Thread: Client spawning exploit fix

Results 1 to 6 of 6
  1. #1 Client spawning exploit fix 
    Banned
    Join Date
    Mar 2011
    Posts
    28
    Thanks given
    4
    Thanks received
    16
    Rep Power
    0
    Saw the thread in the client section, and someone said that it was an exploit in the private message packet, so I decided to fix it.

    Here you go, the full fix:

    Code:
    package server.model.players.packets;
    
    import server.Config;
    import server.Server;
    import server.Connection;
    import server.model.players.Client;
    import server.model.players.PacketType;
    import server.util.Misc;
    
    /**
     * Private messaging, friends etc
     **/
    public class PrivateMessaging implements PacketType {
    
    	public final int ADD_FRIEND = 188, SEND_PM = 126, REMOVE_FRIEND = 215, CHANGE_PM_STATUS = 95, REMOVE_IGNORE = 59, ADD_IGNORE = 133;
    	@Override
    	public void processPacket(Client c, int packetType, int packetSize) {
    		switch(packetType) {
    		
    			case ADD_FRIEND:
    			c.friendUpdate = true;
    			long friendToAdd = c.getInStream().readQWord();
    			boolean canAdd = true;
    
    			for (int i1 = 0; i1 < c.friends.length; i1++) {
    				if (c.friends[i1] != 0 && c.friends[i1] == friendToAdd) {
    					canAdd = false;
    					c.sendMessage(friendToAdd + " is already on your friends list.");
    				}
    			}
    			if (canAdd == true) {
    				for (int i1 = 0; i1 < c.friends.length; i1++) {
    					if (c.friends[i1] == 0) {
    						c.friends[i1] = friendToAdd;
    						for (int i2 = 1; i2 < Config.MAX_PLAYERS; i2++) {
    							if (Server.playerHandler.players[i2] != null && Server.playerHandler.players[i2].isActive && Misc.playerNameToInt64(Server.playerHandler.players[i2].playerName)== friendToAdd) {
    								Client o = (Client)Server.playerHandler.players[i2];
    								if(o != null) {
    									if (Server.playerHandler.players[i2].privateChat == 0 || (Server.playerHandler.players[i2].privateChat == 1 && o.getPA().isInPM(Misc.playerNameToInt64(c.playerName)))) {
    										c.getPA().loadPM(friendToAdd, 1);
    										break;
    									}
    								}
    							}
    						}
    						break;
    					}
    				}
    			}
    			break;
    			
    			case SEND_PM:
    			long sendMessageToFriendId = c.getInStream().readQWord();
                byte pmchatText[] = new byte[100];
                int pmchatTextSize = (byte) (packetSize - 8);
    			c.getInStream().readBytes(pmchatText, pmchatTextSize, 0);
    			if (Connection.isMuted(c))
    				break;
                for (int i1 = 0; i1 < c.friends.length; i1++) {
                    if (c.friends[i1] == sendMessageToFriendId) {
                        boolean pmSent = false;
    
                        for (int i2 = 1; i2 < Config.MAX_PLAYERS; i2++) {
                            if (Server.playerHandler.players[i2] != null && Server.playerHandler.players[i2].isActive && Misc.playerNameToInt64(Server.playerHandler.players[i2].playerName)== sendMessageToFriendId) {
                                Client o = (Client)Server.playerHandler.players[i2];
    							if(o != null) {
    								if (Server.playerHandler.players[i2].privateChat == 0 || (Server.playerHandler.players[i2].privateChat == 1 && o.getPA().isInPM(Misc.playerNameToInt64(c.playerName)))) {
    									o.getPA().sendPM(Misc.playerNameToInt64(c.playerName), c.playerRights, pmchatText, pmchatTextSize);
    	                                pmSent = true;
    	                            }
    							}
                                break;
                            }
                        }
                        if (!pmSent) {
    						c.sendMessage("That player is currently offline.");
    						break;
                        }
                    }
                }
                break;	
    			
