Jump to content
  • Sign Up

KeyWorld

Members
 View Profile  See their activity

  • Content Count

    95

  • Joined

  • Last visited

  • Days Won

    8

Posts posted by KeyWorld

  3. Posted

    so this one >>> 20131223 - FAILED x14  <<< cannot use this anti wpe feature ?

     

    does rPE and wPE works the same though ?

    It's working for the 14 first packet received from the client, after the encryption will not be update and it's possible to use WPE/RPE.

    And yeah WPE/RPE are the same (talking about this update).

  4. Posted

    If guys search for a "not broken" client, check the list behind (each encryption tested 10 000 000 times), seems like Gravity doesn't even take time to find correct keys :

     

    20110817 - PASSED
    20110824 - FAILED x32
    20110831 - PASSED
    20110906 - PASSED
    20111005 - FAILED x29
    20111012 - FAILED x32
    20111021 - PASSED
    20111025 - PASSED
    20111102 - FAILED x31
    20111109 - FAILED x16
    20111122 - FAILED x16
    20111207 - FAILED x31
    20111214 - FAILED x32
    20111220 - FAILED x16
    20111228 - FAILED x7
    20120104 - PASSED
    20120111 - PASSED
    20120120 - PASSED
    20120202 - PASSED
    20120207 - PASSED
    20120214 - FAILED x31
    20120229 - PASSED
    20120307 - FAILED x31
    20120314 - PASSED
    20120321 - PASSED
    20120328 - FAILED x32
    20120404 - PASSED
    20120410 - FAILED x32
    20120418 - FAILED x15
    20120424 - FAILED x11
    20120509 - PASSED
    20120515 - PASSED
    20120525 - FAILED x16
    20120605 - PASSED
    20120612 - FAILED x14
    20120618 - PASSED
    20120702 - PASSED
    20120716 - PASSED
    20130320 - FAILED x32
    20130514 - PASSED
    20130522 - PASSED
    20130529 - FAILED x30
    20130605 - PASSED
    20130612 - PASSED
    20130618 - PASSED
    20130626 - FAILED x11
    20130703 - FAILED x32
    20130807 - FAILED x4
    20131218 - FAILED x31
    20131223 - FAILED x14
    20131230 - PASSED
    AnnieRuru, evilpuncker, Mystery and 2 others reacted to this

  5. Posted

    @snowflake1963

     

    There were some updates since this post, it require now to include the Debug class, and define where is locate your fullclient:

     

    <?phpdefine('__ROOT__', dirname(__FILE__) . '/');// Loading CORE filesrequire_once( __ROOT__ . 'core/class.Controller.php');require_once( __ROOT__ . 'core/class.Cache.php');require_once( __ROOT__ . 'core/class.Client.php');require_once( __ROOT__ . 'core/class.DB.php');require_once( __ROOT__ . 'core/class.Debug.php');  Client::$path         =     __ROOT__ . "client/" ;   // Define where your client path is (where you put your grfs, data, etc.)Client::$data_ini     =     "DATA.INI"           ;   // The name of your DATA.INI (to locate your grfs, if not set: grfs will not be loaded)Client::init();  // What do you want to display ?// Full Character ?// So include the render neededrequire_once(  __ROOT__ . 'render/class.CharacterRender.php' );  // Set up the headerheader('Content-type:image/png'); // Since you use class.CharacterRender, use it :$chargen                 = new CharacterRender(); // Set your datas here$chargen->action         = CharacterRender::ACTION_READYFIGHT;   // You can see constants in$chargen->direction      = CharacterRender::DIRECTION_SOUTHEAST; // render/class.RORender.php$chargen->body_animation = 0;$chargen->doridori       = 0;$chargen->sex            = "M";$chargen->class          = 4002;$chargen->clothes_color  = 0;$chargen->hair           = 5;$chargen->hair_color     = 12;$chargen->head_top       = 0;$chargen->head_mid       = 0;$chargen->head_bottom    = 0;$chargen->weapon         = 0;$chargen->shield         = 0;$chargen->robe           = 0;$chargen->option         = 0;  // Generate the image and display it$img = $chargen->render();imagepng($img);?>

     

  7. Posted

    Was I the only one, back in the past, who simply modify the DES encryption table used in the executable ? Easy, no files to add, no extra work by the client.

    Easily bypass if you know where to search, but it was better than molebox at the time and no one though about looking at the DES encryption.

  8. Posted

    Not possible currently to generate an animated image. Some reasons for it:

    - too intensive and memory consuming to generate X images for an animation.

    - gif can contain only 256 colors when a sprite is 256 * elements (without talking about rgba frames).

    - not possible to know when to loop the animation since each animated elements (body, hats) have a differents animation duration.

     

    It can be done client side using javascript but downloading spr/act pal is already too much in my opinion.

     

    To display monster it's the id you have to use : /monster/1002

  9. Posted

    @snowflake1963

    Just add your fullclient informations to be able to load and extract files ?

