• Sign up for TFS Icon Competition! The prize includes Otland Premium time and a medal, as well as obviously taking part in TFS history.
  • There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

Tutorial for running 7.7 CipSoft Server on Ubuntu

Crevasse

惡名昭彰
Joined
Jan 13, 2017
Messages
86
Solutions
6
Reaction score
25
Location
Washington, D.C.
DISCLAIMER
This guide is for educational purposes only! This is intended for setting up the leaked CipSoft files for nostalgia purposes. I cannot guarantee that a server created from this guide will be secure if opened to the public. You will need to take additional measures if you intend on opening your network.


I know it’s a little late, but there might still be people out there, like me, who never got around to trying this out back in 2016 when it was released to OTLand and could benefit from an updated, intelligible tutorial to get this server running on a single instance of Ubuntu. Apparently no one is either capable or willing to write an intelligible tutorial, so here I am.

Even for someone like myself who, as a SysAdmin, has experience with Linux, compiling, networking and Open Tibia, attempting to piece this project together and make it run properly took way longer than it should have due to how poorly the instructions are written. The tutorial by lordkill, while fairly complete, is a) now outdated and b) completely fails to mention several important configuration steps that are necessary to make this work.

Setting up the host

For this tutorial I am using Ubuntu 18.04. I know this isn’t the most modern distribution, but I had an ISO for it sitting in my HD and didn’t feel like downloading a different one. You can use Ubuntu 14, 16 or 20, it doesn’t matter. You can run this on a VM or a dedicated machine, I was able successfully set it up on both, just make sure you have at least 4 GB of Ram and 2 cores if you want it to run smoothly on a VM.

The Game Files

  1. Attached is the “tibia-game.tarball.tar.gz” file. This is a compressed folder that contains all of the game data as well as the game executable. Also attached is the modified “game” file. Download both of these.

  2. Navigate to the Home tab in Files and right-click anywhere to create a new folder, call it “game” (make sure it is all lowercase; Linux is case sensitive).

  3. Right click the “tibia-game.tarball.tar.gz” package and select “Open With Archive Manager.” Click “Extract” in the upper-left then browse to the “game” folder you just created. Wait for it to finish then you can close out of Archive Manager.

  4. Next, we need to move the entire “game” folder to a different directory. This cannot be done like Windows with drag-and-drop, you must use the Terminal. To open the Terminal, right click anywhere on the desktop and select “Open Terminal” from the menu. With Terminal open, type the following command:

    sudo mv /home/your_username/game /home

    You will be asked for your password after entering this command, type it then hit enter to complete it. This command will move the game folder to the /home directory which is necessary for the game to work. If done correctly, you should no longer see the “game” folder in your Home. Instead, it can be found by navigating to the /home directory.

  5. Next, open the “game” folder and use the keyboard shortcut control + h. This will reveal all hidden files, and you should see another dozen or so icons appear in the game folder that were not there before.

  6. Inside the “game” folder there is a sub folder called “bin,” open that. Inside there are several files, the one we are interested in is called “game.” Right-click it, and rename it to “game(vanilla).” Now, drag and drop the “game” file that you downloaded from this post directly into the “bin” folder. This secondary “game” file is the “modified binary” that is talked about in the original thread. We want to run this so we can use the re-named libraries (we’ll get to that later).

  7. While we’re still inside the “bin” subfolder, right click anywhere to open a Terminal window. Enter the command:

    sudo chmod 777 game

    This gives full read, write and execute privileges to the game executable. Without this, you will encounter errors.

  8. Next, back up one level to the main “game” folder. There should be a file called “.tibia,” open it. In the first section, you need to add “/home” to the front of each filepath, so it looks like this:

    C:
    BINPATH     = "/home/game/bin"
    MAPPATH     = "/home/game/map"
    ORIGMAPPATH = "/home/game/origmap"
    DATAPATH    = "/home/game/dat"
    USERPATH    = "/home/game/usr"
    LOGPATH     = "/home/game/log"
    SAVEPATH    = "/home/game/save"
    MONSTERPATH = "/home/game/mon"
    NPCPATH     = "/home/game/npc"

    If you don’t do this, the game executable will not be able to load the map, monsters, npcs, etc. which is (obviously) necessary for the server to run.

  9. Now, go back to your terminal window and enter the command:

    ip a

    Your internal IPV4 address will be listed on the 11th line down, write it down/save it to your clipboard as you will be entering it several times throughout the course of this guide.

  10. Go back to the open .tibia file in Text Editor. Near the bottom of the file, the second to last section is #QueryManager. There is a string of text with IP addresses and ports. Change all of the IP addresses to your IPV4 address from the previous step, and all of the ports to 17778:

    C:
    QueryManager = {("192.168.188.134",17778,"nXE?/>j`"),("192.168.188.134",17778,"nXE?/>j`"),("192.168.188.134",17778,"nXE?/>j`"),("192.168.188.134",17778,"nXE?/>j`")}

    We’re done editing this file, save it and close out.

  11. Now, we need to copy this .tibia file to our user directory. The quickest way to do this is by right-clicking anywhere inside the “game” folder and opening an instance of Terminal. In this new terminal window, enter the command:

    sudo cp .tibia /home/your_username

    You can verify it worked by going to your Home and checking to see if the file is there.
Linux Libraries

Now it is time for the (in)famous Linux libraries or “libs” as they are often referred to. Library files are necessary for certain programs to run, and if they are not setup correctly you will quickly run into confusing, frustrating error messages. Searching online won’t help much as these Libraries are specific to CipSoft’s files, so unless you spend hours teaching yourself about Linux library structure, you won’t know what to do unless someone tells you. The OTLand experts love chiming in and saying “just check the libs” whenever someone asks a question, but to a beginner that means nothing.

  1. Attached is a .rar file called “dennis-libraries.” If you haven’t already, download this and unpack it to your Home.

  2. Next, we need to copy these files from the “dennis-libraries” folder to their final destination, the /lib directory. This is done by entering the following command in Terminal (open the Terminal window inside the dennis-libraries folder so you don’t have to type the full address):

    sudo cp {ilovesatan.so.9,libc.so.6,lmao.so.9,payhunted.so.9,rofl.so.9,satanism.so.9,test_libpthread.so,trololol.so.9} /lib

    You can confirm that this worked by navigating to Other Locations, Computer, lib.

  3. Now what we need to do is give full RWX (read, write, execute) permissions to these libraries so the game executable can fully access them. This can be done by going to Terminal, and entering the command:

    sudo chmod –R 777 /lib

  4. Now we need to download and install the 32-bit libraries. The CipSoft game file is a 32-bit program, and standard Ubuntu 18.04 does not have a 32-bit version. This can be done by entering the following commands in Terminal:

    sudo apt-get update
    sudo apt-get install lib32z1

    Terminal will ask you if you want to install [y/n], make sure to hit y. Once the install is finished, there should be a new file called “ld-linux.so.2” in the /lib directory.
Setting up the Database (Apache, MySQL & phpMyAdmin):


If you try and follow the instructions in lordkill’s post for setting up a database, you’re going to feel like pulling your hair out since he assumes you know how to create and import a blank database using MySQL commands. Here is the quickest way to import the database and install phpMyAdmin for easy UI.
  1. In Terminal, install Apache with the following command:

    sudo apt update && sudo apt install apache2

    Make sure to enter your password and “y” when prompted to complete the installation.

  2. We need to allow Apache through the firewall, do this with the following command in Terminal:

    sudo ufw allow in “Apache Full”

  3. Enable the firewall with:

    sudo ufw enable

  4. You can confirm Apache is running with the following command:

    sudo service apache2 status

    The 4th line down of the output should say "Active: active (running)"

  5. Next, we need to install MySQL. The command to do that is:

    sudo apt update && sudo apt install mysql-server

  6. Once the installation has finished, you can again check to make sure MySQL is running but using the command:

    sudo service mysql status

  7. You should get a return that says “Active: active running since <date>.” This means MySQL is running, enter q to exit.

  8. Next, install phpMyAdmin with the command:

    sudo apt update && sudo apt install phpmyadmin

    When prompted, select apache2, then select ‘yes.’

  9. Next, we need to increase the maximum data import size that phpMyAdmin will allow (it’s set to only 2 MB by default). Open the necessary file with this command:

    sudo gedit /etc/php/7.2/apache2/php.ini

    Find “upload_max_filesize = 2M” and change it to: upload_max_filesize = 64M

  10. Next, enter the command:

    sudo gedit /etc/apache2/apache2.conf

    This will open a file in Text Editor, you need to scroll down to the very bottom of the file and simply add this line:

    Include /etc/phpmyadmin/apache.conf

    Now you can save and close.

  11. Now we need to make a MySQL user. Enter the command:

    sudo mysql –p –u root

    You will be prompted for your password.

  12. While we are in MySQL, we will create a user account. This is done with the following command:

    CREATE USER ‘otserv’@’%’ IDENTIFIED BY ‘password of your choice’;

    It is important that you use ‘otserv’ as the username for the sake of making the setup easy. If you change the username to something else, there are several lines of code that must be edited to match your username.

