Brynner 34 Posted March 17, 2014 is it possible to disable that features on Hercules? Quote Share this post Link to post Share on other sites
0 ayre 1 Posted March 17, 2014 Disable the @mail command for normal players. Quote Share this post Link to post Share on other sites
0 AnnieRuru 957 Posted March 17, 2014 and also the *openmail https://github.com/HerculesWS/Hercules/blob/master/npc/other/mail.txt but wait, why you want to disable it ? is there some kind of bug ? if using langtype 0, it working fine ... euphy's woe setter script uses mailbox to send the reward .. Quote Share this post Link to post Share on other sites
0 leloush 7 Posted March 18, 2014 (edited) bug maybe... last time i have an issue with this mail system.. they can dup items via mail system and i dont know how they do it.. i just found out that they got loads of stuff so decided to mac ban them and oh i remember there is a same issue also i forgot if its here or on rA. disable the npc and dont put @mail commands on group 0 that's what i did after.. Edited March 18, 2014 by leloush Quote Share this post Link to post Share on other sites
0 Brynner 34 Posted March 18, 2014 Disable the @mail command for normal players. you can still use mail system via alt+h then send message. or it can be access via npc. and also the *openmail https://github.com/HerculesWS/Hercules/blob/master/npc/other/mail.txt but wait, why you want to disable it ? is there some kind of bug ? if using langtype 0, it working fine ... euphy's woe setter script uses mailbox to send the reward .. bug maybe... last time i have an issue with this mail system.. they can dup items via mail system and i dont know how they do it.. i just found out that they got loads of stuff so decided to mac ban them and oh i remember there is a same issue also i forgot if its here or on rA. disable the npc and dont put @mail commands on group 0 that's what i did after.. yup there is a bug regarding on it specially when you have a @security on your server. Quote Share this post Link to post Share on other sites
0 leloush 7 Posted March 18, 2014 (edited) Disable the @mail command for normal players. you can still use mail system via alt+h then send message. or it can be access via npc. >>and also the *openmail https://github.com/HerculesWS/Hercules/blob/master/npc/other/mail.txt but wait, why you want to disable it ? is there some kind of bug ? if using langtype 0, it working fine ... euphy's woe setter script uses mailbox to send the reward .. bug maybe... last time i have an issue with this mail system.. they can dup items via mail system and i dont know how they do it.. i just found out that they got loads of stuff so decided to mac ban them and oh i remember there is a same issue also i forgot if its here or on rA. disable the npc and dont put @mail commands on group 0 that's what i did after.. yup there is a bug regarding on it specially when you have a @security on your server. yeah they can send via alt + h but the reciever won't get the items/msg since you need the @mail or mail npc to view the inbox so its useless just make sure the mail.txt is disabled so no npc at all no commands as well. Edited March 18, 2014 by leloush Quote Share this post Link to post Share on other sites
0 evilpuncker 504 Posted March 18, 2014 a little src edit would do the trick open mail.c search for: int mail_openmail(struct map_session_data *sd){ nullpo_ret(sd); if( sd->state.storage_flag || sd->state.vending || sd->state.buyingstore || sd->state.trading ) return 0; clif->mail_window(sd->fd, 0); return 1;} and change that into something like: int mail_openmail(struct map_session_data *sd){ nullpo_ret(sd); return 0;} and recompile Quote Share this post Link to post Share on other sites
0 Adam 3 Posted March 18, 2014 (edited) Disable the @mail command for normal players. you can still use mail system via alt+h then send message. or it can be access via npc. >>and also the *openmail https://github.com/HerculesWS/Hercules/blob/master/npc/other/mail.txt but wait, why you want to disable it ? is there some kind of bug ? if using langtype 0, it working fine ... euphy's woe setter script uses mailbox to send the reward .. bug maybe... last time i have an issue with this mail system.. they can dup items via mail system and i dont know how they do it.. i just found out that they got loads of stuff so decided to mac ban them and oh i remember there is a same issue also i forgot if its here or on rA. disable the npc and dont put @mail commands on group 0 that's what i did after.. yup there is a bug regarding on it specially when you have a @security on your server. Hello, I never was aware (I must not be the only one) people could dupe using a bug related to the mail system, could you please elaborate for us ? So we can take counter-measures too if necessary. Thanks ! Edited March 18, 2014 by Adam Quote Share this post Link to post Share on other sites
