cBaraN

Good morning!

 

This exploit was apparently use somewhat often recently and therefore making the fix public is in order. We didn't earlier because it'd just cause a few more people to use the crash than the ones fixing it. There are two ways to exploit this, decently simple, we actually believe this happened by chance in WoM, so you should patch this asap. Not going to get into how its performed for obvious reasons.

 

Find:

if (false == bCatchInfo)

Replace by:

if (!bCatchInfo || materialInfoText.size() == 0)

And then find

resultCount = resultList.size();

And add after:

if (resultCount == 0) {
	return;
}

You are all set! Fixed.

 

This affects several versions of the game, including r34 and of course source (Have no idea how far back this goes). This exploit was also present in Gameforge servers until we made them aware of it through crashing their beta servers on the Lycan launch (well aware that they'd be monitoring for crashes there, there was no intention of harming them).

 

Regards!

 

P.S: Thanks to MartPwnS, as he collaborated in finding and fixing this!

That's it bro. Thanks for share.

Best regards;

Can BARAN...

 

Search "INVENTORY_PAGE_SLOT_COUNT" (0 hits in 0 files)

 

This is not used in game source , so how can it work?

 

I renew the expression. You can look at.

Best regards;

Can BARAN...

#Delete.

 

 

Search "INVENTORY_PAGE_SLOT_COUNT" (0 hits in 0 files)

 

This is not used in game source , so how can it work?

 

 

It's not working. Read above.

 

I renew the expression. You can look at.

Best regards;

Can BARAN...

You are not being reasonable, nor replying to the actual question.

 

Maybe you did fix something, but if you did, I have to agree with Cataclismo, it's not published in this thread.

Instead of blindly doing gmake clean, explain why should it fix anything to add a variable.

Ow... sorry, I forgot to share resources. I add to this thread. Thx, think

Best regards;

Can BARAN...

 

 

 

not work i tested...any other solution?

 

 

So you're adding a variable to the code, but you're not using it anywhere. How does that solve the bug? This is not a bug fix at all. Your code does nothing.

 

 

Correct structure works, i tested.

 

Best regards;

Can BARAN...

 

 

Think about it.

You added a variable which it's not used by anything. How can a simple variable, which is never used, to change how your code works? Check what you've posted again.

 

Freebsd "gmake clean" will not work without using the code. Try again.

Best regards;

Can BARAN...

 

not work i tested...any other solution?

 

 

So you're adding a variable to the code, but you're not using it anywhere. How does that solve the bug? This is not a bug fix at all. Your code does nothing.

 

Correct structure works, i tested.

Best regards;

Can BARAN...

when u try change a 2sword hand ( 3 slots )  and u only have 2 slots free you can make the change but the other person cant give u the 2sword hand, because u dont have space in your inventory, but u give to him yours items in inventory.

 

I hope that I have been helpful with this little information about the bug.

 

And sorry my english.

Thanks for the explanation bro. 

Best regards;

Can BARAN...

thank you cBaran for the fix

No problem

Best regards;

Can BARAN...

 

You must create new grids too.

This bug appears only if you implement them wrong. 

Nice post, bro!

 

 

static CGrid s_grid3(5, INVENTORY_MAX_NUM/5 / 2); // inventory page 3
static CGrid s_grid4(5, INVENTORY_MAX_NUM/5 / 2); // inventory page 4


s_grid3.Clear();
s_grid4.Clear();


for (i = 0; i < INVENTORY_MAX_NUM / 4; ++i)
{
if (!(item = victim->GetInventoryItem(i)))
continue;


s_grid3.Put(i, 1, item->GetSize());
}


for (i = 0; i < INVENTORY_MAX_NUM / 4; ++i)
{
if (!(item = victim->GetInventoryItem(i)))
continue;


s_grid4.Put(i, 1, item->GetSize());
}

 

Try as you will see, I told you my bro.

Best regards;

Can BARAN... 

You must create new grids too.

This bug appears only if you implement them wrong. 

You will see that normally would be a problem if you try bro. 

Best regards;

Can BARAN... 

Hi guys!

While i was watching on youtube videos , I saw accidentally noticed the problem in Metin2 videos. The problem for you, I'll help you solve the problem for you both as you know.

BUG VİDEO 

Let's solve the bug!

