• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

[7.7] RealOTS 7.7 Cipsoft files (virgin)

Bag is added in two scenarios:
  • there are no more free slots in the inventory
  • an item that can only drop in a bag is being added to the loot (e.g. weapons, shields etc.)
Thanks for the answer, Kay! I see how it works now.
 
an item that can only drop in a bag is being added to the loot (e.g. weapons, shields etc.)
Why the Amazon Shield only drops inside a bag from Warlord and Helmet and armor doesnt? Both 3 itens have equal script on raid text file. Something inside encoded code or because shield is a very rare while armor and helmet are just "rare"?
 
Why the Amazon Shield only drops inside a bag from Warlord and Helmet and armor doesnt? Both 3 itens have equal script on raid text file. Something inside encoded code or because shield is a very rare while armor and helmet are just "rare"?
Because, like I said, shields, weapons etc. are always dropped in a bag, while armor pieces are placed in the inventory. It is hardcoded in the server binary, and does not depend on those editable files.
 
I think it makes sense since the creatures equipment affects their stats, so putting shields and weapons in creatures hands would make their damage output and defense very different than they currently have, and make it obvious they will drop that loot
 
I’m returning to this forum after years (the last time was around 2007/2008) to see what’s been happening in the scene, and I just find out that during my peak Tibia phase, there was a huge hack. I still remember how, as a German teenager, I wanted to work at Cipsoft. Regarding whether it’s legitimate or not: I’m now a system administrator for servers in a game server environment, and I can confirm that the contents of the leaked files are real. Whether they are complete or if anything was cut out, I can’t confirm, but who would go to such trouble? I find it funny that the admins and developers commented in German. What I find curious is that there’s an authorized_keys file, which implies that SSH keys were used. So either the SSH daemons were misconfigured and you could also log in via password, OR the OP stole an admin’s key. Either way, chapeau! Impressive achievement. I think I’ll check out some old servers and clients; it was always fun tinkering with the servers (TFS and Evolution Server). I owe much of my knowledge to that; I can practically thank Open Tibia for the fact that I’m an admin now.
 
I’m returning to this forum after years (the last time was around 2007/2008) to see what’s been happening in the scene, and I just find out that during my peak Tibia phase, there was a huge hack. I still remember how, as a German teenager, I wanted to work at Cipsoft. Regarding whether it’s legitimate or not: I’m now a system administrator for servers in a game server environment, and I can confirm that the contents of the leaked files are real. Whether they are complete or if anything was cut out, I can’t confirm, but who would go to such trouble? I find it funny that the admins and developers commented in German. What I find curious is that there’s an authorized_keys file, which implies that SSH keys were used. So either the SSH daemons were misconfigured and you could also log in via password, OR the OP stole an admin’s key. Either way, chapeau! Impressive achievement. I think I’ll check out some old servers and clients; it was always fun tinkering with the servers (TFS and Evolution Server). I owe much of my knowledge to that; I can practically thank Open Tibia for the fact that I’m an admin now.
I don't fully understand why you are able to confirm the leaked files are real tho. I mean, no question it's real, but why as a system administrator you can tell it?
 
I don't fully understand why you are able to confirm the leaked files are real tho. I mean, no question it's real, but why as a system administrator you can tell it?
Toor had access by calling to their hosting company and requesting a password change in behalf of a CipSoft's employee's name, the company did not verify the identity at all and that's how he gained access to the machine.

 
Last edited:
but why as a system administrator you can tell it?
Okay I explain it. The whole structure of the files and the german commentary looks legit. I told about me beeing a admin because I recognize patterns. The Scripts, everything. It does not look fake, it looks legit like its beeing pulled from a prod enviroment. Because it obviously was. However.

@Ezzz Interessting Blogpost. I always wondered how he did the social engineering. Now I know.
 
are you surprised? it's the corner stone of the sword of fury
 
So many years and this thread is still going :')
You mentioned in the first post that you had compromised "nearly all the US servers and at least one German server". Do you still have those files? Like @Terotrificy said, it would be very interesting to be able to look into the older worlds to check them for rares, old keys, non-standard runes and gold piles, "illegal" Rook items, and such, in usr files. And to check some of the most famous characters (or even cip characters) overall. Sadly, there wasn't so much of that on a relatively fresh world of Zanera, which has always been my only complaint. 🥴 Even if it's not Antica, others could be interesting too, e.g. Amera.
 
Last edited:
You mentioned in the first post that you had compromised "nearly all the US servers and at least one German server". Do you still have those files? Like @Terotrificy said, it would be very interesting to be able to look into the older worlds to check them for rares, old keys, non-standard runes and gold piles, "illegal" Rook items, and such, in usr files. And to check some of the most famous characters (or even cip characters) overall. Sadly, there wasn't so much of that on a relatively fresh world of Zanera, which has always been my only complaint. 🥴 Even if it's not Antica, others could be interesting too, e.g. Amera.
Afaik, only Zanera files were obtained, there was a zip file possibly containing sources but he lost it on a drive.
Fortunately for us, through, Tibiantis and Revol, we've built 100% CIP sources from scratch by pure reverse engineering.
 
Afaik, only Zanera files were obtained, there was a zip file possibly containing sources but he lost it on a drive.
Fortunately for us, through, Tibiantis and Revol, we've built 100% CIP sources from scratch by pure reverse engineering.
it would have been incredible to be able to get original sources hahaha you would know exactly how the server worked even if you had put cipsoft's security in play after exploring vulnerabilities, maybe you would have changed all your code “maybe” but if this would have happened today all the sources would have changed for another direction, although I still think that tfs, canary etc are better than cipsoft itself hahaha, but already to get to that would have to enter the pc of the devs, although I find it so strange so many years this game ah not leaked nothing that this, many games that has online years have leaked many things even sources, the Germans are to trust
 
it would have been incredible to be able to get original sources hahaha you would know exactly how the server worked even if you had put cipsoft's security in play after exploring vulnerabilities, maybe you would have changed all your code “maybe” but if this would have happened today all the sources would have changed for another direction, although I still think that tfs, canary etc are better than cipsoft itself hahaha, but already to get to that would have to enter the pc of the devs, although I find it so strange so many years this game ah not leaked nothing that this, many games that has online years have leaked many things even sources, the Germans are to trust
We can tell exactly how it worked, and tfs is not better by any means. Cip code was much cleaner and optimized. The problem is that it's very tedious to apply any changes to a compiled binary or to rewrite the whole code. If sources were available, they would become the standard, as there would be no reason to work on tfs.
 
Afaik, only Zanera files were obtained, there was a zip file possibly containing sources but he lost it on a drive.
Fortunately for us, through, Tibiantis and Revol, we've built 100% CIP sources from scratch by pure reverse engineering.

Oh really? I didn't know about the zip file lost in drive. I always though about this, because usually (and imagine in 2005) you compile the code inside the production machine, so if Toor got access to the binary files, probably he got access to the source too. Or if he got access to all the US game servers, maybe he got access to loginserver machines and maybe the binary build machine...
Damn, to have the source code to explore would be much better than dozen of days in front of IDA. Open Tibia community would be another if that source code had been used to base tfs
I have spent some weeks on IDA, I really admire yours and Kay's effort to retrieve that codes to a product.

By the way, has someone tried to retrieve 100% the code of cipsoft, like it was the source code? I have started it like for 10 times and gave up 11
 
By the way, has someone tried to retrieve 100% the code of cipsoft, like it was the source code? I have started it like for 10 times and gave up 11
Only Tibiantis & Revol/Tibiara afaik is "true" RE cipsoft code.

@Ezzz , @Danger II and I have been working on making Revol complete. We are almost finished :)
 
Back
Top