Think 117 Posted April 2, 2015 Share Posted April 2, 2015 Good morning! This exploit was apparently use somewhat often recently and therefore making the fix public is in order. We didn't earlier because it'd just cause a few more people to use the crash than the ones fixing it. There are two ways to exploit this, decently simple, we actually believe this happened by chance in WoM, so you should patch this asap. Not going to get into how its performed for obvious reasons. Open cube.cpp Find: if (false == bCatchInfo) Replace by: if (!bCatchInfo || materialInfoText.size() == 0) And then find resultCount = resultList.size(); And add after: if (resultCount == 0) { return; } You are all set! Fixed. This affects several versions of the game, including r34 and of course source (Have no idea how far back this goes). This exploit was also present in Gameforge servers until we made them aware of it through crashing their beta servers on the Lycan launch (well aware that they'd be monitoring for crashes there, there was no intention of harming them). Regards! P.S: Thanks to MartPwnS, as he collaborated in finding and fixing this! 16 Link to comment Share on other sites More sharing options...
Bot Metin2 Dev 4941 Posted April 2, 2015 Bot Share Posted April 2, 2015 There you go fix and be safe from kiddies. Link to comment Share on other sites More sharing options...
Premium Galet 514 Posted April 2, 2015 Premium Share Posted April 2, 2015 Cube system can crash some server ? Wow thanks ! Really ! Link to comment Share on other sites More sharing options...
cBaraN 109 Posted April 2, 2015 Share Posted April 2, 2015 Good morning! This exploit was apparently use somewhat often recently and therefore making the fix public is in order. We didn't earlier because it'd just cause a few more people to use the crash than the ones fixing it. There are two ways to exploit this, decently simple, we actually believe this happened by chance in WoM, so you should patch this asap. Not going to get into how its performed for obvious reasons. Find: if (false == bCatchInfo) Replace by: if (!bCatchInfo || materialInfoText.size() == 0) And then find resultCount = resultList.size(); And add after: if (resultCount == 0) { return; } You are all set! Fixed. This affects several versions of the game, including r34 and of course source (Have no idea how far back this goes). This exploit was also present in Gameforge servers until we made them aware of it through crashing their beta servers on the Lycan launch (well aware that they'd be monitoring for crashes there, there was no intention of harming them). Regards! P.S: Thanks to MartPwnS, as he collaborated in finding and fixing this! That's it bro. Thanks for share. Best regards; Can BARAN... Link to comment Share on other sites More sharing options...
Premium phayara 429 Posted April 2, 2015 Premium Share Posted April 2, 2015 File? Link to comment Share on other sites More sharing options...
Premium Galet 514 Posted April 2, 2015 Premium Share Posted April 2, 2015 In cube.cpp of course 1 Link to comment Share on other sites More sharing options...
Premium phayara 429 Posted April 2, 2015 Premium Share Posted April 2, 2015 Lol, thanks. Link to comment Share on other sites More sharing options...
cBaraN 109 Posted April 2, 2015 Share Posted April 2, 2015 In cube.cpp of course File? Yes in "game/src/cube.cpp" Best regards; Can BARAN... 1 Link to comment Share on other sites More sharing options...
Premium Cataclismo 86 Posted April 2, 2015 Premium Share Posted April 2, 2015 Oh, wow. I tought maybe my quests are the problems, but I think that's the reason for my server crash... Thank you, Think. Not going to get into how its performed for obvious reasons. std::out_of_range? Link to comment Share on other sites More sharing options...