Open exchange.cpp and search; 

for (i = 0; i < INVENTORY_MAX_NUM / 2; ++i)
	{
		if (!(item = victim->GetInventoryItem(i)))
			continue;

		s_grid1.Put(i, 1, item->GetSize());
	}

Find this code;

for (i = 0; i < INVENTORY_MAX_NUM / 2; ++i)

EDİT : 

bool CExchange::CheckSpace()
{
	static CGrid s_grid1(5, INVENTORY_MAX_NUM / 5 / 4 ); // inven page 1
	static CGrid s_grid2(5, INVENTORY_MAX_NUM / 5 / 4); // inven page 2
	static CGrid s_grid3(5, INVENTORY_MAX_NUM / 5 / 4); // inven page 3
	static CGrid s_grid4(5, INVENTORY_MAX_NUM / 5 / 4); // inven page 4
	
	s_grid1.Clear();
	s_grid2.Clear();
	s_grid3.Clear();
	s_grid4.Clear();

	LPCHARACTER	victim = GetCompany()->GetOwner();
	LPITEM item;

	int i;
	/* PAGE SLOT COUNT fixed exchange bug from one item copright -cBaraN- */
	int INVENTORY_PAGE_SLOT_COUNT = INVENTORY_MAX_NUM/4;
	for (i = 0; i < INVENTORY_PAGE_SLOT_COUNT; ++i)
    {
        if (!(item = victim->GetInventoryItem(i)))
            continue;
        s_grid1.Put(i, 1, item->GetSize());
    }
    for (i = INVENTORY_PAGE_SLOT_COUNT; i < INVENTORY_PAGE_SLOT_COUNT*2; ++i)
    {
        if (!(item = victim->GetInventoryItem(i)))
            continue;
        s_grid2.Put(i - INVENTORY_PAGE_SLOT_COUNT, 1, item->GetSize());
    }
    for (i = INVENTORY_PAGE_SLOT_COUNT*2; i < INVENTORY_PAGE_SLOT_COUNT*3; ++i)
    {
        if (!(item = victim->GetInventoryItem(i)))
            continue;
        s_grid3.Put(i - INVENTORY_PAGE_SLOT_COUNT*2, 1, item->GetSize());
    }
    for (i = INVENTORY_PAGE_SLOT_COUNT*3; i < INVENTORY_PAGE_SLOT_COUNT*4; ++i)
    {
        if (!(item = victim->GetInventoryItem(i)))
            continue;
        s_grid4.Put(i - INVENTORY_PAGE_SLOT_COUNT*3, 1, item->GetSize());
    }

	// ¾Æ... ¹º°¡ °³º´½Å °°Áö¸¸... ¿ëÈ¥¼® Àκ¥À» ³ë¸Ö Àκ¥ º¸°í µû¶ó ¸¸µç ³» À߸øÀÌ´Ù ¤Ğ¤Ğ
	static std::vector <WORD> s_vDSGrid(DRAGON_SOUL_INVENTORY_MAX_NUM);
	
	// ÀÏ´Ü ¿ëÈ¥¼®À» ±³È¯ÇÏÁö ¾ÊÀ» °¡´É¼ºÀÌ Å©¹Ç·Î, ¿ëÈ¥¼® Àκ¥ º¹»ç´Â ¿ëÈ¥¼®ÀÌ ÀÖÀ» ¶§ Çϵµ·Ï ÇÑ´Ù.
	bool bDSInitialized = false;
	
	for (i = 0; i < EXCHANGE_ITEM_MAX_NUM; ++i)
	{
		if (!(item = m_apItems[i]))
			continue;

		if (item->IsDragonSoul())
		{
			if (!victim->DragonSoul_IsQualified())
			{
				return false;
			}

			if (!bDSInitialized)
			{
				bDSInitialized = true;
				victim->CopyDragonSoulItemGrid(s_vDSGrid);
			}

			bool bExistEmptySpace = false;
			WORD wBasePos = DSManager::instance().GetBasePosition(item);
			if (wBasePos >= DRAGON_SOUL_INVENTORY_MAX_NUM)
				return false;
			
			for (int i = 0; i < DRAGON_SOUL_BOX_SIZE; i++)
			{
				WORD wPos = wBasePos + i;
				if (0 == s_vDSGrid[wBasePos])
				{
					bool bEmpty = true;
					for (int j = 1; j < item->GetSize(); j++)
					{
						if (s_vDSGrid[wPos + j * DRAGON_SOUL_BOX_COLUMN_NUM])
						{
							bEmpty = false;
							break;
						}
					}
					if (bEmpty)
					{
						for (int j = 0; j < item->GetSize(); j++)
						{
							s_vDSGrid[wPos + j * DRAGON_SOUL_BOX_COLUMN_NUM] =  wPos + 1;
						}
						bExistEmptySpace = true;
						break;
					}
				}
				if (bExistEmptySpace)
					break;
			}
			if (!bExistEmptySpace)
				return false;
		}
		else
		{
			int iPos = s_grid1.FindBlank(1, item->GetSize());

			if (iPos >= 0)
			{
				s_grid1.Put(iPos, 1, item->GetSize());
			}else
			{
				iPos = s_grid2.FindBlank(1, item->GetSize());

				if (iPos >= 0)
				{
					s_grid2.Put(iPos, 1, item->GetSize());
				}else
				{
					iPos = s_grid3.FindBlank(1, item->GetSize());
					
					if (iPos >= 0)
					{
						s_grid3.Put(iPos, 1, item->GetSize());
					}else
					{
						iPos = s_grid4.FindBlank(1, item->GetSize());
						
						if (iPos >= 0)
						{
							s_grid4.Put(iPos, 1, item->GetSize());
						}else
						{
							return false;
						}
					}
				}
			}
		}
	}

	return true;
}

Best regards;

Can BARAN... 

