Jump to content

Recommended Posts

Syerr:
 

May  4 17:31:38.919477 :: P2P: Logout Adi
May  4 17:31:39.960989 :: P2P: Logout Adi
May  4 17:31:40.401535 :: SYSTEM: new connection from [82.43.172.18] fd: 20 handshake 3600353393 output input_len 0, ptr 0x2975c400
May  4 17:31:40.841006 :: MARK_SERVER: Login
May  4 17:31:40.921494 :: SYSTEM: new connection from [178.156.191.39] fd: 22 handshake 211571624 output input_len 0, ptr 0x2ab82c00
May  4 17:31:40.960866 :: LargePacket Size 2848
May  4 17:31:40.960896 :: reallocating buffer to 8192, current 1024
May  4 17:31:40.960923 :: MARK_SERVER: GuildMarkIDXList 2855 bytes sent.
May  4 17:31:41.40877 :: MARK_SERVER: Login
May  4 17:31:41.80898 :: P2P: Login Adi
May  4 17:31:41.120651 :: MARK_SERVER: Sending blocks. (imgIdx 0 diff 0 size 10)
May  4 17:31:41.320991 :: SYSTEM: closing socket. DESC #20
May  4 17:31:41.360606 :: LargePacket Size 2848
May  4 17:31:41.360654 :: reallocating buffer to 8192, current 1024
May  4 17:31:41.360690 :: MARK_SERVER: GuildMarkIDXList 2855 bytes sent.
May  4 17:31:41.440670 :: MARK_SERVER: Sending blocks. (imgIdx 0 diff 0 size 10)
May  4 17:31:41.560738 :: SYSTEM: closing socket. DESC #22

This is flood?  please help me to block this.. 

Link to comment
Share on other sites

  • Replies 8
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

  • Premium

try:

input_login.cpp

function: void CInputLogin::GuildMarkCRCList(LPDESC d, const char* c_pData)

Comment whole function and replace with mine.

 

void CInputLogin::GuildMarkCRCList(LPDESC d, const char* c_pData)
{
    TPacketCGMarkCRCList * pCG = (TPacketCGMarkCRCList *) c_pData;

    std::map<BYTE, const SGuildMarkBlock *> mapDiffBlocks;

    if (pCG)
        CGuildMarkManager::instance().GetDiffBlocks(pCG->imgIdx, pCG->crclist, mapDiffBlocks);

    DWORD blockCount = 0;
    TEMP_BUFFER buf(1024 * 1024);

    for (itertype(mapDiffBlocks) it = mapDiffBlocks.begin(); it != mapDiffBlocks.end(); ++it)
    {
        BYTE posBlock = it->first;
        const SGuildMarkBlock & rkBlock = *it->second;

        buf.write(&posBlock, sizeof(BYTE));
        buf.write(&rkBlock.m_sizeCompBuf, sizeof(DWORD));
        buf.write(rkBlock.m_abCompBuf, rkBlock.m_sizeCompBuf);

        ++blockCount;
    }

    TPacketGCMarkBlock pGC;

    pGC.header = HEADER_GC_MARK_BLOCK;
    pGC.bufSize = buf.size() + sizeof(TPacketGCMarkBlock);
    pGC.count = blockCount;
    pGC.imgIdx = pCG->imgIdx;

    sys_log(0, "MARK_SERVER: Sending blocks. (imgIdx %u diff %u size %u)", pCG->imgIdx, mapDiffBlocks.size(), pGC.bufSize);

    if (d && buf.size() > 0)
    {
        d->BufferedPacket(&pGC, sizeof(TPacketGCMarkBlock));
        d->LargePacket(buf.read_peek(), buf.size());
    }
    else
        d->Packet(&pGC, sizeof(TPacketGCMarkBlock));
}

 

Let me know...

 

Link to comment
Share on other sites

Acum 1 oră, WeedHex a spus:

try:

input_login.cpp

function: void CInputLogin::GuildMarkCRCList(LPDESC d, const char* c_pData)

Comment whole function and replace with mine.

