Jump to content
Metin2 Network
Create New...
  • Download unlimited resources when you are a Premium Member, Buy now!

Fix exploit to inject py scripts


Redit

Recommended Posts

What is the exploit?

In CPythonLauncher::RunMemoryTextFile a string is used to compile c_pcFileData, so the exploit starts here:
"exec(compile(" 
Hackers can easily search for the string in memory & compile scripts using the memory adress of c_pcFileData
This looks like an intentional backdoor left by one of the game devs or maybe even the leaker of the files "Rain"

Why?
It's hard to believe anyone would trouble to concatenate so many strings instead of just using Py_CompileString
If you pay attention the rest of the code is fine and uses the python api instead of some weird shells

Seems like there are still many exploits in m2
Hope you learned something new today, now here is the fix you paid for:


//ScriptLib/PythonLauncher.cpp search for:

This is the hidden content, please

//replace with this:

This is the hidden content, please

 

  • Thanks 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

Terms of Service

Write what you are looking for and press enter or click the search icon to begin your search