item, State, s_date, Item_count, Item_UniqueNo, SEQ
FROM            LOG_GUILD_BANK_TBL
WHERE        (State = 'C') AND (m_Item > 5000)
Each result found is a item "Exploit".

4.2 How to found item create with the Guild Cloak System

When an item is create by the Guild Cloak System, it is assigned a "m_idGuild" parameter to it.

You will have to check the "pItemElem->m_idGuild" of each item who isn't a Cloak, to found what have been create using this exploit.

You can use many different method, like using the "GetOneItem" function, or simple add a code to remove item who isn't a cloak but have a m_idGuild param != 0.
ZeroTwo02 is offline  
Thanks
3 Users
Old 04/29/2020, 16:19   #2
 
elite*gold: 0
Join Date: Mar 2008
Posts: 664
Received Thanks: 226
First fix is correct, although you don't need to check for a negative value, is unsigned...

Code:
	if( dwType >= MAX_GM_LEVEL )
		return;
As for the second fix I don't understand it. The logo is set on CDPSrvr::OnGuildLogo() and it checks for limits.

Code:
	if( dwLogo > CUSTOM_LOGO_MAX )
		return;

	if( dwLogo > 20 && !pUser->IsAuthHigher( AUTH_GAMEMASTER ) )
		return;
Then we have in function CDPSrvr::OnCreateGuildCloak, a function that doesn't serialize any value and takes the cloak creation based on guild logo.

Code:
itemElem.m_dwItemId	= ITEM_INDEX( 4602, II_ARM_S_CLO_CLO_SYSCLOAK01 ) + (pGuild->m_dwLogo - 1);
Unless you changed something in your code to make it exploitable I don't see anything that needs to get fixed there.
alfredico is offline  
Thanks
1 User
Old 04/29/2020, 16:37   #3

 
elite*gold: 28
Join Date: Feb 2010
Posts: 487
Received Thanks: 267
Quote:
Originally Posted by alfredico View Post
CDPSrvr::OnGuildLogo() and it checks for limits.

Code:
	if( dwLogo > CUSTOM_LOGO_MAX )
		return;

	if( dwLogo > 20 && !pUser->IsAuthHigher( AUTH_GAMEMASTER ) )
		return;
Then we have in function CDPSrvr::OnCreateGuildCloak, a function that doesn't serialize any value and takes the cloak creation based on guild logo.

Code:
itemElem.m_dwItemId	= ITEM_INDEX( 4602, II_ARM_S_CLO_CLO_SYSCLOAK01 ) + (pGuild->m_dwLogo - 1);
Unless you changed something in your code to make it exploitable I don't see anything that needs to get fixed there.
The fix is relate to :

We do not use "OnGuildLogo" to change the logo value, we use OnGuildPenya to make a overflow, because "dwType" isn't check.

Quote from "jooodzszsz"
Quote:
Send:
dwType = 6
dwPenya = 21855

This would write "pGuild->m_adwPenya[6] = 21855;". As you can see in CGuild class, m_adwPenya has just 5 DWORDs, using 6 overflows it and overwrites m_dwLogo with 21855.

Now you just need to create a Guild Cloak for 10k penya.
"itemElem.m_dwItemId = II_ARM_S_CLO_CLO_SYSCLOAK01 + (pGuild->m_dwLogo - 1);"

As you can see they decrease m_dwLogo by 1 and add 4602 (itemid - 4601)
ZeroTwo02 is offline  
Thanks
2 Users
Old 04/29/2020, 16:45   #4
 
elite*gold: 25
Join Date: Jan 2008
Posts: 737
Received Thanks: 930
I expected a bit more knownledge from someone with 'Systems&Exploits' shop in the signature. I smell a leech-collection lmao.

At first I'd advice you to get some basic knownledge about exploits, and specially their methods.

Also leaving the Cloak Create function like this is - if everything is fine on all code sections - ok, but being honest, a stupid idea to be lazy enough for this few code parts to add, just for an extra layer of security.

Back to topic:
Great release, im sure there'll be a few less server's i can raid on their launch now lmao.
Gj
netHoxInc is offline  
Old 04/29/2020, 18:27   #5
 
elite*gold: 0
Join Date: Mar 2008
Posts: 664
Received Thanks: 226
Quote:
Originally Posted by ZeroTwo02 View Post
The fix is relate to :

We do not use "OnGuildLogo" to change the logo value, we use OnGuildPenya to make a overflow, because "dwType" isn't check.

Quote from "jooodzszsz"

I was aware of this exploit, although not about overflowing the m_dwLogo but to crash the server. I ran a quick test and I can confirm it works as @ says except my client crashes because of the new logo texture. With sending the penya value of 21855, you should be able to create perins (21855 + 4602 - 1) = 26456.


