Jump to content
aerodude30

Ruse Smithing Dupe Fix

Recommended Posts

Hey guys there's been a new cheat engine hack/dupe which has been affecting alot of 317 PI based servers its really really old but some server's dont have any protection against it and it has been resurfacing recently.

How it works

A player will manipulate client side values with the cheat engine software so that when you smith something lets say a bronze dagger through the smithing interface the server will instead turn your bronze bar into an AGS, Claws, Donor Scroll, Partyhat whatever.


How to stop it

You can stop this on your server side by sanitizing the input returned from the client before the physical "smithing" takes place. Basically what we are going to do is ensure that the values being returned from the client for the item smithed are the values that are expected and they have not been tampered with by a 3rd party i.e. (cheat engine) 

Go into EquipmentMaking.java and find the method called smithItem()

This method handles as you may have guessed actually taking the bronze bar from your inventory and giving you exp and a bronze dagger or whatever you happen to be smithing 

First we need to create a whitelist of values that we expect the be returned from the client. These values are all the items that can be smithed in the game. You cant smith a partyhat so that item id is not going to be included in the whitelist 

place this code just below the smithItem() 

 

Code:

Please login or register to see this code.

 

 

This code builds a primitive 32 bit integer array in the JVM which includes all the smithable items in the game. 

Now before the

Code:

Please login or register to see this code.

add this line 
 

Code:

Please login or register to see this code.

this is a little more complex at first sight but is actually super simple! 
Here we use Java 8's IntStream() to iterate through each element in the whitelist and check that the id of the itemToSmith is an actual smithable item and not something that has had its value manipulated by cheat engine 

just finish the code with this after

Code:

Please login or register to see this code.

to close out your if statement! 
 

Code:

Please login or register to see this code.

uncomment the last line if you wish to ipBan the user that tried to cheat and there you go! Dupe fixed!


 

Click here to view the original image of 1440x900px.


s99c0K2.png

Share this post


Link to post
Share on other sites

Improper fix.

 

Should map the data sent from the server to client and then verify when coming back from client to server.

In your scenario, you could still somehow cheat (yet wont be really efficient) by creating rune items with bronze items;

All you are doing is check if the item id given in the packet exists in the array, which is technically incorrect

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×