Trinitycore: Crash/Freezing exploit freezing players with game crash

You have to provide more infos

@RR2739-VCN : It would be useful to know what the message looks like, to see if there is anything that can be done to filter out bad code in chat.

i suggest you yo get one sniffer and get your client frozen.

The thing is, its an addon, it leaves nothing in the chat, i tried to append the logs and it has nothing on value to look at, i checked the character logs, no chat at all, everything is being done via a special addon, this is gonna become a very big problem, as the player can even crash GMs. It freezes your client (not the server) so it shows 50 ppl log off all in one shot., seconds after each other

I tried purchasing this addon acting as a player but the person was a freaking scam artist he was trying to scam me out of money by sending him Westernunion payment in Moscow.

I tried to get my hands on that addon, this is such a huge problem the addon user can take every single person off line within minutes

What is the best way to log addon activity?

Can this be done using Trinitycore Appender?

Appender.addon=2,2,8,Addon%s.log,a

sniffer will get the point where the client is frozen even you don't get nothing on logs.

Yes, it means i have to be crashed by that person, obviously i got rid of him for now, since he was causing chaos on the server. I was able to trace the IP of the player and linked it to this:

https://vk.com/wowscriptcheat

That is the creator of this addon,

https://youtu.be/eAUx1BRjHTo

This is a showcase video, I contacted him and he said due to the fact that people are crashing many servers now he stopped selling it, which is a very foolish answer considering he made this addon with a specific reason to cause harm to players.

Without providing addon, hard to do anything.

We don't know if the issue is for 3.3.5 or master.

if the image can be trusted as an advertisement, it targets WoW 3.3.5 (at least the image says so).

Yes this is 3.3.5 Targeting, and I tried to get it, believe me, 6 of us, all tried. One of us actually almost got the owner to sell it and he wanted 3k for it, which is absolutely ridiculous, I think the exploit has something to do with MS and Client/Player Latency, just by looking at the addon and translating everything from it's interface, there is a button on the bottom that says "Turn of the Lag" or something in that nature.

Can you give link crashserver? For test?

Maybe you misunderstood? we do not have the addon

You must Buy the exploit crash and sher for the full testing.

If we have the program, can examine it completely!

Enable chat link filtering.

The chat link filtering is always on. this not related

ChatFakeMessagePreventing = 1

#
#    ChatStrictLinkChecking.Severity
#        Description: Check chat messages for ingame links to spells, items, quests, etc.
#        Default:     0 - (Only verify that link format looks valid without checking the text)
#                     1 - (Check if color, entry and name don't contradict each other. For this to
#                         work correctly, please assure that you have extracted locale DBCs of
#                         every language specific client playing on this server)

ChatStrictLinkChecking.Severity = 1

#
#    ChatStrictLinkChecking.Kick
#        Description: Defines what should be done if a message containing invalid control characters
#                     is received.
#        Default:     0 - (Silently ignore message)
#                     1 - (Ignore message and kick player)

ChatStrictLinkChecking.Kick = 1

this is exploit console , enable chat link filtering, Does not resolve.

if u can give to me, program exploit crasher / i will to full tested and sher debug / sniff packets..

I had the same problem with my server!

get the exploit.

Please read the message i posted earlier, he wanted 3k for it,. I would be more then capable of making a fix myself if i had the program/exploit in question

skype / AccLeito

i said, we just need exploit hack for full review ! go on skype and send msg to owner.

buy exploit hack.

Look at my message, i wrote before 👍 we already DID that

`

Yes this is 3.3.5 Targeting, and I tried to get it, believe me, 6 of us, all tried. One of us actually almost got the owner to sell it and he wanted 3k for it, which is absolutely ridiculous, I think the exploit has something to do with MS and Client/Player Latency, just by looking at the addon and translating everything from it's interface, there is a button on the bottom that says "Turn of the Lag" or something in that nature.

`

The only way is , you must get the program! 3k 4k

if u want fixed.

Thank you for the advice. If you have this problem on your server "as you said you did" maybe "you" should get it and share it with us, as you are suggesting for me to do.

we need to see whois packets

exploit caused when client sends / packets
example:
Sending malicious

1. inviate offline player = > server error ! crashed
2. Send a lot of packets to handlers / ddos exploit handlers
3. or.....

please set debug mod and creat crash logs.

please set debug mod and creat crash logs.

