EOSERV Bug Tracker > Bug #439: NPC Ghosting

Bug #439: NPC Ghosting

NPC Ghosting
ID #439
Submitter shayne
Product EOSERV
Severity Normal
Submitted 9th Dec 2016
Updated 18th Dec 2016
shayne Submitter 7 years, 28 weeks ago

You can easily ghost NPCs with a refresh related client modification, when holding down f12 or spamming it, and walking towards/in an npc.

To give a little info about the issue:

It seems to be easily doable because for one, refreshing with F12 speeds up the client.

Then using a client modification different from the old refresh hack, allows you to spam F12 with even less delay.

Cycling through speeding up the client (spamming F12) and slowing it down (stopping F12 input), seems to be the reason this exploit works.

Could be a problem, especially if certain npcs are meant to be roadblocks/impassible.


Cirras 7 years, 28 weeks ago

Not actually a bug - This is a configurable feature. By default, NPCs can be ghosted through. This is actually intended to help laggy players.

In my opinion, this would be better suited as a feature request - The feature being that spawn_type 7 NPCs can't ever be ghosted through, even if NPC ghosting is enabled (Which it is, by default.) This makes sense because spawn_type 7s never move, and even laggy players should never get stuck on them.

shayne Submitter 7 years, 28 weeks ago

I tested while the setting was disabled in eoserv r535. GhostNPC = no

I also tested on the main Clone server.

(Although I'm pretty sure this setting is enabled on the Main Clone.)

Why did this also work on the official server then?

I'm fairly certain speeding up the client and slowing it down causes a moment where the client doesn't detect or appropriately correct player position.

That's just a guess based on the behavior of the client, when using this exploit, but logically, it does make sense to me that, that is the case.

On Main EO, the old refresh hack allowed the same thing, although it was much more difficult to achieve, as opposed to the new refresh modification.

That convinces me even more this is a bug/issue that should probably be looked into. You should not be able to ghost npcs when GhostNpc is disabled.

Unless GhostNpc is failing in the newest rev, it definitely is an existing bug I'd think.

Apollo 7 years, 27 weeks ago

It is possible the client is not reflecting server coordinates. This may be on the client end. Vult probably corrected this on Main with the player refresh packet which is currently unsupported. I believe it probably needs some Jacky fix to prevent the client from being out of sync with the server.

Cirras 7 years, 27 weeks ago

Huh. I was certain that it didn't work on older builds.

It might have gotten broken at some point when Sausage did all of this fancy WalkFail stuff on the newer revs and made it so "bumping" would refresh the character and all that.

shayne Submitter 7 years, 27 weeks ago

I think Apollo may be right in part. The client is likely grabbing/reporting incorrect coordinates during the refresh period.

After a little more thinking/testing, I'm thinking it's a mix of things causing the issue.

-In part, it has something to do with calling refresh multiple times, faster than normal. (Bypassing refresh delay restriction.)

-When refreshing and moving at the same time, the client 'seems' to obtain an incorrect x/y player position briefly, although it's corrected almost instantaneously.

-When standing 2 tiles away from an npc, then refreshing and moving, it skips a whole tile, allowing a guaranteed npc ghost, whether an npc is stationary or not. That's partly why I'm thinking the client is getting incorrect player X/Y positions during refresh.

-When standing directly in front of an npc, it is possible to ghost it just by holding and releasing f12 multiple times. (Although it's tricky to get the timing right.) This is why I'm thinking it's not only caused from obtaining an incorrect player position.

Apollo: I'm not sure what you mean about 'Vult probably corrected this on Main'

This exploit has always been present on main as long as I've been around and aware of it. It was never fixed. My apologies if you're referring to something else. =d

It has always been possible to ghost an npc on main with the old refresh hack. It was just extremely hard to get the timing right to allow you to ghost an npc.

Cirras: It's possible it's related to that, but I'm fairly certain this would still be possible to do with or without those changes anyways. It's definitely always been possible on the main server, and older eoserv revisions as far as I am aware.

Apollo 7 years, 27 weeks ago

I think vult's player refresh packet is what gives you a late refresh on Main. I have walked thru NPC's moving to the same time only to get a delayed auto correct from the main server. I will have to investigate what actually happens to prove this theory though.

shayne Submitter 7 years, 27 weeks ago

Now you have two issues to deal with. The new one is way worse though.. xD

After some tinkering, it turns out you can ghost npc tiles, like you're walking on normal tiles.

I guess Vult either got lazy, forgot, or didn't think anyone would exploit it.

I was surprised it worked for npc tiles, because it doesn't work for any other tile type. It looks like he protected everything but Npc tiles..

I'm still looking into the original refresh issue to.

Updated Severity to HIGH

Sausage Developer 7 years, 27 weeks ago

GhostNPC is one of many settings that are unused. EOSERV has always allowed you to walk right through NPCs.

It's not really a surprising thing to anyone in terms of trying to create walls out of NPCs, since people could already walk in to NPCs on main easily, just with a 5 second wait required.

Updated Severity to NORMAL
Updated Status to CONFIRMED

shayne Submitter 7 years, 27 weeks ago

I don't exactly see/understand what you mean.

I also don't know what you mean by 'people could already walk into npcs on main easily.' You could not walk into npcs in main with out the old refresh hack. Even with the refresh hack, it was hard to successfully do.

Unless you're talking about sending the walk packet to ghost an npc, like everyone did with bots. That was relatively new on Main though. I'm talking about a client modification, to bypass the checks for walking into npc tiles.

I don't think you understand what I mean.

The client checks when your character is attempting to walk through certain tile types. In this case, NPC tiles are not protected/used the same way as other tiles.

There is a hack for each direction, when walking into npc tiles.

To put it simply, I could spawn 100 npcs on my server, and ghost every single npc without delay, as if I was walking on normal tiles. This has never been possible on Main or eoserv as far as I'm aware, which is why I am confused by your response.

I don't think you understand the severity of this modification.

If you want, I could privately message the hacks for each direction.

Cirras 7 years, 27 weeks ago

Well, I know that even as far back as rev 189, ghosting NPCs without delay was perfectly feasible by simply sending walk packets as if the client was allowing you to walk in that tile, and the server wouldn't bother to check if an NPC occupied the tile to stop you. I assumed this was because the config option was disabled, but I guess it never did anything anyway.

Sequence validation stands in the way of the packet-based approach for most people, but a simple client hack still subverts the lack of a serverside check, as you've discovered.

For some server owners, that's no problem, since ghosting NPCs has traditionally not been a matter of contention anyway - But in some scenarios, they may wish to disallow that sort of behavior in the way main once did.

I should stress, of course, that the client modification you're doing isn't actually bypassing checks. The checks don't exist in the first place.

shayne Submitter 7 years, 27 weeks ago

Actually, there is client side checks for walking into tile types.

They're the only tile type that isn't protected.

I know this from finding and testing related addresses.

There is a compare for each direction, that validates if you are walking into a npc tile or not. ;P

Nopping each direction/tile check allows you to ghost through npc tiles.

Cirras 7 years, 26 weeks ago

I meant you weren't bypassing serverside checks.

That hack sounds rather interesting though. I should really dig into the client's inner workings for fun at some point..

shayne Submitter 7 years, 25 weeks ago

Ah, alright. I thought you meant client side. =d

Yea it's kind of neat, I was surprised it worked since the other tiles don't.

You should mess around, there is lots of interesting things you can find and modify. I don't have too much experience, so I'm sure others with more experience, could find some very useful things. Although I have found a few neat tricks to enhance the clients looks/functioning though. :)

Add Comment

Please don't post unless you have something relevant to the bug to say.
Do not comment to say "thanks" or "fix this please".

Please log in to add comments. EOSERV Bug Tracker > Bug #439: NPC Ghosting