Guessit 0 Report post Posted October 25, 2019 (edited) Hello Serverdev!, It's been many years since the first beta of tales of pirate. That the game still maintains a development community and active players, suggests that the logic of the game was a success by Moliyo, unfortunately, what didn't get the same degree of achievement was the game security... You, as private server developers, have developed vast knowledge about game internals more than anyone else, and you're all aware of the problems present in the code, including wrong data types, bad exception handling, overflows, lack of sanitization, etc. In this case I want to refer to the error called by the community "Skill Bug". In principle, I don't consider it a bug, I consider it a security error. When I discovered it (circa Nov07~Jan08), I was fuzzing the client at the packet level. A friend of mine told me about the game, he wanted me to help him look for a bug/exploit to take advantage, after a short time I realized that the game lacked security validations in many of its transactions, many of the transactions could be replayed, and a few were blindly entrusted to whatever the client sent. At first it was only a proof of concept, I could only get random skills, I didn't know the structure of the skillinfo.bin. However after gaining knowledge about the game, it was possible for me to learn arbritariously any skill I wanted, at the time, as I had little knowledge about the dynamics of the game, I didn't make much of it, I just abused it so I wouldn't have to spend money on skill books (Lol). For a long time I wasn't aware of the game, when returning to the game, I found that private servers were being developed, private servers being "Fun", were the perfect sandbox to test the potential of the fault found. So I abused several private servers, the first being FoxlV (circa ~09, I don't remember well), on all servers apparently without raising suspicions (i guess because wasn't until later that it was corrected). I was not an active Top/Pko player, however every time i went back to check if the error had not been discovered/fixed, being that until later it apparently remained in the shadows. Then I'd come back often, this was the time for Avocado (circa ~11-12), I remember spending months abusing the fault, until one day, that one account from a mate with boss skills, was spotted by Zankza soloing Black Dragon in lair (yes we soloed various boss in top igg/ pko this way). Remember, at that time, Avacado GS was reverse proxyed filtering malformed packets y/o injections, which caused the packet encryption to be turned off. Zankza quickly inferred that it was a kind of packet forging, this I suppose he deduced when he also saw how it was denied of his character by trade forcing. After that, Zankza rolled packet encryption on and believed that it would protect for a while. Actually this started as a packet manipulation, but it had already advanced to a memory manipulation. So the fault still active, and even some rougue chars were never discovered till the end of Avocado Server. Later I learned of reports of abuses of this fault on Top IGG (circa ~13), a person who wasn't me get to abuse it in public display (Chaos Argent / Abbnd). Then then, come back to try and I realized that in the top100 servers at the time (circa ~15-16, i dont remember well), incl Sky Pirates & Eternal Pirates, the fault remained unfixed. During the abuse, and after a few weeks, the Sky Pirates GM (was named luffy?, well, i dont remember...), spoted a guildmate abusing and quickly make a fix, a soft fix, one that froze the char who got the RB skill whithout Sexp/RB, certain skills still unnoticed... I don't remember how long it take, but about two months later, Eternal Pirates rolled a more robust solution, that looked like it came from @V3ct0r hands. Nevertheless, as it was based on white lists (an early solution?) other useful but unknown skills went unnoticed. And this brings me to today, in the little free time I have, I have downloaded some clients, and have tried some top100 servers, my surprise even the error is still valid, beyond a decade. Now I wonder, how could it have gone unnoticed to this day?, discretion has had a value, of course, but this has perpetuated the fault. I guess some would find out the same way I did, others would find out when they saw the abuse. However I would like to know, of the ppl from privatia, serverdev, who are in this forum: How did you find out about the fault? When you learned about it? Who was the first person you heard about this? I would love to hear this from Matt, Klabmouse, V3ct0r, Zankza, etc. Thanks Edited October 25, 2019 by Guessit Quote Share this post Link to post Share on other sites
squaller 21 Report post Posted October 26, 2019 (edited) there still are several exploits already... that cant be fixed, at least that you have source code and knowledge about it. theproblem here is that there some guys who opens new server, but some pkodev users, abuse ofthat "newbie servers". thats really sucks. this forum is supposed to be help forum , developer forum, not hack, exploit abuse forum.. i know people who just removed, their servers from this forum, because they re scared of the bad guys. Edited October 26, 2019 by squaller 2 Quote Share this post Link to post Share on other sites
Lua 35 Report post Posted October 28, 2019 On 10/26/2019 at 4:05 AM, squaller said: there still are several exploits already... that cant be fixed, at least that you have source code and knowledge about it. theproblem here is that there some guys who opens new server, but some pkodev users, abuse ofthat "newbie servers". thats really sucks. this forum is supposed to be help forum , developer forum, not hack, exploit abuse forum.. i know people who just removed, their servers from this forum, because they re scared of the bad guys. thats a sad true Quote Share this post Link to post Share on other sites
