Ken

Developer
  • Content count

    804
  • Joined

  • Last visited

Everything posted by Ken

  1. With new changes, webzen is added new things in item proto. The newest item proto has two new bytes and vnum range. Here is the newest item proto struct typedef struct { DWORD dwVnum; DWORD dwVnumRange; char szName[ITEM_NAME_MAX_LEN + 1]; char szLocaleName[ITEM_NAME_MAX_LEN + 1]; BYTE bType; BYTE bSubType; BYTE bWeight; BYTE bSize; DWORD dwAntiFlags; DWORD dwFlags; DWORD dwWearFlags; DWORD dwImmuneFlag; DWORD dwGold; DWORD dwShopBuyPrice; TItemLimit aLimits[ITEM_LIMIT_MAX_NUM]; TItemApply aApplies[ITEM_APPLY_MAX_NUM]; long alValues[ITEM_VALUES_MAX_NUM]; long alSockets[ITEM_SOCKET_MAX_NUM]; DWORD dwRefinedVnum; WORD wRefineSet; BYTE bAlterToMagicItemPct; BYTE bSpecular; BYTE bGainSocketPct; BYTE bMaskType; BYTE bMaskSubType; } TClientItemTable; ItemData.cpp BYTE CItemData::GetMaskType() const { return m_ItemTable.bMaskType; } BYTE CItemData::GetMaskSubType() const { return m_ItemTable.bMaskSubType; } PythonItemModule.cpp PyObject * itemGetMaskType(PyObject * poSelf, PyObject * poArgs) { CItemData * pItemData = CItemManager::Instance().GetSelectedItemDataPointer(); if (!pItemData) return Py_BuildException("no selected item data"); return Py_BuildValue("i", pItemData->GetMaskType()); } PyObject * itemGetMaskSubType(PyObject * poSelf, PyObject * poArgs) { CItemData * pItemData = CItemManager::Instance().GetSelectedItemDataPointer(); if (!pItemData) return Py_BuildException("no selected item data"); return Py_BuildValue("i", pItemData->GetMaskSubType()); } Here are the newest item proto text files. http://www.speedyshare.com/G4W3M/ItemProto.rar Best Regards Ken
  2. Metin2 Proto Reader 1.0.4View File SubmitterKenSubmitted07/25/15CategoryTools
  3. Second fix - Description (Totally fix) Even If you don't use escape string for the companion, the function will search companion and account in the maps. If the result is not positive, the function will stop itself and write a log in syserr. Search this in messenger_manager.cpp void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion) Replace with this void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion) { if (companion.empty()) return; // Second fix if (m_Relation[account].find(companion) == m_Relation[account].end() || m_InverseRelation[companion].find(account) == m_InverseRelation[companion].end()) { LPCHARACTER ch = CHARACTER_MANAGER::Instance().FindPC(account.c_str()); if (ch) { sys_err("MessengerManager::RemoveFromList: %s tries to use messenger sql injection", ch->GetName()); if (ch->GetDesc()) ch->GetDesc()->DelayedDisconnect(3); } else sys_err("MessengerManager::RemoveFromList: Omg! The ghost tried to use this function!"); return; } sys_log(1, "MessengerManager::RemoveFromList: Remove %s %s", account.c_str(), companion.c_str()); DBManager::instance().Query("DELETE FROM messenger_list%s WHERE account='%s' AND companion = '%s'", get_table_postfix(), account.c_str(), companion.c_str()); __RemoveFromList(account, companion); TPacketGGMessenger p2ppck; p2ppck.bHeader = HEADER_GG_MESSENGER_REMOVE; strlcpy(p2ppck.szAccount, account.c_str(), sizeof(p2ppck.szAccount)); strlcpy(p2ppck.szCompanion, companion.c_str(), sizeof(p2ppck.szCompanion));; P2P_MANAGER::instance().Send(&p2ppck, sizeof(TPacketGGMessenger)); } If you want to ban who tries to use this SQL injection, here is a code for you. void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion) { if (companion.empty()) return; // Second fix if (m_Relation[account].find(companion) == m_Relation[account].end() || m_InverseRelation[companion].find(account) == m_InverseRelation[companion].end()) { LPCHARACTER ch = CHARACTER_MANAGER::Instance().FindPC(account.c_str()); if (ch) { sys_err("MessengerManager::RemoveFromList: %s tries to use messenger sql injection", ch->GetName()); DBManager::Instance().DirectQuery("UPDATE account.account SET status = 'BAN' WHERE id = %u", ch->GetAID()); if (ch->GetDesc()) ch->GetDesc()->DelayedDisconnect(3); } else sys_err("MessengerManager::RemoveFromList: Omg! The ghost tried to use this function!"); return; } sys_log(1, "MessengerManager::RemoveFromList: Remove %s %s", account.c_str(), companion.c_str()); DBManager::instance().Query("DELETE FROM messenger_list%s WHERE account='%s' AND companion = '%s'", get_table_postfix(), account.c_str(), companion.c_str()); __RemoveFromList(account, companion); TPacketGGMessenger p2ppck; p2ppck.bHeader = HEADER_GG_MESSENGER_REMOVE; strlcpy(p2ppck.szAccount, account.c_str(), sizeof(p2ppck.szAccount)); strlcpy(p2ppck.szCompanion, companion.c_str(), sizeof(p2ppck.szCompanion));; P2P_MANAGER::instance().Send(&p2ppck, sizeof(TPacketGGMessenger)); }
  4. Mask Type and mask subtype will use for private shop search. (It's for list the items order by Type and Subtypes) Best Regards Ken
  5. @Koray If you can't understand the goal of GetPCForce, don't use the source files. They may miss a few condition but your goal is not totally fix. Your method is just about extra make sure.. Best Regards Ken
