How to prevent multiple spaces in chat room? Scammers are using this to impersonate GMs.

latheesan

New member
Messages
41
Points
0
Age
38
Location
United Kingdom
Emulator
Hi All,

I just found out about an interesting way scammers are scamming my players.

If they used multiple spaces, they can pretend to be anyone (especially GM/Admin) and trick users to give their account details away or in worst case get them to install TeamViewer etc...

Let me show you what I mean.

If I am logged in user Adam for example and I want to impersonate gm Latheesan, as "Adam", this is what I would type in a chat room:

Hi Latheesan : Hi, can you install TeamViewer and give me id/pass?

In the game, here's a demo showing how this looks and renders:

LH2vTCL.png


5BPpUYQ.png


So, in a busy chat room, players can be easily tricked into thinking a GM/Admin is talking to them and they do what they are told (even tho there's an ad/warning plastered all over the game not to give out account details >.>)

Anyway, now you know how it's done, is there a way to prevent this? 

The easiest solution I can think of is to prevent multiple spaces in chat.

If this was in PHP, I would have used regex to replace multiple occurrences of spaces into one like this example:

$input = 'Hi Latheesan : Hi, can you install TeamViewer and give me id/pass?';
$output = preg_replace('!\s+!', ' ', $input);

Could effectively do something similar in Hercules as a plugin? Can someone help me out?

I am pretty sure this should be standard in Hercules, i.e. not being able to use multiple spaces (atleast a config for it or something...)

 
Last edited by a moderator:
here goes

but you will need to re-ident the code

 
Last edited by a moderator:
Thanks for that, I manage to salvage the code Annie posted and tried to compile and found out that "colormes" has an error:

struct "clif_interface" has no field "colormes"    gmimpersonate
So, I replaced it with: messagecolor_self

Now, I have a different error:

'session': undeclared identifier
This is what I have so far: http://pastebin.com/N0EMkui3

If I try to remove this line "session = GET_SYMBOL("session");

the plugin doesn't compile, I get this error:

8DDG8bL.jpg


Any ideas? I am trying to compile in Visual Studio Community Edition 2015.

Thanks.

--------

UPDATE

After many hours of tinkering, I finally got it to compile after realising the plugin system was updated. The code Annie posted was for old HPM system.

So, I managed to update it like this (not sure if i am using the right hook):

#include "common/hercules.h" /* Should always be the first Hercules file included! (if you don't make it first, you won't be able to use interfaces) */
#include "common/memmgr.h"
#include "common/mmo.h"
#include "common/socket.h"
#include "common/strlib.h"
#include "map/clif.h"
#include "map/pc.h"

#include "plugins/HPMHooking.h"
#include "common/HPMDataCheck.h" /* should always be the last Hercules file included! (if you don't make it last, it'll intentionally break compile time) */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

HPExport struct hplugin_info pinfo = {
"gmimpersonate", // Plugin name
SERVER_TYPE_MAP, // Which server types this plugin works with?
"0.1", // Plugin version
HPM_VERSION, // HPM Version (don't change, macro is automatically updated)
};

bool my_clif_process_chat_message(const char* retVal___, struct map_session_data *sd, const struct packet_chat_message *packet, char *out_buf, int out_buflen)
{
if (retVal___ == true) {
char* message = (char*)RFIFOP(sd->fd, 4) + strnlen(sd->status.name, NAME_LENGTH - 1) + 3;
int i, l = strlen(message);
for (i = 0; i <= l; i++)
if (message == 'xA0')
message = 'x20'; // replace Alt+0160 into [space]
if (stristr(message, " ")) {
clif->messagecolor_self(sd->fd, COLOR_RED, "You are only allowed to type maximum of 3 spaces in a dialog.");
return false;
}
if (stristr(message, "x20x3Ax20") || stristr(message, "x20x3Bx20")) { // type " : " OR " ; " will be blocked
clif->messagecolor_self(sd->fd, COLOR_RED, "You can't impersonate other players !");
return false;
}
}
return true;
}

HPExport void plugin_init(void) {
addHookPost(clif, process_chat_message, my_clif_process_chat_message);
}


Now, this plugin compiles. I've enabled it (gmimpersonate) in conf/plugins.conf and went in game to test it, does not appear to be working.

Any idea what might be wrong? is "process_chat_message" wrong method to hook? I tried looking for "process_message" but it appears there is no hook for it.

 
Last edited by a moderator:
Update #2 :-

Okay, after a bit of tinkering around - I think I managed to solve it, but I feel like I may have hooked into the wrong function.

Here's the working version:

#include "common/hercules.h"
#include "common/memmgr.h"
#include "common/mmo.h"
#include "common/socket.h"
#include "common/strlib.h"
#include "map/clif.h"
#include "map/pc.h"

#include "plugins/HPMHooking.h"
#include "common/HPMDataCheck.h"

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

HPExport struct hplugin_info pinfo = {
"GM Impersonate", // Plugin name
SERVER_TYPE_MAP, // Which server types this plugin works with?
"1.0", // Plugin version
HPM_VERSION, // HPM Version (don't change, macro is automatically updated)
};

bool my_pc_process_chat_message(bool retVal___, struct map_session_data *sd, const char *message) {
if (retVal___ == true) {
if (stristr(message, " ")) {
clif->messagecolor_self(sd->fd, COLOR_RED, "Possible GM Impersonation Detected - you cannot use more than 3 spaces in chat.");
return false;
}
if (stristr(message, " : ") || stristr(message, " ; ")) {
clif->messagecolor_self(sd->fd, COLOR_RED, "Possible GM Impersonation Detected - you cannot use : or ; in chat.");
return false;
}
}
return true;
}

HPExport void plugin_init(void) {
if (SERVER_TYPE == SERVER_TYPE_MAP) {
addHookPost(pc, process_chat_message, my_pc_process_chat_message);
}
}


This version appears to be working everywhere, not just chat rooms. Here's a demo of the detection working:

HfGVuAD.jpg


But this appears to have created a side effect. When ever you use a at-command, it appears to executes the command and then show the at-command you typed.

Here's what I mean. I used the command @who2 - it shows the output and then shows the command i typed 
default_wacko.png


t1k1hqy.jpg


Is pc->process_chat_message the wrong hook? If not, am I implementing the hook incorrectly?

Update #3 - I've fixed the wierd side effect

It was caused by me always returning true. The fix is this:

bool my_pc_process_chat_message(bool retVal___, struct map_session_data *sd, const char *message) {
if (retVal___ == true) {
if (stristr(message, " ")) {
clif->messagecolor_self(sd->fd, COLOR_RED, "Possible GM Impersonation Detected - you cannot use more than 3 spaces in chat.");
return false;
}
if (stristr(message, " : ") || stristr(message, " ; ")) {
clif->messagecolor_self(sd->fd, COLOR_RED, "Possible GM Impersonation Detected - you cannot use : or ; in chat.");
return false;
}
}
return retVal___;
}

default_sad.png
 silly typo. 

 
Last edited by a moderator:
Back
Top