وتتوالى كوارث joymax

[farfoor]

بالصدفة بفتح rev6 لقيت الموضوع ده
خلاصة الكلام انه فى ناس معاها staff d20 ايوه D20 المهم الى حوالين الاعب ده بيجيلوه dc وملف dump لانه ملف ال d20 staff مش فى الميديا لكن الكارثة انهم ظبطوا الميديا بحيث انه ما يخدش كراش
يعنى مش معروف اذا كان ده اكونت GM واتهكر ولا هما اخترقا الميديا وبيعدلوا فيها براحتهم
المهم ده الموضوع فى rev6 وياريت اى حد من المشرفين يظبط الموضوع Player able to spawn GM item and D20 Legend staff...
Do you think those people are behind the DB leak that occurring since September 2011?
Related to the massive account hacking that keep occurring?


عفوا ,,, لايمكنك مشاهده الروابط لانك غير مسجل لدينا [ للتسجيل اضغط هنا ]

This is the 3rd fortress war on Norma which people are complaining of Hacker/Exploit
The hacker login to the server and EVERYONE around them get a client crash.
The hack was caused by a player using a D20 Legend staff
Yes, I said it correctly, he had a D20 not D12, D20...

The error resulting from the crash is the following:
res\item\europe\weapon\tstaff_20.bsr Loading Failed.
For everyone that had a crash, you can use your bot to view their equipped item after the crash.

Another method is to look inside
C:\Program Files (x86)\Silkroad\Dump\*.dmp and the last created file should contain:
ASSERT("res\item\europe\weapon\tstaff_20.bsr Loading Failed.")
After a client crash, the client create a dump file telling what happened before the crash.

So, now we know it... Joymax GM account/DB was hacked.
The hacker spawned a D20 legend staff and some GM item
Or the hacker managed to put he's hand on Joymax DB, and manually edited he's item.
Either way, there was/maybe still exist... a huge security issue...

They also added the missing file in the pk2 so their client wouldn't crash.

A SPECIAL thank to MiLky_ who shared he's account allowing me to investigate the issue.
I would also like to thank Dinastia guild for attacking Constantinople on Norma.

Dinastia might of loss again due to hackers/exploiters, but now that it public.
Hopefully next week will be a more enjoyable battle, hopefully without any extra exploit.

Now come the time to try and explain how all of this happened?
Was is the pop exchange npc? I doubt it...

Who think a Joymax GM got hacked and they spawned some GM item and a D20 staff using GM power?
They then, dc after spawning the D20 staff, and figured to patch their client pk2...
allowing them to pickup the D20 staff and started exploiting the game with the D20 staff...
No wonder he managed to destroy the Fortress building so fast, the D20 staff has insane Damage output...

So hacked account from db leak? or hacked GM computer? who knows...
Not like Joymax will give us any information about it...
Well another Mystery solved...