  13. Next, we need to grant our MySQL user account all necessary permissions with the following command:

    GRANT ALL PRIVILEGES ON . to ‘otserv’@’%’ WITH GRANT OPTION;

  14. To make sure everything is setup correctly, open Firefox and type 127.0.0.1/phpmyadmin in the URL bar. You should be greeted with a login screen. Enter ‘otserv’ for the username and the password you chose in step 11.

  15. Once you’ve logged in, click “New” from the accordion menu in the upper left. For the new database name, use “otserv,” leave all of the defaults as is and click “Create:”

  16. Now, we need to import the existing database tables with all of the CipSoft data. Make sure you have the newly-created “otserv” database selected from the accordion menu, then open the “Import” tab.

    You should have downloaded and unpacked the “otserv_data_schema.sql” file from this post, click Browse to locate and import it. Once you’ve done that, click “Go” at the bottom of the page.

  17. You should get a green banner message at the top of the page saying that the rows were imported successfully. You may also get some warning errors, you can ignore these.

  18. The final step for the database is done by editing a file with the following command:

    sudo gedit /etc/mysql/mysql.conf.d

    Use control + f to locate the line that says “bind-address,” then change the IP from 127.0.0.1 to 0.0.0.0. This allows any address to communicate with the database.
Setting up the Query Manager


The Querymanager is required to accept and direct incoming client requests to the database. The file attached here includes the source files, but you will need to edit the main.cpp file with your IP address and database password before compiling the sources to get an executable.

  1. First, we need to install a package that will allow us to compile the source files. This can be done with the following command:

    sudo apt-get install g++ libmysqlclient-dev mysql-server

  2. Once this has finished installing, navigate to the “realots-query-manager-master” folder and open “main.cpp” with Text Editor.

    In this particular query manager, there 8 locations where you need to change the existing database password to the password you made for your “otserv” user. The easiest way to find these is by control + f searching the first couple letters of the default password (Cz7u89dmyPzHDNEL). Every line where you find this, replace it with your database user password.

  3. Next, use control + f to find this line:

    std::string q_world = "otserver"

    and replace ‘otserver’ with ‘RealOTS.’

  4. Now, search for the line:

    C++:
    hton1(INADDR_LOOPBACK)

    and replace it with:

    C++:
    inet_addr("your IPV4 address")

    Yes, the quotes need to be in there.

  5. Finally, use search to find

    C++:
    writeMsg.adByte(213)

    You should see 4 lines total, each with a different number. Each line corresponds to a number in your IP address. Using my VM as an example, I changed the 4 lines to:

    C++:
    writeMsg.adByte(192);
    writeMsg.adByte(168);
    writeMsg.adByte(188);
    writeMsg.adByte(134);

    Once this is done, save and close out of main.cpp.

  6. Now, we are ready to compile the Query Manager. Inside the “realots-query-manager-master” folder, right click and open Terminal. Enter the command:

    sudo make

  7. If done correctly, there should now be a new file in the folder called “querymanager.” To run it, in the same instance of Terminal, enter the command:

    ./querymanager

    If everything was done correctly, you should get an output that says:


    Code:
    -------------------------
    OTServ QueryManager
    -------------------------
    :: Connecting to the MySQL database...[done]
    :: Starting OTServ QueryManager...
    [done]
Running the Game

Before running the game, let’s take a moment to open some necessary ports in the firewall. Without this, login requests from the client will never make it to the database (and you will just get connection timeout errors).

  1. Open Terminal and type the following commands:

    sudo ufw allow 7171/tcp
    sudo ufw allow 7172/tcp

  2. Navigate back to the “game” folder (which is in the /home directory). Inside the “game” folder, there is a folder called “save.” Open it to make sure there isn’t anything inside. If you see a file called game.pid, delete it. This file is created anytime the game executable is run, and if you try and start a new instance of the game executable while there is a game.pid file in the “save” folder, you will get an error message saying there is already an instance of the server running.

  3. If there was nothing in the “save” folder, you can back out and go into the “bin” folder. From here, right click and open a new instance of Terminal. Enter the command:

    ./game

    You should see the terminal window will fill up with lines of results, indicating the map, monsters, NPCs, houses, etc. are loading. Once that has finished, the game is ready and we can move on to the next step.
The Login Server
  1. First, make sure you have downloaded and unpacked the “realotsloginserver-master” source files, and that they are located in Home with the Query Manager. These are just the source files, so we need to compile. Start by installing the necessary packages:

    sudo apt-get update
    sudo apt-get install cmake build-essential liblua5.2-dev libgmp3-dev libmysqlclient-dev libboost-system-dev libpugixml-dev

  2. Once that has finished installing, right-click inside the “realotsloginserver-master” folder and open an instance of Terminal. Enter the following command:

    sudo mkdir build && cd build

    This creates a new folder called “build” and moves you to it.

