Upping the Credit Limit
-
There is indeed a flaw in the way worth is tested.
server.dll 06FC06 81FD<limit>7F0B03EE->03EE81FD<limit>7F09 = prevent erroneous kick upon reaching limit ~adoxa</limit></limit> ```What's happening is that it tests your money _before_ adding the new value. This means you're fine when you have the limit, but then it adds the ship resale value, pushing you over the edge. The patch adds the resale first, then tests the limit. -
adoxa wrote:
There is indeed a flaw in the way worth is tested.server.dll 06FC06 81FD<limit>7F0B03EE->03EE81FD<limit>7F09 = prevent erroneous kick upon reaching limit ~adoxa</limit></limit> ```What's happening is that it tests your money _before_ adding the new value. This means you're fine when you have the limit, but then it adds the ship resale value, pushing you over the edge. The patch adds the resale first, then tests the limit.W∞W! You made it again!
So in this way the problem you talked before will be avoid?
-
No, it will still wrap around once you pass that magic 2 billion mark. The safest highest limit is 2 billion minus whichever is the largest of: cargo * price; equipment * resale; ship * resale. However, I should be able to make these limit tests unsigned, so the actual 2 billion limit will be achievable, but I still don’t think any higher than that is feasible.
-
adoxa wrote:
No, it will still wrap around once you pass that magic 2 billion mark. The safest highest limit is 2 billion minus whichever is the largest of: cargo * price; equipment * resale; ship * resale. However, I should be able to make these limit tests unsigned, so the actual 2 billion limit will be achievable, but I still don’t think any higher than that is feasible.I know about 2b. in my mod i set the vaule to 1.5b so i have 0.5b for buffer. I want to know is, if i edit the offset, will give cheater’s a new way to cheat?
And, btw, i believe the 06FC06 hack is useful for 1.0 server too. It also fix the fake kick in some server without hack the credit limit. If this no any side effect, that will be perfect.
-
Adoxa - the best way would be to disable the sale if the limit will be exceeded - can you do that?
-
@NeXoSE: I don’t believe so, although if the limit is really high and wrap around occurs, it might be possible to exploit that. Changing to unsigned tests will prevent it. I’ll see if I can put those up tomorrow.
@StarTrader: I don’t know. The worth calculation would already be affected, so would it really matter? Do you want to separate the cash limit from the worth limit?
-
I don’t think that separating the cash from the worth would be easy for you, too much to ask I think.
I was just thinking if the transaction can be prevented rather than letting the cash roll-over happen.
-
StarTrader wrote:
I don’t think that separating the cash from the worth would be easy for you, too much to ask I think.I was just thinking if the transaction can be prevented rather than letting the cash roll-over happen.
Change signed to unsigned, Is it possible? I just curious about this because i never see people going to change that before.
For disable transaction, Is there is a existed function for this so it can be done just using JMP? You know i can still selling when my worth over the redline, and server kick me. So maybe this already prevented by the kick…
-
Here’s the big (untested) patch to catch cash overflow errors (so the magic 2 billion value should be possible) and remove the limit altogether (maxing out at the magic 4 billion value) when determining worth. Didn’t look into preventing transactions.
