[exploit/dupe] Player can clone stacking items

[GoogleCodeExporter]

By pdx15 (22 February 2010 - automatically ported issue):

There is a simple wat to clone stacking item without any special soft. I'm 
going to show this step by step:
You need 1 additional empty bag in 'f8' slot (all other bag slots are empty), 
stack of items you want to clone in main bag (stack should be full, 5/5 for 
healing potion, for example ) and someone to trade with.
Split 1 item from stack and place it in to 'f8' bag
Now you should fill all 15 slots in main bag with any items, water or food, for 
example; so, after that you have 16/16 slots filled in main bag
Use mouse to move bag from f8 slot to f10 slot; than move it back to f8;
Use mouse to move bag from f8 slot to f9 slot; than move it back to f8;
Place item from f8 bag into main bag; so now we have full 5/5 stack of healing 
potion again.
Use mouse to move bag from f8 slot into main bag. We have no free space in main 
bag and bag from f8 disappears;
Delete any 1 item from main bag to free 1 slot in it, split 1 item from 5/5 
stack and place into that 1 free slot.
Open trade with other character and give to him 4/5 stack of healing potions,
Logout now
After logout there are 4/5 stack on your main bag and same stack on yours 
companion bag;
Profit!

------
note:
This bug works only with stackable items and only on trinitycore-243 based emu 
(wotlk version is not affected). 
fix 
http://code.google.com/p/trinitycore/source/detail?r=834673a22a785be1da7645aaf9d
c7c142f941a32 
on 2.4.3 doesn't solve problem with dupe and breaks enchanting through trade

Original issue reported on code.google.com by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By alexandro:
confirmed issue with item dupe :/

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By oregon:
ok, this bug is accepted, when someone has the time it will be fixed.

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

• Changed state: Accepted

[GoogleCodeExporter]

By alexandro:
bump*

and there is another kind of dupe through guild bank.
it works same as described before:
1. fill main bag with stacks of items you want to dupe (16/16 slots should be 
filled)
2. push empty bags into slots f8 and f9 (f10 and f11 should be empty)
3. move bag from f9 to f10, than from f10 to f9, finally from f9 to main bag; 
after that bag is gone;
4. open guild bank - split all stacks from main bag -> leave only 1 peace of 
stack into main bag and other items push into guildbank;
5. logout
6. after relog all your stack in main bag are full + items in guild bank.

This trick doesn't work in tc2, so, I guess, fix could be revealed and imported 
into Oregon.
video guide:
http://www.youtube.com/watch?v=Lws8Yxbwmf4

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By pdx15:
Very severe bug, server economy collapses in the face of.
Rare components packs on cheap stuff sell ((

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By pdx15:
fix guild bank dupe 
http://mangos.svn.sourceforge.net/viewvc/mangos?view=rev&revision=6709

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By pdx15:
fix trade dupe
http://mangos.svn.sourceforge.net/viewvc/mangos?view=rev&revision=6565

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By alexandro:
This fixes are already implemented in trinity-243/oregon, so they can't help 
with dupe problem.

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By Anonymous:
This should be priority

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By Anonymous:
I think the bug is because the emulator is saving a temporal or uncleaned array 
with items in bank at the moment of the logout.
Sorry I can't help you with trinity/mangos code, I really didn't looked at it 
to understand how it works.
One possible fix should be (pseudo code)
on logout:
{
 if (user have bank window open)
{
     close bank window (this will save the current items on database)
}
if (user have trade window open)
{
     cancel trade;
}
}
Another posible fix (the best one but more hard to find the bug in code) is to 
find where in the code is the part to save inventory/bank items and check where 
is not deleting in an array the stacked items.
- Peluche

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By Anonymous:
One possible fix should be (pseudo code)
#!pseudo

on logout: 
{ 
    if (user have bank window open) 
    { 
         close bank window (this will save the current items on database) 
     } 
    if (user have trade window open) 
    { 
         cancel trade; 
     } 
}

Another posible fix (the best one but more hard to find the bug in code) is to 
find where in the code is the part to save inventory/bank items and check where 
is not deleting in an array the stacked items.
- Peluche

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By krz:
http://paste2.org/p/727405

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By Anonymous:
Checking it, thanks for the patch
-Peluche

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By Anonymous:
The bug is still working with this patch (http://paste2.org/p/727405) at least 
using trade - Peluche

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By plank:
Trade dupe or cheat via trade when you swap bags? 
Can you explain?

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By Anonymous:
Trade duppe I mean - Peluche

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By Anonymous:
Nobody knows to fix it ?

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By plank:
do you know method how to dupe with trade?

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By oregon:
still searching a solution. Instead of bumping, help searching;)

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By oregon:
could this be a solution? 
http://bitbucket.org/oregon/trinity_changelog/changeset/7142e253292a

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By niyo:
looks good yes, but someone have to implement the patch and try to dupe

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By Anonymous:
Bug still working with that patch, just tested it.
- Peluche

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By Anonymous:
ehh, IMO, this isssue should be pass protected or smth like that, beacause now, 
everyone can read it and clone lots of items on it's server, being afraid it'll 
got fixed. :/.

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By Anonymous:
What about this fix
http://dev.trinitycore.org/trinitycore/changeset/834673a22a78

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By Anonymous:
That fix doesn't work at all, first of all, the bug exploit still working, 
second, doesn't let the people enchant their items. - Peluche

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By digerago:
as if to put all these things from the bags to the player bank and to buy new 
things - the bug is repeated, but only with a player bank!
cloned and things are not stacking!
serious bug...

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By Anonymous:
Yes, it is a serious bug with no fix yet, I test every fix people post with no 
success...
- Peluche

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By Anonymous:
Bug is at Player.cpp 
void Player::_SaveInventory()
Trying to find a solution...
-Peluche

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By stfx:
Please try attached patch for trade exploit.

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By stfx:
Added in r213. Please comfirm if trade exploit is fixed. Guild exploit could 
still work but I am currently backporting the guild code so this issue may be 
resolved soon.

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By Anonymous:
Tested the patch, didn't work. -Peluche

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By stfx:
Heavy exploit

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By stfx:
http://code.google.com/p/trinitycore/issues/detail?id=2347

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By stfx:
Fixed 
http://www.oregoncore.com/index.php?/topic/344-important-fixed-exploit-dupe - 
Please test it

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

[GoogleCodeExporter]

By stfx:
http://bitbucket.org/oregon/oregoncore/changeset/3055fb636157

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54

• Changed state: Fixed

[GoogleCodeExporter]

By pdx15:
khm o_O

Original comment by stfxm...@gmail.com on 30 Dec 2010 at 2:54