  6. @Koray It's not totally fix. It's about code style. If you try to use CQuestManager::GetPCForce for a NPC or monster or pet, Of course you will get a null pointer. It more makes sense to write the codes well. Best Regards Ken
  7. @Koray If the system didn't know anything about newmember is pc or not. even If you edit that function, it will be unnecessary. Best Regards Ken
  8. Ohm, it's not bug it's just a small mistake.
  9. The packet mechanism is calculating the struct size with sizeof() function. Ohm, if you have any error like that, you should check the static packets. Also, you can find the packet with using breakpoint in visual studio. Best Regards Ken
  10. I don't know which guide you followed it. If you can show what you have done, it could be easy for us. Best Regards Ken
  11. You don't have to be downhearted
  12. Some things online can never change like -- Terrible Passwords by Humans. When it's about various security measures to be taken in order to protect your Internet security, like installing a good anti-virus or running Linux on your system doesn’t mean that your work gets over here, and you are safe enough from online threats. However, even after countless warnings, most people are continuously using deadly-simple passwords, like '123456' or 'password,' to safeguard their most sensitive data. Evidence suggests that weak passwords are as popular now as they ever were, and the top 25 passwords of 2015 are very easy to guess. Password management firm SplashData on Tuesday released its annual "Worst Passwords List". The 2015 list almost resembled the 2014 list of the worst password, but there are some interesting new entries, including the Star Wars-inspired 'solo,' and 'starwars.' Hard to believe, but '123456' once again topped the list, just like last year, and again followed by the truly terrible 'password.' Sport remains popular among online users as 'football' and 'baseball' are both on the top 10 list of worst passwords. Top 25 Worst Passwords of 2015 SplashData analyzed over 2 Million leaked passwords in 2015, and the results are as follow: 123456 password 12345678 qwerty 12345 123456789 football 1234 1234567 baseball welcome 1234567890 abc123 111111 1qaz2wsx dragon master monkey letmein login princess qwertyuiop solo passw0rd starwars The importance of online security around personal data has increased due to the rise in data breaches and cyber attacks over recent years. Last year was the year of data breaches. According to an estimate, around 480 Million personal data records were leaked online, which included high-profile breaches at the United States Office of Personnel Management (OPM) and the extramarital affair site Ashley Madison. So remember: "God helps those who help themselves," likewise nobody can secure you online unless and until you are not willing to. How to Create a Strong Password Always create different passwords for different sites. So that if one site is breached, your other online accounts on other sites are secure from being hacked. These are some useful tips that will help you make password strength secure and easier to remember: Use a combination of lowercase, uppercase, numbers, and special characters of 8 characters long or more like s9%w^8@t$i. Use short passphrases with special characters separating to make it difficult for crackers and could be easily remembered like cry%like@me (cry like me). Avoid using the same combination of passwords for different websites. If it is difficult for you to remember different passwords for different websites, then use Password Manager applications like RoboForm, 1Password, LastPass. Stay Safe! Stay Secure!
  13. Public Wi-Fi, Of course, it's the best thing to hack big companies. If we're talking about big things, FBI is crying about that at the moment. It depends on your skills. If you're really professional, FBI don't even catch you. They can't trace bitcoins too. (The newest one is Decred as far I know). The main goal is you have to be more intelligence than your victim. The picture explains everything. It reminds me this Best Regards Ken
  14. It was an example. Most people can't control themselves. Their enjoys and so on. Most hacker are choosing those places because of that. It's like a vulnerability or send a naked girl to your victim. (You probably put your virus and encrypt it). Those things are already easy but everything is up to you. If you click everything all the time, you will get this sooner or later or he can blackmailing you with a few information. It's depend on your brain If the hacker already knew you well, it will be easy for him. Social engineering and informations about you. Of course, you can call FBI for that if you want ^^ That's a bad thing but the main goal is how to trick the victim. That explains why social engineering is the best power in this world. Best Regards Ken
