Exploit Crash spell ( Malformed Packet )

[blackdev01]

hello i have a crash on my source , that seems to be an exploit this is my crashlogs https://gist.github.com/blackdev01/827699f9682ff12155cf770530e09623 https://gist.github.com/blackdev01/88d91dfedfbf789f2e847f7966c7a2a6 https://gist.github.com/blackdev01/fafda762ee8e2fc1a15bb269740fe906 https://gist.github.com/blackdev01/5f7b2cd3d4191227b06027ed257f1ea7

this my rev : https://github.com/azerothcore/azerothcore-wotlk/commit/a9b981d619c220d7459a963cac4e989215b638b1 os : debian 8 i saw an report about this problem , i think my problem is look like this one

this post is a bounty post i'll pay 20$ for this my Discord : ProGrammer#8649

[wowmane]

YOUR CORE iS OLD VERSiON OR MYTHCORE - PROJECT

https://github.com/azerothcore/azerothcore-wotlk/issues/2152

PLEASE UPDATE YOUR CORE TO AC / LAST

[blackdev01]

i prepared this for bounty and now i think this crash is doing with an software like WPE PRO i have a log about this, this log some times appear (not always) 1564663015,5,1,0,WorldSession::Update ByteBufferException occured while parsing a packet (opcode: 682) from client xxx,xxx,xxx,xxx, accountid=140224. Skipped packet.,1564663015,5,1,0,WorldSession::Update ByteBufferException occured while parsing a packet (opcode: 682) from client xxx,xxx,xxx,xxx, accountid=140224. Skipped packet.,1564663015,5,1,0,WorldSession::Update ByteBufferException occured while parsing a packet (opcode: 682) from client xxx,xxx,xxx,xxx, accountid=140224. Skipped packet.,1564663014,5,1,0,WorldSession::Update ByteBufferException occured while parsing a packet (opcode: 682) from client xxx,xxx,xxx,xxx, accountid=140224. Skipped packet.,1564663014,5,1,0,WorldSession::Update ByteBufferException occured while parsing a packet (opcode: 682) from client xxx,xxx,xxx,xxx, accountid=140224. Skipped packet., more crash logs https://gist.github.com/blackdev01/be70081dde07f0671d26d3d82a596fa5 https://gist.github.com/blackdev01/d3cc766ac75436e84b607ab63448c3d3 https://gist.github.com/blackdev01/67c946ea33394f2fc73b17d529144e16

[blackdev01]

@wowmane please stop spam my core is AC + custom codes. another users have this problem too https://github.com/azerothcore/azerothcore-wotlk/issues/2150 ( last rev ) https://github.com/azerothcore/azerothcore-wotlk/issues/2043 and https://github.com/azerothcore/azerothcore-wotlk/issues/1895

@wowmane who are you ?! and why should i Deception you ?!

[wowmane]

I saw your reports: I have nothing more to say, You are deceiving us!

https://github.com/azerothcore/azerothcore-wotlk/issues/2152

https://github.com/azerothcore/azerothcore-wotlk/issues/2170

https://github.com/azerothcore/azerothcore-wotlk/issues/1895#issuecomment-517947804

[blackdev01]

@wowmane i heard your idea enough , let others to say their opinionS i don't know why azerothcore 's admin don't stop you. you are not normall person

[blackdev01]

this crash log appear today , after 5 crash happend continuously . https://gist.github.com/blackdev01/5c52ca5937aaf0946ac57c50b909b27a

i know hacker have to be online in a game for this crash . exploiter can do this crash even with a new character .

[wowmane]

hello i have a crash on my source , that seems to be an exploit this is my crashlogs https://gist.github.com/blackdev01/827699f9682ff12155cf770530e09623 https://gist.github.com/blackdev01/88d91dfedfbf789f2e847f7966c7a2a6 https://gist.github.com/blackdev01/fafda762ee8e2fc1a15bb269740fe906 https://gist.github.com/blackdev01/5f7b2cd3d4191227b06027ed257f1ea7

this my rev : a9b981d os : debian 8 i saw an report about this problem , i think my problem is look like this one

this post is a bounty post i'll pay 20$ for this my Discord : ProGrammer#8649

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

@blackdev01

Your project Core is for: https://github.com/Darkelmo/Myth-Core

You have a private project, first of all upgrade your core to last rev AC ! Your version is very old and has many problems... This problem does not exist in AC

Why don't you understand?

[alihajipoor]

@wowmane if you dont have fix of this problem so dont spam and let others check it

[BarbzYHOOL]

hmmm @blackdev01 apparently your core is almost 1 year old

[blackdev01]

yes but i did most of updates and this crash is reported on last rev too https://github.com/azerothcore/azerothcore-wotlk/issues/2150 i think this bug is exist on all of azerothcore revision .

[masterking32]

@blackdev01 Update your core to the last version, then enable trace/debug logs in worldserver.config then send it.