0 anacondaq 55 Posted March 19, 2014 (edited) not really mail bugged. Mail system -> opens a door to send some items/zeny when you busy at bugged NPC. How usually people dupe (and i was dupe too...): find a bad code exchanger something to anything. this code must not check in the last part of the script parameters before giving some item. Example: mes "Hi i will change your zeny for coins";mes "how many you need?";input .@coins_count;if (Zeny < .@coins_count * .price_value) end;getitem .coinID,.@coins_count;..open mail..set Zeny,Zeny - .@coins_count * .price_value; And many many other exaples like that doing exploits. First of all, "@storage", @guildstorage, openmail it's just a "backdoor" to send some item before "checks". But in past, (200*-2012) this system was bugged and by sending some packets, you can crash the server, and make a buffer overflow money, or extra items by wrong checks, etc. Example # 2 mes "bla bla";input .@coin_num;......if ( Zeny > .@coin_num * .coin_cost )....EXPLOIT opencart/storage/guildstoarge/etc and send to another account items & zeny etc.NEXT;mes "Congradulations you get coin! bla blba ~~";mes "And you get bug!";set Zeny,Zeny-.@coin_num * .coin_cost;getitem .coin_id,.@coin_num;end; Edited March 19, 2014 by Fire Pillar 1 Adam reacted to this Quote Share this post Link to post Share on other sites
0 evilpuncker 504 Posted March 19, 2014 (edited) is it possible to disable that features on Hercules? have you tried my src edit? Edited March 19, 2014 by evilpuncker Quote Share this post Link to post Share on other sites
0 Adam 3 Posted March 19, 2014 not really mail bugged. Mail system -> opens a door to send some items/zeny when you busy at bugged NPC. How usually people dupe (and i was dupe too...): find a bad code exchanger something to anything. this code must not check in the last part of the script parameters before giving some item. Example: mes "Hi i will change your zeny for coins";mes "how many you need?";input .@coins_count;if (Zeny < .@coins_count * .price_value) end;getitem .coinID,.@coins_count;..open mail..set Zeny,Zeny - .@coins_count * .price_value; And many many other exaples like that doing exploits. First of all, "@storage", @guildstorage, openmail it's just a "backdoor" to send some item before "checks". But in past, (200*-2012) this system was bugged and by sending some packets, you can crash the server, and make a buffer overflow money, or extra items by wrong checks, etc. Example # 2 mes "bla bla";input .@coin_num;......if ( Zeny > .@coin_num * .coin_cost )....EXPLOIT opencart/storage/guildstoarge/etc and send to another account items & zeny etc.NEXT;mes "Congradulations you get coin! bla blba ~~";mes "And you get bug!";set Zeny,Zeny-.@coin_num * .coin_cost;getitem .coin_id,.@coin_num;end; Thanks for the in-depth explanation, now you make me want to double check some scripts. Quote Share this post Link to post Share on other sites
0 anacondaq 55 Posted March 19, 2014 (edited) The easy protection against this "dupe", it's make check before giving item, it's easy, and like that it must be. Example: if (Zeny >= .@coin_num * .coin_cost) {set .@tmp_zeny, Zeny - .@coin_num * .coin_cost;if (.@tmp_zeny >= .@coin_num * .coin_cost) {set Zeny, Zeny - .@coin_num *.coin_cost; getitem .itemID,.@coin_num;}} But there, if know some guy, who was send packets to the server. And some packets he just block by firewall. But it was in 2012. Now it do not work, really dunno why, did't test it. Edited March 21, 2014 by Fire Pillar 2 Adam and Angelmelody reacted to this Quote Share this post Link to post Share on other sites
0 Adam 3 Posted March 20, 2014 The easy protection against this "dupe", it's make check before giving item, it's easy, and like that it must be. Example: if (Zeny >= .@coin_num * .coin_cost) {set Zeny, Zeny - .@coin_num * .coin_cost;if (Zeny >= .@coin_num * .coin_cost) getitem .itemID,.@coin_num;} But there, if know some guy, who was send packets to the server. And some packets he just block by firewall. But it was in 2012. Now it do not work, really dunno why, did't test it. Sweet, thanks. Quote Share this post Link to post Share on other sites
is it possible to disable that features on Hercules?
Share this post
Link to post
Share on other sites