  15. If you're using bruteforce, you could crack it easily. (Just use Python or something like that. If you don't use kali linux or something like that) import itertools res = itertools.product('abc', repeat = 3); for i in res: print ''.join(i) Also, it's up to you. Most people are saying don't use specific things about yourself when you create a password. That's a reason but If that hacker or someone else know you well or sniffing, it could be easy too. If you want to try hard, you could use specific words (which one is not from english). It just depends on your brain. Protect yourself and be cool. That explains, why vanilla said the hacker could use a bruteforce attack. If you're watching 18+ stuffs on the internet and click every advertisement, you probably get that and everything will be dangerous for ya. Also, it's depend on the hacker's social engineering skills. You can hack people whenever you want. (That's a rule). http://resources.infosecinstitute.com/social-engineering-a-hacking-story/ Best Regards Ken
  16. As I said, it depends on your brain. If you're good with remembering something, you don't have to save your password in your computer. Otherwise, you have to save your passwords in your computer. It's not about password's length or something like that. It's about combination. If you give a combination someone, they probably solve it sooner or later. https://en.wikipedia.org/wiki/Password_strength#Entropy_as_a_measure_of_password_strength
  17. The worst password.. It depends on your brain also your knowledge about the internet too. Most people don't care about the password because they're thinking there is nothing to steal or something like that. Don't be sure.
  18. We can't upload the photos from external websites on the forum [SOLVED] We can't use BB Code because of the theme because I tested BB Code via the different theme and it's working fine. We can't see who likes our messages on the forum. [SOLVED] Kaspersky gives a phishing warning when I'm trying to re-edit my message. [SOLVED] As my research, there is a twitter webpage for metin2dev but the forum is not using. Twitter button's redirect is empty at the moment. https://twitter.com/metin2dev Before, we can see who likes our message via notification. However, we can't see who likes our messages via notification too in the last ip.board version. [SOLVED] Somebody liked your post. We can't see the signatures. [SOLVED] There is a problem about spoiler tag. [SOLVED] There is no quote button and add code button. Making a spoiler I think, that's all for now. Kind Regards ~ Ken
  19. Rejoice for Privacy Lovers! Facebook today took a surprising move by announcing that it is bringing the free anonymizing software TOR support to its Android app, almost two years after the social network planned to make Facebook available directly over Tor network. Yes. Believe it or not, the Android version of the popular Facebook application now supports the Tor anonymity network. In October 2014, Facebook launched a .onion website on TOR in order to let its users around the world access its service more securely. Access Facebook over TOR via Orbot This latest move to expand that access to the Android app opens up the option to millions more users to maintain their privacy when they visit the world's most popular social network. Facebook says "a sizeable community of people" are already accessing the site over TOR, so the company is bringing this feature to Android via the free Orbot proxy app, which is available on the Google's Play Store. "We commonly receive requests for additional platform support beyond the browser,"reads the announcement, "...we are now offering experimental support for using Facebook over Tor via the Orbot proxy app for Android devices." How to Use Facebook Over TOR? In order to access Facebook over TOR, Download Orbot proxy app from the Play Store. Now open Facebook app and Select "Use Tor via Orbot" in the app's Settings menu. That's it. Now you are connected to Facebook's Tor hidden service that will mask your real IP address and will stop your internet service provider (ISP) from seeing when you visit Facebook. Moreover, this new feature could potentially allow users to access the social network site even if it is blocked in their country, like China and Iran. Facebook says that the company is releasing this new feature "over the next few days," so do not expect to see the pop-up right now. And as the feature is currently in the experimental stage, flaws and other issues may occur.
  20. If you can't give point to your skills, that means something is wrong in skill_proto. Every source is working fine on Windows. I don't think there is a problem just like that in the whole source files. Best Regards Ken
  21. There is a define flag for both platform. For windows, the compiler is using different define type for mysql functions . Best Regards Ken
  22. At first, your syserr file hasn't contained any critical error. Maybe you just need to check your skill proto file. Best Regards Ken
  23. If you're using stripped db file, you can't see what's going on because strip command is removing the symbols in the file. If you want to see what's going on, you must use unstripped db file. Best Regards Ken