Quote:
Originally Posted by cheyester10
I'm talking about changing the packet received from the server(hence filtering). To lie about how many you actually have. It is possible. ;o
You lie to the server with 10 candys but you have 0, the server sends it back to the client but you change what it sent which the server thinks you actually have 10 candys since it already checked the database which was 0.
|
Client->Server ("Promotion_RouletteMachine_Start_Req" "Start Button click in event window")
Server->Database ("How Many Candy does user [
ID] Have?")
Database->Server ("Player Have [
Number]")
Server=>("Check if its over 10 or not")
if yes :
Server=>("Do Some PRORO EPIC Randomizer xD")
Server->Database ("Give Player [
ID] [
Reward Item]")
Server->Client("Show Reward Window Item [
Reward Item]")
Server->Client("Set Current Candy TO [[
Number]-10]")
Server->Database("Set Current Candy Of Player [
ID] TO [[
Number]-10]")
if no :
Server->Client("Show Error Message [NotEnoughCandy]")
=================================================
thats what i got so far from how the packets are sent/received and from how the event is exploitable
you happy now?
P.S: i might be wrong about how server and database reacts but for the client im 100% sure ;o