Register for your free account! | Forgot your password?

Go Back   elitepvpers > Popular Games > Silkroad Online > SRO Private Server
You last visited: Today at 14:04

  • Please register to post and access all features, it's quick, easy and FREE!

Advertisement



[Exploit] Summon any monster at any server without gm account

Discussion on [Exploit] Summon any monster at any server without gm account within the SRO Private Server forum part of the Silkroad Online category.

Reply
 
Old   #1
 
gigola123's Avatar
 
elite*gold: 0
Join Date: Jun 2007
Posts: 718
Received Thanks: 378
[Exploit] Summon any monster at any server without gm account

OPCODE :
0x34BB

Hello everyone, today I just discovered that we can summon any monster at any server without gm account, you can also spawn NPC, sorry for the server where I've spawn those monster. It was just a test.

Proof of concept:



As you can see on the second video, it's not only client side.

I guess it's JGuard and NaviFilter which are used on those server.

I'm really sorry again for KeonSro, I've spawned roc, I should have spawn something else, sorry again.
(I contacted GM of both server for restart them)
gigola123 is offline  
Thanks
20 Users
Old 03/25/2020, 21:56   #2
 
A new hope's Avatar
 
elite*gold: 0
Join Date: Sep 2012
Posts: 753
Received Thanks: 711
gz man good stuff
A new hope is offline  
Old 03/25/2020, 22:15   #3
 
Alpha-x71's Avatar
 
elite*gold: 309
Join Date: May 2015
Posts: 352
Received Thanks: 470
Thanks for letting me know , ( Fixed )
Alpha-x71 is offline  
Old 03/25/2020, 23:55   #4
 
elite*gold: 25
Join Date: Sep 2012
Posts: 209
Received Thanks: 343
I wonder which exploit is this, there was a shard manager exploit that I used to use years ago. Is that it?
VEssence is offline  
Old 03/26/2020, 01:19   #5
Trade Restricted

 
elite*gold: LOCKED
Join Date: Feb 2020
Posts: 588
Received Thanks: 173
Awesome
Would be nice if you release the fix tho (exploit opt)
JoleChow* is offline  
Old 03/26/2020, 02:47   #6
Chat Killer In Duty


 
PortalDark's Avatar
 
elite*gold: 5
Join Date: May 2008
Posts: 16,304
Received Thanks: 6,460
It was a good idea to post this. Now the people will know this is a thing and will have it fixed in no time instead of having a rogue group abusing this
PortalDark is offline  
Thanks
1 User
Old 03/26/2020, 02:50   #7
 
b0ykoe's Avatar
 
elite*gold: 15
Join Date: Sep 2011
Posts: 755
Received Thanks: 218
Quote:
Originally Posted by PortalDark View Post
It was a good idea to post this. Now the people will know this is a thing and will have it fixed in no time instead of having a rogue group abusing this
The Opcode was posted here btw. they removed it ^-^
b0ykoe is offline  
Old 03/26/2020, 03:27   #8
 
gigola123's Avatar
 
elite*gold: 0
Join Date: Jun 2007
Posts: 718
Received Thanks: 378
Quote:
Originally Posted by b0ykoe View Post
The Opcode was posted here btw. they removed it ^-^
Yes was a stupid move from my part, I was just sharing what I've discovered and I didn't know that the client can inject this packet, I thought joymax will secure it by verifing who is sending the packet, it's not the case.
gigola123 is offline  
Old 03/26/2020, 04:29   #9
 
elite*gold: 0
Join Date: Jan 2009
Posts: 312
Received Thanks: 667
I think it comes down to devs being inconsistent with the opcodes.

The AgentServer filters all incoming packets based on some rules:
First it filters all framework opcodes (0x2000->0x2FFF, 0x6000->0x6FFF, 0xA000, 0xAFFF) with the some exceptions:
Code:
0x600D (massive)
0x6103 (auth)
0x6110
0x6314 (cas‬_request)
0x6316 (cas_answer)
0x2110
0x2113 (xtrap)
0x2001 (identity)
0x2002 (keep alive)
Second it removes all acknowledges (0x8000, 0x9000, 0xA000, 0xB000) and any opcode > 0x07FF in their respective group.

