Steal anything with ACTION packet!

Lineage II English & Greek Section => Lineage II Exploits [English] => Topic started by: axaxa on April 14, 2011, 07:47:02 AM



axaxa on April 14, 2011, 07:47:02 AM
[Hidden post: This post has been hidden by a moderator.]

[Unhidden Text:]:
Bug runs on almost all servers Interlude

Catching package Action (select yourself), send to "Sending window"
Looking for donator (or noob, enemy/etc)
Invite him to party
Ask him to show weapon/armor/epic (say him, that you will buy it for a great price)

When he put his weapon into TRADE window, you recieve TradeOtherAdd packet. (from server!)
Copy ObjectID of weapon
Select this player (donator), you will obtain packet Action. (from client)
Then change OID in this packet to the OID of weapon (from TradeOtherAdd packet)

Send Action packet to the server (you will obtain his weapon) and do relogin.
After relogin, the weapon will be in your inventory forever, and after donator put his weapon off or do relogin, he will realise, that he lost his weapon!


Works greatfully on all Interlude JAVA servers!


+bonus!

http://www.youtube.com/watch?v=f89VlutAU-0


Finito on April 14, 2011, 07:55:24 AM
[Hidden post: This post has been hidden by a moderator.]

Oh , this must be the uber exploit working on IL Java servers
(i am not joking)

Wanna test it in next server i try.

We would greatly appreciate if you could make a video exploiting with Trade packets

@Μembers

Please hide your reply with much karma ;)


disel92 on April 14, 2011, 08:13:32 AM
[Hidden post: This post has been hidden by a moderator.]

THIS IS AMAZING LOL !


Azumaril$ on April 14, 2011, 08:30:18 AM
[Hidden post: This post has been hidden by a moderator.]

the item is dropped down on the ground?


xDunno on April 14, 2011, 09:34:18 AM
[Hidden post: This post has been hidden by a moderator.]

if it realy works hide it for 800 post.

Well like this i dupe'd my own weapon but after RR it gone.

Then i trade'd one guy try'ed to steal his weapon and (i made action packet etc) it was writing that i failed to pick up his weapon after 2x try the item was on ground just was not able to pick up :D


P.S. But i was not in pt whit him.


extatik on April 14, 2011, 10:13:42 AM
[Hidden post: This post has been hidden by a moderator.]

target get dc, and u dont get anything :) or you get message sorry, but this item is buget, you cant pick up it..


Ant0/FLaShaN on April 14, 2011, 10:46:17 AM
[Hidden post: This post has been hidden by a moderator.]

looks great. hope it works


xDunno on April 14, 2011, 10:55:52 AM
[Hidden post: This post has been hidden by a moderator.]

target get dc, and u dont get anything :) or you get message sorry, but this item is buget, you cant pick up it..

True but in this bug is one more bug when owner logs item is still on ground but bugged. But owner can pick it UP and his item will gone gone from his inventor and server (duped item and his own item)


Azumaril$ on April 14, 2011, 11:04:12 AM
[Hidden post: This post has been hidden by a moderator.]

i recieve TradeOtherAdd packet on green. and it is always: 21 01 00 00 00 17 0B 01 10 98 1D 00 00 01 00 00 00 00 00 00 00 00 40 00 00 01 00 00 00 00 00

plz help.!


axaxa on April 14, 2011, 11:04:38 AM
[Hidden post: This post has been hidden by a moderator.]

if it realy works hide it for 800 post.

Well like this i dupe'd my own weapon but after RR it gone.

Then i trade'd one guy try'ed to steal his weapon and (i made action packet etc) it was writing that i failed to pick up his weapon after 2x try the item was on ground just was not able to pick up :D


yeah, it's dupe and you should prepare action packet, send your weapon to WH, send Action packet, remove/insert SA in the weapon) (to change it's OID)

you should invite him to your party not "random", but "finders keeper"!!! then if you send packet, your char (you must be in part with noob-donator) will pick up his weapon!


axaxa on April 14, 2011, 11:07:59 AM
[Hidden post: This post has been hidden by a moderator.]

i recieve TradeOtherAdd packet on green. and it is always: 21 01 00 00 00 17 0B 01 10 98 1D 00 00 01 00 00 00 00 00 00 00 00 40 00 00 01 00 00 00 00 00

plz help.!

TradeOtherAdd - this packet contains OID of somebody's weapon/armor/etc
try to put to trade window something else. for example: if first time you put arcana mace, next time try to put draconic bow and see the diference!