It does't crash the server! It only crashes a player. If this was a server crash , it would already be fixed because we would have crash logs

what is your version? tc?

The Latest today's version 3.3.5a

Did you see? logs!
char dump
worldserver log
chat log
login & logout

@Hir0shi : The main problem here is that the offending computer sniffs out the game client computer and targets the game client to freeze it, making it stop communicating with the server. Maybe it is some form of DDOS or DOS, I don't know. Anyway, the offending addon makes sure to target only the client computer via the WoW game client (maybe it sniffs the IP address from the player?) and then the game client stops communicating with the server, not generating any log traces.

@illfated It's impossible for a client to get another's client ip-address, it will be most likely some message spam that the server dosen't filter out at the moment (maybe using the addon channel/addon whisper since those are currently not filtered, also if my memory serves me well not even throttled) Edit: Looking at how lose the default spam protection for TC is (allowing up to 100 packets a server tick [2000 packets a second]) it could be a form of DoS via chat message spam.

@RR2739-VCN you asked about Logging for addon messages (like whsiper, group chat etc) there is chat.log.addon.whisper and a few more (chat.log.addon.party etc). So this should work for all addon communication (not tested):

Appender.AddOns=2,2,9,addons_%s.log,a
Logger.chat.log.addon=2,AddOns

Does this affect players in the whole server or only those in visibility range ?

Judging from the video in above comments [https://www.youtube.com/watch?v=eAUx1BRjHTo] only the targeted player.
With a lua unlocker and wow api call TargetNearestFriend there is a possibility for an broader attack, but that's only a guess.

You could enable PacketLogFile = "" setting in worldserver to log all packets (that will probably grow quite much)

@jackpoz I been going over the video like Sherlock, playing it over and over, The person in the video is targeting players then presses "Freeze" and character is frozen, I do believe this hack has an option to do it even without targeting as it has a code box to type a nickname of a character. I believe it has something to do with a player latency or something in that nature. The reason why i say this: few weeks ago, my ISP was performing maintenance for few hours, that day i always had over 1000ms latency, my game froze exactly the same way, it looks to similar to ignore. The players affected by this on our server described how to that freeze/crash happened and to me it sounded very familiar. It seems, it's also related to a Russian Exploit made by the same person few months back, every time you do [ .pinfo ] while targeting the person using the exploit and you start lagging hard and game client crashes instantly. I could be wrong but it's worth looking in to.

Looking at the beginning of the video you can see in the top left corner in red "You must wait 58 Seconds(s) before speaking again" so it might be some message chat flood. Do you have ChatFlood.MessageCount enabled ?
You could also try setting AddonChannel = 0 to disable addon channel in case that's how the exploit works.

@jackpoz Yes I saw that as well, and yes here are the settings I have:

#    ChatFlood.MessageCount
#        Description: Chat flood protection, number of messages before player gets muted.
#        Default:     10 - (Enabled)
#                     0  - (Disabled)

ChatFlood.MessageCount = 10

#
#    ChatFlood.MessageDelay
#        Description: Time (in seconds) between messages to be counted into ChatFlood.MessageCount.
#        Default:     1

ChatFlood.MessageDelay = 1

#
#    ChatFlood.MuteTime
#        Description: Time (in seconds) characters get muted for violating ChatFlood.MessageCount.
#        Default:     10

ChatFlood.MuteTime = 10

It can be a very good possibility that it does have something to do with Chat Flooding.
As far as the AddonChannel option, i do have it enabled at this moment.