0x9000 is only allowed in _OnMsgReceivedBeforeHandshake().

So the remaining allowed opcode ranges are:
Code:
0x1000 -> 0x17FF: NetEngineNoDir
0x5000 -> 0x57FF: NetEngineReq
0x3000 -> 0x37FF: GameNoDir
0x7000 -> 0x77FF: GameReq


The exploit happens to be within this range, good luck :P
DaxterSoul is offline  
Thanks
11 Users
Old 03/26/2020, 09:24   #10
 
sonzenbi's Avatar
 
elite*gold: 0
Join Date: Feb 2017
Posts: 186
Received Thanks: 117
Well
i just woke up and saw this on my server
sonzenbi is offline  
Old 03/26/2020, 09:28   #11
 
#HB's Avatar
 
elite*gold: 100
Join Date: Sep 2017
Posts: 1,097
Received Thanks: 888
Finally exposed.. BB me no play

Shouldn't work on servers that block unknown opcodes.
#HB is offline  
Old 03/26/2020, 12:03   #12
 
elite*gold: 0
Join Date: May 2018
Posts: 244
Received Thanks: 119
so how we can block it?
Hercules* is offline  
Old 03/26/2020, 13:00   #13
dotCom
 
Devsome's Avatar
 
elite*gold: 12400
The Black Market: 104/0/0
Join Date: Mar 2009
Posts: 15,865
Received Thanks: 4,375
Quote:
Originally Posted by Hercules* View Post
so how we can block it?
Don't trust random filters
Devsome is offline  
Thanks
2 Users
Old 03/26/2020, 15:09   #14
 
Mudzas's Avatar
 
elite*gold: 0
Join Date: Mar 2008
Posts: 72
Received Thanks: 16
Thanks for sharing this. So far, no issues detected with all unknown opcodes blocked.
Mudzas is offline  
Old 03/26/2020, 16:04   #15
 
elite*gold: 36
Join Date: Mar 2010
Posts: 558
Received Thanks: 224
Quote:
Originally Posted by sonzenbi View Post
Well
i just woke up and saw this on my server
Fix -> (0xA003)
Laag#82 is offline  
Reply


Similar Threads Similar Threads
[EXPLOIT]How to summon any level wolf on any level char
12/04/2011 - SRO Hacks, Bots, Cheats & Exploits - 115 Replies
Stop asking its fixed
Nansru\Devil spirit and Monster Summon
10/07/2011 - SRO Private Server - 0 Replies
i how to spawn devil spirit with gm command? know F3 bllabla 0 and enter spawn okk i pick up and freeze wtf?..why?....and i drop monster summon scroll and pick up ok...but no monster :-\
[Exploit] Unlimited Pet Summon Time
08/22/2011 - Mabinogi Hacks, Bots, Cheats & Exploits - 9 Replies
Well i know of this glitch since months ago but i never use it, i remember it now because someone asked me some minutes ago and was unsure how it worked. The glitch makes it so you have an unlimited (?¿) pet summon time, what you do basically is this: 1- Have the pet use up its time till it starts to fade away (5 mins left till auto-unsummon). 2- Calculate untill the pet has around 2 seconds left of summon time and unsummmon the pet manually (i used the handy win xp clock x3). 3-...
Does Character #2 on summon any wolf level exploit need to be same level as wolf?
07/25/2010 - Silkroad Online - 2 Replies
^^ Please check the link: http://www.elitepvpers.com/forum/sro-exploits-hack s-bots-guides/465153-exploit-how-summon-any-level- wolf-any-level-char-10.html Basically, you need these 3: 1. character #1 to stall 2. character #2 to summon wolf 3. wolf any level
No CP summon/ranged and longbow summon hack
07/15/2008 - General Gaming Discussion - 11 Replies
- no cp and nak (2 in 1): combine No CP summon and longbow summon hack - no ranged: like b4



All times are GMT +1. The time now is 14:04.


Powered by vBulletin®
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2024 elitepvpers All Rights Reserved.