lfnetwork.com mark read register faq members calendar

Thread: Packet Hacks - Ja Server Problem
Thread Tools Display Modes
Post a new thread. Add a reply to this thread. Indicate all threads in this forum as read. Subscribe to this forum. RSS feed: this forum RSS feed: all forums
Old 06-25-2009, 12:06 PM   #1
Aidenius
Lurker
 
Join Date: Jun 2009
Posts: 7
Packet Hacks - Ja Server Problem

Hello There,

I posted recently about an apparent Q3fill issue which was resolved mostly by updating to the newest version of japlus.

My friends server is being hacked by a person named 'zarath' who is apparently using packet hacks to crash the server, yet he is apparently unable to do it to mb2 servers.

Does anyone know how to fix this?

Thank You.

Aidenius.
Aidenius is offline   you may: quote & reply,
Old 06-28-2009, 05:40 AM   #2
stoiss
Rookie
 
stoiss's Avatar
 
Join Date: Feb 2007
Posts: 19
what i know of there is only one way.. make slider to code the game it self to be better protected by hackers.. or turn off you allowdownload what can cost it.. changes you rconpassword and don't make it small make it over the 20 number/words to keep it away from stuff like that make new admin passwords.. i can't see what else there could be done sens it is many years ago i used JA+ Server files and don't know his config's anymore..
stoiss is offline   you may: quote & reply,
Old 06-28-2009, 06:19 AM   #3
-=*Raz0r*=-
Rookie
 
-=*Raz0r*=-'s Avatar
 
Join Date: Oct 2006
Location: Australia
Posts: 243
Are you referring to q3infoboom? (sends large requests to the server causing crashes)
That should be patched by JA+ :/

-=*Raz0r*=- is offline   you may: quote & reply,
Old 06-28-2009, 07:40 AM   #4
Aidenius
Lurker
 
Join Date: Jun 2009
Posts: 7
Apparently hes using his own developed programme, we have the latest version of Ja+, how can we stop this?
Aidenius is offline   you may: quote & reply,
Old 09-09-2009, 12:06 AM   #5
Unreliable
Lurker
 
Join Date: Sep 2009
Posts: 7
Old, but I gotta post this since it's completely related.

There was a hack with callvote, where you can edit the packet to change the rcon address (while the vote is in progress) and the password. Lugormod fixed this, but since it's closed source I have no idea how to do this...
Unreliable is offline   you may: quote & reply,
Old 09-12-2009, 11:44 AM   #6
Didz93
Lurker
 
Join Date: Sep 2009
Posts: 4
Thumbs up

Inside void Cmd_CallVote_f( gentity_t *ent ) in g_cmds.c

Look for this line:
Code:
if( strchr( arg1, ';' ) || strchr( arg2, ';' ) ) {
And replace it with:
Code:
if(strchr(arg1, ';') || strchr(arg2, ';') || strchr(arg1, '\r') || strchr(arg2, '\r')) {
As you may know already, packets were being modified to make the server execute multiple commands via the use of the \r line feed character.

Exploiters used modified clients to do this most of the time by replacing ; in their callvote string with \r.
So /callvote timelimit "60;set rconPassword lol" was in fact being changed to /callvote timelimit "60\rset rconPassword lol"

The code I gave you will block the use of the \r line feed character, therefore patching the callvote exploit

If you wanted to be really harsh you could kick the player from the server in that if statement if you wanted.
Didz93 is offline   you may: quote & reply,
Old 09-12-2009, 11:56 AM   #7
TJ01
Lurker
 
Join Date: Aug 2009
Posts: 7
I thought /n and /t could also be used.

Not sure though. I just added \n \r \t just in case

Nice idea about the kicking Lol.
If only you could make them do r_primi or something? Can you? =o
TJ01 is offline   you may: quote & reply,
Old 09-12-2009, 12:03 PM   #8
-=*Raz0r*=-
Rookie
 
-=*Raz0r*=-'s Avatar
 
Join Date: Oct 2006
Location: Australia
Posts: 243
*EDIT: Replying to Didz*
Indeed, the above will patch callvote.

Back to the original post, I doubt he was using anything too harmful - Probably just trying to boost his 'omg i r l33t hax0r ololol' ego.
There was a G_Malloc exploit that's been fixed in JA+ 2.4beta5, the details were posted here
This may have been what you were referring to.



Quote:
I thought /n and /t could also be used.
\n is already patched, and I'm pretty sure \t can't be used.

Quote:
If only you could make them do r_primi or something? Can you? =o
Well yes, so long as you require they have a client plugin - otherwise nope.


Last edited by -=*Raz0r*=-; 10-10-2009 at 11:37 PM.
-=*Raz0r*=- is offline   you may: quote & reply,
Old 09-12-2009, 12:11 PM   #9
Didz93
Lurker
 
Join Date: Sep 2009
Posts: 4
Only ; and \r needs to be patched, i think \r needs to be patched because that's the character used to seperate commands in the command buffer
Didz93 is offline   you may: quote & reply,
Post a new thread. Add a reply to this thread. Indicate all threads in this forum as read. Subscribe to this forum. RSS feed: this forum RSS feed: all forums
Go Back   LucasForums > Network > JediKnight Series > Editing Central > JA Coding > Packet Hacks - Ja Server Problem

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 11:43 PM.

LFNetwork, LLC ©2002-2011 - All rights reserved.
Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.