NAME
Ragnarok Online The Crasher — An exploit utility that leveraged client-side resource loading vulnerabilities to crash nearby players.
METADATA
| Platform: | Ragnarok Online |
| Release: | 2002-03-13 |
| Status: | Archived — binary/source preserved |
SYNOPSIS
TheCrasher.exe
DESCRIPTION
The Crasher was a malicious exploit for the Ragnarok Online game client. It targeted a specific vulnerability in how the client handled gender-specific assets when a new player entered the “field of view” of the game engine.
While the original source code and compiled binary have been lost, the documentation for the exploit has been preserved in the archive:
readme.txt— Documentation and usage instructions for the Gender Crash exploit.
By spoofing memory states that defined character gender and appearance, the user could force surrounding clients to attempt to load non-existent or conflicting resource files (like sprites). This would trigger an unhandled exception in the victim’s client, crashing it to the desktop instantly.
KEY FEATURES
- Gender Inconsistency Exploit — Leverages the Gender Crash vulnerability to send data that the vanilla client could not handle.
- Integrated Self-Protection — Includes a built-in patch for the user’s own client to prevent reciprocal crashes from other players using the same tool.
NOTES
I wasn’t sure if I would release this publicly, but I did it to put pressure on Gravity (the game developer) to fix the underlying issue.
It was effectively a distributed denial-of-service attack on the game’s social environment. Looking back, it was a pretty aggressive way to get a developer’s attention.
In any case, it definitely worked, as they ended up patching the vulnerability shortly after.
ATTACHMENTS (Browsing /usr/games/hacks/)
The Crasher By Arsenic
Steps to activate the hack:
1) Run your RO client.
2) While in game, press Alt+Tab on your keyboard to minimize the game window.
3) Run this program.
4) Click on "Apply".
5) Come back to the game and enjoy.
In case you didn't know, not only bots can cause crashes...
This patch exploits the infamous gender crash bug. Just apply the patch before selecting your
character and then log into the game. Every player's client non-patched will instantly crash if
they get in your sight. This program includes the Anti Crash patch as well, so you don't need to
use it with the other Anti Gender Crash program. The crash is also effective when you change of
areas.
I wasn't sure if I would release this pubicly. I wanted to release it at least 3 days after the
Anti Crash patch, and here we are today. I made up my mind; spread it around and abuse it as
much as you want.
I can already hear the people on some RO forums shouting "Why did you do this!? Why god, why,
this will just make things worst, boo boo..." Yes, most likely :) But see the good side, it will
speed up the process of patching it. Let's add some more pressure on Gravity, so it can become
their main priority.
For all the people who assumed without any valid reasons that my ArseKit was the cause of the
roll-back and all the latest game bugs, well I sincerly hope you get a taste of it :) Oh well,
at least now you can really blame me for something, so it's not that bad eh?
Yet, I do not condone the use of this program for malicious intents. But I'm not your daddy, so
do what you want with it. It shall be fixed pretty quickly though, don't forget it's been around
since a little while. So for all the malicous minds out there, go mad before it get patched.
I think that sums up everything. Have a nice day.
--------------------------------------
~ Arsenic a.k.a Artemis`Entreri
E-mails : DumbassSk8er@hotmail.com
arsenic@rootshell.be
Web page : http://onesided.cjb.net
www.onesided.da.ru (Mirror)SEE ALSO
- ro-anti-gender(6) — A security patch for the RO client to prevent crashes caused by malicious gender-specific resource spoofing.
TECHNOLOGIES
- Exploit
- Denial of Service
- Reverse Engineering