Preventing steam id changing? - Developers

I recently came across this [url]http://voided.pastebin.com/3E5krXYL[/url]

Yup. Nothing new there.

If any server owners are interested, I have a tested working module for keeping tranquility users from entering your server. I would be glad to give it if sufficient compensation were rendered.

[url]http://dl.dropbox.com/u/2116169/valvelib2.7z[/url] no stripped code.

I find it amusing how I shared that code with you, yet you contributed nothing to it. [editline]11:15PM[/editline] What I should really say is you contributed nothing at all to the research we did, let alone the code. You sat around and leeched. Go figure!! [editline]11:24PM[/editline] At least post the most recent code. Oh wait you don't have it. [url]http://dl.dropbox.com/u/99606/Serenity.ValveLib2.rar[/url] Knock yourselves out. If serenity/tranquility isn't patched by valve in the near future I will be very upset with all of you.

Why did avaster end the project and give you the source VoiDeD?

[QUOTE=|King Flawless|;21107915]Why did avaster end the project and give you the source VoiDeD?[/QUOTE] I facepalmed so hard, my brains are almost orbiting around the Earth.

[QUOTE=Gbps;21108274]I facepalmed so hard, my brains are almost orbiting around the Earth.[/QUOTE] Good, because it was sarcasm.

[QUOTE=Neux;21108907]Good, because it was sarcasm.[/QUOTE] And who's to say mine wasn't either.

[QUOTE=VoiDeD;21107380]I find it amusing how I shared that code with you, yet you contributed nothing to it. [editline]11:15PM[/editline] What I should really say is you contributed nothing at all to the research we did, let alone the code. You sat around and leeched. Go figure!![/QUOTE] [IMG]http://i44.tinypic.com/29x4jp.png[/IMG]

[QUOTE=majorlazer;21109115][IMG_thumb]http://i44.tinypic.com/29x4jp.png[/IMG_thumb][/QUOTE] Why is it crying in a straight line sideways. I dun understand.

Those ears aren't big enough!

[QUOTE=VoiDeD;21109587]Those ears aren't big enough![/QUOTE] They need to be more dumbofennec. [editline]08:03PM[/editline] [img]http://img694.imageshack.us/img694/7906/31407890.png[/img] Choo Choo!

[img]http://dl.dropbox.com/u/99606/ears.png[/img] Now those ears are properly scaled.

[QUOTE=yakahughes;21107268]If any server owners are interested, I have a tested working module for keeping tranquility users from entering your server. I would be glad to give it if sufficient compensation were rendered.[/QUOTE] Don't pay for a fix for this exploit, I'm going to release a fix in a little bit, it will be a proper fix, not some hack that checks the steamcommunity profile. It's done: [url]http://gmodmodules.googlecode.com/svn/trunk/serverplugin_serversecure/validation.cpp[/url] [url]http://gmodmodules.googlecode.com/svn/trunk/serverplugin_serversecure/Release/Serverplugin_serversecure.dll[/url]

Now the source is released. Dammit. I spent about 1.5 weeks reverse engineering the auth-protocoll and made major steps yesterday. Now it's all useless and every noob can use it. Well, at least this brings us further to VoiDeD's aim in valve fixing it now where everyone can can adept the methods easily.

[QUOTE=aVoN;21115797]Now the source is released. Dammit. I spent about 1.5 weeks reverse engineering the auth-protocoll and made major steps yesterday. Now it's all useless and every noob can use it. Well, at least this brings us further to VoiDeD's aim in valve fixing it now where everyone can can adept the methods easily.[/QUOTE] Avaster's aim was for valve to fix it he simply gave it to VoiDeD to release so that he didnt get the fame from it you know avaster he dont like being in the spot light

[QUOTE=|King Flawless|;21118161]Avaster's aim was for valve to fix it he simply gave it to VoiDeD to release so that he didnt get the fame from it you know avaster he dont like being in the spot light[/QUOTE] facepalm sequence initiated. starting ~9000 facepalms now.

Why does the .csproj file has this in it <Compile Include="Data\Storage\AuthDump.cs" /> <Compile Include="ProxyServer.cs" /> <Compile Include="Secrets.cs"> <-- That ! </Compile> <Compile Include="Utils\Master Server\MasterServerQueryReplyPacket.cs" />

Legacy Serenity code that was never used.

I love the naming there, "secrets.cs".

Avaster must like his secrets

[QUOTE=Gbps;21122145]Avaster must like his secrets[/QUOTE] The one about him being gay? Oh wait that's not a secret, what else is there? Hmmm....

[QUOTE=Gbps;21122145]Avaster must like his secrets[/QUOTE] [code] function printSecrets(arg) { if (arg[0] == 1) { print("Email password:"); print("avaster"); } else { print("No secrets for you :o"); } return 1; } [/code] In all honesty, it probably was part of the "check that you paid" part of serenity.

[QUOTE=nicatronTg;21122208][code] function printSecrets(arg) { if (arg[0] == 1) { print("Email password:"); print("avaster"); } else { print("No secrets for you :o"); } return 1; } [/code] In all honesty, it probably was part of the "check that you paid" part of serenity.[/QUOTE] Why would he call it secret then ?

