mirror of
https://github.com/2006-Scape/2006Scape.git
synced 2026-07-02 16:49:03 +00:00
[PR #290] [MERGED] Fix banking packet exploit, & setup for a future of preventing packet exploits #5966
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/2006-Scape/2006Scape/pull/290
Author: @dginovker
Created: 12/13/2019
Status: ✅ Merged
Merged: 12/16/2019
Merged by: @dginovker
Base:
master← Head:fix_packet_exploits📝 Commits (1)
06d40b9Fix banking packet exploit, & setup for a future of preventing packet exploits📊 Changes
15 files changed (+32 additions, -10 deletions)
View changed files
📝
2006Redone Server/src/com/rebotted/game/items/ItemAssistant.java(+7 -0)📝
2006Redone Server/src/com/rebotted/game/objects/ObjectsActions.java(+1 -1)📝
2006Redone Server/src/com/rebotted/game/players/Player.java(+3 -2)📝
2006Redone Server/src/com/rebotted/net/PacketSender.java(+12 -7)➕
2006Redone Server/src/com/rebotted/util/MainFrameIDs.java(+9 -0)📝
CompiledServer/artifacts/localhost_2006rebotted_jar/localhost_2006rebotted.jar(+0 -0)📝
CompiledServer/production/2006rebotted/com/rebotted/game/items/ItemAssistant.class(+0 -0)📝
CompiledServer/production/2006rebotted/com/rebotted/game/players/Player$1.class(+0 -0)📝
CompiledServer/production/2006rebotted/com/rebotted/game/players/Player$2.class(+0 -0)📝
CompiledServer/production/2006rebotted/com/rebotted/game/players/Player$3.class(+0 -0)📝
CompiledServer/production/2006rebotted/com/rebotted/game/players/Player$4.class(+0 -0)📝
CompiledServer/production/2006rebotted/com/rebotted/game/players/Player$TinterfaceText.class(+0 -0)📝
CompiledServer/production/2006rebotted/com/rebotted/game/players/Player.class(+0 -0)📝
CompiledServer/production/2006rebotted/com/rebotted/net/PacketSender.class(+0 -0)➕
CompiledServer/production/2006rebotted/com/rebotted/util/MainFrameIDs.class(+0 -0)📄 Description
Right now, while you can't open a bank unless you're physically in the coords, you can still deposit items with a very finnicky script someone shared with me. This prevents that for both bank booths and deposit boxes, and allows for future expansion to prevent other interfaces from being packet exploited.
TL;DR - Use
Player.lastMainFrameInterfaceto verify that the player actually has that interface. Previously, the client could just lie to the server by sending packets saying "Oh yeah, this interface is open, and I want to do that". This allows a server-side check to deny that.🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.