Skill Points Exploit

**trevius** · #1 10-20-2008, 01:12 AM

I thought there was a bug report on this somewhere already, but I can't seem to find it anywhere now. The problem is with skill points that are earned upon leveling that can be used to train skills at GM NPCs. Basically, the problem is that if you lose your level and level up again, you earn skill points again. This happens everytime you level up even from a rez. On most servers, it might not be a huge issue, but my server has a deleveling system which leaves players with hundreds or thousands of skill points to use for GM training lol.

I was thinking of many adding an alternate field to the _character table that would be for setting the max level that a character has reached. It would only track level ups exceeding it's current value and would never go down for any reason. This means that if skill points were only earned when that field was increased, this bug would be resolved. If added, I think it might be useful for my de-leveling system as well so I could expand it *wink*

I haven't really messed with anything related to the character table yet, so it may take time for me to figure out what all would need to be added and changed for it to work. But, if I get a chance, I will try to figure it out unless someone else has a better idea to resolve the bug.

**Derision** · #2 10-20-2008, 07:49 AM

There is a field called 'level2' in the player profile struct:

common/eq_packet_structs.h

Code:

/*0241*/        uint8                           level2; //no idea why this is here, but thats how it is on live

level2 isn't referenced anywhere in the EQEmu code, so presumably it is set to 0 at character creation and never changes. You could try storing the max level reached in here, as that is possibly what it was intended for. I just looked at three of 6.2 era packet collects and the level2 field was always the same as the level field in those collects.

**trevius** · #3 10-20-2008, 06:59 PM

Ahh sweet! You are the man! I will see if I can figure out what to do to get that done. But again, I haven't messed with the Character table stuff yet and am not really sure what would be involved in doing it. But, it does seem like Level2 would be perfect for what I am wanting to do

**trevius** · #4 11-09-2008, 09:22 PM

I am trying to take a second look into getting this fixed. Looking at the code, there is something that I don't understand the purpose of, and if possible, maybe it could be used for level2 instead.

eq_packet_structs.h

Code:

/*
** Level Update
** Length: 12 Bytes
*/
struct LevelUpdate_Struct
{
/*00*/ uint32 level;                  // New level
/*04*/ uint32 level_old;              // Old level
/*08*/ uint32 exp;                    // Current Experience
};

I am not sure what the point of level_old is. Maybe that is supposed to be level2. If so, then I think the solution to fix this bug wouldn't be too bad. I think we could change the code above to this:

eq_packet_structs.h

Code:

/*
** Level Update
** Length: 12 Bytes
*/
struct LevelUpdate_Struct
{
/*00*/ uint32 level;                  // New level
/*04*/ uint32 level2;              // Level2 for retaining max level reached (Don't think this is used anywhere)
/*08*/ uint32 exp;                    // Current Experience
};

Then, in exp.cpp change this:

Code:

        EQApplicationPacket* outapp = new EQApplicationPacket(OP_LevelUpdate, sizeof(LevelUpdate_Struct));
        LevelUpdate_Struct* lu = (LevelUpdate_Struct*)outapp->pBuffer;
        lu->level = set_level;
        lu->level_old = level;
        level = set_level;

        if(IsRaidGrouped())
        {
                Raid *r = this->GetRaid();
                if(r){
                        r->UpdateLevel(GetName(), set_level);
                }
        }

        if(set_level > m_pp.level) { // Yes I am aware that you could delevel yourself and relevel this is just to test!
                m_pp.points += 5 * (set_level - m_pp.level);

#ifdef EMBPERL
                ((PerlembParser*)parse)->Event(EVENT_LEVEL_UP, 0, "", (NPC*)NULL, this);
#endif
        }

        m_pp.level = set_level;

To this:

Code:

        EQApplicationPacket* outapp = new EQApplicationPacket(OP_LevelUpdate, sizeof(LevelUpdate_Struct));
        LevelUpdate_Struct* lu = (LevelUpdate_Struct*)outapp->pBuffer;
        lu->level = set_level;

        if(IsRaidGrouped())
        {
                Raid *r = this->GetRaid();
                if(r){
                        r->UpdateLevel(GetName(), set_level);
                }
        }

#ifdef EMBPERL
                ((PerlembParser*)parse)->Event(EVENT_LEVEL_UP, 0, "", (NPC*)NULL, this);
#endif
        }

        m_pp.level = set_level;
        if(set_level > m_pp.level2) {
                m_pp.points += 5 * (set_level - m_pp.level2);
                m_pp.level2 = set_level;
        }

And, I think this SQL would add the level2 field to the character_ table:

Code:

ALTER TABLE `character_` ADD column `level2` mediumint(8) unsigned NOT NULL default '1';

Note that I haven't tested this yet, and am not sure if it would work or not. But, at least it should be a start to getting this bug resolved. Anyone have thoughts on it so far?

**KLS** · #5 11-09-2008, 10:03 PM

Why exactly are you changing the level update struct? It has nothing to do with the problem at all. The sql isn't needed either as pp is stored in character table already.

If the level we're trying to set is greater than our level2 in pp then add points in the amount of 5 for every level diff between level we're trying to set and our level2. Set level2 to our new level:

Code:

void Client::SetLevel(int8 set_level, bool command)
{
	#ifdef GUILDWARS
		if(set_level > SETLEVEL) {
			Message(0,"You cannot exceed level %i on a GuildWars Server.",SETLEVEL);
			return;
		}
	#endif

	if (GetEXPForLevel(set_level) == 0xFFFFFFFF) {
		LogFile->write(EQEMuLog::Error,"Client::SetLevel() GetEXPForLevel(%i) = 0xFFFFFFFF", set_level);
		return;
	}

	EQApplicationPacket* outapp = new EQApplicationPacket(OP_LevelUpdate, sizeof(LevelUpdate_Struct));
	LevelUpdate_Struct* lu = (LevelUpdate_Struct*)outapp->pBuffer;
	lu->level = set_level;
	lu->level_old = level;
	level = set_level;

	if(IsRaidGrouped())
	{
		Raid *r = this->GetRaid();
		if(r){
			r->UpdateLevel(GetName(), set_level);
		}
	}
	
	if(set_level > m_pp.level2)
	{
		m_pp.points += (5 * (set_level - m_pp.level2));
		m_pp.level2 = set_level;
	}

**trevius** · #6 11-09-2008, 10:34 PM

Thanks for clearing that up KLS. I don't really know much about the BLOBs and I am guessing that is what pp stuff is. I know level is stored directly in the character_ table, which is why I thought level2 had to be added there. I am still not clear on why there is a level field in the table if it is also in the pp (blob I guess).

Either way, if level2 is already there, then it looks like this should be a simple fix. I will give it a try and see how it tests.

I also think that these 2 lines could be removed:

Code:

        lu->level_old = level;
        level = set_level;

Because I don't see where those are even used anywhere in the code.

I also don't see any use of level_old and can't think of any reason why it would even exist. That is why I thought the packet structure might be wrong. Once I was done posting that, I already knew it had nothing to do with the fix, but it probably doesn't hurt to have the packet structure corrected if it is wrong. I am not saying that it is wrong, but just that I don't know what a level_old would be used for and I don't see it referenced anywhere else, or used anywhere. Just something to consider, anyway.