[QUOTE=AzuiSleet;21115640]Don't pay for a fix for this exploit, I'm going to release a fix in a little bit, it will be a proper fix, not some hack that checks the steamcommunity profile. It's done: [url]http://gmodmodules.googlecode.com/svn/trunk/serverplugin_serversecure/validation.cpp[/url] [url]http://gmodmodules.googlecode.com/svn/trunk/serverplugin_serversecure/Release/Serverplugin_serversecure.dll[/url][/QUOTE] For the record it didn't check the steamcommunity profile, but this is way better anyway, use it.

For all who are interested, this is the "secret" contents of the Steam auth packet as decoded by aVoN using the Serenity/Tranquility source code and some extra smarts. [url]http://pastebin.com/s921QWP5[/url]

Your plugin crashed my server Azu, no clear indication why. The server timeout period is 30 seconds, by the way. [editline]10:21PM[/editline] [code]command "plugin_load serverplugin_serversecure.dll" 22:14:45 Loading.. CheckFile signature d7ccd40 Loaded plugin "serverplugin_serversecure.dll" 22:15:14 L 04/02/2010 - 22:15:17: "PILLZ HERE<554><STEAM_0:1:19606477><>" disconnected (reason "PILLZ HERE timed out") 22:15:15 L 04/02/2010 - 22:15:18: "MackDaddy<654><STEAM_0:1:30869385><>" disconnected (reason "MackDaddy timed out") 22:15:15 L 04/02/2010 - 22:15:18: "Roadrunah<681><STEAM_0:1:20710616><>" disconnected (reason "Roadrunah timed out") 22:15:15 L 04/02/2010 - 22:15:18: "+[SP]+ St. Hetfield<664><STEAM_0:0:19007113><>" disconnected (reason "+[SP]+ St. Hetfield timed out") 22:15:15 L 04/02/2010 - 22:15:18: "a_wise_guy<643><STEAM_0:0:29146441><>" disconnected (reason "a_wise_guy timed out") 22:15:15 L 04/02/2010 - 22:15:18: "G_Hecker<678><STEAM_0:1:29392297><>" disconnected (reason "G_Hecker timed out") 22:15:15 L 04/02/2010 - 22:15:18: "DarkFox312<599><STEAM_0:1:5331058><>" disconnected (reason "DarkFox312 timed out") 22:15:15 L 04/02/2010 - 22:15:19: "$moneymaker69$<674><STEAM_0:0:23841475><>" disconnected (reason "$moneymaker69$ timed out") 22:15:15 L 04/02/2010 - 22:15:19: "rui_troia<660><STEAM_0:1:20607445><>" disconnected (reason "rui_troia timed out") 22:15:15 L 04/02/2010 - 22:15:19: "+[SP]+ Zantze<590><STEAM_0:1:13776972><>" disconnected (reason "+[SP]+ Zantze timed out") 22:15:15 L 04/02/2010 - 22:15:19: "wolfman stadd<661><STEAM_0:1:13493394><>" disconnected (reason "wolfman stadd timed out") 22:15:15 L 04/02/2010 - 22:15:19: "{CG}chris<680><STEAM_0:1:18876692><>" disconnected (reason "{CG}chris timed out") 22:15:15 L 04/02/2010 - 22:15:19: "+[SP]+ Fuzzylemons<663><STEAM_0:0:17554487><>" disconnected (reason "+[SP]+ Fuzzylemons timed out") 22:15:15 L 04/02/2010 - 22:15:19: "shain02_wes<679><STEAM_0:0:26816752><>" disconnected (reason "shain02_wes timed out") 22:15:15 L 04/02/2010 - 22:15:19: "Pilu<682><STEAM_0:1:5421066><>" disconnected (reason "Pilu timed out") 22:15:15 L 04/02/2010 - 22:15:19: "mumblzz<669><STEAM_0:0:7847505><>" disconnected (reason "mumblzz timed out") 22:15:15 L 04/02/2010 - 22:15:19: "^0De^1X^0ter<656><STEAM_0:1:20708116><>" disconnected (reason "^0De^1X^0ter timed out")[/code] And then crashed constantly after restarting it. [code]Faulting application name: srcds.exe, version: 0.0.0.0, time stamp: 0x4b071a4a Faulting module name: steamclient.dll, version: 3.0.0.1, time stamp: 0x4845958e Exception code: 0xc0000005 Fault offset: 0x00033f26 Faulting process id: 0xd58 Faulting application start time: 0x01cad2a9b43d7c64 Faulting application path: E:\Game Servers\gmod - Server1 - Killas ZS\orangebox\srcds.exe Faulting module path: E:\Game Servers\gmod - Server1 - Killas ZS\orangebox\bin\steamclient.dll Report Id: 10b6c10c-3e9d-11df-9462-003048be3269[/code]

You can't hotload the plugin, but let me see about the crash edit: I did find the crash, I'm working on updating the steam key ripper function.

Alright. I'll try loading it onto an (empty) server. The crash occurs immediately after "Validating app ticket" [IMG]http://i304.photobucket.com/albums/nn182/flapjack-93/crash.png[/IMG]