Monday, December 7, 2015

Tree of Savior Client Exploits

I posted yesterday about the quest bug that allowed you to load any quest in the game and repeat it. But there's another way that people can bug or exploit things in the game using the same kind of option. Most likely this is because many of the features are coded client side and only seek server side for small parts of code.  I will be posting this on the forum's because I want them to get this straightened out so botters and hackers can't use it in the future.


<HotKey ID="FreeXP" Name="Free XP" DownScp="pc.ReqExecuteTx(&quot;RESTART_Q&quot;, ui.ToggleFrame('warehouse'));" UpScp="None" Key="F" UseShift="NO" UseAlt="NO" UseCtrl="YES" OnEdit="NO" />

The above allows you to pull open the warehouse menu from any map. It works with more windows then just warehouse such as shop and repair and other things.

ui.OpenFrame("itemdungeon");
('cheatlist');
ui.GetFrame("mcy_buyitem");
ui.OpenFrame("operatormode");
ui.GetFrame('paramcontrol');
ui.GetFrame("pcinvite");
ui.GetFrame('questitemuse');
ui.GetFrame("pickitem");
ui.GetFrame("shop");
ui.GetFrame("tournament");
ui.GetFrame('questreward');
ui.GetFrame("puzzlecraft");
ui.GetFrame("postbox");
ui.GetFrame("mixer");
ui.ToggleFrame("minigame");
ui.GetFrame("memberrecommend_popup");
ui.GetFrame("mcy_buyitem");
ui.GetFrame('questinfoset_2');
ui.GetFrame("manufac_renew");
ui.GetFrame("itembuffrepair");
ui.GetFrame("bosslist");



These are some of the ones which work some windows aren't implemented all the way so they crash the game. But you can pull up most of these. Even some of the GM windows open even if they don't display data. But if you edited the clients LUA you could make it display GM's data regardless of permissions or not. Since it seems there's options in the client which choose whether or not to display the data.


function OPEN_PARAMCONTROL()
    local frame = ui.GetFrame('paramcontrol');
    if session.IsGM() ~= 1 then
        frame:ShowWindow(0);
        return;
    end
 
 

Clients most likely encrypted I tried to pack a mod in for it and damaged the files for the game. But I'm sure someone with the right knowledge could figure out a work around. Either way the client should not have such extensive client side effects because people can bypass npc's and system functions in order to do what they want.

Using the shop from anywhere also works too. Which needs to be fixed to prevent bots from selling items without going back to town. Also I noticed using this to sell items it lagged and an item gave me gold without the item selling. Which leads me to believe there's a delay within the system with enough lag allowing people to sell the same item multiple times so the system for the game likely needs to be checked to make sure that it's not effected by lag. Its also possible to pull open the auction as well. All of this needs to be checked much more carefully.

No comments:

Post a Comment