[Exploits] In-game MagicOpt Hack

[​Exo]

Yoo, I've found this hack sometime ago BUT since it's lame, I decided to share it. Sadly, the only way to fix this it processing the incoming requests and comparing them to a list.

First, I'll explain how it works then how you (a server manager can fix this).

What does it do?
Simply, you add different MagicOptions to avatars, yes options that are not in the normal NPC list.

 Spoiler

Yes, that's it, of course there are other magic opts that work, just try them out.

How it works:

PHP Code:

{
     OPCODE: 0x34A9
     BYTE    : InventorySlot
     INT      : strLength
     STRING: MagicOptCodeName128 or whatever xd
} 


First, you have to select the blacksmith npc and then you are ready to inject the packet manually.

PS: If there are multiple entries for the same MagOpt it's possible to keep trying infinitely and you will still get a random value each time.

Example: "MATTR_STR" has 3 entries +1, +2, +3. You will get one of these each time you try.

Breaking the MAX value of MagicOptions is not possible tho, you can add only 4 on avatars (normal ones).

How to fix this?
Until now, by processing the incoming packets, parsing them and comparing them to the allowed list of strings.

Theory:
Fixing it @ the database, but I didn't really take a look yet. Will do it later I guess.

Enjoy.

[Supportlar]

bull***t

[Kai1337*]

Here we are again another exploit , these things are really rare .. Thanks for sharing

[WickedNite.]

Quote:

Originally Posted by Chainer*

Here we are again another exploit , these things are really rare .. Thanks for sharing

They're not rare Some things are better unreleased.

[Eslam Galull]

well , nothing is secret ever !!

was doing some ****** avatars in x Servers and selling them xDD

[BlastWarrior]

how i can inject the packet manually ?

[​Exo]

Quote:

Originally Posted by BlastWarrior

how i can inject the packet manually ?

Well, use phAnalyzer if you don't have your own proxy server.

[Royalblade*]

This might actually be a little harder to fix than the most common **** around.

I personally would just go with a array of whitelisted magopt-strings. This works properly only if you've got inv-movement properly parsed tho.

Otherwise you may check for any procs being run while granting those blues. Ooor just run a performance draining query on each incing 3409 and grab refobjcom.typeids and joining on magopts available to it where string == packets string. It'll drain performance if someone spam it a bit.

[​Goofie​]

Quote:

Originally Posted by Royalblade*

This might actually be a little harder to fix than the most common **** around.

I personally would just go with a array of whitelisted magopt-strings. This works properly only if you've got inv-movement properly parsed tho.

Otherwise you may check for any procs being run while granting those blues. Ooor just run a performance draining query on each incing 3409 and grab refobjcom.typeids and joining on magopts available to it where string == packets string. It'll drain performance if someone spam it a bit.

Edit:
Syloxx said something about injecting the one-time blues several times, not sure if you can do that but I can prevent bots from adding avatar blues to start with, so me fine :3

[​Exo]

Well, an avatar can only have one entry from each Magic, in case of magics that has same code but different levels, the blue is altered!

[Zyad ahmed]

Quote:

Originally Posted by ​Goofie​

Edit:
Syloxx said something about injecting the one-time blues several times, not sure if you can do that but I can prevent bots from adding avatar blues to start with, so me fine :3

I wanna download where is the link

[SubZero**]

Quote:

Originally Posted by Zyad ahmed

I wanna download where is the link

link for what? the owner of the comment banded

[#HB]

Quote:

Originally Posted by Zyad ahmed

I wanna download where is the link