Quote:
Originally Posted by Drupanda
Third way:
Code:
// C->S
if(pck.Opcode == 0x7005)
{
if(_pck.ReadUInt8() > 2) {
return;
}
}
Fourth way Complex, but will fix all charscreen exploits.
Code:
1. Create bool called "char_screen" set default value to false.
2. At C->S opcode = 0x7007(CLIENT_CHARSCREEN) register char_screen to true.
3. At S->C opcode = 0x3020(SERVER_CLIENT_UNIQUE_ID) register char_screen to false.
4. In _pck (loop)foreach statement, place this code:
#region SHARD EXPLOIT FIX
if(this.char_screen)
{
if(_pck.Opcode != 0x2002 && _pck.Opcode != 0x7001 && _pck.Opcode != 0x7007)
{
return;
}
}
#endregion
^ - Code above will fix all charscreen exploits, not only this one :)
Reasons why this works:
1. No C->S opcodes are sent after "char select" or "char name"
2. Last S->C opcode is 0x3020, before you can even start sending OPCODES.
3. When 0x3020 is sent, the "fix" will be disabled and you can continue play the game as intended.
^ - Reverse engineering at it's finest.
|
1.
0x7450 - CLIENT_AGENT_CHARACTER_SELECTION_RENAME_REQUEST is also a valid in SR_Client -> AgentServer -> SR_ShardManager message.
2. You have a logic mistake in your code. I'm not forced to send
0x7007 and could stay "char_screen = false" while being in the correct state to have the AgentServer forward messages to ShardManager. I'm going to save you from a complex lesson about "inter-modular-message-mambo-jambo" and tell you that
0xA103 - SERVER_AGENT_AUTHENTICATION_ACK is sent after
successfully registering you to the ShardManager which seems to be more reliable way to determine "char_screen = true".
![[Release] Disconnect players exploit found by IWA](https://www.elitepvpers.com/forum/iconimages/sro-pserver-guides-releases/release-disconnect-players-exploit-found-iwa_ltr.gif){kind=small}
