Jump to content
  • 0
Sign in to follow this  
latheesan

How to prevent multiple spaces in chat room? Scammers are using this to impersonate GMs.

Question

Hi All,

 

I just found out about an interesting way scammers are scamming my players.

 

If they used multiple spaces, they can pretend to be anyone (especially GM/Admin) and trick users to give their account details away or in worst case get them to install TeamViewer etc...

 

Let me show you what I mean.

 

If I am logged in user Adam for example and I want to impersonate gm Latheesan, as "Adam", this is what I would type in a chat room:

 

Hi                                                                                          Latheesan : Hi, can you install TeamViewer and give me id/pass?

In the game, here's a demo showing how this looks and renders:

 

LH2vTCL.png

 

5BPpUYQ.png

 

So, in a busy chat room, players can be easily tricked into thinking a GM/Admin is talking to them and they do what they are told (even tho there's an ad/warning plastered all over the game not to give out account details >.>)

 

Anyway, now you know how it's done, is there a way to prevent this? 

 

The easiest solution I can think of is to prevent multiple spaces in chat.

 

If this was in PHP, I would have used regex to replace multiple occurrences of spaces into one like this example:

 

$input  = 'Hi                                         Latheesan : Hi, can you install TeamViewer and give me id/pass?';
$output = preg_replace('!\s+!', ' ', $input);

Could effectively do something similar in Hercules as a plugin? Can someone help me out?

 

I am pretty sure this should be standard in Hercules, i.e. not being able to use multiple spaces (atleast a config for it or something...)

Edited by latheesan

Share this post


Link to post
Share on other sites

4 answers to this question

Recommended Posts

  • 0

Thanks for that, I manage to salvage the code Annie posted and tried to compile and found out that "colormes" has an error:

 

 

struct "clif_interface" has no field "colormes"    gmimpersonate

 

So, I replaced it with: messagecolor_self

 

Now, I have a different error:

 

 

'session': undeclared identifier

 

This is what I have so far: http://pastebin.com/N0EMkui3

 

If I try to remove this line "session = GET_SYMBOL("session");

the plugin doesn't compile, I get this error:

 

8DDG8bL.jpg

 

Any ideas? I am trying to compile in Visual Studio Community Edition 2015.

 

Thanks.


--------

 

UPDATE

 

After many hours of tinkering, I finally got it to compile after realising the plugin system was updated. The code Annie posted was for old HPM system.

 

So, I managed to update it like this (not sure if i am using the right hook):

 

#include "common/hercules.h" /* Should always be the first Hercules file included! (if you don't make it first, you won't be able to use interfaces) */
#include "common/memmgr.h"
#include "common/mmo.h"
#include "common/socket.h"
#include "common/strlib.h"
#include "map/clif.h"
#include "map/pc.h"

#include "plugins/HPMHooking.h"
#include "common/HPMDataCheck.h" /* should always be the last Hercules file included! (if you don't make it last, it'll intentionally break compile time) */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

HPExport struct hplugin_info pinfo = {
	"gmimpersonate",	// Plugin name	
	SERVER_TYPE_MAP,	// Which server types this plugin works with?
	"0.1",				// Plugin version
	HPM_VERSION,		// HPM Version (don't change, macro is automatically updated)
};

bool my_clif_process_chat_message(const char* retVal___, struct map_session_data *sd, const struct packet_chat_message *packet, char *out_buf, int out_buflen)
{
	if (retVal___ == true) {
		char* message = (char*)RFIFOP(sd->fd, 4) + strnlen(sd->status.name, NAME_LENGTH - 1) + 3;
		int i, l = strlen(message);
		for (i = 0; i <= l; i++)
			if (message[i] == 'xA0')
				message[i] = 'x20'; // replace Alt+0160 into [space]
		if (stristr(message, "    ")) {
			clif->messagecolor_self(sd->fd, COLOR_RED, "You are only allowed to type maximum of 3 spaces in a dialog.");
			return false;
		}
		if (stristr(message, "x20x3Ax20") || stristr(message, "x20x3Bx20")) { // type " : " OR " ; " will be blocked
			clif->messagecolor_self(sd->fd, COLOR_RED, "You can't impersonate other players !");
			return false;
		}
	}
	return true;
}

HPExport void plugin_init(void) {
	addHookPost(clif, process_chat_message, my_clif_process_chat_message);
}

 

Now, this plugin compiles. I've enabled it (gmimpersonate) in conf/plugins.conf and went in game to test it, does not appear to be working.

 

Any idea what might be wrong? is "process_chat_message" wrong method to hook? I tried looking for "process_message" but it appears there is no hook for it.

Edited by latheesan

Share this post


Link to post
Share on other sites
  • 0

Update #2 :-

 

Okay, after a bit of tinkering around - I think I managed to solve it, but I feel like I may have hooked into the wrong function.

 

Here's the working version:

 

#include "common/hercules.h"
#include "common/memmgr.h"
#include "common/mmo.h"
#include "common/socket.h"
#include "common/strlib.h"
#include "map/clif.h"
#include "map/pc.h"

#include "plugins/HPMHooking.h"
#include "common/HPMDataCheck.h"

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

HPExport struct hplugin_info pinfo = {
	"GM Impersonate",	// Plugin name	
	SERVER_TYPE_MAP,	// Which server types this plugin works with?
	"1.0",				// Plugin version
	HPM_VERSION,		// HPM Version (don't change, macro is automatically updated)
};

bool my_pc_process_chat_message(bool retVal___, struct map_session_data *sd, const char *message) {
	if (retVal___ == true) {
		if (stristr(message, "    ")) {
			clif->messagecolor_self(sd->fd, COLOR_RED, "Possible GM Impersonation Detected - you cannot use more than 3 spaces in chat.");
			return false;
		}
		if (stristr(message, " : ") || stristr(message, " ; ")) {
			clif->messagecolor_self(sd->fd, COLOR_RED, "Possible GM Impersonation Detected - you cannot use : or ; in chat.");
			return false;
		}
	}
	return true;
}

HPExport void plugin_init(void) {
	if (SERVER_TYPE == SERVER_TYPE_MAP) {
		addHookPost(pc, process_chat_message, my_pc_process_chat_message);
	}
}

 

This version appears to be working everywhere, not just chat rooms. Here's a demo of the detection working:

 

HfGVuAD.jpg

 

But this appears to have created a side effect. When ever you use a at-command, it appears to executes the command and then show the at-command you typed.

 

Here's what I mean. I used the command @who2 - it shows the output and then shows the command i typed  :wacko:

 

t1k1hqy.jpg

 

Is pc->process_chat_message the wrong hook? If not, am I implementing the hook incorrectly?


Update #3 - I've fixed the wierd side effect

 

It was caused by me always returning true. The fix is this:

 

bool my_pc_process_chat_message(bool retVal___, struct map_session_data *sd, const char *message) {
	if (retVal___ == true) {
		if (stristr(message, "    ")) {
			clif->messagecolor_self(sd->fd, COLOR_RED, "Possible GM Impersonation Detected - you cannot use more than 3 spaces in chat.");
			return false;
		}
		if (stristr(message, " : ") || stristr(message, " ; ")) {
			clif->messagecolor_self(sd->fd, COLOR_RED, "Possible GM Impersonation Detected - you cannot use : or ; in chat.");
			return false;
		}
	}
	return retVal___;
}

:( silly typo. 

Edited by latheesan

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.