This exploit has been around on eMS for a long, long while.
- Game Version:
- eMS v104.1
I used to get told about this more then a year ago by Doxie and Craig.
It has now, however, been released on gMS, and seeing that Chimera is using it to disconnect random people, plus bragging about it in the shoutbox, i guess it's time to make it publicly available here aswell.
[header (word)] [chat_type (byte)] [amount_of_character_ids (byte)] [character_ids (dword)] [message (string)]
The below packet contains the correct header for eMS v104.1
0C 01 XX 01 10 15 07 00 03 00 68 61 69
XX is the chat_type, underneat i will give examples:
00 = Buddy Chat (Requires you to have atleast one buddy)
01 = Party Chat (Requires to be in a party)
02 = Guild Chat (Requires to be in a guild)
03 = Alliance Chat (Requires to be in an alliance)
06 = Expedition Chat (Requires to be in an expedition)
Nexon has add a check where you can only send this chat_packet once per 250ms or so, this probably to avoid straight spamming.
However, they forgot to put a check in place where you cannot add the same persons character_id over and over again, which enables you to send a message to someone 100 times per sent packet, this opens op for a DC exploit.
I coded a little program a while ago which will generate a proper DC packet if you provide the persons character_id.
this is what the tool looks like:
Please insert the character id in this format: 00 00 00 00, press Generate DC code, press Copy to clipboard, paste the packet in whatever packetsender you may use, voila.