New Cheat/Hack for Enemy Territory

sniser · 2004-02-02 17:30:44 UTC

Yeah, if someone with some C++ knowlegde could post a fix that would rule… why not just collect all the bug fixes in the modding forum, and then someday make a “community bugfix mod” with NO changes but bugfixes? Maybe release it together with the “SD-approved community map pack” (if that idea is still alive)? It seems like a huge waste of effort if every mod-maker has to collect and implement all fixes - it would be nice to have a more or less bugfree basis on which they could do their work. And if that isn’t going to happen (is it allowed to distribute the changed source?), let’s have at least the collection of fixes all in one place!

Leff · 2004-02-02 19:46:53 UTC

In game/g_cmds.c in function:
void G_VoiceTo( gentity_t *ent, gentity_t *other, int mode, const char *id, qboolean voiceonly ) {
I added the lines:
if (strlen(id) > 200) {
CPx( other-g_entities, va("%s %d %d %d %s", cmd, voiceonly, ent - g_entities, color, “SERVER OVERFLOW ATTEMPT DETECTED” ));
return;
}

after:
if (voiceonly == 2) {
voiceonly = qfalse;
}

// NOTE:
Dunno if this works because my compiler runs on BSD, and the header files are not supported, but if someone could test it for me, and send me a BSD compatible SO.

W0kk3L · 2004-02-02 19:47:48 UTC

We (or better said, Leff) are trying to fix our servers, so this exploit cannot be used anymore. Untill then, contact us at #crew-nexus on quakenet (irc) and we’ll ban the bastards who screw up the game

Great post timing, Leff… 1 minute earlier then mine

superdug · 2004-02-02 23:42:33 UTC

I’m still holding out to see if Splash Damage will make a path for this, I would like to not have unnoficial clients running around if at all possible …

Locki · 2004-02-03 00:52:14 UTC

I’m going to move this to the Mod-Making forum so that our Coders can look at this. Bits of C posted here will confuse the general public (and me :???

Paul/Locki.

superdug · 2004-02-03 01:44:26 UTC

Okay, so is that the official response then, splash is going to leave this up to the users to fix? I just want to know before I go off on a quest to make an entirely new client.

I just figured that a game rated “Number one mulltiplayer game of the year” would still be supported by splash, if I do make a fix is there a way to submit it to splash to possibly be made into an official patch with community credit?

I just want to know before I start to invest any time into this.

Thanks,

Doug

RR2DO2 · 2004-02-03 02:15:54 UTC

The topic was moved here as the discussion went more into a code direction (which fits better in this forum, and people can fix it in their mods while there is no official fix). Note that I cannot promise any official release at this point, but at least can confirm we are aware of the issue.

Arnout ‘RR2DO2’

SCDS_reyalP · 2004-02-03 02:31:06 UTC

Leff, that seems to stop the exploit. The message doesn’t get printed, probably because it still isn’t a valid vsay. Probably a log message would be more appropriate. Or just silently truncate…

FWIW, the exploit also works in etpro, so the kick everyone expliot bani mentioned fixing must be a different one.

superdug, it looks like it doesn’t require a client change to workaround.

bani · 2004-02-03 04:24:16 UTC

its not a buffer overflow - otherwise the server would crash :moo:

explanation and fix is here

Seph64 · 2004-02-03 05:15:46 UTC

I think the modding community thanks you for this Bani, or at least they should. :rocker: wanders off to implement fix on my own mod

bani · 2004-02-03 05:31:16 UTC

rain found it actually, but he tends to avoid sunlight. so i posted it for him.

Seph64 · 2004-02-03 05:49:04 UTC

Okay, so the modding community thanks Rain! But I at least thank you for posting it for him.

bani · 2004-02-03 09:38:12 UTC

oops. the fix i posted wasnt quite right. so i’ve updated it after testing that it works

Grimmy_EFG · 2004-02-03 13:26:09 UTC

I guess this is a good example of the reason why Valve are taking their time over Halflife 2 since the source leakage.

DG1 · 2004-02-03 15:05:17 UTC

so what can/do us noobs do with either rain/bani’s or Leff’s fixes, if anything?
(for both etpro and etmain servers)

which would be better

Leff · 2004-02-03 15:08:14 UTC

I could create a ZIP with the SO’s, however, I fear that they will not work on your system.
If someone could tell me how to compile with support for any linux distro, he’s more then welcome

DG1 · 2004-02-03 16:26:52 UTC

what about win32?

H.Potter · 2004-02-03 17:47:36 UTC

Yeah, greats thanks, bani and rain !

Leff · 2004-02-03 18:48:20 UTC

Here it is
Linux binaries I can’t compile properly, anyone who can help me with that ?

I’ve also patched the ^name error in a very restrictive way, client’s are now totally unable to use a plain ‘^’ in ther names.
I have to make a better fix for this sometimes, but this 'll do (I hope)

In: g_client.c
In: static void ClientCleanName( const char *in, char *out, int outSize )


// don't allow ^^ in names
if( strstr(p, "^^")) {
  Q_strncpyz( p, "HackingLoser", outSize );
}

Just before the bottom.

Leff · 2004-02-03 20:44:09 UTC

I think I managed a linux compile now, however when I try to run I get:


Sys_LoadDll(/home/halfleven/nextest/etmain/qagame.mp.i386.so) failed:
"/home/halfleven/nextest/etmain/qagame.mp.i386.so: ELF file OS ABI invalid"

Anyone who can help me with that ?

Grtz.