Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 17:06

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 24 posts ] 
Author Message
 Post subject: BF1942/BF2 bf2142
PostPosted: 09 Sep 2007 18:41 

Joined: 09 Sep 2007 18:14
Posts: 6
Hello,

I have tried some testing and even ran advance netstat and do not see any out going connections using your complied version that you provided.
here is what I tried on a bf2 server

- set version 110b9500

Player: ..
Player: ..
Player: ..
Player: ..
- server full

Player: ..
Player: ..
Player: ..
Player: ..
Player: ..
Player: ..
Player: ..
Player: ..
Player: ..
- server full

anyway I have asked people to join the server and see anything suspiuos and everything is normal. Does this truly work? and do I need the game installed for some reason on my PC?

I am running windows XP pro.
Thanks for your time


PS: I have been following your site for a few years now. I also e-mailed you about maybe a few exploits in bf2/2142 dos
seems like you found something
great work


Top
 Profile  
 
 
 Post subject:
PostPosted: 09 Sep 2007 21:57 

Joined: 16 Aug 2007 06:25
Posts: 367
You should try using the -f option, like so: bf2fp -f serverip

Then it will continue to flood continuously even if the server is full, taking up slots as the "fake players" leave, and not reporting when the server is full. I have found this is to be more effective with BF2 than leaving the -f option out.


Top
 Profile  
 
 Post subject:
PostPosted: 10 Sep 2007 01:39 

Joined: 09 Sep 2007 18:14
Posts: 6
thanks mate


Top
 Profile  
 
 Post subject:
PostPosted: 10 Sep 2007 12:14 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
yes, probably the time elapsed between packet sent and received was too high.
The -f option will just sent a packet each 100 ms which means that the server will be forced to be full since considering the fake players life of max 10 seconds and the maximum amount of players (64) we know that packets should be sent at least each 150 ms


Top
 Profile  
 
 Post subject:
PostPosted: 26 Sep 2007 03:11 

Joined: 26 Sep 2007 03:10
Posts: 1
is there anything needed to change the query port from 29900?


Top
 Profile  
 
 Post subject:
PostPosted: 26 Sep 2007 09:13 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
try to set the desired port at command-line:

bf2fp IP:PORT
or
bf1942 IP PORT

the tool will automatically use that port for the query


Top
 Profile  
 
 Post subject: Re: BF1942/BF2 bf2142
PostPosted: 29 Aug 2008 03:33 

Joined: 29 Aug 2008 02:50
Posts: 8
hi guys ,I experiments now some days with bf2fp , and the only result I get is :
server dont show fake players on serverlist and no one can join server because server is full.
Is there anyway to show the fake players in serverlist (serverbrowser) ?
When you can help me plz cantact me : positiv4u@web.de

PS : I can pay for help

sorry my english


Top
 Profile  
 
 Post subject: Re: BF1942/BF2 bf2142
PostPosted: 29 Aug 2008 15:57 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
i havent tested this tool, but some games do not show fake players, only fill server, but you cant actually see them, because server only allocates a slot.

if you want to monitor your network, then use commview (6.x something is good). this will even allow you to monitor packets by the process name, so you see exactly what the fake player tool is doing (what it sends and what it recieves).


Top
 Profile  
 
 Post subject: Re: BF1942/BF2 bf2142
PostPosted: 29 Aug 2008 17:47 

Joined: 29 Aug 2008 02:50
Posts: 8
you say fill server ? with real players or do you mean the flood ?

and guys I know one server is possible to show fake players :

http://www.game-monitor.com/bf2_GameSer ... 4all2.html


this sevrer show 12 fake players in server monitor .....when server empty also .

And the admin told me he use a gamespyport to show the fakeplayes .
Maybe use bf2fp ....but only flood a special port .....? you know more than me about that .


Top
 Profile  
 
 Post subject: Re: BF1942/BF2 bf2142
PostPosted: 29 Aug 2008 18:14 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
they are not 12 "fake players" as meant in bf2fp, these are 2 completely different things.
they are caused by a modification of the bf2 executable in which you force a certain amount of players in the gamespy reply sent by your server


Top
 Profile  
 
 Post subject: Re: BF1942/BF2 bf2142
PostPosted: 31 Aug 2008 01:24 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
i see 0 players in that server (following the link), but Luigi you saying that admin is using a cheap trick to make his server rank go higher or make more ppl join ? if theres already 12 players showing in list then more ppl will join.


Top
 Profile  
 
 Post subject: Re: BF1942/BF2 bf2142
PostPosted: 31 Aug 2008 02:40 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
yes, it's just a modification of the exe (nothing hard to do, just a push 0000000c in the "numplayers" field) so more people join even if it's empty


Top
 Profile  
 
 Post subject: Re: BF1942/BF2 bf2142
PostPosted: 02 Sep 2008 06:03 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
lol thts very cheap trick .. but effective i assume.

i remember that in avp2 they modified server config file to make virtual max players like 500 or more, but actual max players was still like 16-20. so with that trick they prevented ppl from using fake players on them, but ofc sending 500 packets in less than 5 secs is no problem at all :) so not much help if its done with packets or using multiple FP tools.


