Dupe-Exploit-explained-1-hit-anything-DeathEssence-Mask-explained

theross · 02/22/2017, 21:41

Did anyone make a copy of the site / explanation?
I get a 404

Lυnι · 02/22/2017, 23:22

here we go

Quote:

The *dupe* exploit which was found before the StallNetwork exploit and wasn't fully fixed, was kept private and massively used by 2 players between 2008-2012.
The exploit was first discovered as a disconnect exploit, up until we realized we could dupe using it.

With the exploit, you can:
Replenish any quantity item as many time as you wanted (Even quest item)
Transfer non-transferable items.
Modify the DeathEssence mask to any type of monsters/npcs
You can get the Jangan Cave quest that give a 1x 100% vigor potion and refill it to a stack of 50, split it and refill...
You can have infinite berserk, revive scroll, gold/silver coin, reverse teleport, global scroll etc...
Change pickup pet or attack pet state (1-4 or something) any other value crash and lock your account forever).
Equipment item, it will change the durability value (useless).
Etc...

We were massively exploiting all of them on Venice back in the days, free silk, unlimited gold and silver coin,
running to job temple using berserk 24/7 or reverse scroll when it was added later on, using 100% vigor potion stack...
Let just say, it was really unfair for everyone that wasn't us >.>
Made lv90-110 in 4h at water temple with infinite entry silk ticket (duped) and 1 hit mask.
Duped the quest item to get the Count title instead of actually completing the quest.
Etc... Yet the bug was kept private... A lot of turk knew something was up... but couldn't do anything about it.

The exploit created an inflation of Legend Set on Venice server, but at the same time, made a lot more $$$ to Joymax.
Why? Because a lot more players were spending $$ with the new alchemy to make their legend+12 (huge increase in income).
Making Legend items easier to acquire on all server would of made Joymax a lot more money, as it was the alchemy making them money and login to the server with premium.
But who care about that.

How does the exploit work?
We publicly posted about the disconnect exploit on rev6 back in 2008 using the cape exploit:

Player 1 equip cape, there cooldown for cape.
Player 1 open stall and put cape in stall before it equip.
Player 1 wait for cape to equip
Player 2 buy cape
Player 1 disconnect!
Player 2 disconnect!
Both player relog, nothing happened.

Exploit was pointless, so we made it public... up until we tried it again, and... magic happened.
Player2 didn't disconnected while player1 did get disconnected...
Player2 who bought a cape, teleported, he's inventory got re-sync and the cape got transformed into another item.
Player1 reconnect and realize that the last item in he's inventory disappeared 0_o!!!!

Dupe exploit started that day.

How does it work?

0:00
/ 1:36

Player 1 need to sell an item which need to not be in that said slot when it selling.
Player 1 last item in he's inventory will be sent to player 2, but it will affected by player 2 last item in he's inventory.

If player1 has 1 vigor potion in he's last inventory slot.
Player 2 has 48 arrows in he's last inventory slot.
After selling the cape, the player 1 will still have the cape, but the vigor will disapear.
Player 2 will gain a cape, but after teleporting, it will transform into 48 vigor.

Why does it behave like this? Because there an exception, and server-sided, the exception handling search for your item and since it can't find it, point to the last item of both players inventory or some weird behavior.
Why does it corrupt both item togheter? No idea apart from some bad code on error handling.

But wait, Joymax remove the Cape from being sold in game? Thus exploit can't be done anymore.
No, it can still be done.

But how?
Packet injection!

We were using the new alchemy items which the packet to apply the alchemy unto items weren't blocked during stall opened.
Thus, open stall, put alchemy item in stall, inject to cast to use the alchemy item on a weapon or shield, it disappear and continue with the dupe.
How can the exploit be used, simply need to figure out any way to have a stall or exchange window opened, have an item into it that has MOVED or CONSUMED after.
Make sure that the last inventory slot of both players isn't empty.

So how can we dupe now in 2018? Method is public, you just need to find a way to make an item disappear or switch inventory slot while exchange window or stall is opened.
Joymax didn't remove the cape because of us, but they did block a few methods when we used it on a new server to dupe.
But they never blocked the core of the exploit yet.

So how do you make a 1 hit kill death essence?
Well Tigergirl ID is 1954
NPC_CH_EVENT_SANTA_KISAENG1 id is 3656
MOB_AUTOMOB id is 3666

0:00
/ 0:32

Need to have a mask on player 1 last inventory spot
Need to have a quantity value of 3666 on player 2

The stall network dupe was exactly the same type of dupe as this method.

