Problem description:
Really I'm not sure which category this belongs too, but it has to do with someone 'hacking?' my server and somehow they have all the admin verbs and are able to edit their stats, however even I don't have an edit verb for myself, and i'm the owner. I want to say cheat engine but I don't really think cheat engine is anywhere close to cracking something that isn't a flash game. Any help would be appreciated, (he can do this on alts too and changes ip by using static and/or dynamic so no point banning him.)
1
2
ID:2043691
Feb 25 2016, 3:29 pm
|
|
In response to Kozuma3
|
|
The weird thing is none of the other players did it, I used alts(I haven't tried guest keys). I searched for his and his alt keys in source and they didn't appear.
|
In response to Kozuma3
|
|
How :o, I don't have check ip. Also I don't think its possible to get admin on ip.
|
or look for world.Export/Import in the source and see if they're trying to gather data from a URL to read from.
|
mob There is one |
In response to Dragonpearl123
|
|
Dragonpearl123 wrote:
How :o, I don't have check ip. Also I don't think its possible to get admin on ip. As in it's 'hard-coded' in the source maybe, or a hidden verb/command. |
In response to Dragonpearl123
|
|
That's for retrieving bans from a web page, keep looking D:
|
In response to Kozuma3
|
|
Thats it D:
|
Panic D:
Na, try and look for a verb/proc that's hidden or call()()'d on? Look for ctrl+F -> "set hidden =" |
In response to Kozuma3
|
|
What is that call()()'d on part mean?
|
In response to Dragonpearl123
|
|
Dragonpearl123 wrote:
What is that call()()'d on part mean? --> call <-- in the reference. Just another way someone could give themselves verbs through the use of calling another proc idk I'm trying to think up all the ways they could be do it o-o |
In response to Kozuma3
|
|
Don't worry it baffled me too. :x
|
Are you using client-side savefiles? If so, he may just be editing his save and adding verbs to his verb list and changing his other stats. Heck, if you save/load by directly outputting the mob (eg savefile["player"] << src), a malicious player can do all sort of crazy things by editing the file (including creating objects and overwriting parts of the map)
|
In response to DarkCampainger
|
|
I am not doing anything like that, i'm saving it on the host side.
|
In response to Nadrew
|
|
Well yep world/Topic(T as text, Address, Master, Key) return
|
Nothing else? Are you using a ripped source or something of that nature? Most of those have tons of exploits in them and they're fairly common knowledge among the community of people who troll those games.
|
In response to Nadrew
|
|
Well there was a previous version of this source released to all, but I bought the game from the owner and this is the updated one.
Edit: client/Topic(href,href_list[]) That is the other topic. Also I bought the source for educational purposes |
1
2
And cheat engine wouldn't work as it's all done on the server side :) you'd have to be the host.