  3. Now, enter the commands:

    sudo cmake ..
    make

  4. There should now be a file inside of build called “tfls." Copy this up one level to the main “realotsloginserver-master” folder.

  5. Now, inside the main folder, open config.lua with Text Editor. The following lines must be changed:
    1612570001354.png

    “ip” must be changed to your VM’s IPV4 address, clientVersionMin/Max/Str must be changed to 770, 770 and 7.70, respectively. The MySQL Host must also be set to your IPV4 address, and the username, password and database name must be changed to reflect your “otserv” databse and “otserv” username and password. Once these lines have been changed, you can save and close config.lua.

  6. Finally, in the “realotsloginserver-master” there is a file called “gameservers.xml.” Open it with Text Editor, you’ll see there’s only a couple lines of code, enter your IP address where it says “ip=”. Save and close the file.

  7. From the “realotsloginserver-master” folder, right click and open a new instance of Terminal. Enter the command:

    ./tfls

    You should get an output saying the login server is online.
Creating a Custom Client

The final step is creating a custom client using a hex editing tool. This can seem daunting, but it really isn’t that hard. There is already a great tutorial by Jester (lordkill references this in his tutorial as well) here. To clarify, you can skip the first step about replacing the RSA key and skip straight to the second half about changing the IP.

The only thing I would add is that the link in his tutorial is broken, if you want to use the same program he is, simply do a Google search for “XVI32 Hex Editor.” The “official” download site is the first result (I won’t post the link here, not sure if it’s allowed).

Once you’ve finished creating your custom 7.70 client, go ahead and grab an account number and password from the “Users” tab of the otserv database from the accordion menu in your phpMyAdmin page. If you followed all the steps, you should get a character list and be able to log in to the game.


Modified "game" file: 4.25 MB file on MEGA (https://mega.nz/file/i40RlSpA#cYXVIp3R_TmukO-FbrFSONmtH9k_TuRmlM4a9m2ljmU)
Tibia-game tarball: 290.61 MB file on MEGA (https://mega.nz/file/iksxxI6C#0WSSzeaRwmS-8FMtrWObe3ZA8kSQMNJTrPFn0Kac-LA)
 

Attachments

  • dennis-libraries.rar
    1.3 MB · Views: 32 · VirusTotal
  • otserv_schema_data.rar
    701.3 KB · Views: 37 · VirusTotal
  • realots-query-manager-master.zip
    21.6 KB · Views: 38 · VirusTotal
Last edited:

4Nathu4

valoria.online
Premium User
Joined
Oct 27, 2009
Messages
213
Solutions
6
Reaction score
109
GitHub
4mrcn4
DISCLAIMER
This guide is for educational purposes only! This is intended for setting up the leaked CipSoft files for nostalgia purposes. I cannot guarantee that a server created from this guide will be secure if opened to the public. You will need to take additional measures if you intend on opening your network.
Do NOT open it to the public as it is! This querymanager is worse than a Swiss cheese.
How about you contribute for a change? Or at least point him in the right direction?
 
Last edited:

emil92b

Well-Known Member
Joined
Aug 21, 2013
Messages
236
Solutions
6
Reaction score
56
Location
Sweden
not sure what todo here :eek:

oJOutAI.png
 

EkkoLua

New Member
Joined
Jan 29, 2021
Messages
6
Reaction score
2
@emil92b

go to directory:

Lua:
cd /home/

then do this

Code:
sudo chmod 770 -R game/

After that try to run the game binary again
 

kay

Excellent OT User
Joined
Apr 23, 2013
Messages
770
Solutions
5
Reaction score
977
Location
32316,31942,7
YouTube
TibiantisOnline
contribute?
Don't even bother, that nathu guy keeps following me from thread to thread with that bla bla butthurt 😂
He's long in my ignore list and I wouldn't have even known he was here, if not for your quote.

If anyone wonders, that querymanager has no authentication*, make SURE you restrict it to internal connections. Otherwise it's like throwing your gates open for everyone.
 
Last edited:

admkhbr

Member
Joined
Mar 24, 2014
Messages
31
Reaction score
16
If anyone wonders, that querymanager has no validation, make SURE you restrict it to internal connections. Otherwise it's like throwing your gates open for everyone.

