|
You last visited: Today at 10:37
Advertisement
[RELEASE][FIX] GameServer Crash/Runtime Error Exploit
Discussion on [RELEASE][FIX] GameServer Crash/Runtime Error Exploit within the SRO PServer Guides & Releases forum part of the SRO Private Server category.
10/29/2017, 20:52
|
#1
|
elite*gold: 166
Join Date: Apr 2009
Posts: 2,339
Received Thanks: 2,654
|
[RELEASE][FIX] GameServer Crash/Runtime Error Exploit
Hello everyone,
This is yet an unknown one (atleast for me and my environment) so I wanted to share this before more people lose their mind. It's a really strong exploit and will crash your gameserver with only 1 packet.
And the fix is also that easy.
Just block the 0x3510 opcode and you'll be fine.
PHP Code:
if(_pck.Opcode == 0x3510) continue;
Because the attackers used it wisely, we thought it was an error caused by the database. We wasted hours in front of PC (to fix this on BlackPearl) and then we decided to search the packets one by one to see the malicious one.
Hope you use it for good .
|
|
|
10/29/2017, 20:54
|
#2
|
elite*gold: 0
Join Date: Jan 2010
Posts: 213
Received Thanks: 113
|
Finally we fixed it. I hope that will help you.
|
|
|
10/29/2017, 21:00
|
#3
|
elite*gold: 0
Join Date: Apr 2017
Posts: 986
Received Thanks: 456
|
thank you
|
|
|
10/29/2017, 21:03
|
#4
|
elite*gold: 857
Join Date: Dec 2013
Posts: 857
Received Thanks: 679
|
i'm happy that you finally find it out
|
|
|
10/29/2017, 21:10
|
#5
|
elite*gold: 0
Join Date: Jan 2010
Posts: 213
Received Thanks: 113
|
Quote:
Originally Posted by KingDollar
i'm happy that you finally find it out
|
Yeah and also thank you for trying to help.
|
|
|
10/29/2017, 22:53
|
#6
|
elite*gold: 0
Join Date: Sep 2013
Posts: 4
Received Thanks: 0
|
Thank youuu
|
|
|
10/29/2017, 22:59
|
#7
|
elite*gold: 1400
Join Date: May 2011
Posts: 1,200
Received Thanks: 740
|
Thank you.
|
|
|
10/30/2017, 18:23
|
#8
|
elite*gold: 87
Join Date: Apr 2015
Posts: 318
Received Thanks: 535
|
why would you allow this opcode anyway? You should have an opcode whitelist and store only legit opcodes there. I'm not sure if the people above are being sarcastic or they really don't know.
|
|
|
10/30/2017, 20:58
|
#9
|
elite*gold: 0
Join Date: Oct 2013
Posts: 663
Received Thanks: 209
|
Quote:
Originally Posted by Xutan*
why would you allow this opcode anyway? You should have an opcode whitelist and store only legit opcodes there. I'm not sure if the people above are being sarcastic or they really don't know.
|
true but he said " block the opcode" then it's a little mistake at the coding
blocking the opcode can be done from the exploit.txt " if you have a file for bad opcodes " or by making it like this
PHP Code:
if(_pck.Opcode == 0x3510) { Disconnect //or what ever you need to do }
|
|
|
10/31/2017, 00:36
|
#10
|
elite*gold: 166
Join Date: Apr 2009
Posts: 2,339
Received Thanks: 2,654
|
Quote:
Originally Posted by Xutan*
why would you allow this opcode anyway? You should have an opcode whitelist and store only legit opcodes there. I'm not sure if the people above are being sarcastic or they really don't know.
|
this is a valid packet for BR files (stall network) and maybe I have it whitelisted for a reason.
Or people can still be using blacklists.
Don't be a ****.
|
|
|
08/20/2018, 18:21
|
#11
|
elite*gold: 0
Join Date: Jul 2011
Posts: 50
Received Thanks: 5
|
Quote:
Originally Posted by sarkoplata
this is a valid packet for BR files (stall network) and maybe I have it whitelisted for a reason.
Or people can still be using blacklists.
Don't be a ****.
|
I have a complete white list for Black Rogue files, and this opcode has nothing to do with Stall network. It's not a valid Black Rogue opcode!
Only these are valid stall network opcodes.
