RevCMS PlusEmu SSO issue

[AssLikeThat]

Hi,

So basically I had the hotel working fine, no problem whatsoever, all of a sudden it starts preventing me from entering and disconnecting when loading, looked into it a bit and I saw that the exploit with the SSO tickets wasn't patched on the version of RevCMS I had, it seemed to be nulling the SSO ticket when loading the client...

Did these fixes:

You must be registered for see links

You must be registered for see links

The assigning of the SSO Ticket seems fine; however I now am unable to enter the hotel, loads to 76% then disconnects.. I've researched all the possible reasons behind this but still can't seem to come up with a solution, been trying to sort this for a few hours now and am wits end with it.

I've double checked all the obvious stuff such as IP's, links, variables etc.

Would anybody be able to advise?

EDIT: Using PRODUCTION-201701242205-837386173
Haboon Edit

Spoiler: UserDataFactory.cs

using (IQueryAdapter dbClient = PlusEnvironment.GetDatabaseManager().GetQueryReactor())
{
dbClient.SetQuery(
"SELECT users.id,users.username,users.rank,users.motto,users.look,users.gender,users.last_online,users.credits,users.activity_points,users.home_room,users.block_newfriends,users.hide_online,users.hide_inroom,users.vip,users.account_created,users.vip_points,users.machine_id,users.volume,users.chat_preference,users.focus_preference,users.pets_muted,users.bots_muted,users.advertising_report_blocked,users.last_change,users.gotw_points,users.ignore_invites,users.time_muted,users.allow_gifts,users.friend_bar_state,users.disable_forced_effects,users.allow_mimic,users.rank_vip " +
"FROM users " +
"JOIN user_auth_ticket " +
"ON users.id = user_auth_ticket.user_id " +
"WHERE user_auth_ticket.auth_ticket = @sso " +
"LIMIT 1"
);
dbClient.AddParameter("sso", SessionTicket);
dUserInfo = dbClient.getRow();

if (dUserInfo == null)
{
errorCode = 1;
return null;
}

UserId = Convert.ToInt32(dUserInfo["id"]);
if (PlusEnvironment.GetGame().GetClientManager().GetClientByUserID(UserId) != null)
{
errorCode = 2;
PlusEnvironment.GetGame().GetClientManager().GetClientByUserID(UserId).Disconnect();
return null;
}

dbClient.SetQuery("SELECT `group`,`level`,`progress` FROM `user_achievements` WHERE `userid` = '" + UserId + "'");
dAchievements = dbClient.getTable();

dbClient.SetQuery("SELECT room_id FROM user_favorites WHERE `user_id` = '" + UserId + "'");
dFavouriteRooms = dbClient.getTable();

dbClient.SetQuery("SELECT ignore_id FROM user_ignores WHERE `user_id` = '" + UserId + "'");
dIgnores = dbClient.getTable();

dbClient.SetQuery("SELECT `badge_id`,`badge_slot` FROM user_badges WHERE `user_id` = '" + UserId + "'");
dBadges = dbClient.getTable();

dbClient.SetQuery(
"SELECT users.id,users.username,users.motto,users.look,users.last_online,users.hide_inroom,users.hide_online " +
"FROM users " +
"JOIN messenger_friendships " +
"ON users.id = messenger_friendships.user_one_id " +
"WHERE messenger_friendships.user_two_id = " + UserId + " " +
"UNION ALL " +
"SELECT users.id,users.username,users.motto,users.look,users.last_online,users.hide_inroom,users.hide_online " +
"FROM users " +
"JOIN messenger_friendships " +
"ON users.id = messenger_friendships.user_two_id " +
"WHERE messenger_friendships.user_one_id = " + UserId);
dFriends = dbClient.getTable();

dbClient.SetQuery("SELECT messenger_requests.from_id,messenger_requests.to_id,users.username FROM users JOIN messenger_requests ON users.id = messenger_requests.from_id WHERE messenger_requests.to_id = " + UserId);
dRequests = dbClient.getTable();

dbClient.SetQuery("SELECT * FROM rooms WHERE `owner` = '" + UserId + "' LIMIT 150");
dRooms = dbClient.getTable();

dbClient.SetQuery("SELECT `quest_id`,`progress` FROM user_quests WHERE `user_id` = '" + UserId + "'");
dQuests = dbClient.getTable();

dbClient.SetQuery("SELECT `id`,`user_id`,`target`,`type` FROM `user_relationships` WHERE `user_id` = '" + UserId + "'");
dRelations = dbClient.getTable();

dbClient.SetQuery("SELECT * FROM `user_info` WHERE `user_id` = '" + UserId + "' LIMIT 1");
UserInfo = dbClient.getRow();
if (UserInfo == null)
{
dbClient.RunQuery("INSERT INTO `user_info` (`user_id`) VALUES ('" + UserId + "')");

dbClient.SetQuery("SELECT * FROM `user_info` WHERE `user_id` = '" + UserId + "' LIMIT 1");
UserInfo = dbClient.getRow();
}
dbClient.RunQuery("UPDATE `users` SET `online` = '1' WHERE `id` = '" + UserId + "' LIMIT 1");
dbClient.RunQuery("DELETE FROM `user_auth_ticket` WHERE `user_id` = '" + UserId + "' LIMIT 1");
}

Spoiler: PlusEnvironment.cs

public static void PerformShutDown()
{
Console.Clear();
log.Info("Server shutting down...");
Console.Title = "PLUS EMULATOR: SHUTTING DOWN!";

PlusEnvironment.GetGame().GetClientManager().SendMessage(new BroadcastMessageAlertComposer(PlusEnvironment.GetGame().GetLanguageLocale().TryGetValue("shutdown_alert")));
GetGame().StopGameLoop();
Thread.Sleep(2500);
GetConnectionManager().Destroy();//Stop listening.
GetGame().GetPacketManager().UnregisterAll();//Unregister the packets.
GetGame().GetPacketManager().WaitForAllToComplete();
GetGame().GetClientManager().CloseAll();//Close all connections
GetGame().GetRoomManager().Dispose();//Stop the game loop.

using (IQueryAdapter dbClient = _manager.GetQueryReactor())
{
dbClient.RunQuery("TRUNCATE `catalog_marketplace_data`");
dbClient.RunQuery("TRUNCATE `user_auth_ticket`");
dbClient.RunQuery("UPDATE `users` SET online = '0'");
dbClient.RunQuery("UPDATE `rooms` SET `users_now` = '0' WHERE `users_now` > '0'");
dbClient.RunQuery("UPDATE `server_status` SET `users_online` = '0', `loaded_rooms` = '0'");
}

log.Info("Plus Emulator has successfully shutdown.");

Thread.Sleep(1000);
Environment.Exit(0);
}

Spoiler: class.users.php

/*-------------------------------Create SSO auth_ticket-------------------------------------*/

final public function createSSO($k)
{
global $engine;
$sessionKey = 'RevCMS-' . rand(9, 9999999).'/'.substr(sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999),0,33);

if($engine->num_rows("SELECT * FROM user_auth_ticket WHERE user_id = '" . $k . "' LIMIT 1") > 0) {
$engine->query("UPDATE user_auth_ticket SET auth_ticket = '" . $sessionKey . "' WHERE user_id = '" . $k . "'");
} else {
$engine->query("INSERT INTO user_auth_ticket (user_id, auth_ticket) VALUES ('" . $k . "', '" . $sessionKey ."')");
}
return $sessionKey;
unset($sessionKey);
}

Spoiler: class.core.php

case "client":
$users->updateUser($_SESSION['user']['id'], 'ip_last', $_SERVER['REMOTE_ADDR']);
$template->setParams('sso', $users->createSSO($_SESSION['user']['id']));
break;

Spoiler: SSOTicketEvent.cs

using System;

using Plus.Communication.Packets.Incoming;
using Plus.HabboHotel.GameClients;
using Plus.Communication.Packets.Outgoing.Handshake;

namespace Plus.Communication.Packets.Incoming.Handshake
{
public class SSOTicketEvent : IPacketEvent
{
public void Parse(GameClient Session, ClientPacket Packet)
{
if (Session == null || Session.RC4Client == null || Session.GetHabbo() != null)
return;

string SSO = Packet.PopString();
if (string.IsNullOrEmpty(SSO) || SSO.Length < 15)
return;

Session.TryAuthenticate(SSO);
}
}
}

If you need any more info please let me know

Thanks

 

[JayC]

Ports still opened? Are you receiving incoming connections on the emu? Any errors in the log file?

 

[AssLikeThat]

Ports still opened? Are you receiving incoming connections on the emu? Any errors in the log file?

Running on localhost atm, ports are enabled in firewall.

Spoiler: Ignore this

Was working fine before no issues until I noticed the SSO ticket issue.