This happened again, today, this time i was able to log all the chat logs. this is the only thing that showed

2019-05-04_19:47:31 AddOn: Blizzard_AchievementUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_AchievementUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_ArenaUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_ArenaUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_AuctionUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_AuctionUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_BarbershopUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_BarbershopUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_BattlefieldMinimap (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_BattlefieldMinimap: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_BindingUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_BindingUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_Calendar (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_Calendar: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_CombatLog (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_CombatLog: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_CombatText (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_CombatText: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_DebugTools (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_DebugTools: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_GlyphUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_GlyphUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_GMChatUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_GMChatUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_GMSurveyUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_GMSurveyUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_GuildBankUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_GuildBankUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_InspectUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_InspectUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_ItemSocketingUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_ItemSocketingUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_MacroUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_MacroUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_RaidUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_RaidUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_TalentUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_TalentUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_TimeManager (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_TimeManager: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_TokenUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_TokenUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_TradeSkillUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_TradeSkillUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_TrainerUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:32 Addon: Blizzard_TrainerUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:32 AddOn: CurrentTime: 1549069482
2019-05-04_19:50:47 Player Gromzadira says (language 0):  |cffa335ee|Hitem:29434:0:0:0:0:0:0:0:80|h[Знак справедливости]|h|r

2019-05-04_20:01:52 Player Gromzadira says (language 0):  |cffa335ee|Hitem:49426:0:0:0:0:0:0:0:80|h[Эмблема льда]|h|r

Is he sending chat links on the addon channel?

No, he is linking items in regular channel, most likely to see ChatStrictLinkChecking.Severity = 1 status maybe>? That is the only thing i was able to produce as logs for that player.

These empty lines are suspicious to me, did you edit them out or maybe that guy is sending some invalid characters?
I also don't think language 0 should be valid for /say

@shauren The empty space was me editing out the other player logs.
Im not sure what to do here. The problems caused by 1 player are way to great. One person can crash 300+ players in a minute time of not less. The problem is growing because my mate's server was also targeted last night and the play was able to crash 326 players online to Zero. Until he was banned. Which is also another pickle, there is no way to ban IP ranges /16 or /32 ?

You can use iptables for that kind of stuff

I think language 0 is for crossfaction talk, we override server side iirc.

If all else fails turn on packet logging in server conf and wait until he does his thing.

I'm not sure its a chat message causing this, you really need to either get a sniffer (and get targeted) or enable PacketLogFile in config (this will log every single packet from all players to binary format, possibly creating giant file)

@Shauren

if u want i will to fixed?!

300 players is quite many, are you managing that alone our do you have any dev working on it ?

@jackpoz

my mate's server was also targeted last night and the player was able to crash 326 players online to Zero

My mate has a dev and I manage my own server and also give him a hand with his,. I started having this issue and then few weeks later he started to have this issue. The player uses an add-on that targets players, not server, therefore getting the necessary information required to patch this problem is not easy, server doesn't crash. So far we are unable to get our hands on that add-on nor find any useful information that can help us and the community to solve this problem once and for all.

We are going to turn on PacketLogFile in config on both servers to see if we can catch him this way.

It's really interesting, you know?How does this add-on work? How this add-on cause players client freeze/crash? Regular player, with no game permissions is able to freeze a player? And It's 100% confirmed that the add-on can crash any player in any location, so you can be in Battleground and Add-on User Elsewhere and still able to crash/freeze you. How is this even possible? If not via Chat

Also, if the client crashes (not just freezes), a crash log from client will also help me

@Shauren Unfortunately there is no crash logs from clients, . absolutely nothing, The client freezes. And does not produce any crash logs.

again, give victims https://github.com/Zedron/Whiff/wiki

@Aokromes most of our VIP members that are online most of the time are all using it now. Hopefully we can provide this community with enough information very soon.

https://wowjp.net/forum/358-310690-1#4258489
found that thread, might give some insight

Edit: watching other vids, he seems to have a bunch of 'lag' vids.
Iirc there was a way to freeze/fpsdrop players by sending invalid orientation in movement packets, dunno if that got fixed
Edit2: implementing per account packet logging would do wonders in here.
TC already has a PacketLog implementation, just adjust it to only log it for marked players via some kind of accountFlag and create a seperate file per account marked

I hope this helps in any way: https://imgur.com/a/0qsBuDA
I especially set up my whispers to appear in a new window, he /w me, all was good until i opened the whisper. It works on 4.3.4 as we speak, with ChatStrictLinkChecking.Severity = 3(Check if color, entry and name don't contradict each other.)
One question: since it seems it's done with russian characters, is it possible to censor russian language characters, would that stop it?

