Ahhh, finally I have come up with an explanation of my infamous hour glitch. After extensive research, and then talking to a friend of mine who is extremely good with computers (and hacking), I believe I have found the answer to all of our questions.
The glitch is called a buffer overflow. This is caused when you put something more (or unexpected) in something than it is designed for. For example, a programmer may set the maximum characters for a username to 256. If you put in more characters, say, 1000, and include a script or something similar in those 1000 characters, something will happen due to the inability for the program to handle that many characters.
With the hour glitch, setting your guild tag would put letters in your name, but the word filter would change http to ****. This in turn would make it so that your guild tag was not set (because you needed to have your rank set, and if it wasn't correct, you wouldn't be wearing your guild tag), and then you could do it over and over, until a buffer overload occurred.
The limit is most likely a built-in nickname limit of 256 characters, and so this would work on all servers, given you had a way to set your nick to more characters than that. This is a huge security threat to graal, as somebody could potentially get RC rights for any server, if they knew how to do some scripting and took the time to figure out how to use this correctly.
I would be very happy if somebody was willing to try some of this out for me. The built in limit is most likely 256 characters, and then there are limits imposed by other means which can obviously be bypassed. This could lead to endless exploits, maybe even getting our hands on the current gserver (for all of you graal reborn addicts)! I'll be working on this for a long time.
I am thinking of creating a graal hacking team (like hardcore attacking hacking), one that will try to do some high profile shit... if you are interested, contact me at haxis@lavabit.com φ
No comments:
Post a Comment