search

OregonCore / OregonCore

World of Warcraft 2.4.3 Server Emulator
https://oregon-core.net/
GNU General Public License v2.0
156 stars 192 forks source link

[exploit/dupe] Player can clone stacking items (BB #39) #39

Closed OregonAsari closed 8 years ago

OregonAsari commented 8 years ago

This issue was migrated from bitbucket. Original Reporter: pdx15 Original Date: 22.02.2010 12:44:45 GMT+0000 Original Priority: major Original Type: bug Original State: resolved Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39

There is a simple wat to clone stacking item without any special soft. I'm going to show this step by step:

You need 1 additional empty bag in 'f8' slot (all other bag slots are empty), stack of items you want to clone in main bag (stack should be full, 5/5 for healing potion, for example ) and someone to trade with.

Split 1 item from stack and place it in to 'f8' bag

Now you should fill all 15 slots in main bag with any items, water or food, for example; so, after that you have 16/16 slots filled in main bag

Use mouse to move bag from f8 slot to f10 slot; than move it back to f8;

Use mouse to move bag from f8 slot to f9 slot; than move it back to f8;

Place item from f8 bag into main bag; so now we have full 5/5 stack of healing potion again.

Use mouse to move bag from f8 slot into main bag. We have no free space in main bag and bag from f8 disappears;

Delete any 1 item from main bag to free 1 slot in it, split 1 item from 5/5 stack and place into that 1 free slot.

Open trade with other character and give to him 4/5 stack of healing potions,

Logout now

After logout there are 4/5 stack on your main bag and same stack on yours companion bag;

Profit!

note:

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: pdx15 Original Date: 22.02.2010 13:18:51 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-127946

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: pdx15 Original Date: 22.02.2010 13:19:30 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-127947

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: pdx15 Original Date: 22.02.2010 13:21:06 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-127948

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: alexandro Original Date: 22.02.2010 14:05:46 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-127954

confirmed issue with item dupe :/

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: oregon Original Date: 23.02.2010 18:57:23 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-128801

ok, this bug is accepted, when someone has the time it will be fixed.

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: alexandro Original Date: 03.03.2010 07:44:25 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-133368

bump

and there is another kind of dupe through guild bank.

it works same as described before:

  1. fill main bag with stacks of items you want to dupe (16/16 slots should be filled)
  2. push empty bags into slots f8 and f9 (f10 and f11 should be empty)
  3. move bag from f9 to f10, than from f10 to f9, finally from f9 to main bag; after that bag is gone;
  4. open guild bank - split all stacks from main bag -> leave only 1 peace of stack into main bag and other items push into guildbank;
  5. logout
  6. after relog all your stack in main bag are full + items in guild bank.

This trick doesn't work in tc2, so, I guess, fix could be revealed and imported into Oregon.

video guide:

http://www.youtube.com/watch?v=Lws8Yxbwmf4

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: pdx15 Original Date: 04.03.2010 16:57:15 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-134360

Very severe bug, server economy collapses in the face of. Rare components packs on cheap stuff sell ((

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: Original Date: 04.03.2010 18:56:43 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-134419

Bump!

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: pdx15 Original Date: 04.03.2010 23:20:57 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-134538

fix guild bank dupe http://mangos.svn.sourceforge.net/viewvc/mangos?view=rev&revision=6709

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: pdx15 Original Date: 05.03.2010 00:38:43 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-134561

fix trade dupe http://mangos.svn.sourceforge.net/viewvc/mangos?view=rev&revision=6565

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: alexandro Original Date: 05.03.2010 08:39:57 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-134650

This fixes are already implemented in trinity-243/oregon, so they can't help with dupe problem.

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: Original Date: 15.03.2010 17:38:00 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-139479

This should be priority

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: Original Date: 16.03.2010 01:30:57 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-139749

I think the bug is because the emulator is saving a temporal or uncleaned array with items in bank at the moment of the logout. Sorry I can't help you with trinity/mangos code, I really didn't looked at it to understand how it works.

One possible fix should be (pseudo code)

on logout: { if (user have bank window open) { close bank window (this will save the current items on database) } if (user have trade window open) { cancel trade; } }

Another posible fix (the best one but more hard to find the bug in code) is to find where in the code is the part to save inventory/bank items and check where is not deleting in an array the stacked items.

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: Original Date: 16.03.2010 01:31:02 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-139750

Bump!

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: Original Date: 16.03.2010 01:32:39 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-139752

One possible fix should be (pseudo code)

{{{

!pseudo

on logout: { if (user have bank window open) { close bank window (this will save the current items on database) } if (user have trade window open) { cancel trade; } } }}}

Another posible fix (the best one but more hard to find the bug in code) is to find where in the code is the part to save inventory/bank items and check where is not deleting in an array the stacked items.