This is 100% related to chat, whispers. That is very obvious!, So what can we do to make this stop? How can we protect players from receiving these characters>? this issue is very common everywhere and needs a closer look at this.

Blocking whispers containing Cyrillic characters could possibly be a temporary fix, but it might not last longer than the time they need to alter the code and spread the software again using a different character set. (could be a hinder for users on Russian game clients, I guess)

Without providing the tool or data packets, no one will be able to help.

Not sure if "containing Cyrillic" would work. Here is an ideea. Block whispers entirely untill we figure out a solution. Let's stop giving them any satitsfaction. Or you can set .whisper on/off to rank 0 and instruct all players to use it.

@Killyana I completely understand what you are saying, however getting the tool is out of the question because, the link that @Riztazz provided, that OP does not sell this tool anymore. So the only thing left to do is gather packets or maybe look closely to the code related to chat and whispers.

@Icedsebo I agree with that notion. Let's see if that helps the next time they decide to stop by.

Maybe adding a script that prevents new players from speaking for 15 minutes would potentially disinterest them.

they could just AFK for 15 minutes and get back to it.
Adjust packet logging class to log per account instead of everything, mark that player and post logs. Or just log everything and show us those;p if you do log everything, make sure to monitor disk space

edit: There is an option in config to do so, to enable packet logging
edit2: Jackpoz has even better idea :P

Enable logs "chat.log.whisper" and "chat.log.addon.whisper" to level "Debug" and redirect them to a file Appender, you will get what the player is sending

Appender.Chat=2,1,17,Chat.log,w

Logger.chat.log.whisper=1,Console Chat
Logger.chat.log.addon.whisper=1,Console Chat

2019-05-24_20:48:41 Player Jackpoz tells Jackmageb: a
2019-05-24_20:48:42 Player Jackpoz tells Jackmageb: b
2019-05-24_20:48:43 Player Jackpoz tells Jackmageb: c
2019-05-24_20:48:44 Player Jackpoz tells Jackmageb: d

If you want you can enable the whole "chat.log" category and get all chat (say, party, etc..)

This happened again, today, this time i was able to log all the chat logs. this is the only thing that showed

2019-05-04_19:47:31 AddOn: Blizzard_AchievementUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_AchievementUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_ArenaUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_ArenaUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_AuctionUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_AuctionUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_BarbershopUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_BarbershopUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_BattlefieldMinimap (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_BattlefieldMinimap: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_BindingUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_BindingUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_Calendar (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_Calendar: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_CombatLog (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_CombatLog: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_CombatText (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_CombatText: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_DebugTools (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_DebugTools: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_GlyphUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_GlyphUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_GMChatUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_GMChatUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_GMSurveyUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_GMSurveyUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_GuildBankUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_GuildBankUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_InspectUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_InspectUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_ItemSocketingUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_ItemSocketingUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_MacroUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_MacroUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_RaidUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_RaidUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_TalentUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_TalentUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_TimeManager (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_TimeManager: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_TokenUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_TokenUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_TradeSkillUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:31 Addon: Blizzard_TradeSkillUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:31 AddOn: Blizzard_TrainerUI (CRC: 0x4c1c776d) - enabled: 0x1 - Unknown2: 0x0
2019-05-04_19:47:32 Addon: Blizzard_TrainerUI: validated (CRC: 0x4c1c776d) - accountID 5002
2019-05-04_19:47:32 AddOn: CurrentTime: 1549069482
2019-05-04_19:50:47 Player Gromzadira says (language 0):  |cffa335ee|Hitem:29434:0:0:0:0:0:0:0:80|h[Знак справедливости]|h|r

2019-05-04_20:01:52 Player Gromzadira says (language 0):  |cffa335ee|Hitem:49426:0:0:0:0:0:0:0:80|h[Эмблема льда]|h|r

OK, so the links are supposed to be

• https://www.wowhead.com/item=29434/badge-of-justice
• https://www.wowhead.com/item=49426/emblem-of-frost

but I am guessing there is something else happening, which is not visible in the log.
Have you tried comparing with valid chat links for those items to see if they are different?

