cBaraN

Nice project, but i think it should be in the file deletion argument just like the original ymir installer. I think it is necessary to delete old files. Also, if you solve the "process.env.PORTABLE_EXECUTABLE_DIR is undefined" error, i think it will be a very good project.

14 minutes ago, Mali61 said:

# NOTE: Next time, check files before writing here 

Sorry, ido not keep old files on my computer, im not a good archivist  

Reinterpretation  If im not mistaken, the "last_play" column already existed in cache memory. Why did you need an interrogation?

# NOTE: If not, then i added it myself, im sorry. It would make more sense if you replace it with the value in memory, if any.

6 minutes ago, Kafa said:

 

 

!!! You're a legend, can someone adjust it to the release?  

You can edit the variable by function.

prLevel->SetColor(140.0f / 255.0f, 200.0f / 255.0f, 255.0f / 255.0f, 1.0f);
prLevel->SetOutLineColor(140.0f / 255.0f * 0.5f, 200.0f / 255.0f * 0.5f, 255.0f / 255.0f * 0.5f, 1.0f);

First of all, thank you for informing me. I've had a pest attack before. So I had to solve a similar attack with "Pf Sense".

However, if you proceed with a logical way, you seem to have overlooked the slightest roughness.

1 - DB Core crashes at a request of 600 - 700 instant.
2 - In case of any malicious attack, you can receive 3,000 requests in 5 minutes and this attack will suffice for DB core to crash.
3 - Why not check the contents of the package?

My opinion; I think it would be more efficient if you do the operations on the Game core instead of DB core.

I got rid of this problem before YMIR (Now Webzen). 

Ugh... god bless us from these codes

game.py search
def OnPickMoney(self, money):

add
oldGold = player.GetElk() - money
self.interface.SetLastGold(oldGold)

interfaceModule.py search
def IsEditLineFocus(self):
	...
    
add
def SetLastGold(self, amount):
        self.wndInventory.lastGold = amount
        
uiInventory.py search

tooltipItem = None
add
lastGold        = None

search
self.tooltipItem = None

add

self.lastGold = None

search
def RefreshStatus(self):

replace money parts (final https://metin2.download/picture/f0KwyTmdUGCaG1rqFgim3U5evZW8jE49/.png)
        iLastGold    = self.GetLastGold()
        iGoldNow    = player.GetElk()
        gIncrease    = 1 if (not (iGoldNow - iLastGold) / 10000 > 0) else 10000
        
        for goldLoop in range(iLastGold, iGoldNow + 1, gIncrease):
            goldLoop    = goldLoop
            iGoldNow    = iGoldNow
            
            self.wndMoney.SetText(localeInfo.NumberToMoneyString(goldLoop))
            if (goldLoop == iGoldNow): break
        
        self.wndMoney.SetText(localeInfo.NumberToMoneyString(iGoldNow))

https://youtu.be/wpYPE6blQeY

7 hours ago, Helia01 said:

Nice, but what should I do if I don't have chrome?

You can edit, this is just for example.

3 hours ago, filipw1 said:

		import os
		os.system("start "" https://www.google.com/")

That would make a deal without  any C++ code

Of course, it makes sense to use python, but some users are having problems. (Client crash etc..)

52 minutes ago, Mali61 said:

And you have a developer tag. I love this site

Tag dont matter, you can live happier only if you focus on your own life. Unless you try to make bad comments.

46 minutes ago, Syriza said:

 

GetChorme 

im sorry sometimes i write variables once and always copy and paste xD

#NOTE: I can't help and log in because of my personal business. But a little code, I wanted to give this example, you can change the logic and use it in a healthy way.

Userinterface/PythonApplicationModule.cpp

// Add
#include <Shellapi.h>
  
// Search
PyObject* appExit(PyObject* poSelf, PyObject* poArgs)
{
    CPythonApplication::Instance().Exit();
    return Py_BuildNone();
}
  
// Add
PyObject * appOpenWebBrowser(PyObject * poSelf, PyObject * poArgs)
{
    char * szURL;

    if (!PyTuple_GetString(poArgs, 0, &szURL))
        return Py_BuildException();

    char * getChormeURL;
    _snprintf(getChormeURL, sizeof(getChormeURL), "%s  --non-incognito", szURL);

    ShellExecuteA(0, 0, "chrome.exe", getChormeURL, 0, SW_SHOWMAXIMIZED);

    return Py_BuildNone();
}
  
// Search
{ "Exit",                        appExit,                        METH_VARARGS },

// Add
{ "OpenURL",                    appOpenWebBrowser,                METH_VARARGS },
  
For Ex:
app.OpenURL('www.norsmt2.com')

3 hours ago, Cyber36 said:

Without knowing how you caused the core downer / bug, we can't really test it and we don't know if we need it.

