[PR #290] [MERGED] Fix banking packet exploit, & setup for a future of preventing packet exploits #12049

Open
opened 2026-06-05 12:21:46 +00:00 by Dark98 · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/2006-Scape/2006Scape/pull/290
Author: @dginovker
Created: 12/13/2019
Status: Merged
Merged: 12/16/2019
Merged by: @dginovker

Base: masterHead: fix_packet_exploits


📝 Commits (1)

  • 06d40b9 Fix banking packet exploit, & setup for a future of preventing packet exploits

📊 Changes

15 files changed (+32 additions, -10 deletions)

View changed files

📝 2006Redone Server/src/com/rebotted/game/items/ItemAssistant.java (+7 -0)
📝 2006Redone Server/src/com/rebotted/game/objects/ObjectsActions.java (+1 -1)
📝 2006Redone Server/src/com/rebotted/game/players/Player.java (+3 -2)
📝 2006Redone Server/src/com/rebotted/net/PacketSender.java (+12 -7)
2006Redone Server/src/com/rebotted/util/MainFrameIDs.java (+9 -0)
📝 CompiledServer/artifacts/localhost_2006rebotted_jar/localhost_2006rebotted.jar (+0 -0)
📝 CompiledServer/production/2006rebotted/com/rebotted/game/items/ItemAssistant.class (+0 -0)
📝 CompiledServer/production/2006rebotted/com/rebotted/game/players/Player$1.class (+0 -0)
📝 CompiledServer/production/2006rebotted/com/rebotted/game/players/Player$2.class (+0 -0)
📝 CompiledServer/production/2006rebotted/com/rebotted/game/players/Player$3.class (+0 -0)
📝 CompiledServer/production/2006rebotted/com/rebotted/game/players/Player$4.class (+0 -0)
📝 CompiledServer/production/2006rebotted/com/rebotted/game/players/Player$TinterfaceText.class (+0 -0)
📝 CompiledServer/production/2006rebotted/com/rebotted/game/players/Player.class (+0 -0)
📝 CompiledServer/production/2006rebotted/com/rebotted/net/PacketSender.class (+0 -0)
CompiledServer/production/2006rebotted/com/rebotted/util/MainFrameIDs.class (+0 -0)

📄 Description

Right now, while you can't open a bank unless you're physically in the coords, you can still deposit items with a very finnicky script someone shared with me. This prevents that for both bank booths and deposit boxes, and allows for future expansion to prevent other interfaces from being packet exploited.

TL;DR - Use Player.lastMainFrameInterface to verify that the player actually has that interface. Previously, the client could just lie to the server by sending packets saying "Oh yeah, this interface is open, and I want to do that". This allows a server-side check to deny that.


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/2006-Scape/2006Scape/pull/290 **Author:** [@dginovker](https://github.com/dginovker) **Created:** 12/13/2019 **Status:** ✅ Merged **Merged:** 12/16/2019 **Merged by:** [@dginovker](https://github.com/dginovker) **Base:** `master` ← **Head:** `fix_packet_exploits` --- ### 📝 Commits (1) - [`06d40b9`](https://github.com/2006-Scape/2006Scape/commit/06d40b9a9888406d38a0707690037acef9ffa26c) Fix banking packet exploit, & setup for a future of preventing packet exploits ### 📊 Changes **15 files changed** (+32 additions, -10 deletions) <details> <summary>View changed files</summary> 📝 `2006Redone Server/src/com/rebotted/game/items/ItemAssistant.java` (+7 -0) 📝 `2006Redone Server/src/com/rebotted/game/objects/ObjectsActions.java` (+1 -1) 📝 `2006Redone Server/src/com/rebotted/game/players/Player.java` (+3 -2) 📝 `2006Redone Server/src/com/rebotted/net/PacketSender.java` (+12 -7) ➕ `2006Redone Server/src/com/rebotted/util/MainFrameIDs.java` (+9 -0) 📝 `CompiledServer/artifacts/localhost_2006rebotted_jar/localhost_2006rebotted.jar` (+0 -0) 📝 `CompiledServer/production/2006rebotted/com/rebotted/game/items/ItemAssistant.class` (+0 -0) 📝 `CompiledServer/production/2006rebotted/com/rebotted/game/players/Player$1.class` (+0 -0) 📝 `CompiledServer/production/2006rebotted/com/rebotted/game/players/Player$2.class` (+0 -0) 📝 `CompiledServer/production/2006rebotted/com/rebotted/game/players/Player$3.class` (+0 -0) 📝 `CompiledServer/production/2006rebotted/com/rebotted/game/players/Player$4.class` (+0 -0) 📝 `CompiledServer/production/2006rebotted/com/rebotted/game/players/Player$TinterfaceText.class` (+0 -0) 📝 `CompiledServer/production/2006rebotted/com/rebotted/game/players/Player.class` (+0 -0) 📝 `CompiledServer/production/2006rebotted/com/rebotted/net/PacketSender.class` (+0 -0) ➕ `CompiledServer/production/2006rebotted/com/rebotted/util/MainFrameIDs.class` (+0 -0) </details> ### 📄 Description Right now, while you can't open a bank unless you're physically in the coords, you can still deposit items with a very finnicky script someone shared with me. This prevents that for both bank booths and deposit boxes, and allows for future expansion to prevent other interfaces from being packet exploited. TL;DR - Use `Player.lastMainFrameInterface` to verify that the player actually has that interface. Previously, the client could just lie to the server by sending packets saying "Oh yeah, this interface is open, and I want to do that". This allows a server-side check to deny that. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
Dark98 added the pull-request label 2026-06-05 12:21:46 +00:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: 2006-Scape/2006Scape#12049