The vid
http://www.youtube.com/watch?feature=pla...hS7rkO4u6k
At first I managed to modify the quantity of stuffs into 99 (client side). Then later I managed to turn my grisahl greens into allagan pieces using same Cheat Engine by modifying the itemid. When I try to sell those at the NPC just like that vid it said "Error occured during transation" anyone have luck turning stuffs into Allagan pieces?
Considering this website is dedicated to MMOMinion products and bots exclusively, I don't believe you'll find your answer here since this does not pertain to the above. Perhaps try ownedcore for more advice.
Quote:Quote Originally Posted by SAUSER
So, uh, a couple pages back someone was asking how people were gaining levels in crafting immediately - if there was a bot that was doing it.
It turns out the answer is yes, and some Japanese players have figured out how. Details here:
???????FF14???????????????????? : ????????2chJacklog
Apparently by simply sifting through the Lua scripting that FF14 uses, people were able to figure out a JSON query that would retrieve your character's information from the character database. Further, any commands you send to the database are simply... not checked at all, and the database just takes the input commands and MODIFIES YOUR DATA DIRECTLY.
That means it was/is possible to simply tell the server "make me level 50 and give me six billion gil" and the server will... happily do it.
That is some high-quality programming, server input sanitisation and security right there. Good shit. In the year of our Lord 2013 you can simply send a Javascript request to SE's servers and give yourself billions upon billions of gold
Quote:You can literally convert any item to any item. I found a video of someone buying 99 potions from the store, then converting them to 99 Allagan gold pieces and selling them right back.
This is probably - and I'm not going to mince words here - the shittiest implementation of server ANYTHING in any modern online game.
I'm working on verifying it myself now. I'm familiar with JSON but not with Lua so it will probably take me at least a day or two to work through it.
If it checks out I'mma pitch it as a story to my editor because
vvvvvv no idea. I've attached a decompiler to the client and am working through it. I am also guessing the following is true:
- given that we haven't seen anybody successfully changing the character info of other players' characters (at least, I assume this to be the case) that should indicate that you may only have access to characters you own. I am unsure if that means verification (username/password, or a signal from the client) is sent along with the GET query. My guess is that the client itself may be using the exact same query to update your info when you perform a legitimate transaction, in which case it may be beneficial to analyse the network output from the client - but that would be a nightmare to dig through and would take some time.
- they may be logging server activity, but as above if the query being used to give yourself gil is the same as the query the client is using, that would mean that on their end there's no way to tell which is legit and which isn't. They would have to do a search for unreasonable queries (e.g. giving yourself six billion gil) but if you kept just, say, giving yourself a few gold pieces every now and then that would be nigh-undetectable without going through the millions of transactions by hand.
- if I want more detailed instructions on this I will have to get on the usual Usenet boards where the Chinese contingent of online game hackers hangs out. that will take a bit to get a workable reply, or to sift through all the info too.
Quote:Also, I managed to verify the database exploit I posted about earlier. While I didn't manage to change character info of accounts I didn't own, there is close to nothing you can't do to your own character - leveling every craft to 50, giving yourself more gold than the rest of the server combined, all these are valid database transactions. I won't go into the exact execution details of the exploit here except to say that if SE doesn't comprehensively rework the way it is accepting and storing data from the client, this game will be plagued by hacking and duping its entire lifecycle. Even if they shut the door on this particular exploit, there's every indication that if they didn't follow basic security practices here, they didn't follow them elsewhere either.
I've dashed off an email with the details to my contact at SE, so that they can fix it before the story runs, but I can already guess what they're going to reply with, assuming they acknowledge receipt at all: "No comment at this time.
Basically. unless u hack the actual database server, u wont be able to do it. And it will be fixed soon. and you'll probably be banned if u do it. Its not a server side hack its a SE side hack
Heya ,
While its true this is risky it was stil profitable , I bought a separate account just for this , made a few simple adjustments and didnt just dupe one thing , While it was slower the "ban and gil wipe" didnt hit me so yea , there is literally billions of gil thats duped floating around now .
Good luck finding this publicly leaked :P
Meh I gave up. Thanks to MMOMinion, this thing really help me at finding specific item's itmid on the game. In the end I could dupe anything but only client side which is sad :( on the way I also found a way to modify your stats into like 1000STR, but again it's client side lol, no change on output damage.
(10-14-2013, 03:04 PM)Unreal Wrote: [ -> ]Heya ,
While its true this is risky it was stil profitable , I bought a separate account just for this , made a few simple adjustments and didnt just dupe one thing , While it was slower the "ban and gil wipe" didnt hit me so yea , there is literally billions of gil thats duped floating around now .
Yea, look at the gills that appears out of nowhere, looks tasty. And that's the reason why SE been confiscating all those gills, causing those innocent Crafters QQing at forums. Well it can't be helped, the gill weren't supposed to be there at the first place.
Greed, is the only thing that lead into banhammer. I'm sure SE wouldn't know if you just dupe like 1 Tin Allagan pieces lol. Unless they happen to check player's log one by one.
You can hardly call it greed now can you :) Essentially even botting is "greedy" then . Its as simple as first come first served unfortunately (and yea the chineese were probably the first again lol)
maybe there are other ways, but this method is fixed.