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: oneb1t Original Date: 19.03.2010 22:23:29 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-141953

Bump!

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: krz Original Date: 20.03.2010 22:05:11 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-142325

http://paste2.org/p/727405

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: Original Date: 20.03.2010 23:47:13 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-142343

Checking it, thanks for the patch -Peluche

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: Original Date: 21.03.2010 00:25:04 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-142345

The bug is still working with this patch (http://paste2.org/p/727405) at least using trade - Peluche

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: plank Original Date: 21.03.2010 01:15:19 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-142352

Trade dupe or cheat via trade when you swap bags? Can you explain?

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: Original Date: 22.03.2010 03:20:37 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-142784

Trade duppe I mean - Peluche

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: Original Date: 26.03.2010 21:47:26 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-145258

Bump!

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: Original Date: 28.03.2010 17:19:12 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-145905

Bump!

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: Original Date: 29.03.2010 01:15:55 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-146071

Bump!

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: Original Date: 29.03.2010 01:19:27 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-146072

Nobody knows to fix it ?

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: plank Original Date: 29.03.2010 19:01:52 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-146490

do you know method how to dupe with trade?

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: digerago Original Date: 30.03.2010 12:09:16 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-146892

Bump!

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: oregon Original Date: 31.03.2010 10:00:50 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-147326

still searching a solution. Instead of bumping, help searching;)

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: Original Date: 05.04.2010 01:08:34 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-149576

Bump!

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: Original Date: 11.04.2010 14:38:48 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-153374

Bump!

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: oneb1t Original Date: 12.04.2010 14:27:32 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-153956

Bump!

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: sarsikooo Original Date: 14.04.2010 17:31:07 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-155268

Bump!

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: pdx15 Original Date: 15.04.2010 10:33:58 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-155728

=))

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: oregon Original Date: 18.04.2010 14:31:43 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-157753

could this be a solution? http://bitbucket.org/oregon/trinity_changelog/changeset/7142e253292a

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: niyo Original Date: 18.04.2010 16:41:30 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-157873

looks good yes, but someone have to implement the patch and try to dupe

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: Original Date: 20.04.2010 03:42:29 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-158651

Bug still working with that patch, just tested it.

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: Original Date: 20.04.2010 20:30:53 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-159077

ehh, IMO, this isssue should be pass protected or smth like that, beacause now, everyone can read it and clone lots of items on it's server, being afraid it'll got fixed. :/.

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: Original Date: 22.04.2010 17:08:10 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-160371

What about this fix http://dev.trinitycore.org/trinitycore/changeset/834673a22a78

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: Original Date: 23.04.2010 22:52:15 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-161239

That fix doesn't work at all, first of all, the bug exploit still working, second, doesn't let the people enchant their items. - Peluche

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: Original Date: 27.04.2010 22:27:25 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-163886

Bump!

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: digerago Original Date: 02.05.2010 17:35:50 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-166903

as if to put all these things from the bags to the player bank and to buy new things - the bug is repeated, but only with a player bank! cloned and things are not stacking! serious bug...

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: Original Date: 02.05.2010 18:28:59 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-166931

Yes, it is a serious bug with no fix yet, I test every fix people post with no success...

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: Original Date: 04.05.2010 02:21:56 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-167742

Bug is at Player.cpp void Player::_SaveInventory()

Trying to find a solution... -Peluche

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: stfx Original Date: 04.05.2010 06:02:14 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-167803

Please try attached patch for trade exploit.

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: stfx Original Date: 04.05.2010 15:59:43 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-168137

Added in r213. Please comfirm if trade exploit is fixed. Guild exploit could still work but I am currently backporting the guild code so this issue may be resolved soon.

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: Original Date: 04.05.2010 17:14:36 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-168190

Tested the patch, didn't work. -Peluche

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: lukas22 Original Date: 13.05.2010 19:32:13 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-176059

Bump!

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: stfx Original Date: 27.05.2010 21:50:21 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-185166

Heavy exploit

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: stfx Original Date: 31.05.2010 20:49:33 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-187255

http://code.google.com/p/trinitycore/issues/detail?id=2347

OregonAsari commented 8 years ago

This comment was migrated from bitbucket. Original User: stfx Original Date: 31.05.2010 21:16:44 GMT+0000 Direct Link: https://bitbucket.org/oregon/oregoncore/issues/39/#comment-187284

Fixed http://www.oregoncore.com/index.php?/topic/344-important-fixed-exploit-dupe - Please test it