Interested in duping item? You need a packet injection tool + some creativity on any interaction within the game that can get an item to move or disappear while exchange window open or stall network.
Is it still possible to dupe? Maybe yes, maybe not...

All I can say, is that the core of the method isn't blocked yet.
We were surprised each time, that they never fixed the core of the exploit.

Royalblade* · 02/23/2017, 00:10

Hmm. Can someone try using this on equipment? I wonder if it affects durability.

If yes, then going over max dura will probably **** the server up!

Exo · 02/23/2017, 00:32

Quote:

Originally Posted by Royalblade*

Hmm. Can someone try using this on equipment? I wonder if it affects durability.

If yes, then going over max dura will probably **** the server up!

I guess it does. It just updates the _Items.Data so technically it should also affect equipment. Haven't tested tho.

hexcode · 02/23/2017, 10:16

Quote:

Originally Posted by Royalblade*

Hmm. Can someone try using this on equipment? I wonder if it affects durability.

If yes, then going over max dura will probably **** the server up!

Quantity of stackable items and durability of items(weapons,dress etc) use same column in DB.So if you dupe a i weapon you will get a item with broken red durability value.

Regards

zmaj999 · 02/23/2017, 17:22

And heres the video

Royalblade* · 02/24/2017, 23:50

Quote:

Originally Posted by Exo

I guess it does. It just updates the _Items.Data so technically it should also affect equipment. Haven't tested tho.

Quote:

Originally Posted by hexcode

Quantity of stackable items and durability of items(weapons,dress etc) use same column in DB.So if you dupe a i weapon you will get a item with broken red durability value.

Regards

Thanks Mr. Obvious. @

of you above.

The question is, does **** **** up when dura goes above max val?

Exo · 02/25/2017, 00:05

Quote:

Originally Posted by Royalblade*

Thanks Mr. Obvious. @ of you above.

The question is, does **** **** up when dura goes above max val?

No. The gameserver actually checks the boundaries of all RefData. Going over maximum just sets it to maximum on the next update.

Mai_1337 · 02/28/2017, 10:02

Oh this reminds me back in the day wehn SJSRO got the new update to 120 and removed the stall only client sided.So we used packet injection to open up a stall and dupe items. @

you know it since me and Hagster were the ones who started it back on SJSRO,well he did most of the work I just pitched the idea with stall packet injection.

Question by new alchemy items to which items does he mean exactly?The proof stones since it says cast to use the alchemy item on a weapon or shield.

theross · 02/28/2017, 23:34

Does it matter who started it and who didn't?

It was nice having a dupe method even if all the official ones weren't working anymore

tombalaci46 · 03/01/2017, 00:58

Quote:

Originally Posted by theross

Does it matter who started it and who didn't?
It was nice having a dupe method even if all the official ones weren't working anymore

Well, i remember old SJSRO times.. Maybe you remember also

Mai_1337 · 03/01/2017, 08:14

So I've tried on a SRO-R private server.Using enhancer to sniff a fusing packet on a shield.Used that to inject back while stall was open and enhancer was stalled.Tried to inject the packet of openeing a FGW portal only eneded up d/cing aswell.The new pvp mode is completly restricted either no matter how you try it.
I still wanna try outside safe zone with some skills or but this requieres some more outside of the box ideas.

shockler · 03/01/2017, 18:05

Quote:

Packet injection!

We were using the new alchemy items which the packet to apply the alchemy unto items weren't blocked during stall opened.
Thus, open stall, put alchemy item in stall, inject to cast to use the alchemy item on a weapon or shield, it disappear and continue with the dupe.
How can the exploit be used, simply need to figure out any way to have a stall or exchange window opened, have an item into it that has MOVED or CONSUMED after.

I dont understand this part much ._.
Can someone explain it?

theross · 03/01/2017, 20:53

Quote:

Originally Posted by tombalaci46

Well, i remember old SJSRO times.. Maybe you remember also

I surely do hehe

Mai_1337 · 03/02/2017, 08:31

Quote:

Originally Posted by shockler

I dont understand this part much ._.
Can someone explain it?

You have to find a way to "unlock" stall or exchange window while they are open.Thus sniff alchemy fusing packet and inject it after while stall open with an elixir for example.Which doesn't work on SRO-R based server files.Or I've done something wrong.