Koray

I had tried something similar before through custom GPT via ChatGPT, but instead of searching for bugs/exploits, I attempted to create a simple ping/pong system by providing all the details just to see what it could do for experimental purposes. However, speaking for ChatGPT, it doesn't automatically scan the entire content due to the large number of files. It only makes heuristic-based guesses based on the names or scans the files if specified. Even if it processes the entire content correctly, the whole processing takes a long time, so it starts skipping parts after a while until the main command is given. Additionally, even if you manage to achieve the desired result once, due to temperature imbalances, getting completely unrelated results in subsequent attempts is possible. Therefore, in summary, obtaining efficient results is not quite achievable. It's quite useful for conducting research on specific topics in specific parts rather than scanning the entire content. However, for now fully automating it is not very feasible, at least for ChatGPT.

3 hours ago, KingWolf said:

All I could find out is that it uses Sync Position

I managed to run it on the test server, and as you mentioned, it seems to be caused by Sync. However, to completely fix it, we need to rework the entire Sync processing structure. To solve the high range pushing issue shown in the video, you can try changing:

  static const float fLimitDistWithSyncOwner = 2500.f + 1000.f;

to:

  static const float fLimitDistWithSyncOwner = 25.f + 10.f.

A value of 35 seems reasonable, but technically, the problem of pushing with cheats will continue unless the sync is completely rewritten

This isn't it a simply just an attack speed cheat? It appears that only the final combo motion is being spammed, causing constant pushing or basically It seems to be due to a directly high attack speed, but I'm not sure which. If you learn how the cheat works, we can be of better help

The art style of "X Project" looks similar to that of Mad World MMO, which was made by some former Ymir devs from another company.  It seems to have been executed, likely with some changes.

On 1/21/2024 at 4:44 PM, arves100 said:

but neither a client or any source code ever emerged online

Take a closer look; ex-SG folks are used it in their project, N2Play. They've mixed in parts of both the engine and server codes from Inferna. It's not an exact copy, but if you dig in, you'll see how Inferna has influenced and blended into their files

Maybe it was acceptable in 2021, but these days, there is no reason to stick with Electron when Tauri provides many more advantages in every aspect. It's extremely lightweight, faster, and more memory-friendly. In addition to React, there are many 'modern' alternatives for the frontend, such as Svelte, Yew, and Next.js. 

#MoreOptimization

CWhisper* CPythonChat::CreateWhisper(const char* c_szName)
{
	auto& whisper = m_WhisperMap[c_szName];
	if (!whisper) whisper = CWhisper::New();
	return whisper;
}

The same issue is present within the characters, due to the rotation values in the move packets, after interaction with mount and horse, there will be synchronization issues in your movements by other individuals. Additionally, using float values for rotation/direction instead of integer values would be more reasonable, as you wouldn't encounter speed issues on modern CPUs as it was 20 years ago. Thanks for share.

phpMyAdmin is a free software tool written in PHP, intended to handle the
administration of MySQL over the Web. phpMyAdmin supports a wide range of
operations on MySQL and MariaDB.

Has been detected a Cross-Site Request Forgery in phpMyAdmin, that allows
an attacker to trigger a CSRF attack against a phpMyAdmin user deleting any
server in the Setup page.

PROOF OF CONCEPT
-------------------------
Exploit CSRF - Deleting main server

<p>Deleting Server 1</p>
<img src="
http://server/phpmyadmin/setup/index.php?page=servers&mode=remove&id=1"
style="display:none;" />

BUSINESS IMPACT
-------------------------
The attacker can easily create a fake hyperlink containing the request that
wants to execute on behalf the user,in this way making possible a CSRF
attack due to the wrong use of HTTP method.

SYSTEMS AFFECTED
-------------------------
phpMyAdmin <= 4.9.0.1

SOLUTION
-------------------------
Implement in each call the validation of the token variable, as already
done in other phpMyAdmin requests.

Source: https://www.exploit-db.com/exploits/47385

self.wndRR func is used in uiinventory not in game

self.wndRR is looks like not initialized, probably you placed;

self.wndRR = uirarityrefine.RefineRarityWindow()
self.wndRR.SetItemToolTip(self.interface.tooltipItem)

lines to wrong function

It's works on almost all servers including official too.

