Quote: The way the dupe worked was when in a trade screen I would put up a non-stackable item with an amount of zero, where it would normally be one. This would trick my side into thinking I put up nothing, and the other into thinking I put up one. So really, it's not duping because you don't need one to start with. It's more like "Creation." It also used an item ID. An item id is the number given to an item. No, each item does not have it's own ID. All r2h's are item 81, and all pink hats are item 580. This is why it is extremely hard for Jagex to find out which hats are real and which are fake. Here are some other numbers of items:It's fixed long since and there aren't any dupe bugs anymore in runescape, but I have some questions about this, to know how to prevent this when making such a game myself. At that time, runescape was already 2 years old and only then the bug was found. Jagex had programmed everything so that all the things that have to do with items happen server-side. So how could this bug be made, where a client can trick the server into thinking there is an item that's not in the server database, in a trade window? Does anyone who have experience with programming multiplayer games know why they could have overlooked this? Thanks.
MMORPG duplication bug
Author
2 years ago, there was a duplication bug in runescape, that worked somewhat like this (copying this from the site of the person who found that bug):
I've never played RuneScape so I'm not really familiar with the trading process. However, from what I can see, this is roughly how it would work:
- The trade screen is opened, and as the guy says, he puts 0 quantity in for an item.
- The trade is accepted and the item is created.
The core problem here is the fact that each item type has its own ItemID (e.g. pink hat = 580). Being as all pink hats have an ItemID of 580, it could feasibly be possible to "fool" the server into thinking that an item existed. I can't be completely precise as to why it works with RuneScape, because as I mentioned earlier, I've never played it and so I don't fully understand what the beginning of the quote is saying.
However, as a solution to the problem, all items should have different ItemIDs. So for example, whenever a new item is generated for the game, a new ID is also created. Thus, all individual items have a unique ItemID. Obviously, it means a hell of a lot more information would be stored in the database, depending on the amount of people playing the game and subsequently the amount of items that existed. This should, in theory, make it harder to duplicate items, so long as checks are in place to ensure that people don't try to conjure up their own ItemIDs in some way or that unique constraints are enforced on the database (if so you'd need to handle the exceptions if someone managed to generate an ID that was already in the database).
- The trade screen is opened, and as the guy says, he puts 0 quantity in for an item.
- The trade is accepted and the item is created.
The core problem here is the fact that each item type has its own ItemID (e.g. pink hat = 580). Being as all pink hats have an ItemID of 580, it could feasibly be possible to "fool" the server into thinking that an item existed. I can't be completely precise as to why it works with RuneScape, because as I mentioned earlier, I've never played it and so I don't fully understand what the beginning of the quote is saying.
However, as a solution to the problem, all items should have different ItemIDs. So for example, whenever a new item is generated for the game, a new ID is also created. Thus, all individual items have a unique ItemID. Obviously, it means a hell of a lot more information would be stored in the database, depending on the amount of people playing the game and subsequently the amount of items that existed. This should, in theory, make it harder to duplicate items, so long as checks are in place to ensure that people don't try to conjure up their own ItemIDs in some way or that unique constraints are enforced on the database (if so you'd need to handle the exceptions if someone managed to generate an ID that was already in the database).
If that bug is true and not something just made up by a player... it sounds like a core flaw in the game architecture... as the server should NEVER trust the client on anything, especially with items/trades.
Quote:Original post by Saruman
the server should NEVER trust the client on anything, especially with items/trades.
too bad blizzard didn't know that when they wrote diablo 2!
Quote:Original post by gumpy macdrunken
too bad blizzard didn't know that when they wrote diablo 2!
In a peer-to-peer networking architecture there is no actual server...
Quote:Original post by Saruman
In a peer-to-peer networking architecture there is no actual server...
i was referring to diablo 2 on battle.net. at&t hosts all the servers and databases. i'm pretty sure the orginal design was p2p though, which would explain everything.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
