Leaderboard

Hello devs ! I found today a new weapon for Wolfman and I think it's an interesting model. Screen: Download: Here !!!

New Map ! Updated graphics and HD Textures !

M2 Download Center Download Here ( Internal ) Hey, after somone sells it under his name and earns money with my work i release it now. looks like a normal warp Is ne 10min Arbeit aber naja was solls. have fun with it

Hi guys, Running a server for a year and a half while a bunch of guys gets paid to destroy it by any means ends up giving you a good insight in what the word security really means. So, after being the target of almost every type of attack possible over the Internet, I think I am ready today to write a quick checklist on how your Metin2 server should be secured from criminal and disruptive behavior. I will divide it into several parts: ingame, website, server, staff. I will try to explain in brief how those attacks are executed, but the focus here is in how to defend from them effectively. I do not want this checklist to serve the purposes of hackers. But be aware; you are never 100% safe - it depends on how much your enemy is willing to work on it. So this should be taken as a bare minimum. And don't forget: the science of destruction evolves constantly. What is considered safe today, might not be so safe tomorrow. Disclaimer: This text reflects 5 years of experience managing a server's technical aspects. I do not do certain things (like quests) for a long time so excuse me for any mistakes I may be making here. Part 1 - Ingame bugs and exploits This part refers to threats that may realize through the game client or external software that acts through the game client. While often overlooked, sometimes these can be more dangerous to your server than any other type of attack. Keep an eye in your server's economy - the average price of items. If prices for a particular item or all of them change suddenly, there may be some obscure reason behind it. That is one of the reasons why we keep public and private statistics on the average market price of every item at WoM. One of the most common mistakes - and I commited this myself - when one wants to extensively edit everything is having an item give you more Yang when you NPC it than it costs to buy it from a shop. This gives unlimited Yang to whoever discovers it. There are even public bots which automate the process of buying and selling these items. The effect on the economy is devastating over a sufficient long period, not to mention that it's unfair that some people are infinitely rich and unbalance is never good for any MMORPG. Have your GM double check that no item can be sold for more than it costs. However, this is not the only way that a player can obtain access to unlimited resources. Badly written quests may allow players to obtain their rewards repeatedly by closing their clients while a quest dialog is open. One simple way to avoid this is to make sure that the commands which reward the player are the last in the code block before changing state. Now going into disruptive behaviour - the most annoying probably are the bugs which cause a server core to crash. The most famous is probably the number_ex bug. This causes several commands which depend on this function such as dice to be exploitable by using certain parameters. This bug is fixed in rev 40k and therefore in any game compiled from the source. If you are using 34k, the best you can do is use iMer's lib which provides several security enhancements. If you are using 2089, there are public diffs that patch this. Another bug exists in the war command in 34k and older which leads to a server crash. You cannot disable this command as it is used by the guild leaders to war other guilds. iMer's Lib takes care of this bug in 34k. Older and less known is the gold drop core crash bug present in 2089 and fixed -I believe- in 34k. Dropping huge amounts of gold or any other item which you can acquire in huge numbers in a map will cause the server to crash. I am not aware of public fixes for this exploit. Another favourite is the kickhack or sync position hack -partially fixed only in 40k- which allows a malicious user to disconnect other players at will. There are even videos of this being done in DE years ago. iMer's lib provides a fix for rev 34k. Finally, we have the long list of cheats which purely seek to gain advantage while playing. There are several client protection tutorials and services around this forum so I won't extend myself here about the subject. Part 2 - Server and OS Here we talk about the threats that affect your server and Operating System Part 2.1 Choosing and preparing your server There is no doubt at the moment of writing this that the french hosting company OVH provides the most cost-effective anti-ddos solution in the market. While many companies provide DDoS protection services, these cost several times as much as OVH offerings and this increase does not necessarily translate into a better protection. Therefore we will assume that you are renting either a dedicated server at OVH or a VPS at Eterhost as those are the ones I'm familiar with. Other providers or resellers may be configured in a different manner. Dedicated Server at OVH There are two flavors of the Anti-DDoS solution: Basic and Pro. Basic is free when renting a Kimsufi or Soyoustart server (cheap and intermediate OVH brands respectively). What it does is detect attacks directed at your IP address and route your traffic through the mitigation system during the attack. This is not enough to deter a dedicated hacker though - before the attack is detected, your server may be collapsed for a few minutes, and this can be repeated every hour by the attacker, as happened with one of the TEC attacks on WoM about 1 month ago. The PRO version comes with all the OVH proper (also known as professional) line of servers. It adds the ability to route traffic