Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 12:12

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 15 posts ] 
Author Message
 Post subject: NAK Character Exploit
PostPosted: 08 Apr 2010 22:40 

Joined: 07 Aug 2009 00:14
Posts: 7
"**The NAK character can make you genuinely unbannable. Period. No, not just from being seen in some terrible admin menu. It can also make it so that you don't play a disconnect message when you leave. Let that be a huge fucking hint. Get creative. Stop thinking inside that confined space that only lets you test your name with one character.
What if it's a combination of two? A combination of three? Do your research."

I want to know how this is possible? I was able to print the character using notepad++, but insofar as how to use it, I'm at a loss. Seems to be kept hush-hush.

Any information regarding this exploit?

EDIT: I should also mention this is for CSS/Source Engine EP1.


Top
 Profile  
 
 
 Post subject: Re: NAK Character Exploit
PostPosted: 09 Apr 2010 16:55 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
confused, what is it what you want to do exactly ? put that "NAK" character into game ? I even don't know what it is. post it here ? or make screenshot ? character map code maybe ?


Top
 Profile  
 
 Post subject: Re: NAK Character Exploit
PostPosted: 10 Apr 2010 13:43 

Joined: 07 Aug 2009 00:14
Posts: 7
The NAK character is the Negative Acknowledgement unicode character (021).

http://en.wikipedia.org/wiki/Negative-a ... _character

If used in part of the player's name (in combination with other control characters apparently), it makes the player virtually unbannable.

Applicable video: http://www.youtube.com/watch?v=Rkorh3lzbgw

If this guy state's there's a way to do it, I'd like to know what it is if that's possible and a means to prevent it. Emphasis on and as I would like to know both pieces of information.


Top
 Profile  
 
 Post subject: Re: NAK Character Exploit
PostPosted: 10 Apr 2010 14:37 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
never heard of it, but yeah i got the point of it. it shows as . (dot) in ASCII and in hex its 15.
i know how to make it in game, but i don't think that you can accept that name. im sure that game says "invalid name".

also other thing is, that steam does not ban by name, it bans by id. it doesn't matter what your name is.
i used this method in old game Aliens vs Predator 2. i never put NAK, but i put some other "invalid" character. in avp2 game saved the name and stuff in a file, so i opened the file and changed it.

other method, is to find the input field in memory with memory scanner/editor and then just insert it directly and click apply. or if you know of a command to change name, for example:

name "your_name_here_blah"

im not aware of such commands in source engines, but there's tons of commands, so maybe there is a name change command, in that case, its same. you find the input field with memory scanner and put NAK character there and then send it.

i think that all steam based games send name into servers too, so it would show up on your profile and so on, in that case maybe you can use packet editors too.


as about preventing it. umm my general idea would simply be to disallow that character in the name field. so if that character is present in the "name field" then server simply ignores that packet or blocks it. so ppl can't use it.
Im sure Luigi has better ideas about this part.

this video is bullshit, some retard's bluff who desperatly needs some subscribers and views on his pathetic site. he never shows anything but text, because he has nothing else.


Top
 Profile  
 
 Post subject: Re: NAK Character Exploit
PostPosted: 10 Apr 2010 14:58 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
a lil update, i tested that in msn. i can sucessfully send the character, but nothing happens. i know its msn, but it was only a test to see if im able to send this character.

also note that you will get banned if you mess with memory tools in a VAC server, mostly likely outside of it too, because VAC runs in steam.exe.
this is how NAK looks like in post (i did it with packet editor, webscarab) > 


you can use the following code block to copy the NAK from. it looks like square, but it is an actual NAK. if you paste it into notepad++ (not normal notepad), then it actually says NAK.

Code:



Top
 Profile  
 
 Post subject: Re: NAK Character Exploit
PostPosted: 10 Apr 2010 18:31 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
uhmmm I don't understand this whole topic at all.
what's the problem of testing any wanted char placing it with a hex editor inside the script to execute?

or even better why not writing a minimalistic client that scans everything automatically on the own local server?

mah...