    //- ClientClient::$path         =     __ROOT__ . "client/" ;   // Define where your client path is (where you put your grfs, data, etc.)Client::$data_ini     =     "DATA.INI"           ;   // The name of your DATA.INI (to locate your grfs, if not set: grfs will not be loaded)

    Thank you guys :)

  10. Posted

    So rathena sux :(

    Only implement a buggy version of .@var++ sux a lot...

    So let say I forget about rathena for this script now.

     

    I know about getd() and setd(), the only problem with this command is the memory leak it create (specially in this case), so I'm not fan of it anymore :(

    So here a new version, with the *counting_sort_index*, and also a big bonus : asm functions (for fun).

     

    http://upaste.me/2d0f10561576aed88

     

    [Debug]: script debug : 0 110198899 : ==== [SORT INDEX] Testing for 1000 elements.[Debug]: script debug : 0 110198899 : [merge_sort_index] Time used -> 610 ms [PASSED][Debug]: script debug : 0 110198899 : [merge_sort_index_asm] Time used -> 578 ms [PASSED][Debug]: script debug : 0 110198899 : [comb_sort_index] Time used -> 508 ms [PASSED][Debug]: script debug : 0 110198899 : [comb_sort_index_asm] Time used -> 476 ms [PASSED][Debug]: script debug : 0 110198899 : [counting_sort_index] Time used -> 94 ms [PASSED][Debug]: script debug : 0 110198899 : [counting_sort_index_asm] Time used -> 91 ms [PASSED][Debug]: script debug : 0 110198900 : ==== [SORT] Testing for 1000 elements.[Debug]: script debug : 0 110198900 : [merge_sort] Time used -> 407 ms [PASSED][Debug]: script debug : 0 110198900 : [merge_sort_asm] Time used -> 378 ms [PASSED][Debug]: script debug : 0 110198900 : [comb_sort] Time used -> 385 ms [PASSED][Debug]: script debug : 0 110198900 : [comb_sort_asm] Time used -> 343 ms [PASSED][Debug]: script debug : 0 110198900 : [counting_sort] Time used -> 57 ms [PASSED][Debug]: script debug : 0 110198900 : [counting_sort_asm] Time used -> 53 ms [PASSED]
    Patskie and AnnieRuru reacted to this

  11. Posted

     

    eh?

    Where do you see the signed int part?

    A bit of searching for "max_arraysize" brought me to script.h

     

    #define SCRIPT_MAX_ARRAYSIZE (UINT_MAX - 1)
    Looks like an unsigned int to me.

     

    script.h imports cbasetypes.h which has

     

    #define UINT_MAX 0xffffffff
    Which is: 4294967295

     

    Basically:

    https://github.com/HerculesWS/Hercules/blob/master/src/map/script.c#L1105

    https://github.com/HerculesWS/Hercules/blob/master/src/map/script.c#L3011

    https://github.com/HerculesWS/Hercules/blob/master/src/map/script.c#L3425

     

    Number in script are integer, supported from -2147483647 to 2147483647, else it lead to overflow error.

    So if you can't create a number greater than this value, you will never be able to select an index superior than 2147483647 in an array.

    Patskie, AnnieRuru and Ind reacted to this

  13. Posted

     

    [*]Magnificent Array Improvement (to all variable types)

    [*]Size limit modified from 127 to ...4 billion!

     

    In fact it's limited to 2 billion index max : since the script engine use integer (and not unsigned integer) to store variables and numbers.

    But still a great improvement :)

  14. Posted · Edited by KeyWorld

    It's not cheating, it's just reducing commands calls :)

    The best for now is counting sort in Hercules. Can't write it now in my phone but it will execute faaaar faster.
     
    Edit: So I checked today in a slow server, with some stupids greats optimizations in all functions. Here my results using 1000 elements :

    [Debug]: script debug : 0 110144879 : ==== [SORT] Testing for 1000 elements.[Debug]: script debug : 0 110144879 : [merge_sort] Time used -> 405 ms [PASSED][Debug]: script debug : 0 110144879 : [comb_sort] Time used -> 394 ms [PASSED][Debug]: script debug : 0 110144879 : [counting_sort] Time used -> 57 ms [PASSED] [Debug]: script debug : 0 110144878 : ==== [SORT INDEX] Testing for 1000 elements.[Debug]: script debug : 0 110144878 : [merge_sort_index] Time used -> 608 ms [PASSED][Debug]: script debug : 0 110144878 : [comb_sort_index] Time used -> 483 ms [PASSED]

     

    So as you can see, a hacky Comb Sort is faster than a hacky merge sort in all cases.

    If you want to cheat even more, you can use my hackyyyy counting sort (but it does not sort indexes).