Top
 Profile  
 
 Post subject: Re: BF1942/BF2 bf2142
PostPosted: 04 Sep 2008 14:36 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
a correction/update about my latest post.

in bf1942 I used the following method to modify the numplayers field:

/bf1942-t21.html#p66

in bf2 the method is similar although a bit more long to find, anyway the following lpatch file can be used to test this method with bf2 1.4.1 (1.1.2965-797):

Code:
====================================================================================
TITLE
    bf2_w32ded.exe 1.4.1 12_players
FILE
    bf2_w32ded.exe
OFFSET
    00218087   FF       BE
    00218088   50       0C
    00218089   78       00
    0021808A   03       00
    0021808B   F0       00
====================================================================================


Top
 Profile  
 
 Post subject: Re: BF1942/BF2 bf2142
PostPosted: 05 Sep 2008 04:29 

Joined: 29 Aug 2008 02:50
Posts: 8
Great Thanks Luigi , it works .I dont know how but it works ,is the same thing possible with cod4 Server ?


Top
 Profile  
 
 Post subject: Re: BF1942/BF2 bf2142
PostPosted: 05 Sep 2008 16:37 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
For CoD4 1.7:
Code:
====================================================================================
TITLE
    iw3mp.exe 1.7 12_players
FILE
    iw3mp.exe
OFFSET
    00131C8B   85       66
    00131C8C   F6       BE
    00131C8D   74       0C
    00131C8E   1E       00
====================================================================================

anyway this is the last I do, don't ask me about others


Top
 Profile  
 
 Post subject: Re: BF1942/BF2 bf2142
PostPosted: 05 Sep 2008 22:08 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
i think more important would be .. how do you know what to change ?


Top
 Profile  
 
 Post subject: Re: BF1942/BF2 bf2142
PostPosted: 05 Sep 2008 22:51 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
it's simple, the general steps are the following:

find the parameter in the informations sent by the server which contains the amount of players
it's "numplayers" in battlefield and "clients" in CoD4 with the difference that CoD4 doesn't send this info if there are no players in the server (in fact I have placed my modification just in the bytes which check if ESI is equal to zero)

find the instructions in the executable which build the reply sent by the server to the client which requested informations
in BF1942 and CoD4 this is very simple because the value of this field (like 0 if there are no players) is assigned to its parameter (numplayer/clients) directly when the server builds that piece of the reply
in BF2 instead there is a function executed at regular intervals which places the current number of players in a structure containing all the textual values, so if there are 3 clients this function performs a sprintf(structure->numplayers, "%d", 3)
when the client queries the BF2 server these values are already ready to be copied in the buffer which will contain all the informations to send directly to the client

the last step is naturally the forcing of a fixed value, 0xc (12) is the one I used in my examples


Top
 Profile  
 
 Post subject: Re: BF1942/BF2 bf2142
PostPosted: 12 Jun 2009 13:07 

Joined: 11 Mar 2009 08:51
Posts: 7
Hey,

i have a question about the visible fake players.
I have run a Basrahs Edge Server (1942 DC) with 4 bots in a conquest map.
So i will add these 4 Ghostplayers as visible players.

I only find some about Windows exe etc. how can i do it in the Linux version?

thx!


Top
 Profile  
 
 Post subject: Re: BF1942/BF2 bf2142
PostPosted: 12 Jun 2009 14:44 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
the examples I showed are only for windows simply because are just examples.
and no, I will not make examples for linux or other machines/versions/games/and so on.
I don't like the argument of faking the players number on the servers so the examples you see here are the last and only from me about this subject.


Top
 Profile  
 
 Post subject: Re: BF1942/BF2 bf2142
PostPosted: 12 Jun 2009 16:12 

Joined: 11 Mar 2009 08:51
Posts: 7
i've done it successfull with windows now. but no idea how to do it with linux...


Top
 Profile  
 
 Post subject: Re: BF1942/BF2 bf2142
PostPosted: 25 Oct 2009 04:48 

Joined: 25 Oct 2009 04:42
Posts: 2
aluigi wrote:
Code:
====================================================================================
TITLE
    bf2_w32ded.exe 1.4.1 12_players
FILE
    bf2_w32ded.exe
OFFSET
    00218087   FF       BE
    00218088   50       0C
    00218089   78       00
    0021808A   03       00
    0021808B   F0       00
====================================================================================


On BF2 1.50 this no longer works!

The first byte of the edit has moved to 00215a27 and correcting the offsets in the code i quoted makes the server show up with the correct 12 fake players when queried by scripts and such!

the PROBLEM, is that something has been done so that after making these edits, the server no longer shows up in the master list, it is failing a challenge or somehow is being detected that it is hacked.

Im sure it is just a check or edit elsewhere in the file that can be safely broken so it works again or something of the same. BF2 was just released on STEAM and its player base is really climbing again,

I took the time to find and test the new memory address above, can you try to discover how to make this showup in the master list again!


Top
 Profile  
 
 Post subject: Re: BF1942/BF2 bf2142
PostPosted: 25 Oct 2009 16:20 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
no


Top
 Profile  
 
 Post subject: Re: BF1942/BF2 bf2142
PostPosted: 27 Oct 2009 01:16 

Joined: 25 Oct 2009 04:42
Posts: 2
then your above code for BF2, and 2142 is now broken and useless.....


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 24 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: