[VERY IMPORTANT] — SERVER SECURITY RISK!!!

yosiemelo · 04/02/2026, 15:01

Quote:

Originally Posted by Masumichan

I dont think he can, he just simply relayed information he learned from others.

i can, working on it right now.

this fix will be FREE, and will work on ANY exe server. no metter if custom source or not.

Masumichan · 04/02/2026, 16:08

Quote:

Originally Posted by i33ELYTE

NPC commands can't be exploited as they are not tagged as dlg_special trigger or fixed dialog trigger
So only feather\secret portal\channel change\cube dungeon portals etc are affected
Provided fix is sluggish, all you need to do is replace 3 strstr calls inside onDialog function to strcmp and flip the comparison

If any server owner is running compiled binary and is willing to pay me some cash - slide into my dm's, I'll patch it in an instant, since I've done it for 2 servers already

Also this is a lie

If only I had like some kind of DM log, talking about this with friends and providing a Fix for sh4d0x. ( mind you it's like half a year old? )

Quote:

Originally Posted by yosiemelo

i can, working on it right now.

this fix will be FREE, and will work on ANY exe server. no metter if custom source or not.

That would be awesome, when you did throw it my way I will check it out.

yosiemelo · 04/02/2026, 16:43

Quote:

Originally Posted by i33ELYTE

NPC commands can't be exploited as they are not tagged as dlg_special trigger or fixed dialog trigger
So only feather\secret portal\channel change\cube dungeon portals etc are affected
Provided fix is sluggish, all you need to do is replace 3 strstr calls inside onDialog function to strcmp and flip the comparison

If any server owner is running compiled binary and is willing to pay me some cash - slide into my dm's, I'll patch it in an instant, since I've done it for 2 servers already

Also this is a lie

I know — I wrote it that way on purpose, both to make the situation easier to understand for the reader and at the same time avoid giving the exact 1:1 method of how to abuse it.
I hope that part is understandable.

What is not understandable is making money from things like this.

Yes, the fix took time.
But monetizing something like that in this community is simply unfair, especially when at the same time you were allowing servers to be literally destroyed in the meantime.

And what makes it even worse is that in the end you were not really destroying just some random low-quality servers — you were destroying the time, effort and fun of the small group of players who still play this game, no matter what server they are on.

So what is worse then?

A cash-grab server, where the player is at least aware of what he is doing with his money and time?

Or a group of people destroying servers regardless of whether they are cash-grab or not, making it harder for everyone else to simply enjoy the game?

~YoSiem

Quote:

Originally Posted by Masumichan

If only I had like some kind of DM log, talking about this with friends and providing a Fix for sh4d0x. ( mind you it's like half a year old? )

The fact that you knew about this for half a year only shows your real face even more.

You were so worried about servers running compiled .exe files and kept acting like I would not be able to fix it myself?
Well... here you go.

I made a patcher for every Game Server in exe version.
It can patch the issue directly, and there is also a way to use it through DLL injection, so you do not even need to modify the original exe itself.

And on top of that, you fixed something for your friends that literally puts all servers at risk, explained them how it works, then let them walk around acting like a complete clown and abuse it on other servers.
That is disgusting.

If you actually cared even a little bit about the servers you were pretending to be so worried about at the beginning, you would have contacted people and offered them a fix.
Or at the very least, you would have warned server owners that such an exploit exists.

But instead, you stayed silent and allowed your little lapdog — the same guy running around licking your asses — to abuse it on other servers.

I repeat: this is disgusting behavior.

Before, I honestly considered you good friends.
Now you look no less pathetic than the same people we used to laugh at together.

Anyway, here is the fix.
It patches the most serious security hole.

And yes, I am fully aware there are still many other vulnerabilities in the server.
But this one was by far the most dangerous of them all, so this is the one I fixed first.

Link cuz OPEN SOURCE:

~YoSiem

Masumichan · 04/02/2026, 16:54

Quote:

Originally Posted by yosiemelo

I know — I wrote it that way on purpose, both to make the situation easier to understand for the reader and at the same time avoid giving the exact 1:1 method of how to abuse it.
I hope that part is understandable.

What is not understandable is making money from things like this.

Yes, the fix took time.
But monetizing something like that in this community is simply unfair, especially when at the same time you were allowing servers to be literally destroyed in the meantime.

And what makes it even worse is that in the end you were not really destroying just some random low-quality servers — you were destroying the time, effort and fun of the small group of players who still play this game, no matter what server they are on.

So what is worse then?

A cash-grab server, where the player is at least aware of what he is doing with his money and time?

Or a group of people destroying servers regardless of whether they are cash-grab or not, making it harder for everyone else to simply enjoy the game?

~YoSiem

The fact that you knew about this for half a year only shows your real face even more.

You were so worried about servers running compiled .exe files and kept acting like I would not be able to fix it myself?
Well... here you go.

I made a patcher for every Game Server in exe version.
It can patch the issue directly, and there is also a way to use it through DLL injection, so you do not even need to modify the original exe itself.

And on top of that, you fixed something for Shadox that literally puts all servers at risk, explained to him how it works, then let him walk around acting like a complete clown and abuse it on other servers.
That is disgusting.

If you actually cared even a little bit about the servers you were pretending to be so worried about at the beginning, you would have contacted people and offered them a fix.
Or at the very least, you would have warned server owners that such an exploit exists.

But instead, you stayed silent and allowed your little lapdog — the same guy running around licking your asses — to abuse it on other servers.

I repeat: this is disgusting behavior.