    			
    			case REMOVE_FRIEND:
    			c.friendUpdate = true;
                long friendToRemove = c.getInStream().readQWord();
    
                for (int i1 = 0; i1 < c.friends.length; i1++) {
                    if (c.friends[i1] == friendToRemove) {
    					for (int i2 = 1; i2 < Config.MAX_PLAYERS; i2++) {
    						Client o = (Client)Server.playerHandler.players[i2];		
    						if(o != null) {
    							if(c.friends[i1] == Misc.playerNameToInt64(Server.playerHandler.players[i2].playerName)){
    								o.getPA().updatePM(c.playerId, 0);
    								break;
    							}
    						}
    					}
    					c.friends[i1] = 0;
                        break;
                    }
                }
                break;
    			
    		case REMOVE_IGNORE:
    			break;
    			
    			case CHANGE_PM_STATUS:
                int tradeAndCompete = c.getInStream().readUnsignedByte();
                c.privateChat = c.getInStream().readUnsignedByte();
                int publicChat = c.getInStream().readUnsignedByte();
                for (int i1 = 1; i1 < Config.MAX_PLAYERS; i1++) {
    			   if (Server.playerHandler.players[i1] != null && Server.playerHandler.players[i1].isActive == true) {
                        Client o = (Client)Server.playerHandler.players[i1];
    					if(o != null) {
    						o.getPA().updatePM(c.playerId, 1);
    					}
                    }
                }
                break;
    			
    			
    			
    		case ADD_IGNORE:
    			
    			break;
                
    		}
    		
    	}	
    }
    Reply With Quote  
     

  2. #2  
    Member

    Join Date
    May 2008
    Posts
    1,288
    Thanks given
    50
    Thanks received
    92
    Rep Power
    0
    u mean this?
    http://www.rune-server.org/runescape...-found-pi.html
    which already says how to fix it
    Reply With Quote  
     

  3. #3  
    Banned
    Join Date
    Mar 2011
    Posts
    28
    Thanks given
    4
    Thanks received
    16
    Rep Power
    0
    Quote Originally Posted by Clifton View Post
    u mean this?
    http://www.rune-server.org/runescape...-found-pi.html
    which already says how to fix it
    Ah, I didn't see it.
    Reply With Quote  
     

  4. #4  
    Registered Member
    Mr.Client's Avatar
    Join Date
    Jun 2010
    Posts
    2,094
    Thanks given
    100
    Thanks received
    317
    Rep Power
    259
    Quote Originally Posted by joelivesup View Post
    Ah, I didn't see it.
    thats what they all say.
    Reply With Quote  
     

  5. Thankful users:


  6. #5  
    Registered Member
    gomomo11's Avatar
    Join Date
    May 2010
    Posts
    2,379
    Thanks given
    268
    Thanks received
    196
    Rep Power
    177
    what was the exploit?
    Attached image
    no external links without affiliate
    Reply With Quote  
     

  7. #6  
    Banned

    Join Date
    Nov 2009
    Posts
    1,800
    Thanks given
    7
    Thanks received
    18
    Rep Power
    0
    Why didn't you just say to comment out the code rather than post your entire PrivateMessaging class?
    Reply With Quote  
     


Thread Information
Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


User Tag List

Similar Threads

  1. Error while spawning (client freezes)
    By zanakinz in forum Help
    Replies: 6
    Last Post: 08-23-2009, 07:42 PM
  2. Spawning objects client-side
    By Oxygen in forum Requests
    Replies: 1
    Last Post: 06-30-2009, 03:44 PM
  3. Item spawning client sided.
    By Anfernio in forum Requests
    Replies: 1
    Last Post: 04-18-2009, 12:54 PM
  4. Client freeze when spawning
    By Sicc in forum Help
    Replies: 4
    Last Post: 04-13-2009, 03:46 PM
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •