trevius
07-25-2008, 06:19 PM
This is my approach to the problem. The server has a harsh policy against people using MQ2 to cheat so it's more of a trap than a bugfix. Instead of simply denying their ability to use this exploit quietly and letting them continue it logs their attempt, bans their account, then worldkicks them off the server.
Add the following to zone/spells.cpp before the return in the Mob::CastSpell() function. In my files, CastSpell starts around line 174 with the code being added around line 246. This is prior to the following line:
return(DoCastSpell(spell_id, target_id, slot, cast_time, mana_cost, oSpellWillFinish, item_slot));
Code:
/*------------------------------
Added to prevent MQ2
exploitation of equipping
normally-unequippable items
with effects and clicking them
for benefits. - ndnet
---------------------------------*/
if(item_slot && IsClient() && slot == USE_ITEM_SPELL_SLOT)
{
ItemInst *itm = CastToClient()->GetInv().GetItem(item_slot);
int bitmask = 1;
bitmask = bitmask << (CastToClient()->GetClass() - 1);
if( itm && itm->GetItem()->Classes != 65535 && (itm->GetItem()->Click.Type == ET_EquipClick) && !( itm->GetItem()->Classes & bitmask ) ){
// They are casting a spell on an item that requires equipping but shouldn't let them equip it
LogFile->write(EQEMuLog::Error, "HACKER: %s (account: %s) attempted to click an equip-only effect on item %s (id: %d) which they shouldn't be able to equip!", CastToClient()->GetCleanName(), CastToClient()->AccountName(), itm->GetItem()->Name, itm->GetItem()->ID);
//CastToClient()->DeleteItemInInventory(inventory_slot,0,false);
database.SetHackerFlag(CastToClient()->AccountName(), CastToClient()->GetCleanName(), "Clicking equip-only item with an invalid class");
database.SetAccountStatus(CastToClient()->AccountName(), -2);
CastToClient()->WorldKick();
}
}
Feel free to add or modify this. For instance to make it friendlier you might remove the HackerFlag, AccountStatus, and WorldKick calls and simply return(false) as if the client had fizzled or something.
I just added a slightly modified version of this code to my server. Of course, all credit goes to ndnet. But, I figured I would post it here so it could be added to the source.
I edited mine so that it just returns false and logs it:
/*------------------------------
Added to prevent MQ2
exploitation of equipping
normally-unequippable items
with effects and clicking them
for benefits. - ndnet
---------------------------------*/
if(item_slot && IsClient() && slot == USE_ITEM_SPELL_SLOT)
{
ItemInst *itm = CastToClient()->GetInv().GetItem(item_slot);
int bitmask = 1;
bitmask = bitmask << (CastToClient()->GetClass() - 1);
if( itm && itm->GetItem()->Classes != 65535 && (itm->GetItem()->Click.Type == ET_EquipClick) && !( itm->GetItem()->Classes & bitmask ) ){
// They are casting a spell on an item that requires equipping but shouldn't let them equip it
LogFile->write(EQEMuLog::Error, "HACKER: %s (account: %s) attempted to click an equip-only effect on item %s (id: %d) which they shouldn't be able to equip!", CastToClient()->GetCleanName(), CastToClient()->AccountName(), itm->GetItem()->Name, itm->GetItem()->ID);
//CastToClient()->DeleteItemInInventory(inventory_slot,0,false);
database.SetHackerFlag(CastToClient()->AccountName(), CastToClient()->GetCleanName(), "Clicking equip-only item with an invalid class");
return(false);
}
}
I didn't want it auto-banning people, just in case it might be a little buggy. But, I do want to prevent it and to log it. Works perfectly so far. I tested and was unable to cast an item that was equiped using the #equipitem command. Then, later on, I saw a player tripping it and getting logged into the hacker table.
By the way, this detection is for detecting when a player uses MQ to force an item to equip that shouldn't be equipable by that race/class, for the purpose of using an "equip only" clickie spell. This blocks that clickie from being casted and logs it.
Add the following to zone/spells.cpp before the return in the Mob::CastSpell() function. In my files, CastSpell starts around line 174 with the code being added around line 246. This is prior to the following line:
return(DoCastSpell(spell_id, target_id, slot, cast_time, mana_cost, oSpellWillFinish, item_slot));
Code:
/*------------------------------
Added to prevent MQ2
exploitation of equipping
normally-unequippable items
with effects and clicking them
for benefits. - ndnet
---------------------------------*/
if(item_slot && IsClient() && slot == USE_ITEM_SPELL_SLOT)
{
ItemInst *itm = CastToClient()->GetInv().GetItem(item_slot);
int bitmask = 1;
bitmask = bitmask << (CastToClient()->GetClass() - 1);
if( itm && itm->GetItem()->Classes != 65535 && (itm->GetItem()->Click.Type == ET_EquipClick) && !( itm->GetItem()->Classes & bitmask ) ){
// They are casting a spell on an item that requires equipping but shouldn't let them equip it
LogFile->write(EQEMuLog::Error, "HACKER: %s (account: %s) attempted to click an equip-only effect on item %s (id: %d) which they shouldn't be able to equip!", CastToClient()->GetCleanName(), CastToClient()->AccountName(), itm->GetItem()->Name, itm->GetItem()->ID);
//CastToClient()->DeleteItemInInventory(inventory_slot,0,false);
database.SetHackerFlag(CastToClient()->AccountName(), CastToClient()->GetCleanName(), "Clicking equip-only item with an invalid class");
database.SetAccountStatus(CastToClient()->AccountName(), -2);
CastToClient()->WorldKick();
}
}
Feel free to add or modify this. For instance to make it friendlier you might remove the HackerFlag, AccountStatus, and WorldKick calls and simply return(false) as if the client had fizzled or something.
I just added a slightly modified version of this code to my server. Of course, all credit goes to ndnet. But, I figured I would post it here so it could be added to the source.
I edited mine so that it just returns false and logs it:
/*------------------------------
Added to prevent MQ2
exploitation of equipping
normally-unequippable items
with effects and clicking them
for benefits. - ndnet
---------------------------------*/
if(item_slot && IsClient() && slot == USE_ITEM_SPELL_SLOT)
{
ItemInst *itm = CastToClient()->GetInv().GetItem(item_slot);
int bitmask = 1;
bitmask = bitmask << (CastToClient()->GetClass() - 1);
if( itm && itm->GetItem()->Classes != 65535 && (itm->GetItem()->Click.Type == ET_EquipClick) && !( itm->GetItem()->Classes & bitmask ) ){
// They are casting a spell on an item that requires equipping but shouldn't let them equip it
LogFile->write(EQEMuLog::Error, "HACKER: %s (account: %s) attempted to click an equip-only effect on item %s (id: %d) which they shouldn't be able to equip!", CastToClient()->GetCleanName(), CastToClient()->AccountName(), itm->GetItem()->Name, itm->GetItem()->ID);
//CastToClient()->DeleteItemInInventory(inventory_slot,0,false);
database.SetHackerFlag(CastToClient()->AccountName(), CastToClient()->GetCleanName(), "Clicking equip-only item with an invalid class");
return(false);
}
}
I didn't want it auto-banning people, just in case it might be a little buggy. But, I do want to prevent it and to log it. Works perfectly so far. I tested and was unable to cast an item that was equiped using the #equipitem command. Then, later on, I saw a player tripping it and getting logged into the hacker table.
By the way, this detection is for detecting when a player uses MQ to force an item to equip that shouldn't be equipable by that race/class, for the purpose of using an "equip only" clickie spell. This blocks that clickie from being casted and logs it.