 

void CInputLogin::GuildMarkCRCList(LPDESC d, const char* c_pData)
{
    TPacketCGMarkCRCList * pCG = (TPacketCGMarkCRCList *) c_pData;

    std::map<BYTE, const SGuildMarkBlock *> mapDiffBlocks;

    if (pCG)
        CGuildMarkManager::instance().GetDiffBlocks(pCG->imgIdx, pCG->crclist, mapDiffBlocks);

    DWORD blockCount = 0;
    TEMP_BUFFER buf(1024 * 1024);

    for (itertype(mapDiffBlocks) it = mapDiffBlocks.begin(); it != mapDiffBlocks.end(); ++it)
    {
        BYTE posBlock = it->first;
        const SGuildMarkBlock & rkBlock = *it->second;

        buf.write(&posBlock, sizeof(BYTE));
        buf.write(&rkBlock.m_sizeCompBuf, sizeof(DWORD));
        buf.write(rkBlock.m_abCompBuf, rkBlock.m_sizeCompBuf);

        ++blockCount;
    }

    TPacketGCMarkBlock pGC;

    pGC.header = HEADER_GC_MARK_BLOCK;
    pGC.bufSize = buf.size() + sizeof(TPacketGCMarkBlock);
    pGC.count = blockCount;
    pGC.imgIdx = pCG->imgIdx;

    sys_log(0, "MARK_SERVER: Sending blocks. (imgIdx %u diff %u size %u)", pCG->imgIdx, mapDiffBlocks.size(), pGC.bufSize);

    if (d && buf.size() > 0)
    {
        d->BufferedPacket(&pGC, sizeof(TPacketGCMarkBlock));
        d->LargePacket(buf.read_peek(), buf.size());
    }
    else
        d->Packet(&pGC, sizeof(TPacketGCMarkBlock));
}

 

Let me know...

 

i heave this ..
 

void CInputLogin::GuildMarkCRCList(LPDESC d, const char* c_pData)
{
	TPacketCGMarkCRCList * pCG = (TPacketCGMarkCRCList *) c_pData;

	std::map<BYTE, const SGuildMarkBlock *> mapDiffBlocks;
	CGuildMarkManager::instance().GetDiffBlocks(pCG->imgIdx, pCG->crclist, mapDiffBlocks);

	DWORD blockCount = 0;
	TEMP_BUFFER buf(1024 * 1024); // 1M 버퍼

	for (itertype(mapDiffBlocks) it = mapDiffBlocks.begin(); it != mapDiffBlocks.end(); ++it)
	{
		BYTE posBlock = it->first;
		const SGuildMarkBlock & rkBlock = *it->second;

		buf.write(&posBlock, sizeof(BYTE));
		buf.write(&rkBlock.m_sizeCompBuf, sizeof(DWORD));
		buf.write(rkBlock.m_abCompBuf, rkBlock.m_sizeCompBuf);

		++blockCount;
	}

	TPacketGCMarkBlock pGC;

	pGC.header = HEADER_GC_MARK_BLOCK;
	pGC.imgIdx = pCG->imgIdx;
	pGC.bufSize = buf.size() + sizeof(TPacketGCMarkBlock);
	pGC.count = blockCount;

	sys_log(0, "MARK_SERVER: Sending blocks. (imgIdx %u diff %u size %u)", pCG->imgIdx, mapDiffBlocks.size(), pGC.bufSize);

	if (buf.size() > 0)
	{
		d->BufferedPacket(&pGC, sizeof(TPacketGCMarkBlock));
		d->LargePacket(buf.read_peek(), buf.size());
	}
	else
		d->Packet(&pGC, sizeof(TPacketGCMarkBlock));
}

 

Link to comment
Share on other sites

  • Bot
@fixme006: on PythonNetworkStreamModule.cpp, PythonNetworkStreamPhaseGame.cpp; "SEQUENCE mismatch 0xaf != 0x64 header 254" fix
			This happens due to a bug on the TODO_RECV_SYMBOL phase when calling the __SendSymbolCRCList.
			That function will connect via MarkServer_Login and iterate m_kVec_dwGuildID to send sub-"HEADER_CG_SYMBOL_CRC" packets.
			If m_kVec_dwGuildID is 0, the server will never receive packets after logged in the MarkServer, and the connection won't be closed.
			When a connection is established, a ping_event will be triggered every 60 seconds.
			When the time will come, a ping packet will be send to the client, and the client will reply back with a pong one.
			In this case, the secondary marklogin connection would be asynchronous, and the packet sequence for the pong mismatched too.
			After the sequence error occurs, the marklogin connection will be finally closed.

			In few words, everytime someone logs in the server (after character selection),
			the syserr will get once the mismatch error after 60 seconds.
			The fix is to not establish a marklogin connection for TODO_RECV_SYMBOL if the m_kVec_dwGuildID is 0.

Is it maybe the fix above? @WeedHex Could you please tell me in private how to trigger this exploit to test it on my server?

 

King Regards

Cyber

english_banner.gif

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now

Announcements



×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.