The *dupe* exploit which was found before the StallNetwork exploit and wasn't fully fixed, was kept private and massively used by 2 players between 2008-2012.
The exploit was first discovered as a disconnect exploit, up until we realized we could dupe using it.
With the exploit, you can:
Replenish any quantity item as many time as you wanted (Even quest item)
Transfer non-transferable items.
Modify the DeathEssence mask to any type of monsters/npcs
You can get the Jangan Cave quest that give a 1x 100% vigor potion and refill it to a stack of 50, split it and refill...
You can have infinite berserk, revive scroll, gold/silver coin, reverse teleport, global scroll etc...
Change pickup pet or attack pet state (1-4 or something) any other value crash and lock your account forever).
Equipment item, it will change the durability value (useless).
Etc...
We were massively exploiting all of them on Venice back in the days, free silk, unlimited gold and silver coin,
running to job temple using berserk 24/7 or reverse scroll when it was added later on, using 100% vigor potion stack...
Let just say, it was really unfair for everyone that wasn't us >.>
Made lv90-110 in 4h at water temple with infinite entry silk ticket (duped) and 1 hit mask.
Duped the quest item to get the Count title instead of actually completing the quest.
Etc... Yet the bug was kept private... A lot of turk knew something was up... but couldn't do anything about it.
The exploit created an inflation of Legend Set on Venice server, but at the same time, made a lot more $$$ to Joymax.
Why? Because a lot more players were spending $$ with the new alchemy to make their legend+12 (huge increase in income).
Making Legend items easier to acquire on all server would of made Joymax a lot more money, as it was the alchemy making them money and login to the server with premium.
But who care about that.
How does the exploit work?
We publicly posted about the disconnect exploit on rev6 back in 2008 using the cape exploit:
Player 1 equip cape, there cooldown for cape.
Player 1 open stall and put cape in stall before it equip.
Player 1 wait for cape to equip
Player 2 buy cape
Player 1 disconnect!
Player 2 disconnect!
Both player relog, nothing happened.
Exploit was pointless, so we made it public... up until we tried it again, and... magic happened.
Player2 didn't disconnected while player1 did get disconnected...
Player2 who bought a cape, teleported, he's inventory got re-sync and the cape got transformed into another item.
Player1 reconnect and realize that the last item in he's inventory disappeared 0_o!!!!
Dupe exploit started that day.
How does it work?
0:00
/ 1:36
Player 1 need to sell an item which need to not be in that said slot when it selling.
Player 1 last item in he's inventory will be sent to player 2, but it will affected by player 2 last item in he's inventory.
If player1 has 1 vigor potion in he's last inventory slot.
Player 2 has 48 arrows in he's last inventory slot.
After selling the cape, the player 1 will still have the cape, but the vigor will disapear.
Player 2 will gain a cape, but after teleporting, it will transform into 48 vigor.
Why does it behave like this? Because there an exception, and server-sided, the exception handling search for your item and since it can't find it, point to the last item of both players inventory or some weird behavior.
Why does it corrupt both item togheter? No idea apart from some bad code on error handling.
But wait, Joymax remove the Cape from being sold in game? Thus exploit can't be done anymore.
No, it can still be done.
But how?
Packet injection!
We were using the new alchemy items which the packet to apply the alchemy unto items weren't blocked during stall opened.
Thus, open stall, put alchemy item in stall, inject to cast to use the alchemy item on a weapon or shield, it disappear and continue with the dupe.
How can the exploit be used, simply need to figure out any way to have a stall or exchange window opened, have an item into it that has MOVED or CONSUMED after.
Make sure that the last inventory slot of both players isn't empty.
So how can we dupe now in 2018? Method is public, you just need to find a way to make an item disappear or switch inventory slot while exchange window or stall is opened.
Joymax didn't remove the cape because of us, but they did block a few methods when we used it on a new server to dupe.
But they never blocked the core of the exploit yet.
So how do you make a 1 hit kill death essence?
Well Tigergirl ID is 1954
NPC_CH_EVENT_SANTA_KISAENG1 id is 3656
MOB_AUTOMOB id is 3666
0:00
/ 0:32
Need to have a mask on player 1 last inventory spot
Need to have a quantity value of 3666 on player 2
The stall network dupe was exactly the same type of dupe as this method.
Interested in duping item? You need a packet injection tool + some creativity on any interaction within the game that can get an item to move or disappear while exchange window open or stall network.
Is it still possible to dupe? Maybe yes, maybe not...
All I can say, is that the core of the method isn't blocked yet.
We were surprised each time, that they never fixed the core of the exploit