Xemectrum

Boredness wrote:Richie86 did on me... before the patch... he showed to me.
or rather he did it on me...

omg his pe skill is awesome!!

Wow Isnt richie86 the guy who 'banned' someone? Anyway, I think this is possible coz when somebody cc's it will be onto a different server so the guy edits your packets and cause you to dc while changing his ip onto your char.

i tink alot of ppl got this hack

Shouldnt be alot or else patched long ago ler.

shouldn't it be like... since he's a PE editor...

1st, he get the Packet of Banning, probably use fake accounts and get a/b or real ban by GMs. who know?
2nd, Solve the code, in other word, encrypt and decrypt the packet you had sent to the server.
3rd, Change the ign being banned into the victim.
4th, Send the edited packet

shouldn't it be like that?

as for the remote hack, it's probably just a bug, or real hack.
cause
1st, Victim enter new channel, it's the same as you enter a new channel, same packet sent, with different ign
2nd, get the packet that your victim had sent, cause you saw it(the victim cc), change it to your ign, send to server. server thinks you're the real one that's in the account and had just cc-ed
3rd, victim gets dced due to another account "taking over", the hacker get to control the victim's character... i'm not a pro hacker. correct me if i'm wrong

Could be fake. Could be real though due to PE. It basically screws up the database.

evilkie wrote:shouldn't it be like... since he's a PE editor...

1st, he get the Packet of Banning, probably use fake accounts and get a/b or real ban by GMs. who know?
2nd, Solve the code, in other word, encrypt and decrypt the packet you had sent to the server.
3rd, Change the ign being banned into the victim.
4th, Send the edited packet

shouldn't it be like that?

as for the remote hack, it's probably just a bug, or real hack.
cause
1st, Victim enter new channel, it's the same as you enter a new channel, same packet sent, with different ign
2nd, get the packet that your victim had sent, cause you saw it(the victim cc), change it to your ign, send to server. server thinks you're the real one that's in the account and had just cc-ed
3rd, victim gets dced due to another account "taking over", the hacker get to control the victim's character... i'm not a pro hacker. correct me if i'm wrong

i dun think is that easy

evilkie wrote:shouldn't it be like... since he's a PE editor...
1st, he get the Packet of Banning, probably use fake accounts and get a/b or real ban by GMs. who know?
2nd, Solve the code, in other word, encrypt and decrypt the packet you had sent to the server.
3rd, Change the ign being banned into the victim.
4th, Send the edited packet

1. I don't have any packet that ban people, it just simply as let that victim trigger some auto ban hack, eg item vac. In that video, it was map teleport that autoban instantly. So I sent him to coke town event map.

2. I don't encrypt or decrypt any packet, all you need to do in your PE is hook before send is encrypted, and hook after recv is decrypted.

3. nothing about change ign LOL bla bla bla. Too much imagination.

evilkie wrote: as for the remote hack, it's probably just a bug, or real hack.
cause
1st, Victim enter new channel, it's the same as you enter a new channel, same packet sent, with different ign
2nd, get the packet that your victim had sent, cause you saw it(the victim cc), change it to your ign, send to server. server thinks you're the real one that's in the account and had just cc-ed
3rd, victim gets dced due to another account "taking over", the hacker get to control the victim's character... i'm not a pro hacker. correct me if i'm wrong

It's not bug, but an exploit.

This is how the game work.
When you send an cc request. Eg: cc from channel 1 to channel 2.
Channel 1 server receive request, inform channel 2 server to expecting an incoming user with player unique id 123. Player divert to channel 2, player send his unique id to server. Server confirmed the correct unique id, allocate the session transferred from channel 1.

The hack;
Player 1 uid is acquired by Player 2.
Player 1 cc to cc 2.
Player 2 cc to cc 2 earlier than Player 1. and send Player 1 unique id.
Server receive channel request from Player 1 and Player 2. where before Player 1 send his unique id, Player 2 spoof it, and hijacked the session. When server receive Player 1 unique id, it's duplicated request, and get dced.

There is nothing to do with IGN.. we don't deal with IGN at all, only player unique id.

richie86 wrote:

evilkie wrote:shouldn't it be like... since he's a PE editor...
1st, he get the Packet of Banning, probably use fake accounts and get a/b or real ban by GMs. who know?
2nd, Solve the code, in other word, encrypt and decrypt the packet you had sent to the server.
3rd, Change the ign being banned into the victim.
4th, Send the edited packet

1. I don't have any packet that ban people, it just simply as let that victim trigger some auto ban hack, eg item vac. In that video, it was map teleport that autoban instantly. So I sent him to coke town event map.

2. I don't encrypt or decrypt any packet, all you need to do in your PE is hook before send is encrypted, and hook after recv is decrypted.

3. nothing about change ign LOL bla bla bla. Too much imagination.

evilkie wrote: as for the remote hack, it's probably just a bug, or real hack.
cause
1st, Victim enter new channel, it's the same as you enter a new channel, same packet sent, with different ign
2nd, get the packet that your victim had sent, cause you saw it(the victim cc), change it to your ign, send to server. server thinks you're the real one that's in the account and had just cc-ed
3rd, victim gets dced due to another account "taking over", the hacker get to control the victim's character... i'm not a pro hacker. correct me if i'm wrong

It's not bug, but an exploit.

This is how the game work.
When you send an cc request. Eg: cc from channel 1 to channel 2.
Channel 1 server receive request, inform channel 2 server to expecting an incoming user with player unique id 123. Player divert to channel 2, player send his unique id to server. Server confirmed the correct unique id, allocate the session transferred from channel 1.

The hack;
Player 1 uid is acquired by Player 2.
Player 1 cc to cc 2.
Player 2 cc to cc 2 earlier than Player 1. and send Player 1 unique id.
Server receive channel request from Player 1 and Player 2. where before Player 1 send his unique id, Player 2 spoof it, and hijacked the session. When server receive Player 1 unique id, it's duplicated request, and get dced.

There is nothing to do with IGN.. we don't deal with IGN at all, only player unique id.

i think this is a "bug"...which is just require id then can change channel so hackers can edit the id and hack it without victim's id and password..

not a bug, that how the system design. it expect the id to be receive in a short period. and after the patch, it expect the id receive should be in same IP. so remote hack still work if you go lanshop and hook up somebody

you don't design your system to authenticate the server everytime you cc/ enter cash shop don't you?
that will make you save the id and password in somewhere the system and people can simply steal it with an program running on your comp. even if you use virtual keyboard to enter.