But thank you either.

You have a point about that. However, this core-down is not always happening. You have to try hard to crash the game file if you have time. The problem is only starting when the quest contains a select command at least I have that problem. This problem does exist in the default source codes too. By the way, thank you for your comment.

I and the other servers' author are having a strange problem which crashes the game file. I solved the problem in a few days. I won't tell you how to do it because most people will try to do it.

The problem is starting with accessing invalid address in the memory. It might cause lag or something else. The game file can't access m_stCurQuest (because it's invalid). The problem only happens when the quest contains select at least I have that problem. I just added a string variable in QuestState called quest_name. If quest_name is not empty, the game file will use quest_name of QuestState instead of GetCurrentQuestName().

Open "quest.h" file, search "int        st;" and under;
 

std::string quest_name;

Open "questlua.cpp" file, search "qs.suspend_state = SUSPEND_STATE_SELECT; and under;
 

qs.quest_name = GetCurrentPC() ? GetCurrentPC()->GetCurrentQuestName() : "no_quest";

Open "questlua_quest.cpp" file, search "QuestState* pQS = pPC->GetRunningQuestState();" and under;
 

std::string stQuestName = pPC->GetCurrentQuestName();
	if (pQS->quest_name.length() != 0)
		stQuestName = pQS->quest_name;

3 hours ago, Fleon said:

Simple and smart!

Yeah, i like these things

1 hour ago, sumnix said:

thank you for nice work

ty

Hi devs,

The system is so simple, you will see the yellow title if that item contains your name otherwise you will see the red title.

UserInterface/PythonTextTail.cpp in search

#include "PythonSystem.h"

Add :

#include "PythonPlayer.h"

Try PythonTextTail.cpp in search

pTextTail->pOwnerTextInstance->SetColor(1.0f, 1.0f, 0.0f);

Under add :

CInstanceBase * pInstanceBase = CPythonCharacterManager::Instance().GetMainInstancePtr();
if (pInstanceBase)
{
    if (strcmp(pInstanceBase->GetNameString(), c_szName))
        pTextTail->pOwnerTextInstance->SetColor(1.0f, 0.0f, 0.0f);
}

and build client..

System screen;

up

Up

Hey!

I am looking for who can make theme of Metin2 board for woltlab 4.1.10. If you can, send me pm.

Example theme; http://board.metin2.org/

11 hours ago, Koray said:

Do you want fight? Well, 

Yeah, I do as always

11 hours ago, Koray said:

When you send pong to client use polymorphism or encryption as time dynamic and You receive respond as salt and convert again with polymorphism or encrypion as serverside. Try now bypass serverside compare operation..

even If you encrypt it or send as salt or whatever you said, you have to send that key or what ever you named that to the client, right?

11 hours ago, Koray said:

If you can not send pong as salt or checking validate in client this enough protection for you. We can protect game binary from breakpoints   Only 1 API and ~5 line(ntdll.dll!NtSetInformationThread, ThreadHideFromDebugger flag) I think this tip is enough..

Isn't like what you did in your protection system?

blablablablabla;
HideMyFunctionFromTheard;

NtGlobalFlag, if you don't know anything about that. I just wanted to show you (:

// Do I have to catch you with je?
__asm
{
	mov eax, fs:[30h]
	mov al, eax[eax + 68h]
	and al, 70h
};

Let's say, you're trying very very hard. You're using INT3 aka breakpoint to stop debug informations or something like that. The first look you might think that's a good way but there is more way about to debug it.

Let's say, you're using those things;

• NtGlobalFlag
• Heap Flags
• Anti Step Over
• Hook checker with the address mechanism. (You probably do that like what you did for your game security. Ugh..)

I'm just saying what If I'm using hiding debugger? Whatever, that's a simple question.

11 hours ago, Koray said:

We can check code validation in client if you try change any bytes this easy detectable

And it's easy to bypass it. Let's continue

11 hours ago, Koray said:

Yea you can unpack themida or enigma in seconds, My suggestion try with hardest like VMProtect or Shielden, dude year is 2016, who is using Themida? xD

YMIR & Webzen YMIR Games (Winlicense). At first, you have to learn something about this. You and your sh*tty things are no big deal for me

11 hours ago, Koray said:

Ahahahaha, That's enough for me, really. You can continue reverse to upx xD

I think, you misunderstand me about that. Do you know there is something called fake signature? Please.. We're living in 2016! Who wanna use UPX or something like that. You might right there but you can't even understand what does fake signature mean

Whatever, let's continue. You're doing everything about to protect your game binary file but you can't even block that as 100%.

Best Regards

Can BARAN..

15 hours ago, Koray said:

"At the first" If you're know reverse engineering, You can get cipher and cipher stored functions from client so you can not need protect client with "pong" mechanism. Marty making disable this stuff because this pretty old and useless Anyone can get your pong anytime, you can get from server as dynamic or you can store in client with veriable. This no problem, if you send pong to client and this is in operable state peoples *reverse engineers* can be get your pong.

tl;dr
For protection.. "pong" is wrong way.

And.. If you get more security, you can start with re-activate sequence mechanism.

At first, sweatheart even If you send the pong or whatever you said, I can get this again. even If you send this key as dynamic to client, there is a formula or something like that, right? (:. Anyway, let's say you're sending this key as dynamic to client and client is storing that in the memory. Also, let's make that hard, you're removing that in the memory when you don't use it. Do you know there is something called breakpoint? Okay, here we go.

- Connect to server and server will make sure about everything and send the dynamic key to the client.
- Client will receive the key, and when the client doesn't use it, the client will remove that in the memory. (There is a condition here, I can put a breakpoint when you do that.)
- even If I can't put a breakpoint, I can use hook and hook your client's function.

Let's make ultra-hard, you're packed that with enigma or themida or whatever you're using. If I know reverse engineering, I can unpack your client, right?

Okay, let's make ultra-ultra-hard, you could use modified UPX like GameGuard. Do you know what? If I know reverse engineering, I can unpack it again and it's back us to the first question. what's the matter with the standard key or the dynamic key?

There is a word in the unreal world. Don't try to fight reverse engineer.

Best regards;

Can BARAN...

7 minutes ago, martysama0134 said:

As man in the middle, even with _IMPROVED_PACKET_ENCRYPTION_ enabled, sniffing all the packets is quite possible. The major problem is becoming the man in the middle.
It's faster sending malicious stuff to some game admins. A lot of them would fall for that. (many people tried in the past to do such a thing with me unsuccessfully)

Anyway, the only major league problem in metin2, which afflicts every server, is that the login password is sent as clear text and readable if sniffed, but it can be hashed via client quite easily. (probably, this will be the next thing I will try to do)

Even if you use cython, there's a simple way to use the binary without considering "rootlib" inside.

About the note: many servers already did such a thing. Test made right now: https://metin2.download/picture/027DMJ79p2fShkhjM3401IfzCm1jsbYC/.png All entities are in there, and no disconnection.

At first, I want to talk about your note. I made this test with 8k+ online, I just see you're testing this with 2 players. It's not answering of my question at the moment anyway. The client is sending everything clearly. A sniffer can read this easily but I can't give everything to a standard key. This key can see by someone else using HXD, Ollydbg, IDA Pro and so on. even If you hide everything with themida or enigma, you can see everything again. Also, cipher is not using only for login. It's using by Guild Mark Downloader, Select Phase, Handshake Phase and Game Phase. And you're giving everything to a standard key again. Do you think it makes sense for you?

Best regars;

Can BARAN...

In my case, I can analyze everything with pong if I know reverse engineering. You're really misunderstand what does security mean. Maybe you can remove pong in the memory after run the binary but that doesn't mean I can't find the pong. Pong mechanism was pretty good in the first times but now it's not. You're giving everything to a key and it's not make sense for me. A system could be slow but it's safe. If the binary file is not compile with cython files, that binary file can use by someone. (Which one isn't using cipher) If you start to talk about systems and packets, it's not a big deal for reverse engineers or sniffers. You just want system to be faster than the current one but you're missing security.

#Note I did what you exactly say in my server (8k+ online) but anybody can login after a while with this way. even If the player is login the game, he can't see anything and back to select server window.

Best regars;

Can BARAN...

I know this problem. Upload "usr/lib32" try this. I'm tested, 6K online.

Fix Lib.rar

verry good bro. 

Best regards;

Can BARAN...

In cube.cpp of course

File? 

Yes in "game/src/cube.cpp"

Best regards;

Can BARAN...