Looking at log file now (dunno why i didn't think of this first)

In 'mysqlerrors' log:

Error in query:
UPDATE `server_status` SET `users_online` = @users, `loaded_rooms` = @loadedRooms LIMIT 1;
MySql.Data.MySqlClient.MySqlException (0x80004005): Table 'db.server_status' doesn't exist
   at MySql.Data.MySqlClient.MySqlStream.ReadPacket()
   at MySql.Data.MySqlClient.NativeDriver.GetResult(Int32& affectedRow, Int64& insertedId)
   at MySql.Data.MySqlClient.Driver.NextResult(Int32 statementId, Boolean force)
   at MySql.Data.MySqlClient.MySqlDataReader.NextResult()
   at MySql.Data.MySqlClient.MySqlCommand.ExecuteReader(CommandBehavior behavior)
   at MySql.Data.MySqlClient.MySqlCommand.ExecuteNonQuery()
   at Plus.Database.Adapter.QueryAdapter.RunQuery() in C:\Users\Sledmore\Desktop\PlusEMU\Database\Adapter\QueryAdapter.cs:line 177

Says says server_status doesn't exist:

You must be registered for see images attach

Line from PlusEnvironment.cs

dbClient.RunQuery("UPDATE `server_status` SET `users_online` = '0', `loaded_rooms` = '0'");

See the part in bold however, there anywhere the path needs changing? Or is that just a default print for that error?

No errors in the PlusEMU Log

This however is strange.. since the catalogue hasn't been changed

EDIT: Since trying several times, no errors have been recorded since those ^^, so unsure as to whether there is even an issue with the EMU

Ignore previous edit,

Bug during user login: System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.
   at System.ThrowHelper.ThrowKeyNotFoundException()
   at System.Collections.Generic.Dictionary`2.get_Item(TKey key)
   at Plus.HabboHotel.GameClients.GameClient.TryAuthenticate(String AuthTicket) in C:\Users\Sledmore\Desktop\PlusEMU\HabboHotel\GameClients\GameClient.cs:line 223

This seems to make more sense towards the issue... does anybody have any idea what could be causing this?

 

[JayC]

You need to fix your auth ticket , if you're using plus emu a help thread was just made there's links all over on how to fix

 

[AssLikeThat]

You need to fix your auth ticket , if you're using plus emu a help thread was just made there's links all over on how to fix

Wouldn't make a thread asking for help if I didn't try everything available first

Did these fixes:

You must be registered for see links

You must be registered for see links

 

[JayC]

Well you did something wrong or you're missing something is what I'm telling you

 

[AssLikeThat]

Well you did something wrong or you're missing something is what I'm telling you

I think that is clear haha i'm here for help and to find out what I may have missed... I posted my code to help in finding a solution.

I appreciate your replies, thanks anyway.

 

[Joe]

I've never changed anything in the original RevCMS on how it handles the SSO? Just apply Sledmore's patch to the SSO file in the emulator and it should work fine.

SSOTicketEvent.cs

using System;

using Plus.Communication.Packets.Incoming;
using Plus.HabboHotel.GameClients;
using Plus.Communication.Packets.Outgoing.Handshake;

namespace Plus.Communication.Packets.Incoming.Handshake
{
    public class SSOTicketEvent : IPacketEvent
    {
        public void Parse(GameClient Session, ClientPacket Packet)
        {
            if (Session == null || Session.RC4Client == null || Session.GetHabbo() != null)
                return;

            string SSO = Packet.PopString();
            if (string.IsNullOrEmpty(SSO) || SSO.Length < 15)
                return;

            Session.TryAuthenticate(SSO);
        }
    }
}

What I'm saying is try revert the RevCMS SSO patch you applied leaving the SSOTicketEvent.cs as it is and see if that works.

The only patches I've applied to RevCMS are the symbol username patch, the forgot patch and removed some of the main stuff from the templates like IP and port.

 

[AssLikeThat]

I've never changed anything in the original RevCMS on how it handles the SSO? Just apply Sledmore's patch to the SSO file in the emulator and it should work fine.

SSOTicketEvent.cs

using System;

using Plus.Communication.Packets.Incoming;
using Plus.HabboHotel.GameClients;
using Plus.Communication.Packets.Outgoing.Handshake;

namespace Plus.Communication.Packets.Incoming.Handshake
{
    public class SSOTicketEvent : IPacketEvent
    {
        public void Parse(GameClient Session, ClientPacket Packet)
        {
            if (Session == null || Session.RC4Client == null || Session.GetHabbo() != null)
                return;

            string SSO = Packet.PopString();
            if (string.IsNullOrEmpty(SSO) || SSO.Length < 15)
                return;

            Session.TryAuthenticate(SSO);
        }
    }
}

What I'm saying is try revert the RevCMS SSO patch you applied leaving the SSOTicketEvent.cs as it is and see if that works.

The only patches I've applied to RevCMS are the symbol username patch, the forgot patch and removed some of the main stuff from the templates like IP and port.