Top
 Profile  
 
 Post subject: Re: NAK Character Exploit
PostPosted: 10 Apr 2010 19:26 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
Luigi his first question is "how to put it into a name in CSS" he wants to have this NAK inside of a name. i can add it in steam, but steam automatically removes it.
for example in steam if you set 1 character as name, then it says that you cant have that short name, but if you do like "SNAKNAK", then it accepts it, but next time i want to change name, it is only S. however this is not the case in css, because in css you change name from inside of a game.
anyways as i said, its just fake bullshit. or what you think Luigi ? because im sure that CSS uses steam_id to ban, not name.


Top
 Profile  
 
 Post subject: Re: NAK Character Exploit
PostPosted: 11 Apr 2010 23:05 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
a bs as usual


Top
 Profile  
 
 Post subject: Re: NAK Character Exploit
PostPosted: 12 Apr 2010 02:42 

Joined: 07 Aug 2009 00:14
Posts: 7
I'll consider this a hoax then. :)

Thanks for your time guys. Much appreciated.


Top
 Profile  
 
 Post subject: Re: NAK Character Exploit
PostPosted: 13 Apr 2010 21:21 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
i contacted him on youtube. asking why he posts bullshit videos full of ads, he actually seemed quite polite, didnt start blaming like some idiot, said that this video was made in rush, but im still sure that it is not possible in steam based games, because steam removes such illegal characters.
also if it was made in rush, then why only text and ads..ugh


Top
 Profile  
 
 Post subject: Re: NAK Character Exploit
PostPosted: 13 Apr 2010 23:05 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
what I have not understood is what "should" be the hypothetical effects.

I talk about security, not about cheating and non-security related stuff.
for example the Source engine doesn't have filters in the chars allowed in the messages and this is not a secret, indeed you can use practically all the ASCII charset but except for the bell char (0x07) on Windows there are no security implications.

just my curiosity because I don't understand why there is all this interest about this game for things that do nothing.


Top
 Profile  
 
 Post subject: Re: NAK Character Exploit
PostPosted: 14 Apr 2010 01:47 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
it suppouse to make you unbannable and partially invisible by server, but if you ask me...still sounds silly, because bans in css are not done by username, but by steam_id. so hidden and/or invalid characters should not matter at all.

and other question was how to prevent it, in your own server.


Top
 Profile  
 
 Post subject: Re: NAK Character Exploit
PostPosted: 19 Apr 2010 11:34 

Joined: 11 Jun 2009 20:33
Posts: 7
I belive this connects you as kinda "unconnected", as your not shown in any menu.
Also he gives a hint, that you need to use the C0 char combiantion which doesnt show the disconnected msg when you leave.

I've tried all kinds of combination, but i cant seem to figure it out. Another guy says theres cmd commands with this exploit...


The guy who discovered this is:
member/GunGrave/

I've tried to PM him, but he doesnt answer me.


To input any C0 character in your name in CSS, make a .cfg file like this:
Code:
setinfo name ""


Next step is to figure out the combination.
I've heard that you need to use some of the blank C0 characters, prolly one of these:
Code:
//Bell
//Escape
//Device Control One
//Device Control Two
//Device Control Three
//Device Control Four
//Backspace
   //Horizontal Tabulation
//Delete


If any1 has any news regarding this exploit, please share!



EDIT: If your looking for a fix, I belive ServSecurity fixes this:
http://addons.eventscripts.com/addons/view/servsecurity


Top
 Profile  
 
 Post subject: Re: NAK Character Exploit
PostPosted: 19 Apr 2010 19:56 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
ppl who only give "hints" are always fake posers (ok 99.99% cases fake).
they only give "hints, because this is all they know and have, it means they just want fame without doing anything. so they have to fake things, its lame. this is also reason why there is no REAL video demonstration of it's actions and how it REALLY works. like going into server with it and being unbootable ..etc.

its just lame noob's bluff if you ask me.


Top
 Profile  
 
 Post subject: Re: NAK Character Exploit
PostPosted: 20 Apr 2010 07:58 

Joined: 11 Jun 2009 20:33
Posts: 7
Yeah hehe


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 15 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: