Ken

quest co_mission begin state start begin function StartCoOp() for i = 1, table.getn(registeredList), 1 do pc.select(find_pc_by_name(registeredList[i])) -- It's an array. set_quest_state("co_mission", "run") end end when NPC_ID.chat."Register for CO-Op" begin say_title("Co-Op:") say("") --"1234567890" say("Do you wanna register for Co-op?") if (select(locale.yes, locale.no) == 2) then return end table.insert(registeredList, pc.get_name()) if (table.getn(registeredList) == 2) then co_mission.StartCoOp() end end end state run begin notice_in_map(string.format("The player %s entered Co-Op mission", pc.name)) end end You're creating a table in the questlib.lua and you're using for-loop to call the names and select them. If you don't add that just like that, your quest is only call the first member or the last number. (I never test that) Whatever, your quest should be just like that. Kind Regards ~ Ken

Christmas time!

Nova's second fix about MakeGuild is useless for me because the system is already checking alpha characters. (check_name). Before implementing the fix, you have to test the SQL injection. If the system does not check the alpha characters, that means you have many SQL injections in the source files. For example; pc.change_name (Quest) CInputLogin::ChangeName() - net.SendChangeCharacterNamePacket() CInputLogin::CharacterCreate() horse.set_name() Kind Regards ~ Ken

I'm running away from the past I left behind. I'm looking for answers, but I'm blinded by the light

Most people are saying it's magic or they're calling us a magician. I just can say one thing about this. Nothing is impossible in the programming world. Kind Regards ~ Ken

As you know, Webzen is developing new functions for the new systems. I made the new class of MoveImageBox. Part of C++ is still missing because of the packed binary. I'll try to do something about this as soon as possible I can. Here are a new class and the functions. # This function is only using by Mini Game class MoveImageBox(Window): def __init__(self, layer = "UI"): Window.__init__(self, layer) self.event = None def __del__(self): Window.__del__(self) def RegisterWindow(self, layer): self.hWnd = wndMgr.RegisterMoveImageBox(self, layer) def MoveStart(self): wndMgr.MoveStart(self.hWnd) def MoveStop(self): wndMgr.MoveStop(self.hWnd) def GetMove(self): return wndMgr.GetMove(self.hWnd) def SetMovePosition(self, x, y): wndMgr.SetMovePosition(self.hWnd, x, y) def SetMoveSpeed(self, speed): wndMgr.SetMoveSpeed(self.hWnd, speed) def OnEndMove(self): if (self.event): self.event() def SetEndMoveEvent(self, event): self.event = event // New Functions of Move ImageBox wndMgr.RegisterMoveImageBox(hWnd) wndMgr.MoveStart(hWnd) wndMgr.MoveStop(hWnd) wndMgr.GetMove(hWnd) wndMgr.SetMovePosition(hWnd, x, y) wndMgr.SetMoveSpeed(hWnd, speed) Kind Regards ~ Ken

I didn't see any topic about this and I wanted to show it. We'll see the new updates in the future again ^^

M2 Download Center Download Here ( Internal ) Webzen started to code new functions for everything. (They're refreshing the stuff slowly too). Today I'll give an update about SendQuestInputStringPacket. This packet is often used by r34083 to make new systems with communication. This function is only work when the string size is big than 64. net.SendQuestInputLongStringPacket I explained everything in the rar file Kind Regards, Ken

I think, it does not relate to the messenger system. You have to check your static packets. Kind Regards ~ Ken

We're calling that code style. You don't have to use if condition all the time. You're just assign the variable with the condition. You can do this with "?" too. Kind Regards ~ Ken

At first, you don't have to follow a long way for that. The second one is about CPetActor::SetLevel. You don't have to follow a long way for that too. The default will be one all the time if the level is less than zero. addPacket.dwLevel = IsPC() || IsMonster() || IsPet() ? GetLevel() : 0; void CPetActor::SetLevel(BYTE level) { if (!IsSummoned()) return; if (level < 0) level = 1; // Default will be 1 all the time if the level is less than zero. m_pkChar->SetLevel(level); m_level = level; }

Vanilla source could be good in the old days. For now, everyone is using the new source files. (Home-made) I can't say anything about vanilla source is better than every source or something like that. Every source is valuable at the moment. I think there is no a diff for vanilla sources yet. Kind Regards ~ Ken

They already knew this problem before (It's just a guess). The server will ban who tries to use this SQL injection If you implement my code with a ban query. Kind Regards ~ Ken