No, no one ever thought of that. You are the first one able to translate the lInks anD we all thought it's cause of the two specific items linked in chat. The reason why we are still here Is cause we don't know how to censore two words from chat. Now i will go compare the links with the "valid" Ones to see if they are any different. Well aside the fact it's the exact same item buT another language.

Fair enough, although I don't quite get what or who the masked message "IDIOT" is supposed to target.
From https://db.rising-gods.de/?item=29434#links and https://db.rising-gods.de/?item=49426#links :

/script DEFAULT_CHAT_FRAME:AddMessage("\124cffa335ee\124Hitem:29434:0:0:0:0:0:0:0:0\124h[Badge of Justice]\124h\124r");

/script DEFAULT_CHAT_FRAME:AddMessage("\124cffa335ee\124Hitem:49426:0:0:0:0:0:0:0:0\124h[Emblem of Frost]\124h\124r");

This format may not be exactly what is supposed to be shown in the chat log, but it is a starting attempt to look at its content.
Maybe a Russian game client is needed to produce the Cyrillic text, but I don't know if it is required to find invalid chat content.

Is anyone else still having issues with this? I understand Firestorm fixed it yesterday.

@Icedsebo The logs above are from simply "say" messages, we already know that the addon operates over whispers, so it's likely the logs weren't setup correctly. Also it would be much easier to fix if we had packet logs like mentioned above.

Edit: It's likely an validation issue, maybe it's cyrillic text not parsed correctly on enUS/enGB clients, or it's something else, but we don't know for sure, with a bit of code knowledge you can easily filter out cyrillic text, since trinitycore already has functions for that.

Ok, after a few sleepless nights of thinking and trying anything i could think of to fix the issue, i managed to figure it out how the exploit works on the server i currenlty administrate. The owner just finished compiling and the exploit does not work anymore. I won't post it here, publicly, because i might give other ideeas to the wrong ppl.

well you could just share the fix and not the exploit, we can implement it and then everyone can get it too

I think he mean, he will not share the fix, typical case of pservers owners whining about something, and once they fix it they don't care about any thing else.

@Icedsebo was the issue about chat whispers in the end ?

@RR2739-VCN which DBC languages do you have ? just to know which languages you support with items

I am now the owner of the server, i merely admin it.
I won't expose the solution here for security reasons, if you can't understand that, it means you don't need to know how to solve the issue. Finding out how it works combined with my past experiences, it gave me ideeas about new possible crashes.

And if you carefully read my posts, you will see that i didn't come here to "whine", i came with the info i had at the time and shared it with everyone.

• i don't see what would be wrong with keeping it on the low, only for the server i have admin on: after all it it was my time wasted, my work while my interest lies with the server i admin, not with the rest of the servers we compete with?

Who needs to know how to stop it and not a copy /paste of a fix, may pm me. You should be able to make your own fix or at least do a little research.

may pm me

github doesn't have a PM feature.

won't expose the solution here for security reasons

do you plan to do any disclosure in the future ?

• after all it it was my time wasted, my work while my interest lies with the server i admin, not with the rest of the servers we compete with?

it's sad to see that way of thinking. if everyone thought like that, no opensource wow software would have ever existed. maybe in the future you will change idea.

@Icedsebo Your way of thinking escapes me, you won't share a fix yet you are using Trinitycore as the MAIN Core of your server, that's how your server is running, is because of Trinitycore Developers and their constant fixes that you apply to your server! and FYI Github doesnt have a PM feature, yet there are other ways you can share the fix.

@jackpoz We use English/EnUS DBC Files and Yes it is related to Whispers/Chat 100%

I am now the owner of the server, i merely admin it.
I won't expose the solution here for security reasons, if you can't understand that, it means you don't need to know how to solve the issue. Finding out how it works combined with my past experiences, it gave me ideeas about new possible crashes.

And if you carefully read my posts, you will see that i didn't come here to "whine", i came with the info i had at the time and shared it with everyone.

* i don't see what  would be wrong with keeping it on the low, only for the server i have admin on: after  all it it was my time wasted, my work while my interest lies with the server i admin, not  with the rest of the servers we compete  with?

Who needs to know how to stop it and not a copy /paste of a fix, may pm me. You should be able to make your own fix or at least do a little research.

