• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

Market System Cloning items

dfs1

dfs1

Member
Joined
Aug 27, 2011
Messages
82
Solutions
1
Reaction score
8
good day community, I discovered that on servers 10-12 in the market you can duplicate items, I really don't know how to solve that, that's why I ask for help but I don't want everyone to know this because it would be chaos for the servers that are already open.

market.PNG
 
Solution
zbizu
Tested on 1.4, 1.4.1, master branch and my fork.

Tfs: Not bugged.
Canary: probably not bugged (looking at the code)
old otbr engine: probably bugged (looking at the code)

The bugged instruction:
https://github.com/opentibiabr/otse...e5a1acd9480733338f065/src/game/game.cpp#L7470 (note: this is outdated, otservbr-global uses canary now afaik)

The situation that isn't handled in the code above:

tl;dr fix: copy the "if" block with "return" statement from the second link to your server and compile
Sort by date Sort by votes
We need to know how it happens in order to deliver a fix.

If you don't want to share the steps to clone items publicly, you can pm anyone with "tfs developer" tag (eg. nekiro/epuncker) and they can keep it secret until we post a bugfix. I can help them investigate.

Mods please make an exception from the "offering help via pm" rule. The solution will be free, it's a matter of servers security.
 
Upvote 0 Downvote
Exactly, it would be discretion, since I tested on servers with 300 people, and it could be easily cloned.
the error is not found on all servers, but on most multi version.
 
Upvote 0 Downvote
dfs1 said:
I really don't know how to solve that, that's why I ask for help but I don't want everyone to know this because it would be chaos for the servers that are already open.
Click to expand...
There were many bugs in otservbr market/gamestore that let people clone items/money/TC. otservbr owners should be prepared.
 
Upvote 0 Downvote
Tested on 1.4, 1.4.1, master branch and my fork.

Tfs: Not bugged.
Canary: probably not bugged (looking at the code)
old otbr engine: probably bugged (looking at the code)

The bugged instruction:
https://github.com/opentibiabr/otse...e5a1acd9480733338f065/src/game/game.cpp#L7470 (note: this is outdated, otservbr-global uses canary now afaik)

The situation that isn't handled in the code above:

tl;dr fix: copy the "if" block with "return" statement from the second link to your server and compile
 
Last edited:
Upvote 0 Downvote
Solution
That's the importance of keeping your base up to date and raise issues. Only creating awareness we can investigate.
Back when we were still using 10-12 fork there was a clone of coins happening but no one was reporting, plus most otadmins didn't knew how to replicate. A couple of servers were not affected as they bought the fix without ever telling us about it, it took my whole weekend to debug and find where the problem was and half of the otadmins had bought the fix already and were also not willing to share.
 
Upvote 0 Downvote
zbizu said:
Tested on 1.4, 1.4.1, master branch and my fork.

Tfs: Not bugged.
Canary: probably not bugged (looking at the code)
old otbr engine: probably bugged (looking at the code)

The bugged instruction:
https://github.com/opentibiabr/otse...e5a1acd9480733338f065/src/game/game.cpp#L7470 (note: this is outdated, otservbr-global uses canary now afaik)

The situation that isn't handled in the code above:

tl;dr fix: copy the "if" block with "return" statement from the second link to your server and compile
Click to expand...
Im not so familiar with TFS code, but running the code inside the
If(!itemList.empty()) {xxx}

Isn't the same check as using the return in case itemList is empty?

I didn't got why the second one is safe and the first one is bugged
 
Upvote 0 Downvote
Night Wolf said:
plus most otadmins didn't knew how to replicate. A couple of servers were not affected as they bought the fix without ever telling us about it
Click to expand...
Ye. That's a problem. Big OTS owners know these bugs, but do not tell anyone. They use them to destroy servers of competitors.
I would not care about publishing bugs like that with reason "what would happen to big otses". THEY do not care about open source community. We should not care about them.

Sometimes I work for big 12+ OTSes. They are ready to pay up to 10 times more, if I do not publish fixes on github.
 
Upvote 0 Downvote
Gesior.pl said:
Ye. That's a problem. Big OTS owners know these bugs, but do not tell anyone. They use them to destroy servers of competitors.
I would not care about publishing bugs like that with reason "what would happen to big otses". THEY do not care about open source community. We should not care about them.

Sometimes I work for big 12+ OTSes. They are ready to pay up to 10 times more, if I do not publish fixes on github.
Click to expand...
I've been there, but luckily for me I'm only here for learning and hobby and I usually turn down clients that don't care about sharing crashes with the open source community. We need ASAP to convince those people to migrate to a "bounty" format because this is starting to bite otadmins in the back already.
Most of the servers have a short timespan so eventually they run out of budget to keep fixing new things that are getting discovered/developed to exploit.
 
Upvote 0 Downvote
Is there a solution for this?

The same thing happened on my server, only they don't clone tc's, only money and items. They don't even clone them. They make them appear, I started my server yesterday at 4:00 pm and at 4:20 they already had soul war items and many more things here I leave a photo of the player account that came in

1650422305659.png
 

Attachments

Upvote 0 Downvote
adrenyslopez said:
Is there a solution for this?
Click to expand...

otland.net

Market System Cloning items

good day community, I discovered that on servers 10-12 in the market you can duplicate items, I really don't know how to solve that, that's why I ask for help but I don't want everyone to know this because it would be chaos for the servers that are already open.
otland.net otland.net
 
Upvote 0 Downvote

Similar threads

J
  • Question
Market system tfs 1.5 - 8.6 help debbuging
Replies
5
Views
461
johnsamir
J
J
  • Question
TFS 1.X+ market system
Replies
1
Views
370
johnsamir
J
Jpstafe
  • Question
How can I place new items to this server?
Replies
19
Views
770
NvSo
NvSo
G
  • Question
Windows (Too much delay) Vps/Website Hosted
Replies
11
Views
587
Gaber Zen
G
kuhi
  • Question
OTClient Item::getId() in OTCV8 returns different id than the server
Replies
7
Views
343
danilopucci
danilopucci
H
  • Question
NPC function problem
Replies
0
Views
435
Hell Hazor
H
Jpstafe
  • Question
How can I know which is the correct tfs-sdk and boost for this ot?
Replies
3
Views
617
Jpstafe
Jpstafe
L
  • Question
Solved Erro Script NPC'S
Replies
7
Views
519
lololiko
L
leoloves2
  • Question
TFS 1.X+ Check how much item with weaponType have in bag.
Replies
2
Views
119
leoloves2
leoloves2
potinho
  • Question
TFS 0.X Show Magic Percent increased on look item
Replies
5
Views
334
zeeb
zeeb
Back
Top