From b971ce1f836c8052f1bb700f0c3d7a7be99f6fdb Mon Sep 17 00:00:00 2001 From: Remco Date: Tue, 2 Mar 2021 12:21:15 +0100 Subject: [PATCH 1/3] Fixed exploit that made it possible to trade untradable items --- .../messages/incoming/trading/TradeOfferMultipleItemsEvent.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/eu/habbo/messages/incoming/trading/TradeOfferMultipleItemsEvent.java b/src/main/java/com/eu/habbo/messages/incoming/trading/TradeOfferMultipleItemsEvent.java index 098345e4..231a70c1 100644 --- a/src/main/java/com/eu/habbo/messages/incoming/trading/TradeOfferMultipleItemsEvent.java +++ b/src/main/java/com/eu/habbo/messages/incoming/trading/TradeOfferMultipleItemsEvent.java @@ -21,7 +21,7 @@ public class TradeOfferMultipleItemsEvent extends MessageHandler { int count = this.packet.readInt(); for (int i = 0; i < count; i++) { HabboItem item = this.client.getHabbo().getInventory().getItemsComponent().getHabboItem(this.packet.readInt()); - if (item != null) { + if (item != null && item.getBaseItem().allowTrade()) { items.add(item); } } From 1685065b32341d03841f705cb13817b5f00a26bb Mon Sep 17 00:00:00 2001 From: Remco Date: Tue, 2 Mar 2021 12:46:17 +0100 Subject: [PATCH 2/3] Fixed BuyRoomPromotion exploit --- .../promotions/BuyRoomPromotionEvent.java | 55 ++++++++++--------- 1 file changed, 28 insertions(+), 27 deletions(-) diff --git a/src/main/java/com/eu/habbo/messages/incoming/rooms/promotions/BuyRoomPromotionEvent.java b/src/main/java/com/eu/habbo/messages/incoming/rooms/promotions/BuyRoomPromotionEvent.java index fdf37650..6f1f0a58 100644 --- a/src/main/java/com/eu/habbo/messages/incoming/rooms/promotions/BuyRoomPromotionEvent.java +++ b/src/main/java/com/eu/habbo/messages/incoming/rooms/promotions/BuyRoomPromotionEvent.java @@ -30,40 +30,41 @@ public class BuyRoomPromotionEvent extends MessageHandler { CatalogPage page = Emulator.getGameEnvironment().getCatalogManager().getCatalogPage(pageId); - if (page != null) { - CatalogItem item = page.getCatalogItem(itemId); - if (item != null) { - if (this.client.getHabbo().getHabboInfo().canBuy(item)) { - Room room = Emulator.getGameEnvironment().getRoomManager().getRoom(roomId); + if (page == null || !page.getLayout().equals("roomads")) + return; - if (!(room.isOwner(this.client.getHabbo()) || room.hasRights(this.client.getHabbo()) || room.getGuildRightLevel(this.client.getHabbo()).equals(RoomRightLevels.GUILD_ADMIN))) { - return; + CatalogItem item = page.getCatalogItem(itemId); + if (item != null) { + if (this.client.getHabbo().getHabboInfo().canBuy(item)) { + Room room = Emulator.getGameEnvironment().getRoomManager().getRoom(roomId); + + if (!(room.isOwner(this.client.getHabbo()) || room.hasRights(this.client.getHabbo()) || room.getGuildRightLevel(this.client.getHabbo()).equals(RoomRightLevels.GUILD_ADMIN))) { + return; + } + + if (room.isPromoted()) { + room.getPromotion().addEndTimestamp(120 * 60); + } else { + room.createPromotion(title, description, categoryId); + } + + if (room.isPromoted()) { + if (!this.client.getHabbo().hasPermission(Permission.ACC_INFINITE_CREDITS)) { + this.client.getHabbo().giveCredits(-item.getCredits()); } - if (room.isPromoted()) { - room.getPromotion().addEndTimestamp(120 * 60); - } else { - room.createPromotion(title, description, categoryId); + if (!this.client.getHabbo().hasPermission(Permission.ACC_INFINITE_POINTS)) { + this.client.getHabbo().givePoints(item.getPointsType(), -item.getPoints()); } - if (room.isPromoted()) { - if (!this.client.getHabbo().hasPermission(Permission.ACC_INFINITE_CREDITS)) { - this.client.getHabbo().giveCredits(-item.getCredits()); - } + this.client.sendResponse(new PurchaseOKComposer()); + room.sendComposer(new RoomPromotionMessageComposer(room, room.getPromotion()).compose()); - if (!this.client.getHabbo().hasPermission(Permission.ACC_INFINITE_POINTS)) { - this.client.getHabbo().givePoints(item.getPointsType(), -item.getPoints()); - } - - this.client.sendResponse(new PurchaseOKComposer()); - room.sendComposer(new RoomPromotionMessageComposer(room, room.getPromotion()).compose()); - - if (!this.client.getHabbo().getInventory().getBadgesComponent().hasBadge(BuyRoomPromotionEvent.ROOM_PROMOTION_BADGE)) { - this.client.getHabbo().addBadge(BuyRoomPromotionEvent.ROOM_PROMOTION_BADGE); - } - } else { - this.client.sendResponse(new AlertPurchaseFailedComposer(AlertPurchaseFailedComposer.SERVER_ERROR)); + if (!this.client.getHabbo().getInventory().getBadgesComponent().hasBadge(BuyRoomPromotionEvent.ROOM_PROMOTION_BADGE)) { + this.client.getHabbo().addBadge(BuyRoomPromotionEvent.ROOM_PROMOTION_BADGE); } + } else { + this.client.sendResponse(new AlertPurchaseFailedComposer(AlertPurchaseFailedComposer.SERVER_ERROR)); } } } From 9f2449ec360cf1673b2b6bd73f5405e6822e66d3 Mon Sep 17 00:00:00 2001 From: Remco Date: Tue, 2 Mar 2021 20:48:13 +0100 Subject: [PATCH 3/3] Renamed incoming packet variable --- .../incoming/rooms/promotions/BuyRoomPromotionEvent.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/eu/habbo/messages/incoming/rooms/promotions/BuyRoomPromotionEvent.java b/src/main/java/com/eu/habbo/messages/incoming/rooms/promotions/BuyRoomPromotionEvent.java index 6f1f0a58..a157cf15 100644 --- a/src/main/java/com/eu/habbo/messages/incoming/rooms/promotions/BuyRoomPromotionEvent.java +++ b/src/main/java/com/eu/habbo/messages/incoming/rooms/promotions/BuyRoomPromotionEvent.java @@ -21,7 +21,7 @@ public class BuyRoomPromotionEvent extends MessageHandler { int itemId = this.packet.readInt(); int roomId = this.packet.readInt(); String title = this.packet.readString(); - boolean unknown1 = this.packet.readBoolean(); + boolean extendedPromotion = this.packet.readBoolean(); String description = this.packet.readString(); int categoryId = this.packet.readInt();