Thanks for your advice, but could you please explain this better? What do you mean by "has no validation"? Maybe an example of how it can be exploited...? I have no intention in host a RealOts, just curious about why this one is so bad. In the worst scenario, it would just mess up the database, right? Or it allows some kind of code injection at the server with something like buffer overflow? Thanks for your time!
 

Alpha

Relentless
Premium User
Joined
Apr 3, 2011
Messages
522
Solutions
26
Reaction score
284
Location
South Korea
Thanks for your advice, but could you please explain this better? What do you mean by "has no validation"? Maybe an example of how it can be exploited...?
I've never looked at those CipSoft files because they're completely irrelevant to me, but based on what he said I would assume the query manager doesn't require any authentication in form of user/password/key. So if it runs on IP 55.22.33.444 and port 1234, I (or anyone) could connect to it and issue commands without any form of authentication, and it would simply execute them on your SQL server. So in order to prevent that, you'd have to firewall it off and only allow specific connections through to it.
 

admkhbr

Member
Joined
Mar 24, 2014
Messages
31
Reaction score
16
I've never looked at those CipSoft files because they're completely irrelevant to me, but based on what he said I would assume the query manager doesn't require any authentication in form of user/password/key. So if it runs on IP 55.22.33.444 and port 1234, I (or anyone) could connect to it and issue commands without any form of authentication, and it would simply execute them on your SQL server. So in order to prevent that, you'd have to firewall it off and only allow specific connections through to it.

Thanks for your clear explanation! In fact, this was the first problem I've noticed (that's why I said about mess the database), but since I never looked at those files too, I thought if maybe there is something more... validation isn't exactly the same as authorization, and even I understanding the same as you, maybe he could was talking about anything else. Besides that, he was very empathic about the security roles, so I was just curious if I was missing something... after all, there are worse things that just screw up a database.

Btw, thanks for your help!
 

kay

Excellent OT User
Joined
Apr 23, 2013
Messages
770
Solutions
5
Reaction score
977
Location
32316,31942,7
YouTube
TibiantisOnline
Pretty much what @Alpha said.
Thanks for your clear explanation! In fact, this was the first problem I've noticed (that's why I said about mess the database), but since I never looked at those files too, I thought if maybe there is something more... validation isn't exactly the same as authorization, and even I understanding the same as you, maybe he could was talking about anything else. Besides that, he was very empathic about the security roles, so I was just curious if I was missing something... after all, there are worse things that just screw up a database.
Actually it's neither. Authentication is the word we should've used here :) Although validating is an issue too. For example buffer over-read is possible, if you send a packet shorter than what is expected for its header. That's from a quick glance.
Allowing anyone to execute query is already a huge reason against opening it to the public, but I wouldn't take it for granted someone will not also find a way to inject thanks to that.

Hence why I opened the tutorial with a warning.
I know and it's not a dig on you. I thought it should be stated more clear against opening it because of the above. It's ok to put it in your local network to learn from, though.
 

admkhbr

Member
Joined
Mar 24, 2014
Messages
31
Reaction score
16
Actually it's neither. Authentication is the word we should've used here :)
You're right. My mistake too (I could swear I said authentication; I always mix up both).

Although validating is an issue too. For example buffer over-read is possible, if you send a packet shorter than what is expected for its header.
Like I said, I did was missing something. You shot in what you saw, and hit what you didn't. Nice explanation, certainly we have also a validation problem here...

Allowing anyone to execute query is already a huge reason against opening it to the public, but I wouldn't take it for granted someone will not also find a way to inject.
Yes, I agree. If you are planning open it public, you must avoid this. But almost everyone just wants to play a little with those files.

Thanks for all your explanations, guys :)
 
Last edited:

guhskr

New Member
Joined
Apr 6, 2021
Messages
1
Reaction score
0
I did the step by step, and I keep stopping at the same point, running the game when I type ./game he says I have permission denied, even with all the read and execute permissions given, even in root I have permission denied, I don't know how to proceed, if anyone can help I appreciate it.
 

Attachments

  • PrtScr capture.jpg
    PrtScr capture.jpg
    115.5 KB · Views: 9 · VirusTotal

Unvincible

Member
Joined
Sep 1, 2015
Messages
44
Reaction score
10
I did the step by step, and I keep stopping at the same point, running the game when I type ./game he says I have permission denied, even with all the read and execute permissions given, even in root I have permission denied, I don't know how to proceed, if anyone can help I appreciate it.

Follow step 11 and give .tibia 777 permission
 
Top