Watch this video if you want to thank.  :

when u try change a 2sword hand ( 3 slots )  and u only have 2 slots free you can make the change but the other person cant give u the 2sword hand, because u dont have space in your inventory, but u give to him yours items in inventory.

 

I hope that I have been helpful with this little information about the bug.

 

And sorry my english.

Eng : Will continue to deceive people with fake accounts. Unfortunately, we do not terminate it. I was sorry for you.

Click and try.

Best regards,

Can BARAN...

You deactive "IMPROVED PACKET ENCRYPTION"  Will you try it?

Best regards,

Can BARAN...

Game = mainline or mainline_released

Client = Novaline  Will you try it?

Best regards,

Can BARAN...

I've done it before  ))

Best regards,

Can BARAN...

Open root > serverinfo.py

MARKADDR_DICT = {
    # Guild Symbols Bug Fix cBaraN (16000 = CH1 Port)
		10 : { "ip" : "İP ADRESS", "tcp_port" : 16000, "mark" : "10.tga", "symbol_path" : "10", }, #MilasMt2 Lonca Sembolleri
    # Guild Symbols Bug Fix cBaraN (18000 = CH2 Port)
		20 : { "ip" : "İP ADRESS", "tcp_port" : 18000, "mark" : "20.tga", "symbol_path" : "20", }, #MilasMt2 Lonca Sembolleri
    # Guild Symbols Bug Fix cBaraN (21000 = CH3 Port)
		30 : { "ip" : "İP ADRESS", "tcp_port" : 21000, "mark" : "30.tga", "symbol_path" : "30", }, #MilasMt2 Lonca Sembolleri
    # Guild Symbols Bug Fix cBaraN (23000 = CH4 Port)
		40 : { "ip" : "İP ADRESS", "tcp_port" : 23000, "mark" : "40.tga", "symbol_path" : "40", }, #MilasMt2 Lonca Sembolleri
}

TESTADDR = { 'ip' : '"İP ADRESS"', 'tcp_port' : 50000, 'udp_port' : 50000, }

Best regards,

Can BARAN...

Thanks

Thanks @Shogun ...

*Open mysql

* Player > skill_proto.sql delete skill dwVnum (6/21/36/51) 

And open /share/locale/****/quest/ locale.lua 

Search;

locale.GM_SKILL_NAME_DICT = { 

Delete : [6] / [21] / [36] / [51] skill vnum.

And open questlib.lua.. 

Search: 

special.active_skill_list = { 

Delete : [6] / [21] / [36] / [51] skill vnum.

Finally reboot

Best regards,

Can BARAN...

Open "priv_manager.cpp" and search 

value = MINMAX(0, value, 200);

replace and compile...

value = MINMAX(0, value, 1000);

Best regards,

Can BARAN...

Will be more better if do it with source

sprintf(szText, "Lv %d", level); 

Search in InstanceBaseEffect.ccp

Best Regards,

Can BARAN...

 

 

 

Which branch are you using? (novaline / mainline_sg etc..)

 

Best regards,

Can BARAN...

 

mainline

 

Self-owned "locale_string.txt" take the backup file. Will you try the file I've made? 

 

File: http://dosya.co/7knl3fbbse9a/locale_string.rar.html

VirusTotal: 

This is the hidden content, please

• Sign In
• or
• Sign Up

 

Edit: Never install without making changes to the file. (It is necessary to change the character sets.)

 

Best regards,

Can BARAN...

 

 

same

 

ENG: I'm sorry, I can not imagine seeing. But there is one thing I'm sure of that; Notepad origin "Character sets" problem.I hope you solve.

TR: Üzgünüm görmeden birşey diyemicem fakat tahminimce Notepad++'din son sürümdeki "Karakter takımı" zımbırtısından kaynaklı. Komple "locale_string" çalışmıyorsa farklı fakat, eğer sen yeni bir fonksiyon yaratıp onu locale_string'e yönlendiriceksen;

ChatPacket(CHAT_TYPE_INFO, LC_TEXT("xxx duyuru xxx"));

Şeklinde yönlendiriceksin. Aklıma gelen tüm yöntem ve çözümler bu şekilde görmeden birşey diyemeyeceğim. Neyse umarım çözebilirsin. 

Best regards,

Can BARAN..

 

Which branch are you using? (novaline / mainline_sg etc..)

 

Best regards,

Can BARAN...

 

mainline

 

Self-owned "locale_string.txt" take the backup file. Will you try the file I've made? 

File: http://dosya.co/7knl3fbbse9a/locale_string.rar.html