Thread: defeating 'laz's flooder'

Page 1 of 5 123 ... LastLast
Results 1 to 10 of 41
  1. #1 defeating 'laz's flooder' 
    Renown Programmer
    veer's Avatar
    Join Date
    Nov 2007
    Posts
    3,746
    Thanks given
    354
    Thanks received
    1,370
    Rep Power
    3032
    take a peek at the code:

    Code:
    	    	.writeByte(14)
    	   	.writeByte(0);
    	    	c.sendBuffer();
    		String calculatedUsername = DEFAULT_USERNAME + c.getClientId();
    	    	int estimatedSize = 177 + calculatedUsername.length() + DEFAULT_PASSWORD.length();
    		c.getPacketBuilder().setBare(true)
    		.writeByte(16)
    		.writeShort(estimatedSize)
    		.writeInt(508)
    		.writeByte(0)
    		.writeByte(0)
    		.writeByte(0)
    		.writeShort(765)
    		.writeShort(503);
    		for (int i = 0; i < 8; i++) { //CHANGED IO=24 NIO=8???
                    	c.getPacketBuilder().writeByte(0);
                	}
    		c.getPacketBuilder().writeString(calculatedUsername);
    		for (int i = 0; i < 29; i++) {
                    	c.getPacketBuilder().writeInt(0);
    		}
    notice the byte 0 being written after the byte 14... the byte 0 is the 'name part' hash byte and should NOT be 0... so check for this during login and dc if it's 0. secondly, it sends all container file checksums as 0 (i < 29 for-loop at end) which is IMPOSSIBLE for a real client to send. so... check for it too.
    Reply With Quote  
     

  2. #2  
    Community Veteran


    Join Date
    Dec 2008
    Posts
    4,263
    Thanks given
    405
    Thanks received
    436
    Rep Power
    1674
    thanks dude, once again super_ saves our asses lol rep
    Reply With Quote  
     

  3. #3  
    Brown
    Guest
    Quote Originally Posted by super_ View Post
    take a peek at the code:

    Code:
    	    	.writeByte(14)
    	   	.writeByte(0);
    	    	c.sendBuffer();
    		String calculatedUsername = DEFAULT_USERNAME + c.getClientId();
    	    	int estimatedSize = 177 + calculatedUsername.length() + DEFAULT_PASSWORD.length();
    		c.getPacketBuilder().setBare(true)
    		.writeByte(16)
    		.writeShort(estimatedSize)
    		.writeInt(508)
    		.writeByte(0)
    		.writeByte(0)
    		.writeByte(0)
    		.writeShort(765)
    		.writeShort(503);
    		for (int i = 0; i < 8; i++) { //CHANGED IO=24 NIO=8???
                    	c.getPacketBuilder().writeByte(0);
                	}
    		c.getPacketBuilder().writeString(calculatedUsername);
    		for (int i = 0; i < 29; i++) {
                    	c.getPacketBuilder().writeInt(0);
    		}
    notice the byte 0 being written after the byte 14... the byte 0 is the 'name part' hash byte and should NOT be 0... so check for this during login and dc if it's 0. secondly, it sends all container file checksums as 0 (i < 29 for-loop at end) which is IMPOSSIBLE for a real client to send. so... check for it too.
    Thanks for pointing out improvement to his flooder Also who do you except to fix that again?
    Reply With Quote  
     

  4. #4  
    Registered Member Paketa's Avatar
    Join Date
    Oct 2007
    Posts
    2,681
    Thanks given
    17
    Thanks received
    82
    Rep Power
    680
    rofl at u2's conversation.

    Super_ Can't you simply change '508' to your own number ?
    Reply With Quote  
     

  5. #5  
    Runebay™
    Guest
    Well im confused...what do i edit and where?
    Reply With Quote  
     

  6. #6  
    Banned

    Join Date
    Feb 2009
    Posts
    1,533
    Thanks given
    4
    Thanks received
    34
    Rep Power
    0
    It's very easy to bypass all of those checks that a server will eventually have by replacing all those values with things dumped from a real client that's logging in...
    Reply With Quote  
     

  7. #7  
    I_-_I
    Guest
    readd RSA and ISAACCipher, it wont fully stop them but itl slow most of the nurfs who dunno how to add that to their syi
    Reply With Quote  
     

  8. #8  
    Last Spartan
    Guest
    Quote Originally Posted by friendly ghost View Post
    Super_ Vs Laz's Flooder

    Who Will Win?

    And More Importantly, WHO WAS LAZ?
    Laz was DcShoes along time ago if thats what you were askin
    Reply With Quote  
     

  9. #9  
    Banned

    Join Date
    Feb 2009
    Posts
    1,533
    Thanks given
    4
    Thanks received
    34
    Rep Power
    0
    Quote Originally Posted by I_-_I View Post
    readd RSA and ISAACCipher, it wont fully stop them but itl slow most of the nurfs who dunno how to add that to their syi
    Using RSA can stop everything... as long as nobody knows the rsa private keys.
    Reply With Quote  
     

  10. #10  
    Meh. I can't code.

    Soulevoker's Avatar
    Join Date
    Sep 2007
    Age
    29
    Posts
    1,198
    Thanks given
    5
    Thanks received
    6
    Rep Power
    137
    An easier but more costly way would be to setup a forum that saves to a mysql so you can only login if you register on the forums.

    Reply With Quote  
     

Page 1 of 5 123 ... LastLast

Thread Information
Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


User Tag List

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •