[crossfire] Ideas needed to fix exploit

Mark Wedel mwedel at sonic.net
Tue Feb 28 00:44:29 CST 2006 

Andreas Kirschbaum wrote:

>  a) Do not reward (pk) with exp.
> 
>     This is probably the safest "solution" and is very easy to
>     implement. Not sure if that is an appropriate solution for servers
>     that allow pvp.

  could be something that is set in the settings file.  Maybe even have this act 
as some modifier to amount of exp gained (as a percentage).  so if 0, you get 0% 
  (0) of the exp you would normally.  If 50, you would get 50% of exp, etc.

> 
>  b) Reward a (pk) with MIN(5 million, (exp loss of victim)/10).
> 
>     I'm not sure if that really is a good idea since it probably creates
>     another exploit: kill a player with some hard to train skill and
>     gain lots of exp in that skill.

  I'm not sure I follow that logic - it doesn't seem to be any worse than now.

  If I can (hypothetically) kill someone with bad singing, that change above 
doesn't make things any easier or harder.  I won't get any more exp than I did 
before that change, and will likely get less.  If the player being killed is 
down to having only permanent exp left (thus doesn't lose anything), I gain no exp.


>     Another (probably quite hard to exploit) problem is that a victim
>     player can be killed but not actually die. Thus if a player is very
>     careful to kill the victim at -1 hp and the victim regains hp very
>     fast, the victim will not actually die but the attacker will gain
>     exp. Thus the attacker would gain more exp in total than expected.
>     (I'm not sure if this problem still exists but it did exist last
>     time I did check.)

  It may still exist, since I think the examination of death happens when the 
player does his action.  That would be easy to fix - just move the check for 
op->stats.hp<0 to the start of do_some_living instead of the end.

  That said, in the right situation, a combo of 3 players could still observe 
this.  This requires some knowledge of the processing order of the players -

player A kills player C, gets exp.
player B heals player C
player C goes - do_some_living() never called for him with less than 0 exp, thus 
never loses exp

  This may not actually be as hard to set up as one might thing - the order 
players join in defines the order they are processed in.  And what is important 
here is overall order, not per tick order.  The, and order like CAB would still 
work - player C would be dead for a tick, but doesn't make a difference.

  I'd think this abuse would be easier to pull off, as now you don't have to 
align to -1 hp - if the healer can heal a good amount, that works.  That said, 
I'd think that trying to do this would be time consuming - basically player A 
has to attack, and there probably isn't enough time for player B to see the 
results, so he has to always case healing.  So if A's attack didn't kill, could 
take a while to get C down to a dangerous level of HP.

> 
>     Another possible exploit could be to abuse the force inserted into a
>     killed player to prevent multiple deaths at his savebed.

  One question I have is why even need a force.  Is there any potential abuse 
just saying a player can't die when on his savebed?

  However, this change would be affected above - you have to make sure that the 
player doing the killing can't get the exp, since that is the real abuse.  If 
the killer gets exp, but in do_some_living(), the player doesn't really die, 
this doesn't fix the problem.

More information about the crossfire mailing list