This thing is not related to the ports. It's related to the messenger system. The exploit is only working when you're trying to remove someone on your friend list. Ymir didn't add a protection for this. In the leaked source files or Vanilla source has the same vulnerability too. I can't say anything about the older game versions because they probably have the same vulnerability too. Kind Regards ~ Ken

case ITEM_BLEND: sys_log(0, "ITEM_BLEND"); if (Blend_Item_find(item->GetVnum())) { if (item->GetSocket(0) >= static_cast<long>(_countof(aApplyInfo))) // Use long for ignore warnings in gcc { sys_err("INVALID_BLEND_ITEM (id: %u, vnum: %u). Apply type is %ld", item->GetID(), item->GetVnum(), item->GetSocket(0)); return false; } int iApplyType = aApplyInfo[item->GetSocket(0)].bPointType; int iApplyValue = item->GetSocket(1), iApplyDuration = item->GetSocket(2); if (FindAffect(AFFECT_BLEND, iApplyType)) { ChatPacket(CHAT_TYPE_INFO, LC_TEXT("ÀÌ¹Ì È¿°ú°¡ °É·Á ÀÖ½À´Ï´Ù.")); return false; } item->ModifyPoints(false); item->SetCount(item->GetCount() - 1); AddAffect(AFFECT_BLEND, iApplyType, iApplyValue, 0, iApplyDuration, 0, false); } break; Description: The system will remove old values on your character and add the new one on your character. I changed the code style. (I just don't like bad code style. ) Kind Regards ~ Ken

size_t resultTextSize = resultText.size() < 20 ? 20 - resultText.size() : resultText.size() - 20; if (resultTextSize >= CHAT_MAX_LEN) { sys_err("[CubeInfo] Too long cube result list text. (NPC: %d, length: %d)", npcVNUM, resultText.size()); resultText.clear(); resultCount = 0; } It's more effectively and short. Thank you for share this fix with us. Kind Regards ~ Ken

Second fix - Description (Totally fix) Even If you don't use escape string for the companion, the function will search companion and account in the maps. If the result is not positive, the function will stop itself and write a log in syserr. Search this in messenger_manager.cpp void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion) Replace with this void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion) { if (companion.empty()) return; // Second fix if (m_Relation[account].find(companion) == m_Relation[account].end() || m_InverseRelation[companion].find(account) == m_InverseRelation[companion].end()) { LPCHARACTER ch = CHARACTER_MANAGER::Instance().FindPC(account.c_str()); if (ch) { sys_err("MessengerManager::RemoveFromList: %s tries to use messenger sql injection", ch->GetName()); if (ch->GetDesc()) ch->GetDesc()->DelayedDisconnect(3); } else sys_err("MessengerManager::RemoveFromList: Omg! The ghost tried to use this function!"); return; } sys_log(1, "MessengerManager::RemoveFromList: Remove %s %s", account.c_str(), companion.c_str()); DBManager::instance().Query("DELETE FROM messenger_list%s WHERE account='%s' AND companion = '%s'", get_table_postfix(), account.c_str(), companion.c_str()); __RemoveFromList(account, companion); TPacketGGMessenger p2ppck; p2ppck.bHeader = HEADER_GG_MESSENGER_REMOVE; strlcpy(p2ppck.szAccount, account.c_str(), sizeof(p2ppck.szAccount)); strlcpy(p2ppck.szCompanion, companion.c_str(), sizeof(p2ppck.szCompanion));; P2P_MANAGER::instance().Send(&p2ppck, sizeof(TPacketGGMessenger)); } If you want to ban who tries to use this sql injection, here is a code for you. void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion) { if (companion.empty()) return; // Second fix if (m_Relation[account].find(companion) == m_Relation[account].end() || m_InverseRelation[companion].find(account) == m_InverseRelation[companion].end()) { LPCHARACTER ch = CHARACTER_MANAGER::Instance().FindPC(account.c_str()); if (ch) { sys_err("MessengerManager::RemoveFromList: %s tries to use messenger sql injection", ch->GetName()); DBManager::Instance().DirectQuery("UPDATE account.account SET status = 'BAN' WHERE id = %u", ch->GetAID()); if (ch->GetDesc()) ch->GetDesc()->DelayedDisconnect(3); } else sys_err("MessengerManager::RemoveFromList: Omg! The ghost tried to use this function!"); return; } sys_log(1, "MessengerManager::RemoveFromList: Remove %s %s", account.c_str(), companion.c_str()); DBManager::instance().Query("DELETE FROM messenger_list%s WHERE account='%s' AND companion = '%s'", get_table_postfix(), account.c_str(), companion.c_str()); __RemoveFromList(account, companion); TPacketGGMessenger p2ppck; p2ppck.bHeader = HEADER_GG_MESSENGER_REMOVE; strlcpy(p2ppck.szAccount, account.c_str(), sizeof(p2ppck.szAccount)); strlcpy(p2ppck.szCompanion, companion.c_str(), sizeof(p2ppck.szCompanion));; P2P_MANAGER::instance().Send(&p2ppck, sizeof(TPacketGGMessenger)); }

