Cheat Engine

Welcome in the osRose emulator Project.

Moderators: osRose dev team, ospRose dev team, osiRose dev team, Moderators

Re: Cheat Engine

Postby Raven0123 on Fri May 18, 2018 4:35 pm

AnimalCrackerz wrote:yes! thats why I wanted to try to do it at pakDoIdentify but this seems to work..but am having issues now with the char server freezing after the dupe..i try to log in after on diff clients/accounts and the char server doesn't load. It seems to freeze after. :P


try removing the DB->QFree() after the end }. it's been a while since I've worked with this code and DB style (I don't remember the quirks :lol: ).

Also if you want faster response times, you should join this channel https://gitter.im/dev-osrose/osROSE. most of us are on there and check it more freq then here (in my case).
User avatar
Raven0123
osiRose dev
osiRose dev
 
Posts: 379
Joined: Tue Sep 11, 2007 11:06 pm
Location: USA, NJ

Re: Cheat Engine

Postby AnimalCrackerz on Fri May 18, 2018 5:44 pm

TY guys for the speedy response!
  1. result = DB->QStore("SELECT * FROM characters WHERE account_name='%s' and char_name='%s'", thisclient->username, thisclient->charname);
  2.     if(result==NULL) return false; // Something happened when querying the db
  3.     if(mysql_num_rows( result ) != 1){
  4.     {
  5.     //PLAYER SPOOFED THE CHARACTER NAME BAN HIM!!!!!!!!
  6.     Log( MSG_ERROR, "User %s(%i) selected char '%s' which isn't owned by them! This account is banned!", thisclient->username, thisclient->userid, thisclient->charname);
  7.     DB->QFree( );
  8.     }
  9.     thisclient->accesslevel = -1;
  10.     DB->QExecute( "UPDATE accounts SET accesslevel='0' WHERE id=%i", thisclient->userid);
  11.     thisclient->isActive = false;
  12.     }
  13.     DB->QFree( );

So I added a few lines that bans the offending account! but I am getting a problem with disconnecting when selecting to return to char select...I think I can live with it but players complain about everything..
I made a short vid https://youtu.be/7YWKnnL6wwk.
You probably don't need to preview but I can't figure out what is making it dc when trying to return to char select. Can you see what I am doing wrong? :P
AnimalCrackerz
Pomic
Pomic
 
Posts: 102
Joined: Tue Apr 20, 2010 1:58 pm

Re: Cheat Engine

Postby Raven0123 on Fri May 18, 2018 7:07 pm

AnimalCrackerz wrote:TY guys for the speedy response!
  1. result = DB->QStore("SELECT * FROM characters WHERE account_name='%s' and char_name='%s'", thisclient->username, thisclient->charname);
  2.     if(result==NULL) return false; // Something happened when querying the db
  3.     if(mysql_num_rows( result ) != 1){
  4.     {
  5.     //PLAYER SPOOFED THE CHARACTER NAME BAN HIM!!!!!!!!
  6.     Log( MSG_ERROR, "User %s(%i) selected char '%s' which isn't owned by them! This account is banned!", thisclient->username, thisclient->userid, thisclient->charname);
  7.     DB->QFree( );
  8.     }
  9.     thisclient->accesslevel = -1;
  10.     DB->QExecute( "UPDATE accounts SET accesslevel='0' WHERE id=%i", thisclient->userid);
  11.     thisclient->isActive = false;
  12.     }
  13.     DB->QFree( );

So I added a few lines that bans the offending account! but I am getting a problem with disconnecting when selecting to return to char select...I think I can live with it but players complain about everything..
I made a short vid https://youtu.be/7YWKnnL6wwk.
You probably don't need to preview but I can't figure out what is making it dc when trying to return to char select. Can you see what I am doing wrong? :P


Can you show the logs for the servers right after you get dc'd from them?

Also not sure if you saw your error in that code you posted. You have an extra . hope that isn't in your compiled code because that should be a compile error :P.
  1.    DB->QFree( );
  2.     }
  3.     thisclient->accesslevel = -1;
should be
  1.    DB->QFree( );
  2.     thisclient->accesslevel = -1;
User avatar
Raven0123
osiRose dev
osiRose dev
 
Posts: 379
Joined: Tue Sep 11, 2007 11:06 pm
Location: USA, NJ

Re: Cheat Engine

Postby PurpleYouko on Fri May 18, 2018 8:08 pm

Another possible fix would be to add code to bool CCharServer::pakRequestWorld( CCharClient* thisclient, CPacket* P )
The 715 packet comes in with two pieces of information
a Byte ( btCharNO )containing the index value of the selected avatar
the String containing the character's name

It should be pretty easy to add a simple query to return all the names of characters owned by the player and then check the name of the one at position btCharNO
If it doesn't equal the name in the packet then you have a cheater

Alternatively we could just ignore the name sent in by the client and simply load the character at that index value.

I have modified the source in the project 137 repo as follows

  1. // Send away the world IP
  2. bool CCharServer::pakRequestWorld( CCharClient* thisclient, CPacket* P )
  3. {
  4.     if (!thisclient->isLoggedIn) return false;
  5.     MYSQL_ROW row;
  6.     MYSQL_RES *result;
  7.     memset( &thisclient->charname, '\0', 17 );
  8.     memcpy( thisclient->charname, &P->Buffer[3], (P->Size-6-4)>16?16:(P->Size-6-4) );
  9.  
  10.     //PY Added code to validate character names sent in from client
  11.     unsigned int charnum = 0;
  12.     CCharacter chars[5];
  13.     int btCharNO = P->Buffer[0];
  14.     result = DB->QStore("SELECT char_name FROM characters WHERE account_name='%s'", thisclient->username);
  15.     if(result==NULL) return false;
  16.     while (row = mysql_fetch_row(result))
  17.     {
  18.         memset( &chars[charnum].char_name, '\0', 17 );
  19.         strcpy( chars[charnum].char_name , row[0] );
  20.         charnum++;
  21.     }
  22.     Log(MSG_WARNING,"Characters in this account %s, %s, %s, %s, %s",chars[0].char_name, chars[1].char_name, chars[2].char_name, chars[3].char_name, chars[4].char_name); //displays all charcters in account
  23.     Log(MSG_WARNING,"Selected Character from client %s",chars[btCharNO].char_name); //displays character name sent in from the client on the 0x0715 packet
  24.     if ( strcmp(thisclient->charname, chars[btCharNO].char_name) != 0 )
  25.     {
  26.         Log(MSG_WARNING,"Selected Character is invalid. Hack detected");    //they don't match
  27.         thisclient->accesslevel = -1;
  28.         DB->QExecute( "UPDATE accounts SET accesslevel='0' WHERE id=%i", thisclient->userid);   //ban the player
  29.         thisclient->isActive = false;
  30.         return false;
  31.     }
  32.     //PY anti-hack end
  33.  
  34.  
  35.     if(!CheckEscapeMySQL(thisclient->charname,17,true))
  36.     {
  37.         Log(MSG_WARNING,"A charname contains incorrect caracters or incorrect size (see warnings above)");
  38.         return false;
  39.     }
  40.  
  41.     DB->QFree( );


Could probably be simplified a little but whatever.
Tested and working with valid characters.
Not tested with actual hack attempts
Need to lookup information on NARose items, skills, quests?
Now featuring a newly completed skill tree for all classes
Formatting fixed for different resolutions
Image

"A Gazelle is nothing but a giraffe plotted logarithmicaly"
User avatar
PurpleYouko
Rose Guru
Rose Guru
 
Posts: 4733
Joined: Fri Aug 10, 2007 2:05 pm

Re: Cheat Engine

Postby AnimalCrackerz on Fri May 18, 2018 8:19 pm

I will try and test this PY thankyou!

EDIT* So implemented the code..detects hack on attempt..but freezes the server for other players :)
Screenshot_9.png
detects hack

Here after restarting the client logging in the server is unresponsive
Screenshot_10.png
AnimalCrackerz
Pomic
Pomic
 
Posts: 102
Joined: Tue Apr 20, 2010 1:58 pm

Re: Cheat Engine

Postby PurpleYouko on Fri May 18, 2018 9:54 pm

One possible reason could be that it returns 'false' when a hack attempt is detected.
It does that in a lot of places where errors are detected.
I've sometimes found that you need to return 'true' instead or else the server itself gets hung up.
I recommend trying that before anything else.

It's not the true or false that really matters. It's just that it returns before spawning the character into the world
Need to lookup information on NARose items, skills, quests?
Now featuring a newly completed skill tree for all classes
Formatting fixed for different resolutions
Image

"A Gazelle is nothing but a giraffe plotted logarithmicaly"
User avatar
PurpleYouko
Rose Guru
Rose Guru
 
Posts: 4733
Joined: Fri Aug 10, 2007 2:05 pm

Re: Cheat Engine

Postby Elyntra on Sat May 19, 2018 8:10 am

Congrats on fixing it Animal. Glad I told you about this. Now everyone can fix it.
Elyntra
Jelly Bean
Jelly Bean
 
Posts: 17
Joined: Wed May 16, 2018 6:56 am

Re: Cheat Engine

Postby AnimalCrackerz on Sun May 20, 2018 11:31 am

Re: Cheat Engine
Post by Elyntra on Sat May 19, 2018 2:10 am

Congrats on fixing it Animal. Glad I told you about this. Now everyone can fix it.


Would love to take credit for a fix..but it was Raven and PY that actually made the fix (credits)
Cheers :)
AnimalCrackerz
Pomic
Pomic
 
Posts: 102
Joined: Tue Apr 20, 2010 1:58 pm

Previous

Return to Support - OsRose Emulator

Who is online

Users browsing this forum: No registered users and 4 guests