0x7461,CLIENT_BR_STALLNETWORK_SEARCH
0x7462,CLIENT_BR_STALLNETWORK_CLOSE
0x7463,CLIENT_BR_STALLNETWORK_PURCHASE
So you can block it, it won't affect any functionality in BR Files.
|
|
|
08/20/2018, 18:27
|
#12
|
elite*gold: 166
Join Date: Apr 2009
Posts: 2,339
Received Thanks: 2,654
|
Quote:
Originally Posted by Radoslavski
I have a complete white list for Black Rogue files, and this opcode has nothing to do with Stall network. It's not a valid Black Rogue opcode!
Only these are valid stall network opcodes.
0x7461,CLIENT_BR_STALLNETWORK_SEARCH
0x7462,CLIENT_BR_STALLNETWORK_CLOSE
0x7463,CLIENT_BR_STALLNETWORK_PURCHASE
|
Yeah well, but does it crash the BR Gameserver?
|
|
|
05/17/2020, 06:55
|
#13
|
elite*gold: 290
Join Date: Oct 2013
Posts: 263
Received Thanks: 191
|
Quote:
Originally Posted by sarkoplata
Yeah well, but does it crash the BR Gameserver?
|
I know this thread is really old, but can you share the way you search the malicious? What software to use to see the packet one by one? Did you log all the packet by using Wireshark?
My SRO server files are getting crash so many times in the last few days, my DB are fine and I really don't know the main problem of that, I think there is a new exploit opcode we don't know.
|
|
|
05/17/2020, 07:33
|
#14
|
elite*gold: 166
Join Date: Apr 2009
Posts: 2,339
Received Thanks: 2,654
|
Quote:
Originally Posted by vietnguyen09
I know this thread is really old, but can you share the way you search the malicious? What software to use to see the packet one by one? Did you log all the packet by using Wireshark?
My SRO server files are getting crash so many times in the last few days, my DB are fine and I really don't know the main problem of that, I think there is a new exploit opcode we don't know.
|
I logged every single opcode I received, except for the very common ones like ping, skill, move, chat etc. Through filter of course.
Then checked the odd looking ones just before the gameserver crashed.
You can't analyze the sro packet data with Wireshark I guess... You need a filter.
|
|
|
05/17/2020, 08:01
|
#15
|
elite*gold: 290
Join Date: Oct 2013
Posts: 263
Received Thanks: 191
|
Quote:
Originally Posted by sarkoplata
I logged every single opcode I received, except for the very common ones like ping, skill, move, chat etc. Through filter of course.
Then checked the odd looking ones just before the gameserver crashed.
You can't analyze the sro packet data with Wireshark I guess... You need a filter.
|
Thanks for your really kindly reply. I have a filter but not own the source, I can code C# but I don't know where to start to built a simple filter to log all opcodes like you do. Is there any open-source simple filter project out there you know can give me a starting point?
I have this opcode list but I think is not all valid code, can you share your list of valid opcodes?
Thanks for your time.
|
|
|
|
|
Similar Threads
|
[04.09.13] GigaByte v2.6 [FIX, FIX, FIX, FIX AND FIX]
09/11/2013 - WarRock Hacks, Bots, Cheats & Exploits - 79 Replies
http://www.elitepvpers.com/forum/warrock-hacks-bot s-cheats-exploits/2843300-11-09-gigabyte-public-v2 -7-a.html
|
[Problem]Microsoft Visual C++ Runtime Library Runtime Error!
08/08/2013 - Metin2 Private Server - 2 Replies
Hi All
I'have problem with my client
when i'm warp to map or login or logout or play in game
game close and say
Microsoft Visual C++ Runtime Library
Runtime Error!
img:
|
[Question] crack gameserver rates without Runtime error
10/20/2012 - SRO Private Server - 1 Replies
I tried to crack my game server to set the exp,sp,item drop, etc rate high but now that i did it i get a run time error one second or so after it launches
i used this post to do it
Cracking GameServer to fix rates
Writed By Chernobyl*
So, some people might have problems even at such basic stuff as cracking a experience limit.
|
VSRO GAMESERVER RUNTIME ERROR
03/12/2012 - SRO Private Server - 12 Replies
i get after 10 mins of gameserver starts a runtime error
How can i fix this?
|
All times are GMT +2. The time now is 10:37.
|
|