Tried that, still unable to login with just the original patch, it blanks the SSO like its supposed to and says I'm online, but just loads forever. - When I create a new account however it will work fine, I may be wrong but i'm 99% sure it's to do with the SSO as when it happens to a new account, when they enter the hotel they have everything the first account does (which is ranked)

 

[Joe]

Tried that, still unable to login with just the original patch, it blanks the SSO like its supposed to and says I'm online, but just loads forever.

Have you ever logged in? Has it ever successfully worked? What version of Plus are you using and where was it downloaded from? Likewise with RevCMS, where did you download it from and what version is it?

If you've logged in before what did you change to make it stop?

 

[AssLikeThat]

Have you ever logged in? Has it ever successfully worked? What version of Plus are you using and where was it downloaded from? Likewise with RevCMS, where did you download it from and what version is it?

If you've logged in before what did you change to make it stop?

Yep, working perfectly up until last night, haven't changed anything really I've been editing a page I created on the CMS nothing else - Including the Database, not done anything with that.

It was the Haboon release I believe was a couple of weeks ago I downloaded it can't remember.

It's version 3.4.3

You must be registered for see images attach

 

[Joe]

So it gets to 76% then doesn't let you in? Does the emulator log you connecting or show any errors (sorry if I'm repeating questions already asked - I'd like to know what's happening in real time).

I recommend using HabboFiles.com I got all the resources from there, all work perfectly.

Any exceptional errors or anything like that? Also check your rooms table, is there any columns that don't have a 0 or 1 in them like allow_pets? If there's missing values this will happen.

 

[AssLikeThat]

So it gets to 78% then doesn't let you in? Does the emulator log you connecting or show any errors (sorry if I'm repeating questions already asked - I'd like to know what's happening in real time).

I recommend using HabboFiles.com I got all the resources from there, all work perfectly.

Any exceptional errors or anything like that? Also check your rooms table, is there any columns that don't have a 0 or 1 in them like allow_pets? If there's missing values this will happen.

If I revert to how it was, gets stuck on 76%, for this i've checked all vars, IP's etc (I'm unsure how it would just stop working without changing anything thought?)
If I apply the patch above, it loads halfway and then takes me to the root of my habbo.swf

I'll try a fresh emu and see what happens, completely out of ideas for this one so far. If that fails I'll go through my DB and check if there are any missing values.

 

[Joe]

I would check missing values first. As this would be the reason why.

 

[AssLikeThat]

I would check missing values first. As this would be the reason why.

EDIT: This has happened again, changed nothing apart from badge_definitions, tried removing that and retrying - no luck.

There is definitely an issue elsewhere other than the database, this shouldn't be happening

 

[HarmonicRain]

Use arcturus no sso exploit.

 

[Mikee]

Tried that, still unable to login with just the original patch, it blanks the SSO like its supposed to and says I'm online, but just loads forever. - When I create a new account however it will work fine, I may be wrong but i'm 99% sure it's to do with the SSO as when it happens to a new account, when they enter the hotel they have everything the first account does (which is ranked)

If I understood you properly then you literally just explained your own problem. If new accounts are working and old accounts aren't then old accounts aren't being accepted via the SSO control flow, meaning that there is something in the users table for old accounts that disagrees with the SSOTicket class that JMG gave you.

The solution is run breakpoints in the SSOTicket.cs file while running the emulator in debugger mode and login into the hotel with old accounts. Then when it fails you'll see where (via the breakpoint), and you'll be one step forward to understanding why old accounts don't work.

Edit: Don't use breakpoints it wont work since nothing is crashing or failing, instead use Console.WriteLine inside each if clause to see where the control flow is leading to.

 

[AssLikeThat]

If I understood you properly then you literally just explained your own problem. If new accounts are working and old accounts aren't then old accounts aren't being accepted via the SSO control flow, meaning that there is something in the users table for old accounts that disagrees with the SSOTicket class that JMG gave you.

The solution is run breakpoints in the SSOTicket.cs file while running the emulator in debugger mode and login into the hotel with old accounts. Then when it fails you'll see where (via the breakpoint), and you'll be one step forward to understanding why old accounts don't work.

Edit: Don't use breakpoints it wont work since nothing is crashing or failing, instead use Console.WriteLine inside each if clause to see where the control flow is leading to.

Thanks for the reply,

I don't think I explained it very well haha, basically the 'fix' by Sledmore was already there, but I was experiencing these issues still. After making new accounts which worked I was still getting the issue so I did the other 'fix'.

Anyway, I think the issue was something to do with the database It's sorted now

Thanks, again