Topic: Server Down - Request Timed Out
FYI
You are not logged in. Please login or register.
FYI
F Faldon
Well, you did crash it, to be fair. Packet editing?
Boo, Angel. Booooo.
There's a check the server should have been doing.
(Affected Pickpocket, Snooping, and Healing skills.)
Simple fix. Let me know if that same packet crashes it now.
Does the current server just use sequential numbers for checks?
Whoops! I was using python to help me raise skills and was playing around - didn't intentionally modify a packet lol my bad!
How do you unintentionally modify a packet? By this you mean you are sending over sockets directly? The client should never have produced that packet. (To be fair, the server ought to be hardened against it anyway.)
Good afternoon,
I can't get into the game when it takes time to load and at the end of Time Out.
Can anyone tell me why? There are people logged in at this moment in the game, I believe because they have been logged in for a while.
How do you unintentionally modify a packet? By this you mean you are sending over sockets directly? The client should never have produced that packet. (To be fair, the server ought to be hardened against it anyway.)
Hey James,
Sorta-Kinda. Normally, if I were trying to hack/exploit a server I would use use a custom-coded client proxy or dll injection that would allow me to control what is sent over my own sockets directly for packet creation - however, with your current server there is no need to do that because there is no security.. I don't need to decode and recode any packets for modification so I've been using some basic python to help macro some skills (not even AFK - just for fun).
Now, the problem with not taking the client-proxy approach and using the python pydivert module is that its basic python bindings for WinDivert - which is nothing but a windows driver that allows me to capture packets at the "user-mode" context is that the actual TCP Packet length is already set when its intercepted - similar to when your players try to use WPE to modify a 'packet' they need to respect the length of the "packet" - but not quite a complete packet - when it comes to your server receiving multiple .. what i call "partial packets" in a compete packet sent via the socket... which players struggle with using WPE when multiple 'partial packets' are sent as a datagram packet to the server.
All that to say, at the time when I accidently crashed the server... what I was doing was raising multiple skills at once... PickPocket and tactics via martial arts .. and because I am able to use python to do the macroing, I am able to also hook memory access to monitor the target HP .. and responses from the server to time the speed.
For instance:
Pickpocket target
if targetHP < 50%:
time.sleep(1) #target will heal automatically
#I HATE sleep and always refactor to use thread executions
if response was successful:
immediately PP target again
else
delay PP by 500ms
attack target
So yah, when I accidently modified a packet... I unintentionally shortened a 'partial packet' by a byte compared to the actual TCP Packet that was being monitored by python for the macro response to be triggered.
It's really neat and interesting to me, very nostalgic because I am able to see some very important milestones in the development of the server that remind me of my youth.
I can see point in time when you realized the difference of signed and unsigned limitations for many things, but specifically monster Ids ... i can see the monsters you added using the 2 byte IDs vs the original 1 byte signed IDs.. i can see when you added the Winter Wolfs to val caves compared to the WW in other areas... the incremental changes are so very inrteresting..
When you changed little vs big in what the client receives vs sends.. the differences in how you send or receive the X,Y coordinates.. client sends and server receives arent 100% identical.
case 95: #Monster Action- b'_'
if pLen == 4:
mobId = int.from_bytes(payload[index+2:index+4], "big")
mobId = mobId ^ 258
elif pLen == 3:
mobId = int.from_bytes(payload[index+2:index+3], "big")
mobId = mobId ^ 129
The 'partial packet' length change for monsters per map... just so much history here ...
anyway... all that to say i was just trying to macro PP and tactics but accidently messed up a partial packet and accidently modified the packet length .... when my goal was to NOT modify the packets, just effeciently macro
The packet length of the crashing packet wasn't wrong actually. It just had an ID that was out of range for players. Like I said, a check I needed to have.
I will admit, I made a lot of efforts in the past to save bandwidth -- it was really expensive and many players were on dialup. 1 byte for players is still all over the place, so there's effectively a limit of 255. Not that that matters in the current situation.
The packet length of the crashing packet wasn't wrong actually. It just had an ID that was out of range for players. Like I said, a check I needed to have.
I will admit, I made a lot of efforts in the past to save bandwidth -- it was really expensive and many players were on dialup. 1 byte for players is still all over the place, so there's effectively a limit of 255. Not that that matters in the current situation.
It was my partial packet length that I messed up - not the actual complete transmitted packet, which caused the data to be incorrect, which caused your server to read the wrong byte for the playerID in the skill partial packet - which caused the crash.
To clarify, I am pulling packets directly from the Windows Stack with pydivert - so the transmitted TCP packet will often contain many partial packets that are sent together via the socket.
match packet.direction:
case 0: #Sent Packets - Outbound
newPayload = b''
packetLen = len(payload)
while index < packetLen:
if keyboard.is_pressed('q') == True:
break
pLen = payload[index] - 128
opcode = payload[index + 1]
end = index + pLen
end += 2
pPayload = payload[index:end]
match opcode:
case 15:
skillId = int.from_bytes(payload[index+2:index+3])
match skillId:
Then I can read the partial packet sent/received to make decisions ... like if a pickpocket was succesful or not.
So I can do things like...
case b'aura':
if pLen == 4:
pPayload = aura + playerId
case b'heal':
if pLen == 4:
pPayload = heal + playerId
case b'heat':
if pLen == 4:
pPayload = heal + targetId
Which... is where I messed up when I crashed the server and accidently modified the partial packet the server processed causing the wrong playerId to be read by the server... sorry about that btw!
For the longest time this would also crash the Open Faldon server. ah, memories
Currently installed 5 official extensions. Copyright © 2003–2009 PunBB.