bug/cheat?

spider661 · #1 06-27-2008, 06:45 AM

i have the mage epic and a few class armors on my server as low lvl item. today i loged on and looked in on the players and i found a sk he had a mage pet and was afk killing something i was like wtf so i peeked in his invo and in his bags he had the mage epic an a few choice items that had click effects on them none of these items where usable by his class and they where all must equip to cast items.

i have seen this on another server also. a bard was using items he was not suppose to..

i figured it was becuase he was a bard and got some kinda ability to use items not for his class but i know sk's don't get an ability to do that.

so is there a bug or a cheat thats letting players use item there not suppose to use?

if its a cheat I need to ban this guy if its a bug i need to look into it so please don't keep the info to yourself if you know about it i really need to know :P

thanks

So_1337 · #2 06-27-2008, 09:02 AM

From what I understand, it's one of the things that MQ2 is capable of doing. I haven't had experience catching any cheaters on my server using it, however, so I can't say for sure. I'm sure someone can chime in.

ndnet · #3 06-27-2008, 01:41 PM

This is my approach to the problem. The server has a harsh policy against people using MQ2 to cheat so it's more of a trap than a bugfix. Instead of simply denying their ability to use this exploit quietly and letting them continue it logs their attempt, bans their account, then worldkicks them off the server.

Add the following to zone/spells.cpp before the return in the Mob::CastSpell() function. In my files, CastSpell starts around line 174 with the code being added around line 246. This is prior to the following line:

Code:

  return(DoCastSpell(spell_id, target_id, slot, cast_time, mana_cost, oSpellWillFinish, item_slot));

Code:

  /*------------------------------
  Added to prevent MQ2 
  exploitation of equipping 
  normally-unequippable items 
  with effects and clicking them
  for benefits. - ndnet
  ---------------------------------*/
  if(item_slot && IsClient() && slot == USE_ITEM_SPELL_SLOT)
  {
    ItemInst *itm = CastToClient()->GetInv().GetItem(item_slot);
    int bitmask = 1;
    bitmask = bitmask << (CastToClient()->GetClass() - 1);
    if( itm && itm->GetItem()->Classes != 65535 && (itm->GetItem()->Click.Type == ET_EquipClick) && !( itm->GetItem()->Classes & bitmask ) ){
      // They are casting a spell on an item that requires equipping but shouldn't let them equip it
      LogFile->write(EQEMuLog::Error, "HACKER: %s (account: %s) attempted to click an equip-only effect on item %s (id: %d) which they shouldn't be able to equip!", CastToClient()->GetCleanName(), CastToClient()->AccountName(), itm->GetItem()->Name, itm->GetItem()->ID);

      //CastToClient()->DeleteItemInInventory(inventory_slot,0,false);
      database.SetHackerFlag(CastToClient()->AccountName(), CastToClient()->GetCleanName(), "Clicking equip-only item with an invalid class");
      database.SetAccountStatus(CastToClient()->AccountName(), -2);
      CastToClient()->WorldKick();
    }
  }

Feel free to add or modify this. For instance to make it friendlier you might remove the HackerFlag, AccountStatus, and WorldKick calls and simply return(false) as if the client had fizzled or something.

spider661 · #4 06-27-2008, 10:16 PM

Oh no we have a strict policy also i love this thanks...

you would not happen to have any more code for stopping stuff like this what about warping code? something that would report warper's and kick them but not ban till it can be looked into

**trevius** · #5 06-28-2008, 12:54 AM

This might be a good thing to submit to the server code submissions section if you would be ok with it getting added to the source. Of course, IMO, it would be best if it only noted the incident into the hackers tables similar to how TheLieka's MQ detection does, and didn't ban the player. I don't think an autoban would get accepted in the source, but it just reporting any occurrences should be fine.

And as far as warp detection goes, that is already in the source from 1110 and later. You just have to make sure you add the correct table info and enable the rules for it to actually start working.

spider661 · #6 06-28-2008, 03:31 AM

anyone know what this plugin is called?

i finally got a version of macroquest and want to test in on my server to see if this code worked..

please i promise im not one to go around to other servers using it just want to test it.

rojadruid · #7 06-28-2008, 02:11 PM

Quote:

Originally Posted by trevius

This might be a good thing to submit to the server code submissions section if you would be ok with it getting added to the source. Of course, IMO, it would be best if it only noted the incident into the hackers tables similar to how TheLieka's MQ detection does, and didn't ban the player. I don't think an autoban would get accepted in the source, but it just reporting any occurrences should be fine.

And as far as warp detection goes, that is already in the source from 1110 and later. You just have to make sure you add the correct table info and enable the rules for it to actually start working.

If some one know how to code it the auto ban could be made into a rule.