     

    Have fun: http://rathena.org/board/pastebin/2kto2abymrp/

    AnnieRuru and Euphy reacted to this

  15. Posted

    Optimized version of the merge sort index :

    function	script	mergeSortIndex	{	.@size = getarg(2);	copyarray .@arr, getarg(0), .@size;	while (.@i < .@size) {		set .@idx[.@i], .@i;		.@i++;	}	.@width = 1;	while (.@width < .@size) {		.@left = 0;		while (.@left < .@size) {			.@middle = .@size < .@left + .@width     ? .@size : .@left + .@width;			.@right  = .@size < .@left + .@width * 2 ? .@size : .@left + .@width * 2;			.@l      = .@left;			.@m      = .@middle;			while (.@l < .@middle && .@m < .@right) {				if (.@arr[.@l] < .@arr[.@m]) {					.@tmp_arr[.@left] = .@arr[.@l];					.@tmp_idx[.@left] = .@idx[.@l];					.@l++;				} else {					.@tmp_arr[.@left] = .@arr[.@m];					.@tmp_idx[.@left] = .@idx[.@m];					.@m++;				}				.@left++;			}			if (.@middle - .@l) {				copyarray .@tmp_arr[.@left], .@arr[.@l], .@middle - .@l;				copyarray .@tmp_idx[.@left], .@idx[.@l], .@middle - .@l;				.@left += .@middle - .@l;			}			if (.@right - .@m) {				copyarray .@tmp_arr[.@left], .@arr[.@m], .@right - .@m;				copyarray .@tmp_idx[.@left], .@idx[.@m], .@right - .@m;				.@left += .@right - .@m;			}		}		.@width *= 2;		copyarray .@arr, .@tmp_arr, .@size;		copyarray .@idx, .@tmp_idx, .@size;	}	copyarray getarg(1), .@tmp_idx, .@size;	return;}
    AnnieRuru reacted to this

  18. Posted

    Seems like you can improve the script :

     

    I don't really understand why you create a temporary array, and at least, your (2) problem is related to the fact that you don't bind your output array with your temporary array content.

    Seems like you don't use argument 4 of mergesort and this functions can be improve to avoid executing the if condition at each recursion.

    And at least in merge function the three last while() can be optimized using our favorite copyarray command.

     

    If it's still slow, some solutions exists to implement the merge sort without relying on recursions :P

  20. Posted

    @Annie

     

    Just because it's you <3

    You miss array element in the setmapflag :P

     

    And because it's too much time since the last time I touch to Athena script, just cheating:

     

    -	script	warp_banned	-1,{OnInit:	setarray .@denymap_2nd$, "morocc", "payon", "aldebaran"; // Maps NOT for second jobs. Add more with a comma, last member should have a semicolon	setarray .@denymap_3rd$, "amatsu", "gonryun", "geffen";  // Same as above, but for third jobs	.@denymap_2ndSize = getarraysize(.@denymap_2nd$);	.@denymap_3rdSize = getarraysize(.@denymap_3rd$);	for (.@i = 0; .@i < .@denymap_2ndSize; .@i++) {		setmapflag .@denymap_2nd$[.@i], mf_loadevent;	}	for (.@i = 0; .@i < .@denymap_3rdSize; .@i++) {		setmapflag .@denymap_3rd$[.@i], mf_loadevent;	}	.@joinMap_2nd$ = "x1" + implode( .@denymap_2nd$, "x1") + "x1";	.@joinMap_3rd$ = "x1" + implode( .@denymap_3rd$, "x1") + "x1";	end;OnPCLoadMapEvent:	.@class   = eaclass();	.@search$ = "x1" + strcharinfo(3) + "x1";	if (		((.@class & (EAJL_UPPER | EAJL_2)) && strpos(.@joinMap_2nd$, .@search$) > -1) ||		((.@class & EAJL_THIRD)            && strpos(.@joinMap_3rd$, .@search$) > -1)	) { 		dispbottom "You're not supposed to be here...";		warp "SavePoint",0,0;	}}

     

    AnnieRuru reacted to this

  21. Posted

    Would be great to add orn to the list.

    Also known as the Zilleuse de Grigri she was freaking awesome and worked a lot on the homunculus system in the past (and maybe some others things I do not know about).

     

    Great initiative, remembered me about humans.txt

  23. Posted

    I'm going to play with this features soon. As far I see :

    - only the map-server use this feature.

    - nothing sent to the client to say "hey for now you need to switch to encryption" - bothersome...

    - basic encryption in only the header of the packet and only from the packets sent from client (not from server).

     

    Am I correct ?

    Patskie reacted to this

  25. Posted

    Sorry, it was not my intention to troll you all with a "Apple Sucks !" in this Apple Store, I didn't know there were so much fanboy here.
     
    Since I'm lazy and will have vacations in some hours, just read the above posts to get answers. I didn't ask to rewrite FluxCP or updating it, but I suggested to create a new one with solid foundation. If you don't want, who cares ? : it's a suggestion.
     
    If you want to get informations about the hack I will add you to our discussion. Talking about how to exploit a zero-day in public, isn't something smart at all.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept