Dev Tracker - Discussion |
||
Dev Tracker - Discussion
Lakshmi.Buukki
Offline
Thread ain't even about Dev Tracking anymore. Stahplz
this makes me miss fone, at least they were occasionally amusing.
fillerbunny9 said: » this makes me miss fone, at least they were occasionally amusing. My spider sense is telling me he's likely posting in this thread this week... fonewear said: » 2017-11-09 Look(ing) forward to... Emp reforge plus 2 and 3 ! Offline
Posts: 83
SeaPeaEwe said: I always think it's hilarious when a newb with a 2009 forum join date tries to talk ***to a true OG. tis true. verily, thou hast beaten me by a year. But pre-2009 I was exclusively frequenting the Alla forums, and if you know anything about FFXI, you'd recognize game. Allakhazam. Bluer than the Blue Garter, killer of more Ifrits than Killing Ifrit, more mysterious than any tour, and consisting of many, many more pages than Some. If you were a real OG, like you are implying, you'd be well aware of how influential and populated the Alla forums were. The real OGs know Alla was the cream of the crop, competing with BG as far as both forum popularity as well as the most up-to-the-minute game info/guides and reverse-engineered game mechanics. You wanted to understand enmity, you went to Alla and talked to the realest of OGs, Grumpywookiee. That simple. FFXIAH was just an auction house site back then, no real OG bothered with the forums on any kind of scale here until later. Alla was king pre-2009. OG. It's amazing what Alla's owners did by nuking 90% of their forums. I can't imagine how it made sense to remove all of that SEO weight and to still keep a FFXI sub site. Why bother at that point? Almost nothing is left.
Offline
Posts: 83
yea not sure what happened there tbh, but i think the site changed ownership a few times. It does seem entirely pointless for the site to still exist.
And it is extremely sad to not be able to go back and read some of the redonk troll threads. It was truly the most fertile of grounds. You can use Wayback Mahcine to look at the sub forum indexes and it will give a visitor an idea of the sheer number of threads it held. It was a very large number. I don't know if FFXIAH has caught up, despite Alla drying up pretty much by Seekers.
My favorite Alla owner was IGE. Offline
Posts: 1347
Matic said: » Alla was king pre-2009. Alla was a joke back then. KI was a lot better. Alla was just a haven for underachievers to hang out and rant about how nobody would help them get their AF and crap on anyone who was even slightly accomplished. The amount of people I saw there getting called "elitists" or something similar simply for being level 75 and trying to help someone was staggering. And I already made mention not long ago how voting systems on forums are absolutely horrible, that place proved it beyond any reasonable doubt. Getting more votes gave you a more "prestigious" status. All the people who had this status were cliques who voted each other's pointless comments up. "I'm at home and drunk" (rated 5/5). Offline
Posts: 83
You must have been hanging out at a different alla, because the one I remember was literally the cutting edge of FFXI prog.
There's a reason BG has always hated on Alla, and that reason is JEALOUSY. When you're second banana, it's hard not to hate on the #1 spot. Offline
Posts: 83
Oh god I found a wayback link and I'ma ctually able to read threads. I found it. This ***was epic.
https://web.archive.org/web/20180917185645/http://ffxi.allakhazam.com/forum.html?forum=258&mid=1157042863110462345 And yes, Alla was, with the exception of a small handful of mathletes, completely full of cringe. but you know you loved it. like hallmark xmas movies and the mcrib sandwich. its *** garbage but sometimes you just want a few bites. I was trolling just a bit, but I can't keep a straight face. Just a wee bit of troll for old thyme's sake. so good when it hits your lips. i thought the repeated use of the phrase 'real OG' would give it away. I only remember everyone making fun of alla for being noob central
Offline
Posts: 1347
Yes, that was the place. And no, it was a joke. BG was "better" for a lack of a better term, but I still didn't care for that place either. It was mostly people flaming others for not agreeing with them. Yes, KI had it's issues but you could at least have a normal conversation and trolls were banned, not swept under the rug or encouraged.
I really hope you're just joking around? Lakshmi.Avereith said: » I only remember everyone making fun of alla for being noob central Yeah, basically. I got so sick of seeing threads "I asked this level 75 guy to help me (would list their name) and they told me they were busy! OMG!" Followed by responses like "omg wtf, how dare he!" "What a scumbag!" And if the voice of reason tried saying "Is it possible he just didn't have time or was in the middle of something?", they would get rated down so much that the response would get buried. Offline
Posts: 83
yeah see my edit above lol
I loved reading alla threads ngl but yeah Alla was pretty much always known as a refuge for the 'its my 14.99' crew DAMN ELITESTS, GET OUT OF MY GAME BG was equally trash and equally fun to read, but for the complete opposite reason. If you don't have that 2 extra acc from SH+1 you're basically wasting the ENTIRE SERVER'S TIME YOU *** SELFISH *** Offline
Posts: 1347
lol ok. Man, I was gonna say... you almost had me.
And your avatar rules by the way. (I'm a huge retro game nut). You are right about BG. I remember how they used to ban people and give them that avatar calling them a derogatory term for a gay person. I believe that's changed. I got banned there once because I asked a question, moderator replied "there are already threads about this, go ask there". So I do and get banned for necro-bumping even though I said ahead of time "I know this thread is a little older but it's the only one I could find". That's what happens when you let 15 year olds moderate. They still have 15 yr olds moderating. But in 40yr bodies lol.. cant have a free thought outside of the group think over there, its mostly dead anyway
Offline
Posts: 83
yup i remember that avatar as well. BG was desperately trying to be FFXI's own private 4chan.
The most egregious sociopathic behaviors were forgiven if you were in the right clique, OR if you were good at math/theorycrafting. ("XXXXXX has contributed more to the game than anyone, so *** you for having an opinion/being offended" was a common sentiment) Thanks for the avatar comment, its from the excellent short film Kung Fury, which I cannot recommend more highly(actually gimme a sec....ok NOW i can recommend it more highly) Offline
Posts: 1347
Draylo said: » They still have 15 yr olds moderating. But in 40yr bodies lol no kidding Matic said: » OR if you were good at math/theorycrafting. ("XXXXXX has contributed more to the game than anyone, so *** you for having an opinion/being offended" was a common sentiment) Yeah, that's pretty common in most all FFXI forums. Those who are good at those things or good at pretending to be are given free reign to be ***-heads. That's why I love the places I've moderated. It doesn't matter who you are, break the rules, suffer the same consequences as everyone. Who cares if you stop your "helping", you can be replaced. BG's only real surviving XI enclave is the wiki, which is well maintained. The forum may as well be nuked at this point, only like 2 posts a month and it's usually about the wiki.
KI was the ***and I miss it. Always had the most useful job discussion threads. AH took up the reigns on that after KI was nuked but it has never been quite as good for pure discussion. Even in our guide threads it usually doesn't fulfill the initial purpose of those threads and it annoys me. I dunno, in my memories KI was the most toxic place of them all.
People were going on about measuring each other's *** all the time and whenever some noob asked a question with good intention a whole discussion would flourish where people would go on about attacking the poster's stupidity but not answering the question at all. It's like being rude to each other was mandatory in there. BG was somewhat similar in terms of being *** towards each other and measuring *** BUT there were several incredibly interesting discussions about the math of the game (some of the best findings the community had happened there!) AND there was a rude-free zone where noobs where free to ask any question and most of the time they would get legit answers. Was a good compromise imho. Offline
Posts: 1347
Asura.Sechs said: » I dunno, in my memories KI was the most toxic place of them all. People were going on about measuring each other's *** all the time and whenever some noob asked a question with good intention a whole discussion would flourish where people would go on about attacking the poster's stupidity but not answering the question at all. It's like being rude to each other was mandatory in there. Oh, you're not wrong. I see this in just about every FFXI forum. There are always "those guys" who think the game is a weenie-measuring contest. Heaven forbid someone plays it for fun. Asura.Sechs said: » BG was somewhat similar in terms of being *** towards each other and measuring *** BUT there were several incredibly interesting discussions about the math of the game (some of the best findings the community had happened there!) AND there was a rude-free zone where noobs where free to ask any question and most of the time they would get legit answers. Was a good compromise imho. If people didn't have to walk on eggshells to avoid somehow... offending one of the clique members, it would actually have been a very good place, probably better than KI. Offline
Posts: 83
Quote: there were several incredibly interesting discussions about the math of the game (some of the best findings the community had happened there!) no question, this is true. In general the site was an amazing resource if you were able to sift through the poison and focus on the info, of which there was (is)a simply staggering amount. I said Alla was the cutting edge of FFXI prog as a troll earlier, but in truth it was BG. That was where everything got figured out (for the west, at least) I guess I wasn't on KI much, all the best sigs were there tho iirc maybe thats why the site always took so long to load Offline
Posts: 1347
KI didn't have as much theorycrafting as BG, that much is true. But you could have actual game conversations without being called derogatory names at every angle or have some idiot moderator ban you for disagreeing with them.
Sounds like a bunch of whining from banned BG users.
Sounds like a bunch of not dev tracker tbh
Offline
Posts: 83
Quote: Sounds like a bunch of whining from banned BG users. that's just like your opinion man Quote: Sounds like a bunch of not dev tracker tbh Nah dog we're just over here discussing recent news from the Dev Tracker and keeping it civil. Rename this thread to "Troll Tracker", done.
Offline
Posts: 1347
Heh, half the posts in the past 5 pages would light up like the Griswold house.
Cpu said: » How do speed hacks work? -- The client dictates how quickly the character can switch between two positions and relays that information to the server accordingly. The server performs ZERO verifications against the values provided. How do position hacks work? -- The client lets the server know the coordinates that the character is positioned at and the server treats it as such, once again, without any validation. This isn't anything special to FFXI, most MMOs are designed like this because of the amount of overhead that adding server side position syncing causes. All major MMOs are designed this exact same way. However, what isn't true in your post is that there is no validation. There is. FFXI has multiple levels of movement validation, it's just not used as a means to sync your position or enforce it. SE has added multiple different forms of this over the years. The first main/major ones were: 1. Position warping was monitored heavily in certain zones. FFXI has sub-regions within zones that the client uses to tell the server where you are in a zone, beyond just your XYZ coords. This is sent via the outgoing packet: 0x0F2 SE used this to track warp hacks back during the early CoP era to catch people in zones like Newton/Oldton Movalpolos. There are many sub-regions within each zone that are used for various triggers, shared resources to tell the server which subset of a trigger to use, etc. (An example of this is the docks in Port Jeuno, each desk is a separate subregion.) 2. Position warping was (and still is) monitored for zone trasitions happening too fast. If you warp between two zone lines too fast, the server will reject your zone request and say you failed to enter the next area. 3. Speed hacking was monitored at varying times/degrees since the early CoP era of the game. Just before Abyssea came out as well, SE implemented an auto-jailer system that would immediately jail you if you went over a certain speed amount. This was fairly short lived and only turned on for short bursts of time. When Abyssea came out and the additional level cap increases, new gear, and such were added, they stopped using this system for the most part because it was causing a lot of false positive jailing due to the conditional setup it had. Cpu said: » How did the HQ crafting exploit work? -- The client let the server know that the craft result was an HQ item, so of course, the server respected it and populated an HQ item into the character's inventory. If you're starting to see a pattern here then you're not alone, the client is king in all things related to cheating. This is not at all how synthing works. And is completely wrong with how this exploit worked. Firstly, crafting is nothing more than you telling the server what set of materials you are trying to combine together and with what crystal. (Outgoing packet 0x096 for anyone that wants to validate that.) The client does not have any handling of the synth that will be performed or what the result will be. The server handles all of that. Once you click ok to begin the synth, the server will immediately send back the response which contains the result of the craft. This is used to tell the client which animation to load and play. (Incoming packet 0x030, 0x06F and 0x070 are used for results.) This is how addons can see what the result will be before you even start to kneel down. The client does not tell the server the result at all, it has never worked that way for synthing. As for the actual exploit that happened, it was performed by cancelling the synth. Not altering/affecting the end result. Since I know this will be a 'not true' moment, here's the exact function that is used to send the synth request/attempt packet: Code char __cdecl FUNC_Synthesis_PrepareIngrediants(int a1) { int i; // eax int v2; // edx int v3; // esi unsigned __int16 v4; // di char v5; // dl unsigned __int16 v6; // ax int v7; // eax unsigned int v8; // et2 char result; // al for ( i = *(unsigned __int8 *)(a1 + 9) - 1; i > 0; --i ) { v2 = 0; v3 = i; v4 = *(_WORD *)(a1 + 2 * i + 10); if ( i > 0 ) { do { if ( *(_WORD *)(a1 + 2 * v2 + 10) > v4 ) { v3 = v2; v4 = *(_WORD *)(a1 + 2 * v2 + 10); } ++v2; } while ( v2 < i ); if ( v3 != i ) { *(_WORD *)(a1 + 2 * v3 + 10) = *(_WORD *)(a1 + 2 * i + 10); *(_WORD *)(a1 + 2 * i + 10) = v4; v5 = *(_BYTE *)(a1 + v3 + 26); *(_BYTE *)(a1 + v3 + 26) = *(_BYTE *)(a1 + i + 26); *(_BYTE *)(a1 + i + 26) = v5; } } } v6 = *(_WORD *)(a1 + 6); if ( v6 < 0x196Au || v6 >= 0x1972u ) { if ( v6 < 0x108Eu || v6 >= 0x1096u ) v7 = *(unsigned __int16 *)(a1 + 6); else v7 = *(unsigned __int16 *)(a1 + 6) - 142; } else { v7 = *(unsigned __int16 *)(a1 + 6) - 2410; } v8 = (v7 + 3) * (*(unsigned __int16 *)(a1 + 10) + 7) * ((unsigned int)*(unsigned __int8 *)(a1 + 9) + 5) % 0x7F; result = 1; *(_BYTE *)(a1 + 4) = v8; return result; } char __cdecl FUNC_Synthesis_StartSynth(int a1) { __int16 *v1; // esi char v3; // al int v4; // edi _BYTE *v5; // eax _WORD *v6; // ecx v1 = FUNC_BuildOutgoingPacket(0x96, 0, 0); if ( !v1 ) return 0; FUNC_Synthesis_PrepareIngrediants(a1); *((_BYTE *)v1 + 4) = *(_BYTE *)(a1 + 4); v1[3] = *(_WORD *)(a1 + 6); *((_BYTE *)v1 + 8) = *(_BYTE *)(a1 + 8); v3 = *(_BYTE *)(a1 + 9); *((_BYTE *)v1 + 9) = v3; if ( v3 ) { v4 = a1 - (_DWORD)v1; v5 = v1 + 13; v6 = v1 + 5; do { *v6 = *(_WORD *)((char *)v6 + v4); *v5 = v5[v4]; ++v6; ++v5; } while ( (int)&v5[-26 - (_DWORD)v1] < *((unsigned __int8 *)v1 + 9) ); } *(_DWORD *)(dword_104CD388 + 0x15818) = 1; FUNC_QueueOutgoingPacket_Wrap((int)v1, 34, 0); return 1; } Again, no where in this is the client telling the server the result. (And yes, this is dumped from FFXiMain.dll BEFORE SE was aware of the issue. If you want the current one to compare to, I'll post it as well, it's exactly the same.) Cpu said: » Now there's another factor that Thorny has alluded to in previous posts that we can dive into a little deeper. Packet size. First, this person would have you believe that the server itself uses a "3999 byte buffer for outgoing packets". Sorry, but that is not how computers work. When you see a storage capacity that dictates 1MB, it actually means 1024 kilobytes. How many people here have 3999 MB of RAM? Raise your hands. Zero, of course. You have 4.294 GB of RAM or some other exponential factor of 2. If you are going to try and insult people and then correct them, at least have valid information. '3999 byte buffer' does not equal 3999MB. Do you even know what a byte is? 3999 bytes doesn't even equal a single MB. RAM is also not required to be a divisible of 2 and your operating system does not require that either. Windows, Linux, etc. will all happily support non-divisible-by-two amounts of RAM. You can run with 5, 7, 9, 13, 15, etc. gigs of RAM. Cpu said: » Let's assume that this person was somehow correct and the maximum packet size was "3999 bytes". There is no need to assume when we can pull it from the client. He also didn't say the maximum packet size was 3999, he said the buffer was 3999 bytes. It is not the same thing. The client queues packets to be chunked together. This queue can hold up to 30 packets at once. (It is an array limited to a maximum of 30 packets, if all 30 slots are filled currently, the clients request to queue a new packet will fail.) Each of those packets can have a maximum of 508 bytes of packet data. (Due to how the id/size are packed together, the maximum size of a packets data is 508 bytes.) However, the client limits the uncompressed maximum chunk size to 4000 as seen via: Code v14 = FUNC_Huffman_EncodeLength((int)v9, v11, a6); if ( v14 + v23 + 4 >= (unsigned int)(*(_DWORD *)(dword_104CE0E4 + 0x448) - 0x31) || (v15 = 4 * (*v9 >> 9), v15 + v24 >= 4000) ) { Again, that is uncompressed. This is not what is actually sent to the server. FFXI has a flow of building chunks that are sent to the server. Basic jist, as I am not going to waste the time explaining it here knowing it's just going to be ignored, is that each client 'tick' will prepare the send queue, then the client will construct a compressed 'chunk' that has a maximum compressed size of 1360 bytes. That limit can be seen here: Code v11 = sub_100FA8F0((int)v19, a1 + 4, *((_WORD *)a1 + 3), *((_WORD *)a1 + 4), *((_WORD *)a1 + 5), dword_104CD384 + 252028); v12 = *((_BYTE *)a1 + 12); if ( v12 == 1 || v12 == 2 ) { v20 = 0; v8 = FUNC_EncryptBuffer((char *)(v9 + 4), 1360u, 0, v19, (int)v11, dword_104CD384 + 252028); } else { v13 = a1[4186]; v21 = a1[4185]; v22 = v13; v20 = 1; v8 = FUNC_EncryptBuffer((char *)(v9 + 4), 1360u, (int)(a1 + 0xC30), v19, (int)v11, dword_104CD384 + 252028); } The call to sub_100FA8F0 here is where the client is testing the 'best' optimial size packet that can be build, up to that uncompressed 3999 size. (Which is where that first chunk above showing that limit is from.) The remaining part is then compressing and encrypting the queued data that will fit into the buffer of 1360 bytes. (Compression is done via a Huffman tree table implementation, encryption is done via Blowfish. A hash is also appended before encryption as a anti-tamper measure, which is done via MD5.) The 1360 size is designed to help prevent / limit fragmentation. This is the lower bounds MTU of standard networks. (1400-1500 generally, not including Jumbo-Packet support.) The 1360 here is just the data chunk size as well, it does not account for the packet header data for the IP header, UDP header, etc. which are added after the fact. So yes, the 3999 byte buffer Thorny mentioned is correct. Cpu said: » Well guess what, these are UDP packets and as such they don't need to be confirmed by the recipient before the next one is sent. Transmission rate is just as important as packet size and completely eliminates the need for a throttled stream of inventory packets. The reason that the *4096* kb packets are throttled is because the network routers and firewall that Square Enix uses check for duplicate packets before transmitting anything. This prevents item duplication and a number of other exploits from being allowed through. Again this is misleading and wrong. The first part is misleading. You make the assumption that just because FFXI uses a UDP socket for its general traffic, that it just accepts the fact that packets are not guaranteed to be sent/received or in a specific order. It does not. Not even close either. XI has its own mini-protocol ontop of UDP. Packets include a sync counter that is used to ensure that you and the client are in proper sync of the packet flow for your socket. Both the incoming and outgoing packets have their own sync count. As well as an expected sync count that is stored in the client (and one on the server) to ensure that you are remaining in the expected range of incoming data. (The server has the same on their end for sending.) FFXI uses a priority system for certain packets as well, this is used to ensure that you send and receive 'critical' / 'important' packets. (ie. chat, monster pops, direct actions to you/your party, etc.) SE already confirmed this exists in a news post a while back. (I don't have it onhand to link to, but you can go look for it if you want in their news archive.) If your client fails to receive a critical chunk within a given timeframe/sync attempt, you'll be considered link-dead and be disconnected from the server. You can also see how this works in the client if you understand how the packet queue system works. Your second half of this is just completely wrong and makes absolutely no sense. '4096 kb' isn't even a valid size for UDP packets. They have a maximum of 65,535 bytes or 65.535kb. Not 4096kb like you are saying. As for your nonsense about firewalls, what the hell are you even saying at this point? Do you even know what a firewall is? What you are thinking of/speaking of is an ALG, not a firewall. And no, that makes absolutely no sense to make use of in this situation. Why would SE spend money/time on high-end, use-specific, expensive hardware rather than just add a simple 'if/then' statement to some code to block an exploit? What mental state do you live in to think that makes any sense at all? FFXI's packets are chunked, compressed and encrypted. What you are implying is that SE has special hardware that does the following: - Tracks every connections current blowfish key state. (required to decrypt the packet chunks for every connection.) - Tracks every connections current sync count. (required to validate things are in sync.) - Decrypt every chunk for every connection via their unique individual blowfish keys. - Decompress every decrypted chunk. - Look for 'exploits' in said chunks. - Filter out said bad/invalid packets from each chunk. - Rebuild each chunk with said 'bad' packets removed. - Recompress, rehash, reencrypt each chunk. - etc. Like seriously..? You really think this is how they would approach an exploit instead of just checking a few extra conditions in the source code of the game? The amount of money this type of hardware costs, and the amount of overhead added to the network makes literally 0 sense to do for an MMO. Cpu said: » It's disgusting how much misinformation is being peddled in this thread. *All* manipulation of data comes from the client Edit: FYI, what Thorny is doing is using buzzwords and partially correct information to troll people who don't have the knowledge to fully comprehend their posts. It's juvenile and easily seen through by anyone who is actually in the industry. The only thing you've done in this topic, as well as in the past with the interactions I have had with you, are show how disconnected from reality you are. And how little you understand any of this subject material at all. There is a reason no one wants to interact with you. And a reason why no one looks at you as anything other than an annoying man-child. Yes, I am fully aware of who you are. Need a refresher on that? This is what you said to me the last time I ignored your attempts to play 'buddy' with me after your last nonsense and psychotic outburst where you tried to doxx Thorny to me and threaten his life. Code I love how everyone try’s to act like I’m not one of the Software Elites cod I seriously recommend you seek actual in-real-life mental health help. This is not to be a troll or for a meme. You literally need it. Offline
Posts: 249
Leviathan.Wiccaan said: » Cpu said: » How do speed hacks work? -- The client dictates how quickly the character can switch between two positions and relays that information to the server accordingly. The server performs ZERO verifications against the values provided. How do position hacks work? -- The client lets the server know the coordinates that the character is positioned at and the server treats it as such, once again, without any validation. This isn't anything special to FFXI, most MMOs are designed like this because of the amount of overhead that adding server side position syncing causes. All major MMOs are designed this exact same way. However, what isn't true in your post is that there is no validation. There is. FFXI has multiple levels of movement validation, it's just not used as a means to sync your position or enforce it. SE has added multiple different forms of this over the years. The first main/major ones were: 1. Position warping was monitored heavily in certain zones. FFXI has sub-regions within zones that the client uses to tell the server where you are in a zone, beyond just your XYZ coords. This is sent via the outgoing packet: 0x0F2 SE used this to track warp hacks back during the early CoP era to catch people in zones like Newton/Oldton Movalpolos. There are many sub-regions within each zone that are used for various triggers, shared resources to tell the server which subset of a trigger to use, etc. (An example of this is the docks in Port Jeuno, each desk is a separate subregion.) 2. Position warping was (and still is) monitored for zone trasitions happening too fast. If you warp between two zone lines too fast, the server will reject your zone request and say you failed to enter the next area. 3. Speed hacking was monitored at varying times/degrees since the early CoP era of the game. Just before Abyssea came out as well, SE implemented an auto-jailer system that would immediately jail you if you went over a certain speed amount. This was fairly short lived and only turned on for short bursts of time. When Abyssea came out and the additional level cap increases, new gear, and such were added, they stopped using this system for the most part because it was causing a lot of false positive jailing due to the conditional setup it had. Cpu said: » How did the HQ crafting exploit work? -- The client let the server know that the craft result was an HQ item, so of course, the server respected it and populated an HQ item into the character's inventory. If you're starting to see a pattern here then you're not alone, the client is king in all things related to cheating. This is not at all how synthing works. And is completely wrong with how this exploit worked. Firstly, crafting is nothing more than you telling the server what set of materials you are trying to combine together and with what crystal. (Outgoing packet 0x096 for anyone that wants to validate that.) The client does not have any handling of the synth that will be performed or what the result will be. The server handles all of that. Once you click ok to begin the synth, the server will immediately send back the response which contains the result of the craft. This is used to tell the client which animation to load and play. (Incoming packet 0x030, 0x06F and 0x070 are used for results.) This is how addons can see what the result will be before you even start to kneel down. The client does not tell the server the result at all, it has never worked that way for synthing. As for the actual exploit that happened, it was performed by cancelling the synth. Not altering/affecting the end result. Since I know this will be a 'not true' moment, here's the exact function that is used to send the synth request/attempt packet: Code char __cdecl FUNC_Synthesis_PrepareIngrediants(int a1) { int i; // eax int v2; // edx int v3; // esi unsigned __int16 v4; // di char v5; // dl unsigned __int16 v6; // ax int v7; // eax unsigned int v8; // et2 char result; // al for ( i = *(unsigned __int8 *)(a1 + 9) - 1; i > 0; --i ) { v2 = 0; v3 = i; v4 = *(_WORD *)(a1 + 2 * i + 10); if ( i > 0 ) { do { if ( *(_WORD *)(a1 + 2 * v2 + 10) > v4 ) { v3 = v2; v4 = *(_WORD *)(a1 + 2 * v2 + 10); } ++v2; } while ( v2 < i ); if ( v3 != i ) { *(_WORD *)(a1 + 2 * v3 + 10) = *(_WORD *)(a1 + 2 * i + 10); *(_WORD *)(a1 + 2 * i + 10) = v4; v5 = *(_BYTE *)(a1 + v3 + 26); *(_BYTE *)(a1 + v3 + 26) = *(_BYTE *)(a1 + i + 26); *(_BYTE *)(a1 + i + 26) = v5; } } } v6 = *(_WORD *)(a1 + 6); if ( v6 < 0x196Au || v6 >= 0x1972u ) { if ( v6 < 0x108Eu || v6 >= 0x1096u ) v7 = *(unsigned __int16 *)(a1 + 6); else v7 = *(unsigned __int16 *)(a1 + 6) - 142; } else { v7 = *(unsigned __int16 *)(a1 + 6) - 2410; } v8 = (v7 + 3) * (*(unsigned __int16 *)(a1 + 10) + 7) * ((unsigned int)*(unsigned __int8 *)(a1 + 9) + 5) % 0x7F; result = 1; *(_BYTE *)(a1 + 4) = v8; return result; } char __cdecl FUNC_Synthesis_StartSynth(int a1) { __int16 *v1; // esi char v3; // al int v4; // edi _BYTE *v5; // eax _WORD *v6; // ecx v1 = FUNC_BuildOutgoingPacket(0x96, 0, 0); if ( !v1 ) return 0; FUNC_Synthesis_PrepareIngrediants(a1); *((_BYTE *)v1 + 4) = *(_BYTE *)(a1 + 4); v1[3] = *(_WORD *)(a1 + 6); *((_BYTE *)v1 + 8) = *(_BYTE *)(a1 + 8); v3 = *(_BYTE *)(a1 + 9); *((_BYTE *)v1 + 9) = v3; if ( v3 ) { v4 = a1 - (_DWORD)v1; v5 = v1 + 13; v6 = v1 + 5; do { *v6 = *(_WORD *)((char *)v6 + v4); *v5 = v5[v4]; ++v6; ++v5; } while ( (int)&v5[-26 - (_DWORD)v1] < *((unsigned __int8 *)v1 + 9) ); } *(_DWORD *)(dword_104CD388 + 0x15818) = 1; FUNC_QueueOutgoingPacket_Wrap((int)v1, 34, 0); return 1; } Again, no where in this is the client telling the server the result. (And yes, this is dumped from FFXiMain.dll BEFORE SE was aware of the issue. If you want the current one to compare to, I'll post it as well, it's exactly the same.) Cpu said: » Now there's another factor that Thorny has alluded to in previous posts that we can dive into a little deeper. Packet size. First, this person would have you believe that the server itself uses a "3999 byte buffer for outgoing packets". Sorry, but that is not how computers work. When you see a storage capacity that dictates 1MB, it actually means 1024 kilobytes. How many people here have 3999 MB of RAM? Raise your hands. Zero, of course. You have 4.294 GB of RAM or some other exponential factor of 2. If you are going to try and insult people and then correct them, at least have valid information. '3999 byte buffer' does not equal 3999MB. Do you even know what a byte is? 3999 bytes doesn't even equal a single MB. RAM is also not required to be a divisible of 2 and your operating system does not require that either. Windows, Linux, etc. will all happily support non-divisible-by-two amounts of RAM. You can run with 5, 7, 9, 13, 15, etc. gigs of RAM. Cpu said: » Let's assume that this person was somehow correct and the maximum packet size was "3999 bytes". There is no need to assume when we can pull it from the client. He also didn't say the maximum packet size was 3999, he said the buffer was 3999 bytes. It is not the same thing. The client queues packets to be chunked together. This queue can hold up to 30 packets at once. (It is an array limited to a maximum of 30 packets, if all 30 slots are filled currently, the clients request to queue a new packet will fail.) Each of those packets can have a maximum of 508 bytes of packet data. (Due to how the id/size are packed together, the maximum size of a packets data is 508 bytes.) However, the client limits the uncompressed maximum chunk size to 4000 as seen via: Code v14 = FUNC_Huffman_EncodeLength((int)v9, v11, a6); if ( v14 + v23 + 4 >= (unsigned int)(*(_DWORD *)(dword_104CE0E4 + 0x448) - 0x31) || (v15 = 4 * (*v9 >> 9), v15 + v24 >= 4000) ) { Again, that is uncompressed. This is not what is actually sent to the server. FFXI has a flow of building chunks that are sent to the server. Basic jist, as I am not going to waste the time explaining it here knowing it's just going to be ignored, is that each client 'tick' will prepare the send queue, then the client will construct a compressed 'chunk' that has a maximum compressed size of 1360 bytes. That limit can be seen here: Code v11 = sub_100FA8F0((int)v19, a1 + 4, *((_WORD *)a1 + 3), *((_WORD *)a1 + 4), *((_WORD *)a1 + 5), dword_104CD384 + 252028); v12 = *((_BYTE *)a1 + 12); if ( v12 == 1 || v12 == 2 ) { v20 = 0; v8 = FUNC_EncryptBuffer((char *)(v9 + 4), 1360u, 0, v19, (int)v11, dword_104CD384 + 252028); } else { v13 = a1[4186]; v21 = a1[4185]; v22 = v13; v20 = 1; v8 = FUNC_EncryptBuffer((char *)(v9 + 4), 1360u, (int)(a1 + 0xC30), v19, (int)v11, dword_104CD384 + 252028); } The call to sub_100FA8F0 here is where the client is testing the 'best' optimial size packet that can be build, up to that uncompressed 3999 size. (Which is where that first chunk above showing that limit is from.) The remaining part is then compressing and encrypting the queued data that will fit into the buffer of 1360 bytes. (Compression is done via a Huffman tree table implementation, encryption is done via Blowfish. A hash is also appended before encryption as a anti-tamper measure, which is done via MD5.) The 1360 size is designed to help prevent / limit fragmentation. This is the lower bounds MTU of standard networks. (1400-1500 generally, not including Jumbo-Packet support.) The 1360 here is just the data chunk size as well, it does not account for the packet header data for the IP header, UDP header, etc. which are added after the fact. So yes, the 3999 byte buffer Thorny mentioned is correct. Cpu said: » Well guess what, these are UDP packets and as such they