Azumaril$ on April 14, 2011, 11:08:01 AM
[Hidden post: This post has been hidden by a moderator.]

i recieve TradeOtherAdd packet on green. and it is always: 21 01 00 00 00 17 0B 01 10 98 1D 00 00 01 00 00 00 00 00 00 00 00 40 00 00 01 00 00 00 00 00

plz help.!
what can i do?..


axaxa on April 14, 2011, 11:08:39 AM
[Hidden post: This post has been hidden by a moderator.]

TradeOtherAdd - this packet contains OID of somebody's weapon/armor/etc
try to put to trade window something else. for example: if first time you put arcana mace, next time try to put draconic bow and see the diference!


xDunno on April 14, 2011, 11:10:07 AM
[Hidden post: This post has been hidden by a moderator.]


yeah, it's dupe and you should prepare action packet, send your weapon to WH, send Action packet, remove/insert SA in the weapon) (to change it's OID)

you should invite him to your party not "random", but "finders keeper"!!! then if you send packet, your char (you must be in part with noob-donator) will pick up his weapon!

Now i get it why need pt :> and That WH dupe part  its intresting. I should remove/add SA from Action OID or from weapon wich is in wh.


P.S. +1 Karma from me


Azumaril$ on April 14, 2011, 11:11:11 AM
[Hidden post: This post has been hidden by a moderator.]

TradeOtherAdd - this packet contains OID of somebody's weapon/armor/etc
try to put to trade window something else. for example: if first time you put arcana mace, next time try to put draconic bow and see the diference!
i got:

FB-> 21 01 00 00 00 27 10 01 10 B6 19 00 00 01 00 00 00 00 00 00 00 80 00 00 00 00 00 00 00 00 00
DB->21 01 00 00 00 17 0B 01 10 98 1D 00 00 01 00 00 00 00 00 00 00 00 40 00 00 01 00 00 00 00 00
What is the object weapon:S


axaxa on April 14, 2011, 11:19:19 AM
[Hidden post: This post has been hidden by a moderator.]

first OID:       27 10 01 10
second OID:  17 0B 01 10
when you get action packet, look on the packet window. there are will be colorized OID bytes.


ps: i'm going to sleep now, tomorrow i will try to answer all your questions i think)

thx for karma 8)


Azumaril$ on April 14, 2011, 11:20:53 AM
[Hidden post: This post has been hidden by a moderator.]

first OID:       27 10 01 10
second OID:  17 0B 01 10
when you get action packet, look on the packet window. there are will be colorized OID bytes.
yyy that is what i say!! they dont appear at me( only at this packet)


Nefer on April 14, 2011, 11:32:57 AM
[Hidden post: This post has been hidden by a moderator.]

Tested. This exploit works fine on more Server and pack.

GJ


blubb on April 14, 2011, 01:19:31 PM
[Hidden post: This post has been hidden by a moderator.]

Tested but doesn't work on the Gracia Final Server i play :/


axaxa on April 15, 2011, 08:24:55 PM
[Hidden post: This post has been hidden by a moderator.]

Tested but doesn't work on the Gracia Final Server i play :/

works ONLY on Interlude JAVA.


Ant0/FLaShaN on April 16, 2011, 12:18:31 AM
hidden by a moderator? that means it realy works?

answer do not cost money... so please, thanks


Finito on April 16, 2011, 12:19:52 AM
hidden by a moderator? that means it realy works?

answer do not cost money... so please, thanks
Yes that's the bug,with which you can steal enemy's items by just seeing his item at trade window..


Ant0/FLaShaN on April 16, 2011, 12:36:33 AM
Yes that's the bug,with which you can steal enemy's items by just seeing his item at trade window..

logging daily gives u advantages... i go this before moderator hidded it.
My question is if this works well. I rly appreciate ur answer but dont solve my question


xDunno on April 16, 2011, 01:01:43 AM
logging daily gives u advantages... i go this before moderator hidded it.
My question is if this works well. I rly appreciate ur answer but dont solve my question

It works perfect.


Raule on April 16, 2011, 01:09:01 AM
That's awesome.

Read your pm axaxa.


disel92 on April 16, 2011, 01:51:38 AM
me too saw it before hidden... but i didnt copy it ;/
this is sick  you can steal donate items and they will not know where is his items :d


extatik on April 16, 2011, 04:02:02 AM
it works, but not at all servers :)


axaxa on April 16, 2011, 09:29:51 AM
me too saw it before hidden... but i didnt copy it ;/
this is sick  you can steal donate items and they will not know where is his items :d


but they can write admin and he will be confused xD


tati on April 16, 2011, 11:29:01 AM
Does this exploit work for Epilogue and Freya?


