clientcrasher
Moderator: POL Developer
clientcrasher
Hello. I'm here to warn you about a malicious tool that has just emerged. It's called ClientCrasher.exe and apparently, it does not only crash the clients in its vicinity. It can also intercept logon packets, and then send ambigious packets towards clients which just logged on, kicking them from the server. Unfortunately I got to know the tool in sad circumstances, some of my shard players used it. Could you explain how exactly can it intercept POL packets?
here are some screens:
http://pinoslaw.republika.pl/pvp.rar
here are some screens:
http://pinoslaw.republika.pl/pvp.rar
hmm... only screenshots in the rar... btw, i think this tool can't hook anything but local packet stream between your client and the server
it's impossibile that it can hook ("spoof") other clients' packets.
however, to crash nearby client it can exploit some kind of client bug, i remember years ago there was something like this, it used strange speech colours to crash other clients
it's impossibile that it can hook ("spoof") other clients' packets.
however, to crash nearby client it can exploit some kind of client bug, i remember years ago there was something like this, it used strange speech colours to crash other clients
I know the tool works because I have heard so many complaints of people who actually get disconnected. The supposed 'ClientCrasher' has a function that allows it to track relogs, and then automagically kick the players, so that there's no chance for them to flee or anything really . It's not a bunch of EasyUO lines I bet.
This is one example of why I wanted a uo client of my own Muad. I am not sure how to hook into the real UO client's connection and send things so it would be easier to make my own client and try to crash everyone else.
It's probably a chat-type packet. It would have to be something that a client could send that the server would process and then send to another client or group of clients.
It's probably a chat-type packet. It would have to be something that a client could send that the server would process and then send to another client or group of clients.
Ok one of my players caught that malicious packet with razor packet logger:
pktlist.html desc:
Packet ID: 0xD9
Packet Name: Spy On Client
Packet Size: Variable
Sent By: Client
Submitted: MuadDib
Description
Sends information related to client pc's hardware, operating system, direct x, etc. Full packet information is still unknown.
Code: Select all
22:29:58.3175: Server -> Client 0xD9 (Length: 13)
0 1 2 3 4 5 6 7 8 9 A B C D E F
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
0000 44 01 0C F3 F3 44 44 44 28 03 D1 00 TTTTTTTTTTT..
Packet ID: 0xD9
Packet Name: Spy On Client
Packet Size: Variable
Sent By: Client
Submitted: MuadDib
Description
Sends information related to client pc's hardware, operating system, direct x, etc. Full packet information is still unknown.
Maybe this topic is already outdated but still...
If I were you, I'd focus on the invisible dead horses that are seen on the screenshots. Unless ofc that's perfectly normal on your shard.
Older clients (2.0+, dunno when it was fixed) can easily be crashed by certain hues of items or speech, etc.
When you're saying they "track relogging clients" so that they can't login again, it would suggest it's in fact no tracking, but simply the items still lying there.
If I were you, I'd focus on the invisible dead horses that are seen on the screenshots. Unless ofc that's perfectly normal on your shard.
Older clients (2.0+, dunno when it was fixed) can easily be crashed by certain hues of items or speech, etc.
When you're saying they "track relogging clients" so that they can't login again, it would suggest it's in fact no tracking, but simply the items still lying there.