Help me work out how to exploit shops

[testthisaccount123]

Hi,

Guys, let's all work together!
I am trying to find a way to exploit shops to open shops by not technically being in that map.
What I have learned so far:

1. It is the SERVER that kicks you out if you open a shop inappropriately, NOT the client
2. You can OPEN ANY shop using the packet tamperer (even rare/seasonal ones I believe), but if you buy something and the server checks that you are not on the correct map, then you get kicked out
3. The client stores the shop(s?) that you have previously loaded (to your cache?) so you can OPEN (load) them again even if you go to a different map, but if you try and buy something from them, it's the same as point number 2

Anyone else want to join and we can work together to find out how this shop thing works and what the boundaries are, so we can find a way to exploit it and load shops from where you shouldn't be able to?
We will be legends if we manage to work it out!

Thanks

[Geeld]

you cant, because we cant send 2 packets quickly like server do it

Code:

Cilent:
%xt%zm%buyItem%130531%46758%712%6171%

Server:
{"t":"xt","b":{"r":-1,"o":{"cmd":"buyItem","bitSuccess":1,"bBank":0,"CharItemID":1.528506001E9}}}

Code:

Cilent:
<msg t='sys'><body action='joinOK' r='131554'><pid id='1'/><vars /><uLs r='131554'><u i='25587' m='0' s='0' p='1'><n><![CDATA[char name]]></n><vars></vars></u></uLs></body></msg>

Server:
{"t":"xt","b":{"r":-1,"o":{"cmd":"moveToArea","areaName":"doom-31423","uoBranch":[{"strFrame":"Enter","intMP":100,"intLevel":1,"entID":25587,"strPad":"Spawn","intMPMax":100,"intHP":395,"afk":false,"intHPMax":395,"ty":0,"tx":0,"intState":1,"entType":"p","showHelm":true,"showCloak":true,"strUsername":"char name","uoName":"char name"}],"strMapFileName":"WheelOfDoom/town-WheelOfDoom-18Nov19.swf","intType":"1","monBranch":[],"sExtra":"","areaId":131554,"strMapName":"doom"}}}

i think if it can, the old botters will do it

[testthisaccount123]

you cant, because we cant send 2 packets quickly like server do it

Code:

Cilent:
%xt%zm%buyItem%130531%46758%712%6171%

Server:
{"t":"xt","b":{"r":-1,"o":{"cmd":"buyItem","bitSuccess":1,"bBank":0,"CharItemID":1.528506001E9}}}

Code:

Cilent:
<msg t='sys'><body action='joinOK' r='131554'><pid id='1'/><vars /><uLs r='131554'><u i='25587' m='0' s='0' p='1'><n><![CDATA[char name]]></n><vars></vars></u></uLs></body></msg>

Server:
{"t":"xt","b":{"r":-1,"o":{"cmd":"moveToArea","areaName":"doom-31423","uoBranch":[{"strFrame":"Enter","intMP":100,"intLevel":1,"entID":25587,"strPad":"Spawn","intMPMax":100,"intHP":395,"afk":false,"intHPMax":395,"ty":0,"tx":0,"intState":1,"entType":"p","showHelm":true,"showCloak":true,"strUsername":"char name","uoName":"char name"}],"strMapFileName":"WheelOfDoom/town-WheelOfDoom-18Nov19.swf","intType":"1","monBranch":[],"sExtra":"","areaId":131554,"strMapName":"doom"}}}

i think if it can, the old botters will do it

I mean, to be fair, there are multiple things that people only found out years into the game and publicised -- e.g. the old AC exploit, the temp items and items glitch etc.
So it's also possible that someone has found a way, but just kept it to themselves?

We just need one vulnerability
One flaw
And we will be in

Even if there is no way to force buy shop items, if we just find some way to get us into a seasonal/rare map -- even for 1 second or so, we could blast this thing wide open and do so much with it potentially.

I feel like if someone ever finds a way to join locked zones such as Tercess from battleon itself, we might be able to apply similar principles to get into seasonal/rare maps too

[unsainted]

I would encourage you to keep looking and trying things. If there is one thing I have learned while messing with this game, it's that whoever wrote the server software did not know what they were doing. It's extremely buggy and unpredictable.

To give you an idea of just how poorly written it is, here is how the latest AC exploit worked (patched now, so don't attempt it):

1. Buy an AC item and log the packet, or construct such a packet manually
2. Place a space in the item id (which is a numeric value) in the packet. For example, "1234" would be changed to "12 34"
3. Send it

This resulted in you receiving the item while your ACs remained untouched, and you could sell the item for ACs.
As a programmer, this might be the funniest thing I have ever seen so far. There are so many things you have to mess up in the code for something like this to happen.

Good luck.

[ROBUT]

I think that you have visit that place once in order to open the shop in different map, I don't know if my way of thinking is right tho!

[testthisaccount123]

I would encourage you to keep looking and trying things. If there is one thing I have learned while messing with this game, it's that whoever wrote the server software did not know what they were doing. It's extremely buggy and unpredictable.

To give you an idea of just how poorly written it is, here is how the latest AC exploit worked (patched now, so don't attempt it):

1. Buy an AC item and log the packet, or construct such a packet manually
2. Place a space in the item id (which is a numeric value) in the packet. For example, "1234" would be changed to "12 34"
3. Send it

This resulted in you receiving the item while your ACs remained untouched, and you could sell the item for ACs.
As a programmer, this might be the funniest thing I have ever seen so far. There are so many things you have to mess up in the code for something like this to happen.

Good luck.

Haha, thank you for that explanation!!! I'd always wondered exactly how that one worked!
That's HILARIOUS!

Exactly, that's the spirit! Perhaps, we can explore and find some more things!

[EvilErgoth]

Haha, thank you for that explanation!!! I'd always wondered exactly how that one worked!
That's HILARIOUS!

Exactly, that's the spirit! Perhaps, we can explore and find some more things!

I have a theory that I will practice you said it reminded me of put an item id, Put Spacket Buy To see what happens
DESCONECT 'NOT FUCKING BUT NOT AND IMMUNE SYSTEM

[testthisaccount123]

I have a theory that I will practice you said it reminded me of put an item id, Put Spacket Buy To see what happens
DESCONECT 'NOT FUCKING BUT NOT AND IMMUNE SYSTEM

Sorry, man
I didn't understand what you meant

[Dr@ke]

contact me on im testthisaccount123

[[MPGH]meme]

why do i get the feeling that this should actually be titled "tell me how to exploit shops or find a new exploit and give it to me"

[sokoroto]

Contact me I'm interested working with you and help you.