BeauDeCiuda 18 Posted May 4, 2018 Share Posted May 4, 2018 Syerr: May 4 17:31:38.919477 :: P2P: Logout Adi May 4 17:31:39.960989 :: P2P: Logout Adi May 4 17:31:40.401535 :: SYSTEM: new connection from [82.43.172.18] fd: 20 handshake 3600353393 output input_len 0, ptr 0x2975c400 May 4 17:31:40.841006 :: MARK_SERVER: Login May 4 17:31:40.921494 :: SYSTEM: new connection from [178.156.191.39] fd: 22 handshake 211571624 output input_len 0, ptr 0x2ab82c00 May 4 17:31:40.960866 :: LargePacket Size 2848 May 4 17:31:40.960896 :: reallocating buffer to 8192, current 1024 May 4 17:31:40.960923 :: MARK_SERVER: GuildMarkIDXList 2855 bytes sent. May 4 17:31:41.40877 :: MARK_SERVER: Login May 4 17:31:41.80898 :: P2P: Login Adi May 4 17:31:41.120651 :: MARK_SERVER: Sending blocks. (imgIdx 0 diff 0 size 10) May 4 17:31:41.320991 :: SYSTEM: closing socket. DESC #20 May 4 17:31:41.360606 :: LargePacket Size 2848 May 4 17:31:41.360654 :: reallocating buffer to 8192, current 1024 May 4 17:31:41.360690 :: MARK_SERVER: GuildMarkIDXList 2855 bytes sent. May 4 17:31:41.440670 :: MARK_SERVER: Sending blocks. (imgIdx 0 diff 0 size 10) May 4 17:31:41.560738 :: SYSTEM: closing socket. DESC #22 This is flood? please help me to block this.. Link to comment Share on other sites More sharing options...
Premium WeedHex 636 Posted May 4, 2018 Premium Share Posted May 4, 2018 MARK_SERVER: Sending blocks. (imgIdx 0 diff 0 size 10) imgIdx 0 diff 0 Should be the cause. Link to comment Share on other sites More sharing options...
BeauDeCiuda 18 Posted May 4, 2018 Author Share Posted May 4, 2018 Acum 42 minute, WeedHex a spus: MARK_SERVER: Sending blocks. (imgIdx 0 diff 0 size 10) imgIdx 0 diff 0 Should be the cause. and how can I solve this? :( This player "ady" flood my server Link to comment Share on other sites More sharing options...
Premium WeedHex 636 Posted May 4, 2018 Premium Share Posted May 4, 2018 try: input_login.cpp function: void CInputLogin::GuildMarkCRCList(LPDESC d, const char* c_pData) Comment whole function and replace with mine. void CInputLogin::GuildMarkCRCList(LPDESC d, const char* c_pData) { TPacketCGMarkCRCList * pCG = (TPacketCGMarkCRCList *) c_pData; std::map<BYTE, const SGuildMarkBlock *> mapDiffBlocks; if (pCG) CGuildMarkManager::instance().GetDiffBlocks(pCG->imgIdx, pCG->crclist, mapDiffBlocks); DWORD blockCount = 0; TEMP_BUFFER buf(1024 * 1024); for (itertype(mapDiffBlocks) it = mapDiffBlocks.begin(); it != mapDiffBlocks.end(); ++it) { BYTE posBlock = it->first; const SGuildMarkBlock & rkBlock = *it->second; buf.write(&posBlock, sizeof(BYTE)); buf.write(&rkBlock.m_sizeCompBuf, sizeof(DWORD)); buf.write(rkBlock.m_abCompBuf, rkBlock.m_sizeCompBuf); ++blockCount; } TPacketGCMarkBlock pGC; pGC.header = HEADER_GC_MARK_BLOCK; pGC.bufSize = buf.size() + sizeof(TPacketGCMarkBlock); pGC.count = blockCount; pGC.imgIdx = pCG->imgIdx; sys_log(0, "MARK_SERVER: Sending blocks. (imgIdx %u diff %u size %u)", pCG->imgIdx, mapDiffBlocks.size(), pGC.bufSize); if (d && buf.size() > 0) { d->BufferedPacket(&pGC, sizeof(TPacketGCMarkBlock)); d->LargePacket(buf.read_peek(), buf.size()); } else d->Packet(&pGC, sizeof(TPacketGCMarkBlock)); } Let me know... Link to comment Share on other sites More sharing options...