Kidutz on April 16, 2011, 11:35:30 AM
I copied Ubject Id  from TradeOtherAdd to Action ( pachet when you target victim ). I repleace Action Object Id with TradeOtherAdd Object ID.
I send action pachet and i get disconnect ...


nobless94 on April 16, 2011, 01:40:50 PM
why hided?? I want to see..


Leluche on April 16, 2011, 07:50:11 PM
I dont think you need either the party or the trade. You can easily get the objectId of the item in other ways. And the party, i dont get why is it needed. From a first look its just that the server thinks you are picking up his object from the ground ... So why would a party be needed ?


axaxa on April 16, 2011, 08:37:00 PM
hm

when you are in party with him, send packet and (i think) this packet simulates his pick up...
if you aren't in party, you can't get weapon
i tried


Leluche on April 16, 2011, 09:11:27 PM
So where did you find that exploit exactly ? Cause judging from what you say, you dont know how exactly it works do you :) ? ( PS texted it with codex_ex , we managed to get consumables deleted from a player without party, no pickup yet cause it still belongs in the target ).


extatik on April 16, 2011, 09:23:05 PM
U need to get that person from example weapon objid, than u dont need to do trade :) u just need to invite him to party :)


Leluche on April 16, 2011, 09:38:52 PM
[Hidden post: This post has been hidden by a moderator.]

Thats a smart guy ;) Exactly. You can get his item objectid even if he has a private shop. YOu check his private shop, get the object id, then make him friend after 4 days, get him too party, do the exploiting packet , bye bye item ;)


magaki13 on April 16, 2011, 09:41:04 PM
[Unhidden Text:]:
So where did you find that exploit exactly ? Cause judging from what you say, you dont know how exactly it works do you :) ? ( PS texted it with codex_ex , we managed to get consumables deleted from a player without party, no pickup yet cause it still belongs in the target ).
I tried it many times. If you aren't in party, you can't pick it up in any way and no one can except the real owner. Plus that if he picks it up it may disappear.

U need to get that person from example weapon objid, than u dont need to do trade :) u just need to invite him to party :)
Exaclty, trade is just a way to get objid.


Leluche on April 16, 2011, 09:47:48 PM
I wonder what will happen if the item belongs in some clan warehouse ... ;)


magaki13 on April 16, 2011, 09:50:38 PM
I wonder what will happen if the item belongs in some clan warehouse ... ;)
Hmm.. You got something in your mind, don't you? ;3


Leluche on April 16, 2011, 10:05:46 PM
[Hidden post: This post has been hidden by a moderator.]

Im checking atm what ownerId the item gets when its stored to the clan warehouse. If it gets itself or zero, then assuming you know the objectid of the item that is in the clan warehouse, you can pick it up from there without any need for party :)

Here's part of l2jbrazil code ( same in other packs too ):

if (target.getOwnerId() != 0 && target.getOwnerId() != getObjectId() && !isInLooterParty(target.getOwnerId()))
{
//Here it blocks the item pick up if the above conditions work;
}

So it says, that each item has an ownerid. If it is not zero and not itself and the actor of pickup is not in party with the object owner then block it. So if when it gets stored in warehouse it gets a zero or self owner ;) GG.

EDIT:

Bad news : ClanWarehouse :

@Override
   public int getOwnerId() { return _clan.getClanId(); }

You cant pick the clan warehouse, damn :(

EDIT2:

By the way , did anyone check freya l2jserver code ? It could be vulnerable too if this is a 0day exploit ;)


Nefer on April 16, 2011, 10:52:57 PM
By the way , did anyone check freya l2jserver code ? It could be vulnerable too if this is a 0day exploit ;)

Leluche this is a very old exploit. :)

With this exploit you can also dupe all the items that you want. The method is the same. If works this works also dupe items.

ps: i will send to you the video...


magaki13 on April 16, 2011, 11:28:59 PM
Leluche this is a very old exploit. :)

With this exploit you can also dupe all the items that you want. The method is the same. If works this works also dupe items.

ps: i will send to you the video...
Yeap, I tried it. :p


Leluche on April 17, 2011, 12:04:06 AM
Oh ok. How come it was not posted ? Personally i had no knowledge about it. And i wonder why most packs dont have it fixed if it is so old.


Psyko on April 17, 2011, 07:26:30 AM
can any1 remove this "hide"?=/


Leluche on April 17, 2011, 07:50:53 AM
Why , are you from l2jbrazil and wanna fix it :) ?


Finito on April 17, 2011, 07:52:39 AM
please,who posts,hide your post for some karma  :)


Psyko on April 17, 2011, 10:13:17 AM
Why , are you from l2jbrazil and wanna fix it :) ?
lol only cuz i'm brazilian?l2jbrazil sucks ;s


Ant0/FLaShaN on April 17, 2011, 01:08:28 PM
this is awesome and works as sh1t!!

Rly good job!

PD: tnx for answering my doubt, very usefull


BigGreen on April 17, 2011, 01:15:13 PM
me too saw it before hidden... but i didnt copy it ;/
this is sick  you can steal donate items and they will not know where is his items :d

same thing here my friend,but anyway,maybe it`s better this way...now the exploit is safe and won`t be fixed any soon :)


L2nusia on April 18, 2011, 02:29:22 AM
Nie ma takiego bicia! Synek Bo jak ja Cię pierdo**lne, to się krwią zalejesz!


spacef0x on April 18, 2011, 10:03:08 AM
..


tati on April 18, 2011, 11:56:51 AM
This doesnt work for freya :s


BigGreen on April 18, 2011, 02:42:23 PM
Guys,a question,how can we get the object id without actually trading the person ? ty


Leluche on April 18, 2011, 07:59:28 PM
If he has private shop , all his "shop" items get broadcasted.


An4rchy on April 18, 2011, 09:59:01 PM
please,who posts,hide your post for some karma  :)
no no failz. you have 16 c'mon.


magaki13 on April 18, 2011, 10:02:58 PM
no no failz. you have 16 c'mon.
You're donor, you can still see the hidden content. xd


BigGreen on April 19, 2011, 12:37:56 AM
[Hidden post: This post has been hidden by a moderator.]

If he has private shop , all his "shop" items get broadcasted.

hehe y i wasnt thinking at this good point, xD, you can just go away without party or trade send the packets(then the item will be spawned) then just invite him to your party for a sec( any reason),pick up the item and qq ;D


BigGreen on April 19, 2011, 05:56:49 AM
anyway i can`t dupe with wh,when i deposit my item then send the packet yes i get,but if i restart/check my warehouse there is nothing in there..:-S


L2Demonic on April 19, 2011, 07:48:17 AM
really nice exploit and work in all IL java server :)

i test on 4 random servers and work


fixed in l2demonic


DjNanos on April 19, 2011, 09:31:01 AM
Excuse me for asking something so noobish but... can you tell me what do you mean by "ACTION packet" ?
Is it something like phx/hlapex etc?...


BigGreen on April 19, 2011, 10:24:13 AM
[Hidden post: This post has been hidden by a moderator.]

Excuse me for asking something so noobish but... can you tell me what do you mean by "ACTION packet" ?
Is it something like phx/hlapex etc?...

lol no,it is the packet you get from phx,for example,when you target yourself or some1,you will get in sniffer ""Action"" packet..:)


skzm07 on April 19, 2011, 02:13:44 PM
only interlude java servers?


extatik on April 19, 2011, 10:20:04 PM
maybe someone know good servers where its work with big on ? for example like L2ex.lt +450on totally danation server ;)


کє©яєŤ™ on April 20, 2011, 01:04:19 AM
when i start to ... with other player show me only ......//....didn't appears,but he has add Bow for example.How can i solve it?
because i can't hide it now i modify it .


magaki13 on April 20, 2011, 01:05:43 AM
[Hidden post: This post has been hidden by a moderator.]

[Unhidden Text:]:
First of all, hide your replies guys, fro -beep-s sake.

@Secret
On the packet sniffer tick both "From server" and "From client" options.


کє©яєŤ™ on April 20, 2011, 01:10:15 AM
the same result :S sould i close "remember packets"?


d00m.sh4d0w on April 22, 2011, 01:08:30 AM
lol man :(


XiXSpirosFearXiX on April 30, 2011, 11:51:40 PM
Ty very much!! I will try it now in L2Core As I Have Seen it works!


Zake on May 01, 2011, 12:00:30 AM
what the hellz0r? Oo


Capu on May 01, 2011, 12:01:43 AM
can i have the name of song ? xD
Sorry for offtopic


Thelion on May 09, 2011, 10:13:42 AM
How come i can't see the posts =/ It says hidden by a moderator .. :(


Ant0/FLaShaN on May 12, 2011, 09:02:56 AM
this is the most f*cking amazing cheat I've ever found. I swear it works.


danisph79 on May 12, 2011, 01:37:45 PM
what are my chances to get this information on personal message ?


leoadrian on June 29, 2011, 06:08:38 PM
how to see this post?