Remap shader exploit?

Ragnar_40k · 2006-05-06 12:25:11 UTC

http://www.milw0rm.com/exploits/1750

Uses a buffer overflow with remapshader to open a shell on the client.

Florisjuh · 2006-05-06 12:47:28 UTC

Eh you shouldnt be posting this kind of stuff in a public forum mate

breathKILL · 2006-05-06 12:50:12 UTC

Most of us don’t get it anyway :))

Florisjuh · 2006-05-06 12:51:55 UTC

It has very easy instructions above it, I would be able to do it

Ragnar_40k · 2006-05-06 13:41:09 UTC

Its an exploit and not a cheat. And the server admin need to install it to make it work. Don’t know if mods like ETPro or ETPub can fix it, so I posted it here, because it may require an engine patch.

Ragnar_40k · 2006-05-06 14:10:42 UTC

Here is one fix for Q3: http://svn.icculus.org/quake3?rev=765&view=rev

bandit5k · 2006-05-07 03:56:13 UTC

Hmm…I remember some worry about this a while ago. Aparently it’s fixed in ET/ETPro…

SCDS_reyalP · 2006-05-07 05:28:35 UTC

bandit5k: no, thats a different bug.

However, if the server operator wants to mess with you there are lots of things they can do.

klines · 2006-05-07 05:29:41 UTC

is a patch going to be released?

klines · 2006-05-07 05:36:58 UTC

ok, if i am right (and i am probably not), this should fix it: (someone confirm for me plz)

in q_shared.c on line 70 change

void COM_StripExtension( const char *in, char *out ) {
	while ( *in && *in != '.' ) {
		*out++ = *in++;
	}
	*out = 0;
}

to

void COM_StripExtension( const char *in, char *out ) {
	if(strlen(in) > 1023) {
		*out = *in;
	} else {
		while ( *in && *in != '.' ) {
			*out++ = *in++;
		}
		*out = 0;
	}
}

Lanz · 2006-05-08 20:44:57 UTC

They’ve released patches for all three games (Q3, RTCW, W:ET) it seems. Check the Blues news article here:

http://www.bluesnews.com/cgi-bin/board.pl?action=viewthread&threadid=67152

kamikazee · 2006-05-08 20:53:17 UTC

Cheers for id!

Sauron_EFG · 2006-05-08 21:35:57 UTC

Protocol is the same as 2.60 apparently, but I assume unpatched servers will kick patched clients (and other way round) for being “unpure”.

mortis · 2006-05-08 22:25:51 UTC

I added a mirror to the patch at my site here:

http://forums.quakewarsterritory.com/viewtopic.php?p=2932#2932

kamikazee · 2006-05-08 23:13:15 UTC

I’m not too sure.
Maybe PB kicks for some corrupt or modified file, but I think the engine is not checked by the game itself.

SCDS_reyalP · 2006-05-09 00:10:37 UTC

Pure doesn’t check et.exe/et.x86

Some servers may do a pb md5 check, but that should be easy to avoid.

Nail · 2006-05-09 01:02:50 UTC

patches available for all O/S
http://www.idsoftware.com/

afaik, not usable with etpro, only etmain and it’s mods

Sauron_EFG · 2006-05-09 18:03:14 UTC

It’s harder to avoid etpro servers though.

Hewster · 2006-05-11 01:08:18 UTC

Respect to ID for releasing a patch so quickly

However, shame they didn’t fix the well known “infoBoom” exploit too

However However, the infoboom “fix” does work on the new binaries

I appreciate the above is a bit cryptic, but those who know will understand

Hewster