permanently through the mitigation system and provides you with a simple hardware firewall. This is what you should get if serious attacks are a concern, specifically an Enterprise line server (cheapest is at about 100€/month, VAT included) How to activate permanent mitigation on OVH Professional servers: - Open the new manager. If you don't know where this is, open the classic manager and click on "Home" and then below on the "Dedicated" icon. - Click on IP on the column at the left - Click the little wheel that appears at the right of your server's IP address - Select "Mitigation: permanent" How to set up the hardware firewall: - Click the wheel again and select "Activate firewall". Wait around a minute and then reload the page. - Click the wheel and select "Configure firewall" - You will be presented with the rules screen. You can add up to 20 rules to deny or allow specific ports on the firewall. Start by adding the allowed ports in the lower numbers and end with a global deny rule. Leaving a field blank in the "Add Rule" dialog will result in a wildcard; so if you leave the IP address field blank, this rule will affect all IPs. Adding an allow port port rule: click on Add Rule; choose rule priority; select protocol (TCP or UDP); select Accept; enter the port number. Adding a global deny: choose rule priority (must be higher than the allow port rules); select protocol (TCP or UDP); select Deny. Here is an example set of rules. We have added the SSH port and the game & auth ports, as well as 3306 so our website can connect to MySQL. You can specify the webserver's IP in the rule to prevent others from connecting to your database, although I personally prefer to do this at the software level with the pf firewall; in any case, port 3306 must not be public. "How do I connect with Navicat then?" Simple, use the SSH Tunnel option. This logs you in to SSH and then connects to the MySQL server as localhost. You must enter your server's SSH login details in the SSH, and your MySQL login details in the General tab, but remember we are connecting to localhost or 127.0.0.1: that's what you must enter in hostname, NOT your server's public address, as MySQL doesn't see us as a remote user anymore. Regarding UDP: UDP is your enemy. Disable it completely as I did in the above ruleset. The official client previously used UDP to check on server status, but it's trivial to override it in python so it always shows "NORM" regardless of the result of servercheck. If you are using 40k or source, the check already uses TCP, but your ports must be lower than 32768 (or the source modified) for it to work. VPS at Eterhost Our VPS are always routed through the mitigation system. Hardware firewall can be activated and configured to your needs for 5€/month extra. Part 2.2 - Hardening SSH First things first: have your OS always updated to the current version. It is often recommended by experts to access your server through a non-administrative account (some operating systems such as CentOS even force you to create one at install), so that's what we will be doing. We will create a restricted user for our game server: adduser game We can leave everything as default except for the login group: enter "wheel" here. Users which are part of the wheel group can use the su command to gain administrator privileges. This allows us to completely block root from remote login. Now it's time to create a SSH key for our new user. This makes bruteforce virtually impossible. Finally, let's prevent login from root, and login without key: ee /etc/ssh/sshd_config Look for the "PermitRootLogin" line and leave it this way, uncommenting if necessary: PermitRootLogin no And next look for the "PasswordAuthentication" setting and edit it so it looks like this: PasswordAuthentication no Now let's restart ssh for changes to take effect: service sshd restart Warning: at this point, you should open a new putty window to test that you can login with the new user and key, and that you can use the su command to gain root privileges. Wrong settings may lock you out of your server. Once everything is working, upload your server files to /home/game. This is the home directory of the user - a bit like "My Documents" in Windows. Make sure you change permissions in the files so the "game" user can read and write them: chown -R game /home/game (this command must be run as root! only root can change someone else's permissions. To switch between the game and root account, you use the su (short for superuser) command: root# su game Password: (game user's password) game# su Password: (root user's password) root# Or: root# su game Password: (game user's password) game# exit root# Finally, it may be a good idea to install ssh-guard for extra security or change your SSH port if you don't like your logs being spammed by portscans. To change your SSH port, edit the Port line in /etc/ssh/sshd_config and restart the sshd service as indicated above. Remember to open the new port if you are using a firewall or you will lock yourself out of the server. Part 2.3 Software Firewall: pf At this point it's a good idea to add a second line of defense with the pf firewall. First we will create the /etc/pf.conf file following this sample config. ee /etc/pf.conf Make sure you enter the correct interface and all the ports which must be open: SSH and game ports in our case. Neither p2p ports or db core port should be open to the public! Under trusted_hosts, enter the IP address of your web server so it can connect to the database (We assume a typical set up of web server + game / db server here) instead of opening port 3306 to everyone. This firewall provides us with scrubbing and rate limiting capabilities which the hardware firewall doesn't. Next we will enable pf: kldload pf pfctl -e Check that everything is working fine and then add the following line to /etc/rc.conf to load pf on boot: pf_enable="YES"

Hi, Metin2dev Screen: a simple intro login IntroLogin : add : import os def __LoadScript(self, fileName): self.Start = GetObject("start_button") self.Home = GetObject("home_button") self.Quit = GetObject("quit_button") self.Menu = GetObject("menu_button") self.FaceBookLike = GetObject("FaceBookButton") self.Conf = GetObject("config_button") Searched : self.serverList.SetEvent(ui.__mem_func__(self.__OnSelectServer)) self.FaceBookLike.SetEvent(ui.__mem_func__(self.__onclickFaceBook)) self.Conf.SetEvent(ui.__mem_func__(self.__onclickConf)) self.Home.SetEvent(ui.__mem_func__(self.__onclickHomeAdress)) self.Start.SetEvent(ui.__mem_func__(self.__onclickStartCheck)) self.Quit.SetEvent(ui.__mem_func__(self.__onclickQuit)) Searched : self.serverExitButton.SetEvent self.serverExitButton.SetEvent(ui.__mem_func__(self.__OnClickMenuButton)) Searched : def __OnClickSelectServerButton(self): def __onclickConf(self): os.system("start config.exe") def __onclickHomeAdress(self): os.startfile("[Hidden Content]") def __onclickFaceBook(self): os.startfile("[Hidden Content]") def __onclickStartCheck(self): self.__RequestServerStateList() self.serverBoard.Show() self.connectBoard.Hide() self.loginBoard.Hide() self.Menu.Hide() def __onclickQuit(self): self.stream.SetPhaseWindow(0) def __OnClickMenuButton(self): self.serverBoard.Hide() self.Menu.Show() Searched : self.serverBoard.SetPosition(self.xServerBoard, self.yServerBoard) to the bottom : self.serverBoard.Hide() self.connectBoard.Hide() self.loginBoard.Hide() self.Menu.Show() LoginWindow Locale/xx Edit locale name { "name" : "FaceBookButton", "type" : "button", "x" : 35, "y" : SCREEN_HEIGHT-120, "default_image" : "locale/xx/ui/face.sub", "over_image" : "locale/xx/ui/face2.sub", "down_image" : "locale/xx/ui/face2.sub", "tooltip_text" : "Facebook Page", }, to the bottom Patch Version Client Version NO URLLİB! I can, if desired because of the simple intrologin ## Check { "name" : "Show", "type" : "thinboard", "x" : SCREEN_WIDTH-165, "y" : 0, "width" : 166, "height" : 90, "children" : ( { "name" : "Neu_Text", "type" : "text", "x" : 10, "y" : 3, "vertical_align" : "center", "text_vertical_align" : "center", "text" : "Patch Version: 00001", }, { "name" : "Neu_Edit", "type" : "text", "x" : 100, "y" : 42, "width" : 120, "height" : 18, }, { "name" : "Client_Text", "type" : "text", "x" : 10, "y" : -23, "vertical_align" : "center", "text_vertical_align" : "center", "text" : "Client Version: 00001", }, { "name" : "Client_Edit", "type" : "text", "x" : 100, "y" : 17, "width" : 120, "height" : 28, }, ), }, ## Menu { "name" : "menu_button", "type" : "thinboard", 'x' : (SCREEN_WIDTH - 204) / 2, 'y' : (SCREEN_HEIGHT - 100) / 2, "width" : 200, "height" : 190, "children" : ( { "name" : "start_button", "type" : "button", "x" : 10, "y" : 17, "text" : "Start Game", "text_color" : 0xffF8BF24, "default_image" : ROOT + "XLarge_Button_01.sub", "over_image" : ROOT + "XLarge_Button_02.sub", "down_image" : ROOT + "XLarge_Button_03.sub", }, { "name" : "config_button", "type" : "button", "x" : 10, "y" : 62, "text" : "Config", "text_color" : 0xffF8BF24, "tooltip_text" : "Turns game settings.", "default_image" : ROOT + "XLarge_Button_01.sub", "over_image" : ROOT + "XLarge_Button_02.sub", "down_image" : ROOT + "XLarge_Button_03.sub", }, { "name" : "home_button", "type" : "button", "x" : 10, "y" : 107, "text" : "Home Page", "text_color" : 0xffF8BF24, "tooltip_text" : "Redirects to the main page.", "default_image" : ROOT + "XLarge_Button_01.sub", "over_image" : ROOT + "XLarge_Button_02.sub", "down_image" : ROOT + "XLarge_Button_03.sub", }, { "name" : "quit_button", "type" : "button", "x" : 10, "y" : 152, "text" : "Exit", "text_color" : 0xffF8BF24, "default_image" : ROOT + "XLarge_Button_01.sub", "over_image" : ROOT + "XLarge_Button_02.sub", "down_image" : ROOT + "XLarge_Button_03.sub", }, ), }, Sub and JPG Download Link : [Hidden Content] ready loginwindow,intrologin in the present, You can not use those! loginwindow: locale/tr Edit locale name! intrologin : locale_is_turkey Edit locale name! Example: localeInfo,Locale