Imagine if everyone would be like you, there would be no emulation community whatsoever.

That throne you sit on, the server you admin for, it's all made possible by the collaborative effort of hundreds/thousands of people contributing. And then you dare to to have the attitude of "well we fixed it but we're not going to share." , it's disgusting.

This is the attitude that makes people who contribute to open source free software not want to anymore.

Read carefully my previous post!
I said to send me a PM to find out how the exploit works, how to fix it. I explained why i can't post it in public, here.

I don't see the reason you all hate and dislike my post, unless you are a leecher. If you are a lazy leech and you are waiting on your ass for someone to post the code so you can copy/paste it then i'm sorry for you.

As for "And then you dare to to have the attitude of "well we fixed it but we're not going to share." , it's disgusting." are you that childish? All servers competes with eachother, thats how some servers are better than others, some have fixes they don't share and that gives them an edge. By your logic, all servers should be the same, have the same fixes and the same issues. That is not the case!

I understand there is no PM option, since it's the first time i made an account here, i didn't know. But you can see my email adress. Who stops you form mailing me? Hasty with the hate and dislikes.
Good luck then!

No, people cannot see your email by default, since you have 0 contributions to repository.

My email is [email protected]. Who mails me will get a description of how the exploit works and if that is not obvious enough, the solution

In case the issue is caused by flooding a player with PM as @Icedsebo suggested, please ensure the Anti-Flood Chat protection is enabled by setting https://github.com/TrinityCore/TrinityCore/blob/3.3.5/src/server/worldserver/worldserver.conf.dist#L1913 config to default (feel free to adjust them)

#
#    ChatFlood.MessageCount
#        Description: Chat flood protection, number of messages before player gets muted.
#        Default:     10 - (Enabled)
#                     0  - (Disabled)

ChatFlood.MessageCount = 10

#
#    ChatFlood.MessageDelay
#        Description: Time (in seconds) between messages to be counted into ChatFlood.MessageCount.
#        Default:     1

ChatFlood.MessageDelay = 1

#
#    ChatFlood.MuteTime
#        Description: Time (in seconds) characters get muted for violating ChatFlood.MessageCount.
#        Default:     10

ChatFlood.MuteTime = 10

@jackpoz Already have these settings, always had Flood Protection ON and my settings are the same except:

#
#    ChatFlood.MessageCount
#        Description: Chat flood protection, number of messages before player gets muted.
#        Default:     10 - (Enabled)
#                     0  - (Disabled)

ChatFlood.MessageCount = 6

It does not help, the problem, the client receiving something it does not understand and freezes, no crash but freeze. This addon still able to complete it`s task regardless of ChatFlood settings.

LANG_ADDON isn't checked by flooding protection, Idk how that's received by the other player though.

Should the client crash when pasting |cffa335ee|Hitem:29434:0:0:0:0:0:0:0:80|h[Знак справедливости]|h|r ? because for me it doesn't on client enUS

we are still waiting for sniff of a client crashing.

@Aokromes the client does not crash, it freezes. Big difference,
We also had this issue today on our server, the individual with this addon was able to freeze every single player. This issue requires attention. It has been confirmed by previous posters that this is related to Whispers, so why do we need Sniffs ? we can simply work on securing the whisper,. FOR EXAMPLE: why not make Whisper Characters Count? For example: limit amount of characters sent via whispers.

We require a sniff of that whisper because we don't know WHAT they are sending - if it is an invalid/nonprintable character then console/file logs also won't show it

@Astrono1293 we CANNOT fix what we don't known it's the cause.

we can simply work on securing the whisper,. FOR EXAMPLE: why not make Whisper Characters Count? For example: limit amount of characters sent via whispers.

