crash packet logger

~~redbull2905~~ · 09/30/2018, 17:23

Hello, I currently have a problem, someone is using a packet loggerto crash the server. I know he's using a flaw with the new packet login
but I do not know exactly what I have to do.

here is the code:

/// <summary>
/// login packet
/// </summary>
/// <param name="loginPacket"></param>
public void VerifyLogin(LoginPacket loginPacket)
{
if (loginPacket == null)
{
return;
}

UserDTO user = new UserDTO
{
Name = loginPacket.Name,
Password = ConfigurationManager.AppSettings["UseOldCrypto"] == "true"
? CryptographyBase.Sha512(LoginCryptography.GetPassw ord(loginPacket.Password)).ToUpper()
: loginPacket.Password
};
AccountDTO loadedAccount = DAOFactory.AccountDAO.LoadByName(user.Name);
if (loadedAccount?.Password.ToUpper().Equals(user.Pas sword) == true)
{
string ipAddress = _session.IpAddress;
DAOFactory.AccountDAO.WriteGeneralLog(loadedAccoun t.AccountId, ipAddress, null,
GeneralLogType.Connection, "LoginServer");

//check if the account is connected
if (!CommunicationServiceClient.Instance.IsAccountCon nected(loadedAccount.AccountId))
{
AuthorityType type = loadedAccount.Authority;
PenaltyLogDTO penalty = DAOFactory.PenaltyLogDAO.LoadByAccount(loadedAccou nt.AccountId)
.FirstOrDefault(s => s.DateEnd > DateTime.Now && s.Penalty == PenaltyType.Banned);
if (penalty != null)
{
_session.SendPacket(
$"fail {string.Format(Language.Instance.GetMessageFromKey ("BANNED"), penalty.Reason, penalty.DateEnd.ToString("yyyy-MM-dd-HH:mm"))}");
}
else
{
switch (type)
{
case AuthorityType.Unconfirmed:
{
_session.SendPacket($"fail {Language.Instance.GetMessageFromKey("NOTVALIDATE" )}");
}
break;

case AuthorityType.Banned:
{
_session.SendPacket(
$"fail {string.Format(Language.Instance.GetMessageFromKey ("BANNED"), "Unknown", "Unknown")}");
}
break;

case AuthorityType.Closed:
{
_session.SendPacket($"fail {Language.Instance.GetMessageFromKey("IDERROR")}") ;
}
break;

default:
{
if (loadedAccount.Authority == AuthorityType.User
|| loadedAccount.Authority == AuthorityType.BitchNiggerFaggot)
{
MaintenanceLogDTO maintenanceLog = DAOFactory.MaintenanceLogDAO.LoadFirst();
if (maintenanceLog != null && maintenanceLog.DateStart < DateTime.Now)
{
_session.SendPacket(
$"fail {string.Format(Language.Instance.GetMessageFromKey ("MAINTENANCE"), maintenanceLog.DateEnd, maintenanceLog.Reason)}");
return;
}
}

int newSessionId = SessionFactory.Instance.GenerateSessionId();
Logger.Debug(string.Format(Language.Instance.GetMe ssageFromKey("CONNECTION"), user.Name,
newSessionId));
try
{
ipAddress = ipAddress.Substring(6, ipAddress.LastIndexOf(':') - 6);
CommunicationServiceClient.Instance.RegisterAccoun tLogin(loadedAccount.AccountId,
newSessionId, ipAddress);
}
catch (Exception ex)
{
Logger.Error("General Error SessionId: " + newSessionId, ex);
}

string[] clientData = loginPacket.ClientData.Split('.');

if (clientData.Length < 2)
{
clientData = loginPacket.ClientDataOld.Split('.');
}

bool ignoreUserName = short.TryParse(clientData[3], out short clientVersion)
&& (clientVersion < 3075
|| ConfigurationManager.AppSettings["UseOldCrypto"] == "true");
_session.SendPacket(BuildServersPacket(user.Name, newSessionId, ignoreUserName));
}
break;
}
}
}
else
{
_session.SendPacket($"fail {Language.Instance.GetMessageFromKey("ALREADY_CONN ECTED")}");
}
}
else
{
_session.SendPacket($"fail {Language.Instance.GetMessageFromKey("IDERROR")}") ;
}
}

#endregion
}
}

erixor · 10/01/2018, 13:53

Maybe providing a screenshot of the actual crash could be helpful, so people don't have to read this ugly not indented brick of code

~~redbull2905~~ · 10/01/2018, 18:49

erixor · 10/01/2018, 19:54

Well, that's not in the loginPacket, but in the MatePacketHandler, line 51.

Quickfix: Replace the "First" with a "FirstOrDefault" and check for null value.

0Lucifer0 · 10/01/2018, 21:11

Common the red error say exactly where the error is... and this is not in login ><

@LRevolution · 10/02/2018, 00:33

Quote:

Originally Posted by 0Lucifer0

Common the red error say exactly where the error is... and this is not in login ><

I believe most people think it's impossible to fix something by themselves, much less read what the error actually is, ie the HUGE RED TEXT explaining what the error is and where it happened in the code.