xiaomi 发表于 2025-10-7 13:17:01

frida修复林纳斯礼物导致的网络中断

根本原因是“服务端炸频道提权漏洞的解决办法”,具体可以去看原帖(按图搜即可)


这个方法改的地方刚好是Dispatcher_Select_Item_Grwoth_Power::read,直接改0x26 -> 0x00确实可以避免提权炸频道,但也导致选择林纳斯礼物时网络中断,只要不改pvf就会每次上线都要点X就很烦,个人挺喜欢本身林纳斯礼物设定的,一直没有用防提权补丁,直到有一次被提权了。。。不得不将其修改为升级邮件发放。现在终于解决了,代码经过验证加上后被攻击时不会导致炸频道,只会导致个人网络中断(如下图)

而未加的会不但个人网络中断还会炸频道(如下图)

下面直接分享代码。

xiaomi 发表于 2025-10-7 13:17:16

阿荣社区采集员3 发表于 2025-10-7 13:17:29

太强了哥

arong 发表于 2025-10-7 13:18:04

大佬 这个代码是配合没修提权的等级补丁使用吗?使用后可正常领取林纳斯礼物 并可以仿提权?

admin 发表于 2025-10-7 13:19:01

太好了正好需要

阿苏 发表于 2025-10-7 13:19:29

谢谢大佬,炸了一晚上准备换端了看到这个。
实测解决问题不会炸频道了。
分享一下整理出来的js。
6YCa6L+H572R55uY5YiG5Lqr55qE5paH5Lu277yaZnJpZGHkv67lpI3mnpfnurPmlq/nmoTnpLznianvvIzmt7vliqDliLDmnKvlsL7ljbPlj68uanMK6ZO+5o6lOiBodHRwczovL3Bhbi5iYWlkdS5jb20vcy8xeEJESFhqbzVoYlJmUGx4YVQtRm9Jdz9wd2Q9eTZ5YyDmj5Dlj5bnoIE6IHk2eWMg5aSN5Yi26L+Z5q615YaF5a655ZCO5omT5byA55m+5bqm572R55uY5omL5py6QXBw77yM5pON5L2c5pu05pa55L6/5ZOm

Dveridow 发表于 2025-10-7 13:19:51

大佬大佬frida是什么

阿荣社区采集员1 发表于 2025-10-7 13:20:06

大佬,请教下,这个代码使用fri怎么写呢?
0x08201139
E9 96 02 00 00 3D F1 90 20 29 74 1B 3D F2 90 20

90 90 90 90 90 3D F1 90 20 29 74 1B 3D F2 90 20
0x08201150
3D DE D2 28 00 0F 84 68 01 00 00 E9 74 02 00 00

3D 8E 97 28 00 0F 84 68 01 00 00 E9 74 02 00 00

arong 发表于 2025-10-7 13:21:03

感谢分享

arong 发表于 2025-10-7 13:21:49

为了秀而秀,你贴图片干嘛?

Dveridow 发表于 2025-10-7 13:22:05

感谢分享

xiaomi 发表于 2025-10-7 13:22:12

//-----------------------------------以下修复林纳斯的礼物--------------------------------
function fix_LinasGift() {
const Dispatcher_read = new NativeFunction(ptr(0x081db4c4), "int", ["pointer", "pointer", "pointer"], { abi: "sysv" });
const LineFunc = new NativeFunction(ptr(0x085908d7), "int", ["int", "pointer", "int", "uint"], { abi: "sysv" });
const PacketBuf_get_byte = new NativeFunction(ptr(0x0858cf70), "int", ["pointer", "pointer"], { abi: "sysv" });
Interceptor.replace(
Dispatcher_read,
new NativeCallback(
function (thisPtr, packetBuf, msgBase) {
const countPtr = msgBase.add(13);
// 读取计数值
const getByteResult = PacketBuf_get_byte(packetBuf, countPtr);
if (getByteResult !== 1) {
const msg = Memory.allocUtf8String("virtual int Dispatcher_Select_Item_Grwoth_Power::read(PacketBuf&, MSG_BASE&)");
return LineFunc(19029, msg, 0, 0);
}
const count = countPtr.readU8();
// 边界检查
const MAX_SAFE_COUNT = 5;
if (count > MAX_SAFE_COUNT) {
console.log("count>5,Buffer overflow prevented in Dispatcher_Select_Item_Grwoth_Power::read");
const msg = Memory.allocUtf8String("Buffer overflow prevented in Dispatcher_Select_Item_Grwoth_Power::read");
return LineFunc(19035, msg, 0, 0);
}
// 处理数据
for (let i = 0; i < count; i++) {
const target = msgBase.add(14 + i);
const byteResult = PacketBuf_get_byte(packetBuf, target);
if (byteResult !== 1) {
const msg = Memory.allocUtf8String("virtual int Dispatcher_Select_Item_Grwoth_Power::read(PacketBuf&, MSG_BASE&)");
return LineFunc(19034, msg, 0, 0);
}
}
return 0;
},
"int",
["pointer", "pointer", "pointer"]
)
);
}
//-----------------------------------以上修复林纳斯的礼物--------------------------------

xiaomi 发表于 2025-10-7 13:22:30

感谢,马克一下

admin 发表于 2025-10-7 13:22:49

感谢分享
页: [1]
查看完整版本: frida修复林纳斯礼物导致的网络中断