Before, I honestly considered you good friends.
Now you look no less pathetic than the same people we used to laugh at together.

Anyway, here is the fix.
It patches the most serious security hole.

And yes, I am fully aware there are still many other vulnerabilities in the server.
But this one was by far the most dangerous of them all, so this is the one I fixed first.

Link cuz OPEN SOURCE:

~YoSiem

For your info I can fix this, However just like always I don't want everyone to rely on what I do. I have a lot more and alot more things that I have not shared, because exactly these reason. In Rappelz anything that's important will be abused we've seen this over and over again, This is a lesson I've learned from AgeOfRappelz and also for your information Sh4d0x does NOT know how to abuse this, and if he does which I doubt he has figured it out himself, I just simply told him to copy and paste something somewhere. And also I really doubt that you considered me a friend based on DMS I've seen from people, Let's not get into that publicly though. And the reason I assumed you could not ( which I think is reasonable ) when I have spoken about the protocol before you simply didn't understand. What I'm saying here not necessarily a judgement on you as a character but on what you've shown so far.

How I do think you should've done this, IF you wanted to expose this which is fine you should start by first having the solutions in every use case. Because right now if someone has half a brain cell they can use this, because like I said the "protection" Rappelz has even with game guard is a fucking joke, And I do not think it is reasonable for you to expect me to solve this issue for every single person, because each time I fix something for someone 100 people come with different questions. This is my last piece on this topic and I think I'm being quite reasonable here.

i33ELYTE · 04/02/2026, 16:59

Quote:

Originally Posted by Masumichan

If only I had like some kind of DM log, talking about this with friends and providing a Fix for sh4d0x. ( mind you it's like half a year old? )

You do? That would be cool to look at to be honest

yosiemelo · 04/02/2026, 17:01

Quote:

Originally Posted by Masumichan

For your info I can fix this, However just like always I don't want everyone to rely on what I do. I have a lot more and alot more things that I have not shared, because exactly these reason. In Rappelz anything that's important will be abused we've seen this over and over again, This is a lesson I've learned from AgeOfRappelz and also for your information Sh4d0x does NOT know how to abuse this, and if he does which I doubt he has figured it out himself, I just simply told him to copy and paste something somewhere. And also I really doubt that you considered me a friend based on DMS I've seen from people, Let's not get into that publicly though. And the reason I assumed you could not ( which I think is reasonable ) when I have spoken about the protocol before you simply didn't understand. What I'm saying here not necessarily a judgement on you as a character but on what you've shown so far.

How I do think you should've done this, IF you wanted to expose this which is fine you should start by first having the solutions in every use case. Because right now if someone has half a brain cell they can use this, because like I said the "protection" Rappelz has even with game guard is a fucking joke, And I do not think it is reasonable for you to expect me to solve this issue for every single person, because each time I fix something for someone 100 people come with different questions. This is my last piece on this topic and I think I'm being quite reasonable here.

"Hey mate how are you ... bla bla bla ... a Polish guy wanna sell to us cheat where he can spawn everything on any server, i didnt trusted him but he showed me +200 cards on Dewian and gambit for ONLY 800$ we are considering to buy it... bla bla bla"

we all know mate

Masumichan · 04/02/2026, 17:05

Quote:

Originally Posted by yosiemelo

"Hey mate how are you ... bla bla bla ... a Polish guy wanna sell to us cheat where he can spawn everything on any server, i didnt trusted him but he showed me +200 cards on Dewian and gambit for ONLY 800$ we are considering to buy it... bla bla bla"

we all know mate

For your info, I am on disability I cannot receive big payments such as that. Anyone who kind of knows me can confirm this, so you're pretty much talking from your rear.

yosiemelo · 04/02/2026, 17:08

Quote:

Originally Posted by Masumichan

For your info, I am on disability I cannot receive big payments such as that. Anyone who kind of knows me can confirm this, so you're pretty much talking from your rear.

im not talking about you, well didnt know you are polish xd

Masumichan · 04/02/2026, 17:10

Quote:

Originally Posted by yosiemelo

im not talking about you, well didnt know you are polish xd

Your dms say otherwise.

RappelzInferno · 04/02/2026, 17:26

Well considering you shared patcher, I'm taking words back about not sharing it publicly. But you also need to make it available for end user, if you share stuff for them. A common John Doe wouldn't be able to build your tool. He don't even know what a "build" is. He is struggling with server setup, that's why repacks exists. I think you need to add binary of your tool in releases. Think about end user and make it simpler. And you probably would like to add GNU license file

i33ELYTE · 04/02/2026, 17:41

Quote:

Originally Posted by Masumichan

Your dms say otherwise.

So what about those half year dms bro?

Masumichan · 04/02/2026, 17:42

Quote:

Originally Posted by i33ELYTE

So what about those half year dms bro?

In the last conversation I've had with you publicly, I offered to talk about it in private; You didn't reach out, So I'm not going to take anything you say serious, as obviously you do NOT have good intentions.

i33ELYTE · 04/02/2026, 18:12

Quote:

Originally Posted by Masumichan

In the last conversation I've had with you publicly, I offered to talk about it in private; You didn't reach out, So I'm not going to take anything you say serious, as obviously you do NOT have good intentions.

I just want to see them, you can block me afterwards or whatever
i33ELYTE ds

.KaiZy · 04/02/2026, 19:32

Shout out @

for pulling through with the fix, amen brother. You are what we need on forums like these. epvp has become reseller infested misinformation minefield

i33ELYTE · 04/02/2026, 21:33

Yeah shout out to LLM and some user posted about strcmp fix