DevSheeN 13 Posted April 3, 2015 Share Posted April 3, 2015 This difference file has been created by DeVSheeN game34083-cube 0041EC92: 43 90 0041EC93: 55 90 0041EC94: 42 90 0041EC95: 45 90 0041EC96: 20 90 0041EC97: 43 90 0041EC98: 4F 90 0041EC99: 4D 90 0041EC9A: 4D 90 0041EC9B: 41 90 0041EC9C: 4E 90 0041EC9D: 44 90 0041EC9E: 20 90 0041EC9F: 3C 90 0041ECA0: 25 90 0041ECA1: 73 90 0041ECA2: 3E 90 0041ECA3: 3A 90 0041ECA4: 20 90 0041ECA5: 25 90 0041ECA6: 73 90 0041ECA7: 00 90 0041ECA8: 55 90 0041ECA9: 73 90 0041ECAA: 61 90 0041ECAB: 67 90 0041ECAC: 65 90 0041ECAD: 3A 90 0041ECAE: 20 90 0041ECAF: 63 90 0041ECB0: 75 90 0041ECB1: 62 90 0041ECB2: 65 90 0041ECB3: 20 90 0041ECB4: 6F 90 0041ECB5: 70 90 0041ECB6: 65 90 0041ECB7: 6E 90 0041ECB8: 00 90 0041ECB9: 20 90 0041ECBA: 20 90 0041ECBB: 20 90 0041ECBC: 20 90 0041ECBD: 20 90 0041ECBE: 20 90 0041ECBF: 20 90 0041ECC0: 63 90 0041ECC1: 75 90 0041ECC2: 62 90 0041ECC3: 65 90 0041ECC4: 20 90 0041ECC5: 63 90 0041ECC6: 6C 90 0041ECC7: 6F 90 0041ECC8: 73 90 0041ECC9: 65 90 0041ECCA: 00 90 0041ECCB: 20 90 0041ECCC: 20 90 0041ECCD: 20 90 0041ECCE: 20 90 0041ECCF: 20 90 0041ECD0: 20 90 0041ECD1: 20 90 0041ECD2: 63 90 0041ECD3: 75 90 0041ECD4: 62 90 0041ECD5: 65 90 0041ECD6: 20 90 0041ECD7: 6C 90 0041ECD8: 69 90 0041ECD9: 73 90 0041ECDA: 74 90 0041ECDB: 00 90 0041ECDC: 20 90 0041ECDD: 20 90 0041ECDE: 20 90 0041ECDF: 20 90 0041ECE0: 20 90 0041ECE1: 20 90 0041ECE2: 20 90 0041ECE3: 63 90 0041ECE4: 75 90 0041ECE5: 62 90 0041ECE6: 65 90 0041ECE7: 20 90 0041ECE8: 63 90 0041ECE9: 61 90 0041ECEA: 6E 90 0041ECEB: 63 90 0041ECEC: 65 90 0041ECED: 6C 90 0041ECEE: 00 90 0041ECEF: 20 90 0041ECF0: 20 90 0041ECF1: 20 90 0041ECF2: 20 90 0041ECF3: 20 90 0041ECF4: 20 90 0041ECF5: 20 90 0041ECF6: 63 90 0041ECF7: 75 90 0041ECF8: 62 90 0041ECF9: 65 90 0041ECFA: 20 90 0041ECFB: 6D 90 0041ECFC: 61 90 0041ECFD: 6B 90 0041ECFE: 65 90 0041ECFF: 20 90 0041ED00: 5B 90 0041ED01: 61 90 0041ED02: 6C 90 0041ED03: 6C 90 0041ED04: 5D 90 0041ED05: 00 90 0041ED06: 63 90 0041ED07: 75 90 0041ED08: 62 90 0041ED09: 65 90 0041ED0A: 20 90 0041ED0B: 6D 90 0041ED0C: 61 90 0041ED0D: 6B 90 0041ED0E: 65 90 0041ED0F: 20 90 0041ED10: 73 90 0041ED11: 75 90 0041ED12: 63 90 0041ED13: 63 90 0041ED14: 65 90 0041ED15: 73 90 0041ED16: 73 90 0041ED17: 00 90 Link to comment Share on other sites More sharing options...
Anarchyist 18 Posted April 3, 2015 Share Posted April 3, 2015 Çook ;Tenkyu Link to comment Share on other sites More sharing options...
Denis 1477 Posted April 4, 2015 Share Posted April 4, 2015 You can just check if the npc is valid or not, for example: DWORD npcVNUM = npc->GetRaceNum(); if(!FN_check_valid_npc(npcVNUM)) return; Link to comment Share on other sites More sharing options...
Bot Metin2 Dev 4941 Posted April 4, 2015 Bot Share Posted April 4, 2015 We didnt feel like iterating over a vector i guess well this fix was applied almost half a year ago. But your solution is perfectly fine so take whatever you want to take. Link to comment Share on other sites More sharing options...
Recommended Posts