BeauDeCiuda 18 Posted May 4, 2018 Author Share Posted May 4, 2018 Acum 1 oră, WeedHex a spus: try: input_login.cpp function: void CInputLogin::GuildMarkCRCList(LPDESC d, const char* c_pData) Comment whole function and replace with mine. void CInputLogin::GuildMarkCRCList(LPDESC d, const char* c_pData) { TPacketCGMarkCRCList * pCG = (TPacketCGMarkCRCList *) c_pData; std::map<BYTE, const SGuildMarkBlock *> mapDiffBlocks; if (pCG) CGuildMarkManager::instance().GetDiffBlocks(pCG->imgIdx, pCG->crclist, mapDiffBlocks); DWORD blockCount = 0; TEMP_BUFFER buf(1024 * 1024); for (itertype(mapDiffBlocks) it = mapDiffBlocks.begin(); it != mapDiffBlocks.end(); ++it) { BYTE posBlock = it->first; const SGuildMarkBlock & rkBlock = *it->second; buf.write(&posBlock, sizeof(BYTE)); buf.write(&rkBlock.m_sizeCompBuf, sizeof(DWORD)); buf.write(rkBlock.m_abCompBuf, rkBlock.m_sizeCompBuf); ++blockCount; } TPacketGCMarkBlock pGC; pGC.header = HEADER_GC_MARK_BLOCK; pGC.bufSize = buf.size() + sizeof(TPacketGCMarkBlock); pGC.count = blockCount; pGC.imgIdx = pCG->imgIdx; sys_log(0, "MARK_SERVER: Sending blocks. (imgIdx %u diff %u size %u)", pCG->imgIdx, mapDiffBlocks.size(), pGC.bufSize); if (d && buf.size() > 0) { d->BufferedPacket(&pGC, sizeof(TPacketGCMarkBlock)); d->LargePacket(buf.read_peek(), buf.size()); } else d->Packet(&pGC, sizeof(TPacketGCMarkBlock)); } Let me know... i heave this .. void CInputLogin::GuildMarkCRCList(LPDESC d, const char* c_pData) { TPacketCGMarkCRCList * pCG = (TPacketCGMarkCRCList *) c_pData; std::map<BYTE, const SGuildMarkBlock *> mapDiffBlocks; CGuildMarkManager::instance().GetDiffBlocks(pCG->imgIdx, pCG->crclist, mapDiffBlocks); DWORD blockCount = 0; TEMP_BUFFER buf(1024 * 1024); // 1M 버퍼 for (itertype(mapDiffBlocks) it = mapDiffBlocks.begin(); it != mapDiffBlocks.end(); ++it) { BYTE posBlock = it->first; const SGuildMarkBlock & rkBlock = *it->second; buf.write(&posBlock, sizeof(BYTE)); buf.write(&rkBlock.m_sizeCompBuf, sizeof(DWORD)); buf.write(rkBlock.m_abCompBuf, rkBlock.m_sizeCompBuf); ++blockCount; } TPacketGCMarkBlock pGC; pGC.header = HEADER_GC_MARK_BLOCK; pGC.imgIdx = pCG->imgIdx; pGC.bufSize = buf.size() + sizeof(TPacketGCMarkBlock); pGC.count = blockCount; sys_log(0, "MARK_SERVER: Sending blocks. (imgIdx %u diff %u size %u)", pCG->imgIdx, mapDiffBlocks.size(), pGC.bufSize); if (buf.size() > 0) { d->BufferedPacket(&pGC, sizeof(TPacketGCMarkBlock)); d->LargePacket(buf.read_peek(), buf.size()); } else d->Packet(&pGC, sizeof(TPacketGCMarkBlock)); } Link to comment Share on other sites More sharing options...
Premium WeedHex 636 Posted May 5, 2018 Premium Share Posted May 5, 2018 Change like mine. You can see what i did. It's just a prevent. The lamer is using a launcher's exploit. Link to comment Share on other sites More sharing options...
BeauDeCiuda 18 Posted May 5, 2018 Author Share Posted May 5, 2018 Acum 1 oră, WeedHex a spus: Change like mine. You can see what i did. It's just a prevent. The lamer is using a launcher's exploit. i add " if (pCG) " check with diffchecker Link to comment Share on other sites More sharing options...
Bot Metin2 Dev 4940 Posted May 5, 2018 Bot Share Posted May 5, 2018 @fixme006: on PythonNetworkStreamModule.cpp, PythonNetworkStreamPhaseGame.cpp; "SEQUENCE mismatch 0xaf != 0x64 header 254" fix This happens due to a bug on the TODO_RECV_SYMBOL phase when calling the __SendSymbolCRCList. That function will connect via MarkServer_Login and iterate m_kVec_dwGuildID to send sub-"HEADER_CG_SYMBOL_CRC" packets. If m_kVec_dwGuildID is 0, the server will never receive packets after logged in the MarkServer, and the connection won't be closed. When a connection is established, a ping_event will be triggered every 60 seconds. When the time will come, a ping packet will be send to the client, and the client will reply back with a pong one. In this case, the secondary marklogin connection would be asynchronous, and the packet sequence for the pong mismatched too. After the sequence error occurs, the marklogin connection will be finally closed. In few words, everytime someone logs in the server (after character selection), the syserr will get once the mismatch error after 60 seconds. The fix is to not establish a marklogin connection for TODO_RECV_SYMBOL if the m_kVec_dwGuildID is 0. Is it maybe the fix above? @WeedHex Could you please tell me in private how to trigger this exploit to test it on my server? King Regards Cyber Link to comment Share on other sites More sharing options...
Premium WeedHex 636 Posted May 5, 2018 Premium Share Posted May 5, 2018 cyber everyone can take like or good comments using martysama things. Please don't share this things like it's yours. 13 hours ago, BeauDeCiuda said: i add " if (pCG) " check with diffchecker Forgot this: d && Crash is made from NULL->Packet() Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now