Old bugs and exploits to watch out for?

[theshadowpriest]

I was wondering if there are any known bugs or exploits, particularly in older Conquer 2.0 version around 4300, that should be considered when developing the engine? Not looking for exploits or bots to use, more a programming concern.

There's some basic speed hack checks by checking some time stamps and stuff, but what other old bugs or exploits were there that may need special consideration so they can't be exploited? 

I'd heard old things on some co servers like guards or summoned pets being disabled, or client side files that could be modified to change the items that appear in shops or being able to jump gates etc?

[Spirited]

In some server projects, I've seen an exploit where you can log in as anyone (including GM and PM accounts). When logging in, the account server handles MsgAccount and authenticates the player. Then, it sends MsgConnectEx to the client with the IP address of the game server and an identifier. The client disconnects, connects to the game server, and sends MsgConnect with that identifier. In a lot of projects I've seen, that identifier is either the account ID or an incrementing counter. If it's an account ID, then a proxy can just fill that in with any account ID you want. If it's a counter, then a proxy can just keep sending MsgConnect requests until it steal's someone's new session when they try to log in. Fun stuff.

Encrypting the identifier with one that uses cipher feedback is likely enough to patch that. If you wanna go above and beyond, then you can replace it with a cryptographically random access token that has a max life of a few seconds. It's a shame the identifier is max 64 bits though.

[CptSky]

Any kind of spoofing in general (there is a shitload of checks that are done client-side but can be bypassed). Think of things like reviving early, jumping further, jumping over walls, walking/jumping on invalid tiles, going through gates, jumping while transformed (i.e. in robot/golem), using other items then mets/DBs to upgrade in TC, etc.

One interesting one is that most sources have fixed indexes for the NPC "pages, so you can bypass a lot of checks by spoofing the right index (instead of starting at 0). So for example, you can upgrade items in markets without doing some checks, etc.

[theshadowpriest]

Yes, had some issues with the client side checks already, ran into issues not being able to cast spells at all because of spell cast "range" checks, due to a range check on the client side, ended up just getting those removed so its all checked on the server side. 

Have redone the actions/tasks system using all the TQ sql data, have it all working, but will be going through to put in all those kinds of checks, checks with players too, like the reveive, far jump, high jump and speed hacks

On that note I think i was using one of the cops builds and it would send me to bot jail randomly, i think it was some of the height and range checks being a bit too sensitive, but will consider all that.