"DUPE TALK" [Highly Technical]

[agrestic]

Well, RPG-Exploiters.shoq.net seem to have alot of free information from free sites like EoN or my website & others in their "private" subscribers section, so i figured i might as well find one of the few original topics (well its not original i don't think, it was quoted format on their thread.. but it's not posted here) and share it with you guys.

this was not posted by me//developed by me.. it's just some information i found that i'd like to share with everyone

share what you learn from this with everyone!
===================

TO DUPE: First you'll need to decode the network stream, as it's encrypted (actually it's just hashed, encryption would probably be too demanding). The Macroquest2 devs(old everquest hackers) have done this for you. Next, you'll need a packet injector (i use nemesis). Take a dump of the packets, decode them, and take a look at them... You may notice many things to hack, but we're looking to dupe, right!? One key flag in the packet is this one: IsPlayer...x where x is going to be a 1 or a 0. This flag is just after the packet header, and can be seen in plain text once the packet is decrypted. All packets originating from a player have the IsPlayer flag set to 1. Packets sent to you from the server while interacting with an NPC(like a vendor or quest giver) will have the IsPlayer flag set to 0. Here's what I noticed with my debugger. Any time there is a change in your character (gains money, gains a level, trades), your character is automatically saved. However, I noticed that I can dump the packets (I dump the packets with Libpcap, C's packet capture library, becuase I'm a linux guy. For windows use winpcap), alter any packets originating from my character so that the IsPlayer flag is set to 0, and the resend the packet using libpcap's sendpacket function. The dumping of packets, altering, and resending is done by a C program (pretty simple pcap program, dumps the packets, uses mq2's decryption to decrypt the wow packets, then alters the IsPlayer from 1 to 0, then resends the newly crafted packet) which I run on a second computer which acts as a firewall to my WoW computer. I run it on a second machine because it's less likely to be detected by wow's spyware (wow's spyware checks window titles and open processes. My thought was it can't be detetected as easily if i hack the network stream with a second computer.). I'm trying to be detailed, so sorry for going over some stuff twice. Hope you have followed along so far. What I have done by changing the IsPlayer flag to 0 is trick the wow server into thinkin that my character is an NPC. Why do this, you may ask? Well, one reason really. I found with my debugger that after changing this flag, the server does not save after every major change, but saves every 10 minutes. This must be how wow checks for pathing errors and what have you. Every 10 minutes the npcs on the server are saved (at least from what I gathered with my debugger and dissassembler). The server probably saves NPCs every 10 minutes to save processing power or something. Anyway, who cares why npcs are only saved every 10 minutes, the fact is, if you change the IsPlayer flag to 0 in all the packets originating from your character, the server will only save your character every 10 minutes. What does this mean? Check this out. Wait till the server saves(if you dont have a debugger, or don't know how to use one, just guess. You can't mess up really). Now you should have approx. 10 minutes before the next save. Take some items or money you want to dupe, trade them to another character. Complete the trade. Now log the bugged character out (the bugged character is the one with the IsPlayer flag set to 0). Log him back in. Still have the items and gold, don't you? DUPED!!!
This is because we've bugged the character to only be saved every 10 minutes, so when you log off and back on, the server reverts to the last save. If you log off and back on and you dont have the items, it's because the server saved since the trade, which means you have approx. 10 minutes until the next save! PROs and CONs: This could be detected if WoW's Intrusion Detection System was set up to look at that IsPlayer flag. However, I used this exploit on November 2nd, 2006 and have been using it for over a year now (since a little after MQ2 decrypted the network stream, so a good amount of time anyway), and have not been banned. So I think it's safe to try. No, I won't give you my C code, I think I gave a good enough description of how it works anyway. Dump the packets, decrypt the packets, alter the IsPlayer flag from 1 to 0, resend the packet. Cake with the packet capture library, PCAP. I'd imagine after my dumb ass posts this, it won't work for much longer.

[Elites360]

to long for me to read XD

[afiwarlord]

posted before

[rudez]

yea too long 4 me 2 read and its posted lolz

[Tenshi]

I'll quote my response from the previous thread.

Server saves your character every 10 or 15 minutes, or when you log out, or when server shuts down normally. (Server crash = no save)

Also, I stopped reading your post when you said they hash network data instead of encrypt it...

You do realize you can't de-hash something right? I believe what you're looking for is encoding. Encoding is replacing one character with another.

Second...NPCS ARE NOT SAVED.

NPCs are hard coded into the wow server/data files. If an NPC moves from Point A to Point B and the server goes down, that NPC is still at Point A when the server comes back up.

Anyways, other than location, what else is there to save for an NPC? They don't gain XP, they don't gain gold, they don't gain items.

Third, NPCs do not connect to the server. They are a PART of the server. WoW Servers will NEVER mistake a connection for an NPC because NPCs are not connections.

You sir have NO idea what you're talking about, you are not a programmer, and you're either making this all up or copying it from someone else who is.

That's all I have to say.

[ziao]

i almost had to cry while reading your post :'(
*edit: well said Tenshi

[Dullface]

Wall of text gains Windfury
Wall of text Crits you for 3279
Wall of text Crits you for 2967
Wall of text Crits you for3182 (Crushing)
You die.

[Marlo]

Agrestic

L2Use paragraphs

[afiwarlord]

Wall of text gains Windfury
Wall of text Crits you for 3279
Wall of text Crits you for 2967
Wall of text Crits you for3182 (Crushing)
You die.

NERF WALL OF TEXTS!

[Solance]

This is close to the same method we used for making Iths in D2.

[Whodini]

Wall of scripted letters cast immoliate(3k over 18 secs)
Wall of scripted letters cast Soulfire(12k)
Wall of scripted letters cast Conflag-Crit!!(18k)
Wall of scripted text cast Shadow Burn-instant death(Unable to specify)
Wall of scripted text is now Boss of a 25 man raid in X-Pac

[Marlo]

that joke has been rinsed dryyyyy