[bf1942] [BF42] EXPLOIT!

[ståhl]

Smells like a hoax if you ask me.

I'd wait with the insertion of code into my binaries and I recommend 
everyone else doing the same. Especially until we get a comment from 
Andreas or see some official announcement on the bf1942 official 
webpage. I mean, inserting code like that gives you unpredictable 
behaviour and will most often just kill your server. Fixing buffer 
overflows aren't fixed this way, but cracking a game is, making it open 
for thieves to play the game without paying for it. I would also need to 
see proof of concept-code.  I'd also want to give you a heads up that 
nothing about this exploit has appeared on securityfocus although there 
is something about punkbuster being vulnerable. ( 
http://www.securityfocus.com/bid/9697 ). This makes me hesitate even more.

I must also remind SantaHomer that reverse engineering is most likely 
forbidden in the EULA. It usually is. Don't know how it works when it 
comes to spreading information on how to do it though.

Remember folks, stay alert, and always be on your guard.



SantaHomer wrote:

> a) English Version
> b) German Version
>
>
> a) Just in this moment, someone contacted me and told me about a Buffer
> Overflow in GameSpy`s SDK for CD-Keys in the BF42 Executable (and Halo,
> NFS:HotPursuit2).
>
>
> See this screenshot:
>
>http://www.counter-strike.de/newspics/panzerfahren.de/200402/news-1-1077751025.jpg
>
> to fix this open the executable (bf42_ded.exe or bf42_lnxded_static) with
>an
> Hexeditior an search for "00042370" then youll find: "7f" please change
>this
> to "77".
>
>
>
> ;) greeeeeeetz alex
>
>
> b) ...n/c
>
> www.panzerfahren.de ich habs vor 5 minuten gepostet....
>
> gn8 @ll....
>
>
>
> alex
>
>
>
>
>
>  
>

-- 
Daniel "stahl" Ståhl
Bredbandsbolaget/Fegis.nu BF KGA Administrator
#b2 @ qnet