Register for your free account! | Forgot your password?

You last visited: Today at 13:19

  • Please register to post and access all features, it's quick, easy and FREE!

Advertisement


Advertise with us!

[Release] GameServer flood/crash exploit

Discussion on [Release] GameServer flood/crash exploit within the SRO PServer Guides & Releases forum part of the SRO Private Server category.

Reply
Page 2 of 2 1 2
 
Old 08/12/2017, 03:21   #16
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Jul 2013
Posts: 12
Received Thanks: 0
Link ?

Quote:
Originally Posted by sonzenbi View Post
Filter
Can you please give me the link
anhhoansro1 is offline  
Old 08/10/2018, 03:49   #17
 
#HB's Avatar
 
elite*gold: 100
The Black Market: 0/0/0
Join Date: Sep 2017
Posts: 1,108
Received Thanks: 903
Quote:
Originally Posted by elmagico321 View Post
here we go

Code:
 #region Closing ctf , arena and fortress exploit
if (packet.Opcode == 0x34B1 && !Main.absolute_bypass.Contains(this.username))
{
this.CleanClient();
continue;
}
if (packet.Opcode == 0x34D2 && !Main.absolute_bypass.Contains(this.username))
{
this.CleanClient();
continue;
}
if (packet.Opcode == 0x385F && !Main.absolute_bypass.Contains(this.username))
{
this.CleanClient();
continue;
}

#endregion
If you use that at server packets section and "CleanClient" was the disconnect method, then everyone will be disconnected immediately after first spawn. So, remember to put this at client packets section.
#HB is offline  
Old 11/08/2018, 05:27   #18
 
Sector1337*'s Avatar
 
elite*gold: 61
The Black Market: 2/0/0
Join Date: Oct 2017
Posts: 189
Received Thanks: 103
Quote:
Originally Posted by #HB View Post
If "CleanClient" was the disconnect method, then everyone will be disconnected immediately after first spawn.
huh? do u know what they are just ignored being received from the client so?
Sector1337* is offline  
Old 11/08/2018, 12:29   #19
 
#HB's Avatar
 
elite*gold: 100
The Black Market: 0/0/0
Join Date: Sep 2017
Posts: 1,108
Received Thanks: 903
Quote:
Originally Posted by FutureLogic View Post
huh? do u know what they are just ignored being received from the client so?
It should be received from the client or BA/CTF won't work fine. To fix it, you should just make a p/s limit.
#HB is offline  
Old 11/08/2018, 19:50   #20
 
Sector1337*'s Avatar
 
elite*gold: 61
The Black Market: 2/0/0
Join Date: Oct 2017
Posts: 189
Received Thanks: 103
Quote:
Originally Posted by #HB View Post
It should be received from the client or BA/CTF won't work fine. To fix it, you should just make a p/s limit.
Dude, no, they are Server->Client opcodes they are should to be ignored&disconnected and you can just use disconnect option for it and it'll not disconnect any player there.
Sector1337* is offline  
Old 11/08/2018, 20:40   #21
 
#HB's Avatar
 
elite*gold: 100
The Black Market: 0/0/0
Join Date: Sep 2017
Posts: 1,108
Received Thanks: 903
Quote:
Originally Posted by FutureLogic View Post
Dude, no, they are Server->Client opcodes they are should to be ignored&disconnected and you can just use disconnect option for it and it'll not disconnect any player there.
Server To Client packets updates client data & information and informs him about actions.

Client To Server packets are like a request, but it doesn't prove anything to do, so if C->S packet received, the server modules checks his request and makes sure requirements are included then informs the client with a S->C packet.

Why aren't C->S used immediately to reduce packets count and increase the speed of responding?
To prevent packet injecting.
Code:
0x34D2 | AGENT_BARENA_OPERATION
0x34B1 | AGENT_FLAGWAR_UPDATE
0x385F | AGENT_SIEGE_UPDATE
For example, CTF update packet, 0x34B1, its responsible for everything about CTF like notifiers, registration result and assigning team. Same for BA/FTW, so basically if you ignore/continue them, they won't work anymore, because client doesn't retrieve data from server.
#HB is offline  
Old 11/08/2018, 21:13   #22
 
elite*gold: 135
The Black Market: 1/0/0
Join Date: May 2015
Posts: 647
Received Thanks: 752
Quote:
Originally Posted by #HB View Post
Server To Client packets updates client data & information and informs him about actions.

Client To Server packets are like a request, but it doesn't prove anything to do, so if C->S packet received, the server modules checks his request and makes sure requirements are included then informs the client with a S->C packet.

Why aren't C->S used immediately to reduce packets count and increase the speed of responding?
To prevent packet injecting.
Code:
0x34D2 | AGENT_BARENA_OPERATION
0x34B1 | AGENT_FLAGWAR_UPDATE
0x385F | AGENT_SIEGE_UPDATE
For example, CTF update packet, 0x34B1, its responsible for everything about CTF like notifiers, registration result and assigning team. Same for BA/FTW, so basically if you ignore/continue them, they won't work anymore, because client doesn't retrieve data from server.
Well, you must block these opcodes only from client side cuz they're server side packets ?

i mean you just need to disconnect the client if it send a server packet
$WeGs is offline  
Thanks
1 User
Old 11/08/2018, 22:20   #23
 
#HB's Avatar
 
elite*gold: 100
The Black Market: 0/0/0
Join Date: Sep 2017
Posts: 1,108
Received Thanks: 903
Quote:
Originally Posted by $WeGs View Post
Well, you must block these opcodes only from client side cuz they're server side packets ?

i mean you just need to disconnect the client if it send a server packet
Yeah, maybe I didn't get the exploit well.

Sending a server packet as a client packet shouldn't be even allowed at the server modules.
#HB is offline  
Old 11/08/2018, 23:33   #24
 
elite*gold: 135
The Black Market: 1/0/0
Join Date: May 2015
Posts: 647
Received Thanks: 752
Quote:
Originally Posted by #HB View Post
Yeah, maybe I didn't get the exploit well.

Sending a server packet as a client packet shouldn't be even allowed at the server modules.
Well, it's an exploit ^^
$WeGs is offline  
Old 11/10/2018, 00:06   #25
 
slaintrax200's Avatar
 
elite*gold: 3
The Black Market: 2/0/0
Join Date: Jun 2008
Posts: 564
Received Thanks: 168
nvm wrong vid
slaintrax200 is offline  
Reply
Page 2 of 2 1 2

« Multi-Agents et cetera | free design »

Similar Threads Similar Threads
[Release/ Discussion] New gateway/agentserver flood exploit.
05/15/2014 - SRO PServer Guides & Releases - 79 Replies
So. As most of you know, new flood exploit been discovered like 10 days ago and some people had it who were attacking others servers for anyhow. I thought about releasing it so we got more people looking for a fix instead of me having it without a real use since i couldn't come up with a fix on my own. Releasing it only makes it more messy but still better than having some servers attacked by the other people who got the exploit, now more server will be attacked but in same time a fix will...



All times are GMT +1. The time now is 13:19.

elitepvpers - play less, get more - Top

Powered by vBulletin®
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2025 elitepvpers All Rights Reserved.