ruubi 51 Report post Posted September 21, 2021 (edited) Hello, before leaving ToP community for good, I want to release a list made by me and a friend, I hope this helps everyone, and I wish people can contribute and help each other with fixes for these bugs. (Note: There might be bugs that don't happen in your client, we mentioned it there from other's experiences) List by yagura2k(me) & Mothanna AccountServer: * Sql-Injection. --mac change packet * Sending a big packet len -> a possible way of crash. --Change header of username login to 20k leads to crash GameServer: * Case 2(CCharacter::ProcessPacket) -> can run lua cmds through here and have control over all the host aswell(remove it, it is a backdoor) * Offline-Stall Crash. --This one has multi reasons, what we are talking her about memaddre co set it to -1 which is cause of the crash. * DoString Crash/lua51. -No info about this, it was nostring from debugger. * Gold-hack. --When you have locked states by lock inventory or locked by trade/stall and send sell packet to npc. * AfterEnterMap/BeforeLeaveMap Crash. --No info about this happened once * Long Item-string Crash. --Takeitem Additem if itemname > 32 len its overflow buffer and crash GameServer. * Item-click bug(You cannot consume or double-click items, you can but it's really hard to). -It's from the rightclick addon in gameserver made by co for new pet system, just remove it. * Switch Item with F1-F12 Bar -> If this gets spammed, it can crash the person who is standing besides you. -This not common happen only if u have 1 ping just keep switch weapon will crash all people around you * Guild-bank -> Moving items and spamming them, can lead to a GameServer crash, has to be checked. --Dupe while using boats, just check on it, and packet query size is 10. * MoveCity Crash. --Happens when have invalid birthcity. * Bag of Holding -> Has to be removed unless the code is re-written, it is broken. * Accept guild notice wrong message. * Mentoring while offline-stalling -> can lead to GameServer crash. GateServer: * 03 Packet Crash. --Packet editor header its inside sdk server file packet len 66k * Disconnect by spamming loot. * Register Feature -> It is not safe to use unless there's captcha or cooldown for creating accounts. * ToProcess:OnClient Packet len crash. --WPE 6 len key has no check if its <6 so if its <6 gate crash. GroupServer: * Create Pin-Code Sql-Injection. --This one is a clear known bug. * Pin Code Sql-Injection. -This one is a clear known bug. * Bag of Holding -> Has to be removed unless the code is re-written, it is broken. Lua: * Analyze-dupe -> can be fixed by adding a check for locked item in analyze system. * Stalling locked item -> can be fixed by adding a check for locked items as well. * Lua51 has to be upgraded. --LUAJIT to 2.0.5. * MapUtil bug, can lead to a GameServer Freeze. --This is a theory. * Overall checks for everything for locked items, everything has to have a check if item is locked or not. * Star of Unity Formula & Rewards -> Urgent, has to be re-written and checked before launching the server. * Newbie Box Rewards -> Urgent as well, the rewards for every class has to be checked!(Encountered before, lv50 staff from lv25 newbie chest). * Experience system -> Has to be checked as well! Experience will most likely get bugged after level 35-45. --EXP system has exp jump on lv 79 to 91 * Spawn points -> Has to be checked for teleporters. -same as MoveCity issue, if has invalid birth, its gonna crash. Client: * Block system is not working, you block someone then if you relog, the block list gets wiped. * Using Guild-Colors/Forms -> not safe, this has been tested and you can crash everyone's client that sees your character. * Screenshot client crash. --Buffer overflow for 4k. * Trade-value wrong when buying something from NPC. * Client will crash while you use manu's. --When you have x1 manu left in your inventory and use it, it will crash your client. * Using some skills will make the character freeze & stuck or can be stunned forever as well. * MPTerrain Destructor Crash -> usually happens in PK with a good more or less amount of people(It can crash during randomly walking or teleporting as well). * Buffing someone or yourself -> leading for the character to die. --This happens due timer when timer becomes 1 or less and u use skill on that person it kill it, the fixed been pushed in top-recode. * Colour Notice Crash. --Happens due to visual studio upgrade. * Using guild-bank and spamming it can lead to a client crash. --Happens due syn, a guild bank cool-down would work as a workaround fix. Note 2: There might be more than these! if you know more, share it in this topic so other's know about it! Thank you ToP for all these years! Edited September 21, 2021 by ruubi 1 Quote Share this post Link to post Share on other sites
Unknown 17 Report post Posted September 21, 2021 Thanks to those who wrote this list! High-five guys. Quote Share this post Link to post Share on other sites
superNL 2 Report post Posted September 21, 2021 sorry to hear that you are leaving the community for good. Thanks for the great list of identified bugs. Can I ask how you curated this list? Did you find these bugs yourself? Did you run any static code analysers to find the buffer overflow bugs? And why on earth did you try to: Switch Item with F1-F12 Bar -> If this gets spammed, it can crash the person who is standing besides you. Hope to hear from you, DM can also. Quote Share this post Link to post Share on other sites
wolfenx 106 Report post Posted September 21, 2021 (edited) 3 hours ago, superNL said: Lamento saber que se va de la comunidad para siempre. Gracias por la gran lista de errores identificados. ¿Puedo preguntar cómo seleccionó esta lista? ¿Encontraste estos errores tú mismo? ¿Ejecutó algún analizador de código estático para encontrar los errores de desbordamiento del búfer? ¿Y por qué diablos trataste de: Cambiar de artículo con la barra F1-F12 -> Si se envía spam, puede bloquear a la persona que está a tu lado. Espero tener noticias tuyas, DM también puede hacerlo. yagura2k#1001 = laroi#1337 = yagura#2968 = ruubi = sonia elena negresca one less scammer, there is nothing to regret maybe I'll come back with another name lol Edited September 21, 2021 by wolfenx 1 Quote Discord:Wolfen#1498 https://www.patreon.com/ReTop Share this post Link to post Share on other sites
mkhzaleh 131 Report post Posted September 22, 2021 Quote Share this post Link to post Share on other sites
mkhzaleh 131 Report post Posted September 22, 2021 18 hours ago, superNL said: sorry to hear that you are leaving the community for good. Thanks for the great list of identified bugs. Can I ask how you curated this list? Did you find these bugs yourself? Did you run any static code analysers to find the buffer overflow bugs? And why on earth did you try to: Switch Item with F1-F12 Bar -> If this gets spammed, it can crash the person who is standing besides you. Hope to hear from you, DM can also. no these bugs been found while x servers running , there is more been fixed there and there and switch item not really effected its happen only in very low pings mostly in local clients and the switch happen due co new feature of switching items from skill bar Quote Share this post Link to post Share on other sites