Both ways show the same result. (Block SQL Injection). Nova/Alpha's using this in MessengerManager::RemoveFromList. I'm using this before use this function. Kind Regards ~Ken

Maybe you should read the codes well. // If the character is not exist in the game, use EscapeString and send to the database. if (!tch) { The one sends escape string, the other sends the character name. Kind Regards ~Ken

Second fix - Description (Totally fix) Even If you don't use escape string for the companion, the function will search companion and account in the maps. If the result is not positive, the function will stop itself and write a log in syserr. Search this in messenger_manager.cpp void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion) Replace with this void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion) { if (companion.empty()) return; // Second fix if (m_Relation[account].find(companion) == m_Relation[account].end() || m_InverseRelation[companion].find(account) == m_InverseRelation[companion].end()) { LPCHARACTER ch = CHARACTER_MANAGER::Instance().FindPC(account.c_str()); if (ch) { sys_err("MessengerManager::RemoveFromList: %s tries to use messenger sql injection", ch->GetName()); if (ch->GetDesc()) ch->GetDesc()->DelayedDisconnect(3); } else sys_err("MessengerManager::RemoveFromList: Omg! The ghost tried to use this function!"); return; } sys_log(1, "MessengerManager::RemoveFromList: Remove %s %s", account.c_str(), companion.c_str()); DBManager::instance().Query("DELETE FROM messenger_list%s WHERE account='%s' AND companion = '%s'", get_table_postfix(), account.c_str(), companion.c_str()); __RemoveFromList(account, companion); TPacketGGMessenger p2ppck; p2ppck.bHeader = HEADER_GG_MESSENGER_REMOVE; strlcpy(p2ppck.szAccount, account.c_str(), sizeof(p2ppck.szAccount)); strlcpy(p2ppck.szCompanion, companion.c_str(), sizeof(p2ppck.szCompanion));; P2P_MANAGER::instance().Send(&p2ppck, sizeof(TPacketGGMessenger)); } If you want to ban who tries to use this SQL injection, here is a code for you. void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion) { if (companion.empty()) return; // Second fix if (m_Relation[account].find(companion) == m_Relation[account].end() || m_InverseRelation[companion].find(account) == m_InverseRelation[companion].end()) { LPCHARACTER ch = CHARACTER_MANAGER::Instance().FindPC(account.c_str()); if (ch) { sys_err("MessengerManager::RemoveFromList: %s tries to use messenger sql injection", ch->GetName()); DBManager::Instance().DirectQuery("UPDATE account.account SET status = 'BAN' WHERE id = %u", ch->GetAID()); if (ch->GetDesc()) ch->GetDesc()->DelayedDisconnect(3); } else sys_err("MessengerManager::RemoveFromList: Omg! The ghost tried to use this function!"); return; } sys_log(1, "MessengerManager::RemoveFromList: Remove %s %s", account.c_str(), companion.c_str()); DBManager::instance().Query("DELETE FROM messenger_list%s WHERE account='%s' AND companion = '%s'", get_table_postfix(), account.c_str(), companion.c_str()); __RemoveFromList(account, companion); TPacketGGMessenger p2ppck; p2ppck.bHeader = HEADER_GG_MESSENGER_REMOVE; strlcpy(p2ppck.szAccount, account.c_str(), sizeof(p2ppck.szAccount)); strlcpy(p2ppck.szCompanion, companion.c_str(), sizeof(p2ppck.szCompanion));; P2P_MANAGER::instance().Send(&p2ppck, sizeof(TPacketGGMessenger)); }

About 1.0.5 (In a few days, I'll publish it): You can pack your item proto and mob proto with this. In the new version, you can extract official mob protos. (The system only cares about Scale Factor). Special Thanks: xP3NG3Rx Kind Regards ~ Ken