2010-01-19, 06:55 AM
GameMX Wrote:Wrong. It's scattershot as hell. I've seen 3 month old accounts get hit.
If anything, they may just be bypassing the login server in a certain way. Spoofing in some sort.
How many have been hacked while offline? How about online? I see most people who get hacked are offline at the time. Tally it up.
It's possible to bypass the login server completely - by using a custom client. Or even just sending packets manually, works.
The channel server accepts a character ID in the 2nd packet sent to it (1st would be encryption init). Since it is hard to do a foolproof check on that (not sure if Nexon checks, but they could check via IP..), anyone who has a working packet logger and a working custom client can just connect, enter your character ID, and bam, they have access to your character as if they logged in normally.
Note that creating a custom client that can move around is haaard.
And the reason why I state to use a custom client is because the real MS client checks if the character is the correct one; else it disconnects. Unless someone managed to remove that check, they would have to use a custom client.
P.S. Am I giving too much information here? If so, delete/edit my post, thanks