Hello Guys, at first, this Video contains the language German. I never thought to post this here, first of all it was made just 4 fun cuz I was bored. But then, I realised that many people have troubles with this few steps. I denied to use VS 2008 SP1, had enough problems with it and it isn't recommended to use this version. Be aware, this is my first Tutorial, if anyone who speaks German notice a spell- error or a misconception, please, just ignore it. Everyone has his beginning. ps: later I'll write an Englisch Guide, for all people over the Globe. I hope I could help you out. The Download- URL is in the Description on Youtube. Credits to: Reboot, for the clean Source. FIX: Inventorybelt error Go to UserInterface and open Locale_inc.h add this or replace the existing lines with: Thanks to Shisui.

locale_inc ? #define ENABLE_NEW_EQUIPMENT_SYSTEM

i can do for u

icons ramadan plis

void CHARACTER::ChannelSwitch(int iNewChannel) { long lAddr, lMapIndex; WORD wPort; long x = GetX(); long y = GetY(); if (!CMapLocation::Instance().Get(x, y, lMapIndex, lAddr, wPort)) { sys_err("Can not find map location index[%ld] x[%ld] y[%ld] name[%s]", lMapIndex, x, y, GetName()); return; } if (lMapIndex >= 10000) return; std::map<WORD, BYTE> ChannelsPorts; for (BYTE i = 0; i < 4; i++) { for (BYTE j = 2; j < 9; j++) ChannelsPorts[13 * 1000 + (i * 100) + j] = i + 1; } int iChannel = ChannelsPorts.find(wPort) != ChannelsPorts.end() ? ChannelsPorts[wPort] : 0; if (iChannel == 0) { sys_err("This port is not available! (%d)", wPort); return; } Stop(); Save(); if (GetSectree()) { GetSectree()->RemoveEntity(this); ViewCleanUp(); EncodeRemovePacket(this); } TPacketGCWarp p; p.bHeader = HEADER_GC_WARP; p.lX = x; p.lY = y; p.lAddr = lAddr; p.wPort = (wPort - 100 * (iChannel - 1) + 100 * (iNewChannel - 1)); GetDesc()->Packet(&p, sizeof(TPacketGCWarp)); } Kind Regards Ken

I know this. Can you give me libstdc++.so.6 version 3.4.20. I don't find it. Use brain, install gcc49 and you find in local/lib/gcc49/ And move from lib/gcc49 to /usr/lib Or edit libmap.conf with location local/lib/gcc49/libstdc++.so.6

cyber when it wll be start

M2 Download Center Download Here ( Internal ) Hey guys, since i needed a few MySQL Hashes in the last few days i wrote a little tool to convert normal text to a MySQL5 hash. I'd thought I'd share it, maybe you can need it. You should need it for account passwords since those are hashed. Just start the program, type in your password/text to hash, click the button and it will be hashed and also copied to your clipboard. You just need to paste it then. Virustotal: [Hidden Content]

By Gebel

[ENG] Hi, I have found a way to fix the backporting on mounts, and with this way the monster appear correctly! Lets start: 1. You need the folder in which the MSM / MSA / GR2 files are thy Mount's 2. go to your server in the directory /usr/home/game/share/data/monster (green part of the path may differ) 3. load the folder where your mount is in this directory 4. go into your database and open the mob_proto 5. You search your Mount and go to the column "Folder" 6. put in the folder name of your Mount's in this column 7. Restart Server I know this way for quite a while and it also works with Pet's / monsters etc .. I´m sorry for my very bad english [GER] Hi, Ich habe einen Weg gefunden das zurück Porten auf Mounts zu verhindern, und das so dass die Monster korrekt erscheinen! Ich will nicht lang drum rum reden also fangen wir an: 1. Du brauchst den Ordner in dem sich die msm/msa/gr2 Dateien deines Mount´s befinden 2. Du gehst auf deinem Server in das Verzeichnis /usr/home/game/share/data/monster (Grüner teil des Pfades kann abweichen) 3. Du lädst den Ordner in dem sich dein Mount befindet in dieses Verzeichnis hoch 4. Du gehst in deine Datenbank und öffnest die mob_proto 5. Du suchst nach deinem Mount und gehst zur spalte "folder" 6. Du trägst den Ordnernamen deines Mount´s in diese spalte ein 7. Server neustarten Ich kenne diesen weg schon recht lange und er funktioniert auch bei Pet´s/Monstern etc...

Try this dll: [Hidden Content] Add this dll your client with studpe and break qdata file in game folder

Here another solution for fix invisibility bug. Kind Regards Zerelth ~ Ellie

This post is made for changelogs and for the download link! ### Changelog vanilla version 2.2 (without rev system) ### ~> See here ### Changelog vanilla revision rev52410 ### Also known as version 2.3 ~> See here ### Changelog vanilla revision 54180 ### Also known as version 2.4 ~> See here ### Changelog vanilla revision 54250 ### Also known as version 2.4.1 ~> See here ~> Hotfix see here ~> Second hotfix see here Download (v2.4.1): here password: vanilla note! Please always test newer versions of vanilla first in a test environment!! Only download the vanilla core from valid sources (this thread!!) If you want to donate then you can simply donate via paypal or other payment methods. Just write me a private message I appreciate every help I can get! Installation: Read readme.txt! You are allowed to freely distribute the vanilla core but be sure you mark the right authors! The main source code is from YMIR, the modifications are made by me (vanilla)! And if you release it somewhere else please make sure you create a reference to this thread and that it's allowed to be posted there.