|
Hey guys there's been a new cheat engine hack/dupe which has been affecting alot of 317 PI based servers. Im here to put a stop to it.
How it works
A player will manipulate client side values with the cheat engine software so that when you smith something lets say a bronze dagger through the smithing interface the server will instead turn your bronze bar into an AGS, Claws, Donor Scroll, Partyhat whatever.
How to stop it
You can stop this on your server side by sanitizing the input returned from the client before the physical "smithing" takes place. Basically what we are going to do is ensure that the values being returned from the client for the item smithed are the values that are expected and they have not been tampered with by a 3rd party i.e. (cheat engine)
Go into EquipmentMaking.java and find the method called smithItem()
This method handles as you may have guessed actually taking the bronze bar from your inventory and giving you exp and a bronze dagger or whatever you happen to be smithing
First we need to create a whitelist of values that we expect the be returned from the client. These values are all the items that can be smithed in the game. You cant smith a partyhat so that item id is not going to be included in the whitelist
place this code just below the smithItem()
This code builds a primitive 32 bit integer array in the JVM which includes all the smithable items in the game.Code:int[] list = new int[] {1205, 1351, 1422, 1139, 9375, 1277, 4819, 1794, 819, 39, 1321, 1265, 1291, 9420, 1155, 864, 1173, 1337, 1375, 1103, 1189, 3095, 1307, 1087, 1075, 1117, 1203, 15298, 1420, 7225, 1137, 9140, 1279, 4820, 820, 40, 1323, 1267, 1293, 1153, 863, 1175, 9423, 1335, 1363, 1101, 4540, 1191, 3096, 1309, 1081, 1067, 1115, 1207, 1353, 1424, 1141, 9141, 1539, 1281, 821, 41, 1325, 1269, 1295, 2370, 9425, 1157, 865, 1177, 1339, 1365, 1105, 1193, 3097, 1311, 1084, 1069, 1119, 1209, 1355, 1428, 1143, 9142, 1285, 4822, 822, 42, 1329, 1273, 1299, 9427, 1159, 866, 1181, 1343, 9416, 1369, 1109, 1197, 3099, 1315, 1085, 1071, 1121, 1211, 1357, 1430, 1145, 9143, 1287, 4823, 823, 43, 1331, 1271, 1301, 9429, 1161, 867, 1183, 1345, 1371, 1111, 1199, 3100, 1317, 1091, 1073, 1123, 1213, 1359, 1432, 1147, 9144, 1289, 4824, 824, 44, 1333, 1275, 1303, 9431, 1163, 868, 1185, 1347, 1373, 1113, 1201, 3101, 1319, 1093, 1079, 1127};
Now before theadd this lineCode:player.getInteractingObject().performGraphic(new Graphic(2123));
this is a little more complex at first sight but is actually super simple!Code:if (IntStream.of(list).anyMatch(id -> id == itemToSmith.getId())) {
Here we use Java 8's IntStream() to iterate through each element in the whitelist and check that the id of the itemToSmith is an actual smithable item and not something that has had its value manipulated by cheat engine
just finish the code with this afterto close out your if statement!Code:player.getSkillManager().addExperience(Skill.SMITHING, (int) (SmithingData.getData(itemToSmith, "xp") * 1.5));
uncomment the last line if you wish to ipBan the user that tried to cheat and there you go! Dupe fixed!Code:} else { player.getPacketSender().sendMessage("You have been caught using cheating software goodbye."); //PlayerPunishment.addBannedIP(player.getHostAddress()); }
proof it works
This exploit was being used yearsss ago (4-5 years probably.) I'm surprised that people are still writing shitty code with the same mistakes (not really.)
I havent seen a fix for this exploit yet but someone logged onto my server yesterday and used it and it worked on my server....
This shit is from like 2005....
Why are you iterating through an array
Just use a Set.
Yes your right it could still make a rune platebody from a bronze dagger but this is a temporary fix until i work out a more seamless solution. And ive been on several servers this week where this dupe is usable!
and yeah a TreeSet would probably be better haha oh well....
Nice of you that you actually release a decent fix. thank you.
Your very welcome! I'd use a TreeSet instead of a primitive int array like I used in my post but it works great for the smithing interface dupe.
« Previous Thread | Next Thread » |
Thread Information |
Users Browsing this ThreadThere are currently 1 users browsing this thread. (0 members and 1 guests) |
Tags for this Thread |