December 03, 2012

GM impersonation fix in 5.0.5

Official note.

In fact, runewaker was added an additional "real" class value in chat packets, that filled by server. So, when you receive any chat message, you get a two "class1" fields: one from sending person and one ("official class") from server :D

If someone (Mage 75 / Priest 70 for example) will try to hack his own client to "become GM" in chat (GM 200 / Warrior 100) and send a chat message (to zone/channel/guild or wisper), another players will se him as "Mage 200 / Warrior 100". Message and class colors would be from Mage also.

Note that Inquire (AskPlayerInfo("Player") Lua function) still returns a possible hacked information. But GetGuildRosterInfo() returned from server and cannot be hacked.

update: on Russian official servers this "secure" class chat field filled with random (trash) values, so guild mates will see a "random" class color :))

4 comments:

  1. Anonymous4/12/12 18:19

    Hello, can someone tell me how activate DEBUG chat, and get me link please? sorry for my bad english. thanks!

    ReplyDelete
  2. Anonymous4/12/12 20:25

    What is the value of ?

    ReplyDelete