[alihajipoor]

@BarbzYHOOL @masterking32 This bug isnt related to old versions , I already updated my source but the problem didnt solve

2150

[masterking32]

@alihajipoor, Ok, As I said in both issues, enable your trace/debug logs then share it If you have the last version of AC. And I think both issues are same, so I think need to close #2150.

[masterking32]

We will wait for your log, But, One question, SOAP/Telnet/MySQL port is open in your server? @alihajipoor @blackdev01

[blackdev01]

hi i activated this log ,i'll send that here after first crash

telnet/mysql/soap are closed from out of network i did some changes on my source ,i'll announce if that fix the issue.

[alihajipoor]

@masterking32 I sent too many logs you can check #2150

Mysql port only acessible on localhost

[masterking32]

@blackdev01 So, It's ok, Send feedback and log if needed. @alihajipoor Enable your trace/debug logs in worldserver.conf and share that log!

[alihajipoor]

@masterking32 Here you are : https://mega.nz/#!y3hVgARR!uk4RqSjRIvMTyAix93LqufRlYrbXeez9msEO8aP46Ms

(Logs download link)

[masterking32]

Your code is not clean, Try my last commit and then send logs again.

[blackdev01]

not fixed . new crash log https://gist.github.com/blackdev01/9477f106f977e31fed3d28366a58e252

[alihajipoor]

I have new crash too , and previous fix dosen't solve problems.

https://gist.github.com/alihajipoor/f1a44ce8f7751926d0938011dff1c1e7

[wowmane]

hello i have a crash on my source , that seems to be an exploit this is my crashlogs https://gist.github.com/blackdev01/827699f9682ff12155cf770530e09623 https://gist.github.com/blackdev01/88d91dfedfbf789f2e847f7966c7a2a6 https://gist.github.com/blackdev01/fafda762ee8e2fc1a15bb269740fe906 https://gist.github.com/blackdev01/5f7b2cd3d4191227b06027ed257f1ea7

this my rev : a9b981d os : debian 8 i saw an report about this problem , i think my problem is look like this one

this post is a bounty post i'll pay 20$ for this my Discord : ProGrammer#8649

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

@blackdev01

i just want to help you , Your core need update to the latest version AC Your version is too old and are many problems...

[alihajipoor]

@wowmane I updated my core recently , but still have crash

[wowmane]

Your crash log is different.

[PkllonG]

There is also a hacker attack This is the attack macros used by hackers, found in the game character macros I can only comment on the code to prevent this kind of hacking

[PkllonG]

Should be a macro with a packet attack we hack Unable to restore attack environment All AC cores have this vulnerability

[dante6319]

https://pastebin.com/7DH1ghZB - crashlog

The hacker uses the program, just go to the server to press the button and crash happens, unfortunately I do not have a program

"There is no need to carry out any specific actions; just press 1 button"

There are suspicions that the problem is here Map.cpp - void Map :: Update

This crash also works on the latest version of TC

[wowmane]

@blackdev01 changed id to @dante6319

Why did you rename it? iD !!

and this crash is for: Spells/ Auras/ SpellAuras

Where do you know , Map! give of packet size for accountid.

[disclosurez]

There is also a hacker attack This is the attack macros used by hackers, found in the game character macros I can only comment on the code to prevent this kind of hacking

cannot reproduce with this macro?

[BarbzYHOOL]

CrashServer() ?

[PkllonG]

This is another attack, taking advantage of the role available commands and packet injection. @disclosurez @BarbzYHOOL

[PkllonG]

Thank you. I just found out.

[PkllonG]

Util.cpp

#include <array>
.......
std::wstring GetMainPartOfName(std::wstring wname, uint32 declension)
{
    // supported only Cyrillic cases
    if (wname.empty() || !isCyrillicCharacter(wname[0]) || declension > 5)
        return wname;

    // Important: end length must be <= MAX_INTERNAL_PLAYER_NAME-MAX_PLAYER_NAME (3 currently)
    static std::wstring const a_End = { wchar_t(0x0430), wchar_t(0x0000) };
    static std::wstring const o_End = { wchar_t(0x043E), wchar_t(0x0000) };
    static std::wstring const ya_End = { wchar_t(0x044F), wchar_t(0x0000) };
    static std::wstring const ie_End = { wchar_t(0x0435), wchar_t(0x0000) };
    static std::wstring const i_End = { wchar_t(0x0438), wchar_t(0x0000) };
    static std::wstring const yeru_End = { wchar_t(0x044B), wchar_t(0x0000) };
    static std::wstring const u_End = { wchar_t(0x0443), wchar_t(0x0000) };
    static std::wstring const yu_End = { wchar_t(0x044E), wchar_t(0x0000) };
    static std::wstring const oj_End = { wchar_t(0x043E), wchar_t(0x0439), wchar_t(0x0000) };
    static std::wstring const ie_j_End = { wchar_t(0x0435), wchar_t(0x0439), wchar_t(0x0000) };
    static std::wstring const io_j_End = { wchar_t(0x0451), wchar_t(0x0439), wchar_t(0x0000) };
    static std::wstring const o_m_End = { wchar_t(0x043E), wchar_t(0x043C), wchar_t(0x0000) };
    static std::wstring const io_m_End = { wchar_t(0x0451), wchar_t(0x043C), wchar_t(0x0000) };
    static std::wstring const ie_m_End = { wchar_t(0x0435), wchar_t(0x043C), wchar_t(0x0000) };
    static std::wstring const soft_End = { wchar_t(0x044C), wchar_t(0x0000) };
    static std::wstring const j_End = { wchar_t(0x0439), wchar_t(0x0000) };