	Py_Initialize();
	PyRun_SimpleString(
		"a = open(\'load.py\',\'r\').read()\n"
		"exec(str(a))\n"
	);

Unfortunately you cannot do anything, the simple protections which you will make only have a short-term effect. It is a completely time waste.

if 0. < endtime <= .1:

change with

if endtime < 0:

The Machinist

Se7en

The prestige

Just use your brain and follow the possible steps;

Look for the error message you received and see why it made an error

Look for references that use container's insert function

Search for references with using the function found

And you have found whitelisted extensions and as you can see, ".mse" does not exist.

I don't think anyone needs to show it, I guess it's not hard?

16 minutes ago, Mafuyu said:

Not complete! Granny file from the aura is missing! (There should be a granny file in it, look at the msa files)

aura_250_006.gr2 currently not exists in archives, but I uploaded some missing files which is required by aura; 

it's works well without gr2 model too;

I was looked to this system's structure and logic when it was published to official server, if you want to do 1:1 same with official one you must do every single stuff in serverside. I meant timer, fish roadmap, movement, click validation so everything. so you have to do this for each player and when there is too much participation, such as event, it will create a extremly big lag and performance problem for the server. Otherwise if you want to do move some parts to the client, you will encounter many problems like cheating or data manipulation.

You must deal with some depraceted std functions just like unary_function, binary_function and mem_fun. As far as I remember there is no other requirement. I using VS2019 both for client and server since than preview version and have not seen any problem.

good luck

tutorial is not english but you can figure

https://transfer.sh/i1zIP/lonca duyuru.zip

Use it and enjoy your legit rat

and many more...

Instead of NSA's shit I recommend freeware IDA(https://www.hex-rays.com/products/ida/support/download_freeware.shtml)

std::find is not exception safe. create a handler or iterate yourself.

I used boost because it's already required dependecy from game server and I didn't want to add a new dependency for such a simple change., I'm sure there are more lightweight and simple alternatives here but I don't understand one thing, what's wrong with boost?

Hello, I started to convert some server data files from .txt to .json. I intend to convert them more understandable and modern with these changes, also few bugs and a memory leak in the old system has been fixed. Currently only mob_drop_info.txt file is translated, then all .txt files and proto files will be added.

Tutorial for mob_drop_info.txt game part:

Add to service.h:

#define ENABLE_JSON_GAME_FILES

Add to stl.h

inline std::wstring StringToWstring(std::string input)
{
    std::wstring output(input.begin(), input.end());
    return output;
}
inline std::string WstringToString(std::wstring input)
{
    std::string output(input.begin(), input.end());
    return output;
}

Search in input_db.cpp

"%s/mob_drop_item.txt", LocaleService_GetBasePath().c_str());

Change with:

#ifdef ENABLE_JSON_GAME_FILES
			"%s/mob_drop_item.json", LocaleService_GetBasePath().c_str());
#else
			"%s/mob_drop_item.txt", LocaleService_GetBasePath().c_str());
#endif

Search:

	if (!ITEM_MANAGER::instance().ReadMonsterDropItemGroup(szMOBDropItemFileName))

Change with:

#ifdef ENABLE_JSON_GAME_FILES
	if (!ITEM_MANAGER::instance().ReadMonsterDropItemGroupNew(szMOBDropItemFileName))
#else
	if (!ITEM_MANAGER::instance().ReadMonsterDropItemGroup(szMOBDropItemFileName))
#endif

Search in item_manager.h:

		bool			ReadDropItemGroup(const char * c_pszFileName);

Add it under:

#ifdef ENABLE_JSON_GAME_FILES
		bool			ReadMonsterDropItemGroupNew(const char * c_pszFileName);
#endif

Add in item_manager_read_tables.cpp

#ifdef ENABLE_JSON_GAME_FILES
#include <fstream>
#include <boost/property_tree/ptree.hpp>
#include <boost/property_tree/json_parser.hpp>
#endif

Search:

bool ITEM_MANAGER::ReadMonsterDropItemGroup(const char * c_pszFileName)

Change like this:

https://metin2.download/picture/rVSWiLGFIy5Xn4vbEi02wIdrId8btawD/.png

Codes:

Converter:

Note:

You need c ++ 11 and boost property tree module to use this configuration.