Quote:
Originally Posted by netHoxInc View Post
I expected a bit more knownledge from someone with 'Systems&Exploits' shop in the signature. I smell a leech-collection lmao.

At first I'd advice you to get some basic knownledge about exploits, and specially their methods.

Also leaving the Cloak Create function like this is - if everything is fine on all code sections - ok, but being honest, a stupid idea to be lazy enough for this few code parts to add, just for an extra layer of security.

Back to topic:
Great release, im sure there'll be a few less server's i can raid on their launch now lmao.
Gj
First of all, I didn't know the fixes were related and I tend to mistrust when I see fails, like checking a negative value in a DWORD and a post with just copy&paste of data without any explanation about the exploit.
To be honest, I don't understand the mocking part about me in your post and judging my capabilities, you could've kept that part for yourself. I truly know you have way more knowledge in exploiting than I, is more than I prefer to expend my time working on something productive rather looking for vulnerabilities and new open servers for making hacks, exploits and causing problems to other people.
alfredico is offline  
Thanks
1 User
Old 04/29/2020, 20:11   #6
 
elite*gold: 0
Join Date: Aug 2015
Posts: 48
Received Thanks: 16
Quote:
Originally Posted by alfredico View Post
To be honest, I don't understand the mocking part about me in your post and judging my capabilities, you could've kept that part for yourself. I truly know you have way more knowledge in exploiting than I, is more than I prefer to expend my time working on something productive rather looking for vulnerabilities and new open servers for making hacks, exploits and causing problems to other people.
Why new hacks and exploits = problems for other people?
I guess, its a work for them, its a ideas, updates and other things

At least its a improving of flyff
Every time adding something new , with new bugs
And without any 'help' in searching maybe noone at 2020 wouldn't knew about CE stathack

I don't tell that is very nice, but then more guys know - then faster it will be fixed. And at least , new server become more safely
B1ackSnow is offline  
Old 04/30/2020, 12:14   #7
 
elite*gold: 0
Join Date: Mar 2013
Posts: 226
Received Thanks: 92
Quote:
Originally Posted by B1ackSnow View Post
Why new hacks and exploits = problems for other people?
I guess, its a work for them, its a ideas, updates and other things

At least its a improving of flyff
Every time adding something new , with new bugs
And without any 'help' in searching maybe noone at 2020 wouldn't knew about CE stathack

I don't tell that is very nice, but then more guys know - then faster it will be fixed. And at least , new server become more safely
A destructive way of improving.
You could also sell your knowledge by selling fixes. But this way you would only potentially make money with 5% of the FlyFF Community (the Admins) not with the remaining part(the players). You kissing *** so much with this post.
.S0ulSeller is offline  
Old 04/30/2020, 14:15   #8
 
elite*gold: 25
Join Date: Jan 2008
Posts: 737
Received Thanks: 930
Guess we won the bet. Epvp is so predictable. @
netHoxInc is offline  
Old 04/30/2020, 14:40   #9
 
elite*gold: 0
Join Date: Aug 2015
Posts: 48
Received Thanks: 16
Quote:
Originally Posted by .S0ulSeller View Post
A destructive way of improving.
You could also sell your knowledge by selling fixes. But this way you would only potentially make money with 5% of the FlyFF Community (the Admins) not with the remaining part(the players). You kissing *** so much with this post.
Well, I have a bad news for you, my friend, but not about it.
If you can't understand the sence of my post, you have not to answer me with that rudes.
B1ackSnow is offline  
Old 04/30/2020, 14:51   #10
 
elite*gold: 25
Join Date: Jan 2008
Posts: 737
Received Thanks: 930
He's a perfect example on how I see the epvp community lmao.

But who am I to talk, i fit in the sheme just well enough haha.

Good day, and happy beefing lmao
netHoxInc is offline  
Thanks
2 Users
Reply


Similar Threads Similar Threads
How to Cloak an Affiliate Link - Why You Should Cloak and How to Do It
12/01/2020 - Alliance of Valiant Arms - 2 Replies
Why should you learn how to cloak an affiliate link initially? It is because there is nothing far more frustrating than to encourage a product, to promote the idea well, only to have zero ability to receive a payment for your hard work.Bed mattress that you're losing this specific commission? The reader is actually just burning the portion of your link that does not include your affiliate link and coming into the website using this changed link. Some people are merely plain strange I do think....
[04.09.13] GigaByte v2.6 [FIX, FIX, FIX, FIX AND FIX]
09/11/2013 - WarRock Hacks, Bots, Cheats & Exploits - 79 Replies
http://www.elitepvpers.com/forum/warrock-hacks-bot s-cheats-exploits/2843300-11-09-gigabyte-public-v2 -7-a.html



All times are GMT +2. The time now is 00:45.


Powered by vBulletin®
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2021 elitepvpers All Rights Reserved.