    static std::array<std::array<std::wstring const*, 7>, 6> const dropEnds = { {
        { &a_End,  &o_End,    &ya_End,   &ie_End,  &soft_End, &j_End,    nullptr },
        { &a_End,  &ya_End,   &yeru_End, &i_End,   nullptr,   nullptr,   nullptr },
        { &ie_End, &u_End,    &yu_End,   &i_End,   nullptr,   nullptr,   nullptr },
        { &u_End,  &yu_End,   &o_End,    &ie_End,  &soft_End, &ya_End,   &a_End  },
        { &oj_End, &io_j_End, &ie_j_End, &o_m_End, &io_m_End, &ie_m_End, &yu_End },
        { &ie_End, &i_End,    nullptr,   nullptr,  nullptr,   nullptr,   nullptr }
    } };

    std::size_t const thisLen = wname.length();
    std::array<std::wstring const*, 7> const& endings = dropEnds[declension];
    for (auto itr = endings.begin(), end = endings.end(); (itr != end) && *itr; ++itr)
    {
        std::wstring const& ending = **itr;
        std::size_t const endLen = ending.length();
        if (!(endLen <= thisLen))
            continue;

        if (wname.substr(thisLen - endLen, thisLen) == ending)
            return wname.substr(0, thisLen - endLen);
    }

    return wname;
}

ObjectMgr.cpp

bool normalizePlayerName(std::string& name)
{
    if (name.empty())
        return false;

    std::wstring tmp;
    if (!Utf8toWStr(name, tmp))
        return false;

    wstrToLower(tmp);
    if (!tmp.empty())
        tmp[0] = wcharToUpper(tmp[0]);

    if (!WStrToUtf8(tmp, name))
        return false;

    return true;
}

Can this fix it? Can a friend test it?

[dante6319]

Crash with auras is a separate crash, it has nothing to do with normalizePlayerName https://pastebin.com/U4HLdcPr CONFIM

[wowmane]

@blackdev01 & @dante6319

Why are you spamming so much? stop creat fake id/acc for spam confirm

What's your problem ? crashes logs ! maps? spells? chats? gobjects? auras? instaces?

WTF / Troll

[dante6319]

I left 2 messages, why are you writing something here, friend, we provided a specific log. The problem really is, and it is critical.

[wowmane]

That's just your problem, You confirm with other accounts!

This is not a kind of crash, crash/logs is different!

In my server 580x online player and I have no problem.

[blackdev01]

wowmane please give me link your server ;)

[wowmane]

wowmane please give me link your server ;)

@blackdev01 & @dante6319 and other fake your id accounts

please tell me!

First you, what is your server site, and where are u from ?!

[dante6319]

Please remove the offtopic wowmane, it is so stupid that it does not understand that these are not random falls, but purposeful caused crashes

[dante6319]

@BarbzYHOOL
Please clear everything from offtopic, this is a very serious problem

[seoten]

https://pastebin.com/kcEiMFjX This crash is used by the script kiddy and then blackmailed.

[alihajipoor]

@wowmane This crash happened for me too, don't be stupid and don't repeat your words when you cant help us just leave this topic and go away, maybe somone would help us to fix this problem

I notice : this crash is doing by someone not from server, consider that is exploite

[seoten]

Software allows you to modify any package sent by the client. By sending garbage in data block, you can crash the kernel because there are too few checks on the data received from the client. Well, I ask you to apologize for my poor English.

[dante6319]

@Viste said it would fix it for $ 50

[Wokwer]

Собираю сумму чтобы повысить стоимость за фикс, до 50$ https://yasobe.ru/na/fiks_krawei_azerothcore_issues2170

[pak3935]

Был бы человек который смог это исправить, быстро бы собрали.

[Wokwer]

Был бы человек который смог это исправить, быстро бы собрали.

Человек как раз есть, и он уже сделал, но никто пока не помог со бором тут ценник 20$ надо просто добавить еще 30$ или 2000руб

[Viste]

Ещё не до конца сделал

[Undead02]

Скинул, немного