don't need to be confirmed by the recipient before the next one is sent. Transmission rate is just as important as packet size and completely eliminates the need for a throttled stream of inventory packets. The reason that the *4096* kb packets are throttled is because the network routers and firewall that Square Enix uses check for duplicate packets before transmitting anything. This prevents item duplication and a number of other exploits from being allowed through. Again this is misleading and wrong. The first part is misleading. You make the assumption that just because FFXI uses a UDP socket for its general traffic, that it just accepts the fact that packets are not guaranteed to be sent/received or in a specific order. It does not. Not even close either. XI has its own mini-protocol ontop of UDP. Packets include a sync counter that is used to ensure that you and the client are in proper sync of the packet flow for your socket. Both the incoming and outgoing packets have their own sync count. As well as an expected sync count that is stored in the client (and one on the server) to ensure that you are remaining in the expected range of incoming data. (The server has the same on their end for sending.) FFXI uses a priority system for certain packets as well, this is used to ensure that you send and receive 'critical' / 'important' packets. (ie. chat, monster pops, direct actions to you/your party, etc.) SE already confirmed this exists in a news post a while back. (I don't have it onhand to link to, but you can go look for it if you want in their news archive.) If your client fails to receive a critical chunk within a given timeframe/sync attempt, you'll be considered link-dead and be disconnected from the server. You can also see how this works in the client if you understand how the packet queue system works. Your second half of this is just completely wrong and makes absolutely no sense. '4096 kb' isn't even a valid size for UDP packets. They have a maximum of 65,535 bytes or 65.535kb. Not 4096kb like you are saying. As for your nonsense about firewalls, what the hell are you even saying at this point? Do you even know what a firewall is? What you are thinking of/speaking of is an ALG, not a firewall. And no, that makes absolutely no sense to make use of in this situation. Why would SE spend money/time on high-end, use-specific, expensive hardware rather than just add a simple 'if/then' statement to some code to block an exploit? What mental state do you live in to think that makes any sense at all? FFXI's packets are chunked, compressed and encrypted. What you are implying is that SE has special hardware that does the following: - Tracks every connections current blowfish key state. (required to decrypt the packet chunks for every connection.) - Tracks every connections current sync count. (required to validate things are in sync.) - Decrypt every chunk for every connection via their unique individual blowfish keys. - Decompress every decrypted chunk. - Look for 'exploits' in said chunks. - Filter out said bad/invalid packets from each chunk. - Rebuild each chunk with said 'bad' packets removed. - Recompress, rehash, reencrypt each chunk. - etc. Like seriously..? You really think this is how they would approach an exploit instead of just checking a few extra conditions in the source code of the game? The amount of money this type of hardware costs, and the amount of overhead added to the network makes literally 0 sense to do for an MMO. Cpu said: » It's disgusting how much misinformation is being peddled in this thread. *All* manipulation of data comes from the client Edit: FYI, what Thorny is doing is using buzzwords and partially correct information to troll people who don't have the knowledge to fully comprehend their posts. It's juvenile and easily seen through by anyone who is actually in the industry. The only thing you've done in this topic, as well as in the past with the interactions I have had with you, are show how disconnected from reality you are. And how little you understand any of this subject material at all. There is a reason no one wants to interact with you. And a reason why no one looks at you as anything other than an annoying man-child. Yes, I am fully aware of who you are. Need a refresher on that? This is what you said to me the last time I ignored your attempts to play 'buddy' with me after your last nonsense and psychotic outburst where you tried to doxx Thorny to me and threaten his life. Code I love how everyone try’s to act like I’m not one of the Software Elites cod I seriously recommend you seek actual in-real-life mental health help. This is not to be a troll or for a meme. You literally need it. I’m NASA trained btw… |
||
All FFXI content and images © 2002-2024 SQUARE ENIX CO., LTD. FINAL
FANTASY is a registered trademark of Square Enix Co., Ltd.
|