# Test for overflow when adjusting cash. # Treat worth as unsigned (and "unlimited"). # Jason Hood, 14 & 16 December, 2010. File: freelancer.exe # Display current worth (any monetary value) as unsigned. 077A14: 00 CA 9A 3B [ 40 42 0F 00 ] 077A22: 73 [ 7D ] 077A2A: 31 D2 F7 F7 84 C9 96 [ 99 F7 FF 84 C9 8B F0 ] File: content.dll # Use unsigned worth for rank calculation. 0A947F: 83 C4 10 D9 44 E4 14 [ DB 44 24 30 83 C4 10 ] E8 A5 FC 05 00 03 44 E4 20 [ D8 44 24 14 E8 A1 FC 05 00 ] File: server.dll # Desired cash limit - maximum is 2_147_483_647 (FF FF FF 7F); # default is 999_999_999 (FF C9 CA 3B). 06F46E: FF C9 9A 3B [ FF C9 9A 3B ] 06F475: FF C9 9A 3B [ FF C9 9A 3B ] 06F4A6: FF C9 9A 3B [ FF C9 9A 3B ] 06F4AD: FF C9 9A 3B [ FF C9 9A 3B ] 06F517: FF C9 9A 3B [ 04 33 F6 EB ] 075437: FF C9 9A 3B [ F6 EB 0D 81 ] 0754E0: FF C9 9A 3B [ FF C9 9A 3B ] 0754E7: FF C9 9A 3B [ FF C9 9A 3B ] 076421: FF C9 9A 3B [ F6 EB 0D 81 ] 06CD6C: 7E [ 76 ] # unsigned test for cheat detection # Handle overflow for IServImpl::ReqChangeCash. 06F4E9: 54 [ 44 ] 06F4F1: 97 [ 87 ] 06F4FC: 90 90 [ 03 F0 ] 06F509: 4F [ 57 ] 06F50C: C9 [ D2 ] 06F514: 01 D6 B8 [ 85 F6 7D ] 06F51B: 70 0A 79 04 [ 0D 81 FE FF ] 31 F6 EB 06 [ C9 9A 3B 7E ] 39 C6 7E 02 [ 05 BE FF C9 ] 89 C6 [ 9A 3B ] # Use unsigned values when calculating current worth. 06FB99: 01 CD 73 15 5F EB 79 [ 81 F9 FF C9 9A 3B 7F ] 06FC05: 00 01 F5 72 0F EB 04 [ 13 81 FD FF C9 9A 3B ] 06FC1C: FF FF FF FF [ FF C9 9A 3B ] # Handle overflow for pub::Player::AdjustCash. 07541A: 90 90 [ 03 F0 ] 075432: 03 74 E4 10 B8 [ 85 F6 7D 04 33 ] 07543B: 70 08 79 02 [ FE FF C9 9A ] 31 F6 39 C6 [ 3B 7E 05 BE ] 7E 02 89 C6 [ FF C9 9A 3B ] # Handle overflow for pub::Player::RewardGroup. 076401: 90 90 [ 03 F0 ] 07641C: 03 74 E4 10 B8 [ 85 F6 7D 04 33 ] 076425: 70 08 79 02 [ FE FF C9 9A ] 31 F6 39 C6 [ 3B 7E 05 BE ] 7E 02 89 C6 [ FF C9 9A 3B ] ```(Search for BPatch to apply it automatically.) -
Hurrah!
I will test it tomorrow, but …. how to test?
====================
OK, i cannot endure the temptation…I done the edit, and the kick is gone, but there is a few side effect: “Current Level” shows Error Codes on PLAYER STATUS window.
====================
Cannot testout any problem, StarTrader?
-
Buy / Sell Goods, normally, no problem.
Buy / Sell Goods, over the limit, no problem.
Buy / Sell Equipments, normally, no problem.
Buy / Sell Equipments, over the limit, no problem.
Buy / Sell Ships, over the limit, no problem.So the only things i worry about is the cheat. Adoxa, how to test it?
-
What cheat? Exploiting wrap around? The patch prevents wrap around, that was the point. You could possibly exploit the maximum worth cap, but you’d need at least 2 billion worth of cargo/equipment/ship to start with. Is that likely to happen? Not that it matters, since there’s nothing much to do about it.
Updated the patch, so hopefully the rank calculation is unsigned, now, too. The maximum rank is still at 2 billion, though.
-
adoxa wrote:
What cheat? Exploiting wrap around? The patch prevents wrap around, that was the point. You could possibly exploit the maximum worth cap, but you’d need at least 2 billion worth of cargo/equipment/ship to start with. Is that likely to happen? Not that it matters, since there’s nothing much to do about it.Updated the patch, so hopefully the rank calculation is unsigned, now, too. The maximum rank is still at 2 billion, though.
Still show error codes:
This bug only jumping in this place, other place like “Chat Window” is normall.
Hey where is other guy, I believe this path is useful for most of Mods.
EDIT:
I cannot see any problem in my MOD, I planed to use this hack in my mod now, Big THANKS to adoxa !
-
I should have said to remove the other one first (bpatch -r) which would have fixed that. As you see, I mistakenly used rank instead of worth. Don’t know if it’ll mean anything to you, but I replaced L"%d" (wide character convert to signed) with “%u” (convert to unsigned, not noticing the lack of wide). 0A8A9E: C4 0E 5D to restore it.
-
Done, looks great. All works good right now. So i just need to keep player’s worth less than 2bm$ and all will fine?
Sorry, I don’t have to test set credit limit to 2bm$, im busy on my mod’s storyline, changing systems and executing “Bases Ownership Changes” and etc. I will test it when i done this.
-
2Gi$ cash + 2Gi$ worth = 4Gi$ limit. Since it can’t go any higher than 4Gi, it may be possible to exploit that. Hm, actually, it might be possible to make a plugin to at least extend the worth cheat test past 4Gi. But really, isn’t 2Gi enough?
For those unfamiliar with it, Gi = gibi = binary giga = 2**30 (1_073_741_824).
Thank you.