Duping has been a controversial yet fascinating topic in the RuneScape private server (RSPS) community. Today, we delve into an old-school duping method using RuneAgent, a tool that hooks onto the Java client. By understanding packet manipulation and decompiling login methods, you can exploit vulnerabilities in any RSPS server.

What is RuneAgent?

RuneAgent is a Java-based tool that provides an interface for manipulating game packets and other client functions. With the proper knowledge, it allows players to duplicate items (duping) by exploiting the client-server relationship.

How Duping Works with RuneAgent

1. Decrypting Login Methods:

   • To start, you need a decent understanding of Java decompilation. Tools like JD-GUI and JAD can help you navigate client methods and decompile critical login functionalities.

2. Understanding Packets:

   • Packets are the communication protocol between the client and server. With RuneAgent, you can intercept and manipulate these packets to create false commands, such as item duplication requests.

3. Setting Up RuneAgent:

   • Download and configure RuneAgent from its GitHub repository.
   • Use tools like AspectJ or JavaSnoop to further analyze the client's private classes.

4. Running the Client:

   • Modify your config.js file and set up your run.bat or run.sh file. A typical setup might look like this:

     java -noverify -Xbootclasspath/a:"RuneAgent.jar";"lib/bcel-5.2.jar";"lib/rsyntax.jar";"client.jar" -javaagent:"RuneAgent.jar"=config.js -jar client.jar
     

Tools of the Trade

Here are some tools to get you started:

• Decompilers:
  • JD-GUI
  • AspectJ
  • JavaSnoop
• Other Useful Resources:
  • 317 Protocol
  • Packet Analysis Pastebin

A Note for Newcomers

If you're new to the concept of duping and RuneAgent, check out this video tutorial by Injectnique:

• RuneAgent Basics: Video (18:43)

The Bigger Picture

While methods like RuneAgent may still work today, traditional duping methods like operating, combining, or multi-logging without packet knowledge are far less effective. As the RSPS scene evolves, understanding tools like RuneAgent remains critical for exploring client vulnerabilities.