The amount of characters sent via whispers IS already limited, just look at the code:
https://github.com/TrinityCore/TrinityCore/blob/6efdcd3ea8bf6c28bdf9d6c7ba729b139d97f367/src/server/game/Handlers/ChatHandler.cpp#L222

These are all the tries I have done: https://github.com/jackpoz/BotFarm/commit/a746b261c5f513a7d8086370b3256adeb1d96d31

If you come up with another try, feel free to try it (or post it on that commit)

If you are worried about LANG_ADDON messages not being sanitized, you can set AddonChannel to 0 in worldserver.conf

@Aokromes Agreed, however as I can imagine asking players to constantly have a sniffer on is simply impossible and catching someone in action when you have a sniffer, chances are slim, relying on players to have a sniffer on every time they decide to open their wow client is also slim to nothing,. We need to look at this from a different perspective, it's now confirmed that something is sent via whispers that a client cannot understand, WoW Client freezes, something needs to be added to filter those whispers that a client cannot understand, more attention needs to be directed as to how the whispers can cause client freeze, this is a serious issue and it's growing very fast. I am sure something can be done temporarily until the issue is discovered and fixed. That is however my opinion alone, others might have a different opinion.

@jackpoz Maybe reducing the amount of characters can go through whispers can potentially solve the issue temporarily, also limiting whispers to Latin Letters would also help the situation. Maybe revisiting logic as to how we handle this:

https://github.com/TrinityCore/TrinityCore/blob/6efdcd3ea8bf6c28bdf9d6c7ba729b139d97f367/src/server/game/Handlers/ChatHandler.cpp#L253

asking players to constantly have a sniffer on is simply impossible

https://github.com/TrinityCore/TrinityCore/issues/23215#issuecomment-487380384

You could enable PacketLogFile = "" setting in worldserver to log all packets (that will probably grow quite much)

TC can log all the packets, no need to rely on players.

limiting whispers to Latin Letters would also help the situation

how do you know ? we haven't got any data about what message is sent and we keep asking to please send us the information we are asking.

this is a serious issue and it's growing very fast

then it should be easy to get a server side packet log and send it to us.

@jackpoz I will enable it right now, does the server need a restart for this? because enabling it and reloading configs doesnt seem to work

Enabling World.pkt and reloading configs in world does nothing, so I assume a server restart is needed for this?

Yeah, you most likely need a server restart.

Btw it might be useful also to enable whisper logging (but upload the log file, don't copy and paste the text)

Appender.Chat=2,1,17,Chat.log,a
Logger.chat.log.whisper=1,Console Chat
Logger.chat.log.addon.whisper=1,Console Chat

Please try after https://github.com/TrinityCore/TrinityCore/commit/7b8f294c024230451f82ff67150e11fc31b61293

@jackpoz Thank you. I suppose the information I sent you helped this cause.

well https://github.com/TrinityCore/TrinityCore/commit/7b8f294c024230451f82ff67150e11fc31b61293 was pushed 2 weeks before based on some russian topic I found online, your information helped having a 100% how to reproduce case so it was still useful.

next on the list: check if the same happens with mails and sanitize them too if needed

OK the son of a bitch came to blackmail me and Retro.
This kind of scum truly must be shot.
Simple fix (may not be applicable to all), check buffer on WorldSession::ReadAddonsInfo for non ascii chars and size. If you want you can also read one variable at a time and check them.
Once you have done that just limit the number of addons to a reasonable value.
Do the same for WorldSession::HandleJoinChannel.
I hope that helps.

@wow-mania that seems to be a different issue so it might be best to track it on its own github issue. I took a look at WorldSession::ReadAddonsInfo( ) and there is a lot to fix/improve in that method.

can this issue be closed ? I think we fix both cases reported

Let's say you can close this issue tomorrow if nobody has asked for it to stay open. After that, any of the participants can ask for it to be reopened if they still experience this issue on an up to date TC core.

anyone else experienced a simplar issue in recent days?

anyone else experienced a simplar issue in recent days?

Still have problem with this addon crash.

Client crash or server crash ? What commit ?

Server

Please follow the instructions at https://github.com/TrinityCore/TrinityCore/issues/new to report a Server Crash

on a new ticket.

sending this script in the chat causes a crash on both clients (esMX clients ):

/run SendChatMessage("\124cFFDDD000\124Hquest:\124htest\124h\124r", "WHISPER", nil, GetUnitName("TARGET"))

@JarDv on what revision?

@JarDv please open a new issue following the issue template, filling all the information we ask

That link does not pass validation on 3.3.5 4f2f1959c3c3130ae4eb2d614699bef1f7c363fd