Oops, facepunch timed out as I tried to post. Anyway, here's the fixed version:
[url]http://gmodmodules.googlecode.com/svn/trunk/serverplugin_serversecure/Release/Serverplugin_serversecure.dll[/url]
Still having crashing issues - this time as soon as the plugin is loaded.
After restarting the server a few times and redownloading the module, seems to be working. Will try connecting now.
Update: Still crashes immediately after "Validating app ticket"
[code]Faulting application name: srcds.exe, version: 0.0.0.0, time stamp: 0x4b071a4a
Faulting module name: steamclient.dll, version: 3.0.0.1, time stamp: 0x4845958e
Exception code: 0xc0000005
Fault offset: 0x00033f26
Faulting process id: 0xc1c
Faulting application start time: 0x01cad2b5bab657c6
Faulting application path: E:\Game Servers\gmod - Server5 - Dev server\orangebox\srcds.exe
Faulting module path: E:\Game Servers\gmod - Server5 - Dev server\orangebox\bin\steamclient.dll
Report Id: 2e4e3342-3ea9-11df-9462-003048be3269[/code]
It probably got cached somewhere, I just tested it: [url]http://dl.dropbox.com/u/759758/Serverplugin_serversecure_1.dll[/url]
Would explain it. Testing now.
[editline]12:09AM[/editline]
The debug prints aren't printing now. (Yes, I did change the path)
Seems the plugin didn't load at all. Weird.
Hmm it actually turns out the IP I'm checking is tied to the clientregistry.blob, for now if you have issues connecting you'll have to delete it to join a server running the plugin (until I find another solution)
I love how everyone is over-complicating a block. Anyone with tranquility, please, try and join 216.245.206.82:27015 and tell me if it lets you in. ;)
[QUOTE=blackops7799;21133945]I love how everyone is over-complicating a block. Anyone with tranquility, please, try and join 216.245.206.82:27015 and tell me if it lets you in. ;)[/QUOTE]
Yeah, the second someone joined a server I was in, I knew how I would make a tranquility blocker.
[QUOTE=blackops7799;21133945]I love how everyone is over-complicating a block. Anyone with tranquility, please, try and join 216.245.206.82:27015 and tell me if it lets you in. ;)[/QUOTE]
I got in, what's the secret?
[QUOTE=AzuiSleet;21134089]I got in, what's the secret?[/QUOTE]
And there's one of the like, 10 people who would know to recompile the source.
You don't count. I'll restate my post then. Anyone with an unmodified tranquility try and join. :v:
[QUOTE=blackops7799;21134148]tranquility[/QUOTE]
[code]
sending challenge request to 216.245.206.82:27015
Server 216.245.206.82:27015 channel: 4294967295 - Type: A Length: 191
Authenticating with server 216.245.206.82:27015
Server 216.245.206.82:27015 channel: 4294967295 - Type: B Length: 20
Sending command 216.245.206.82:27015
Signing on
Server 216.245.206.82:27015 channel: 1 Length: 1047
....
7
Game packet seq: 1 flags: 65 ack: 3 type: 7
svc_print:
deathrun
Map: deathrun_akai_final
Players: 34 / 50
Build: 3943
Server Number: 84
8
Game packet seq: 1 flags: 65 ack: 3 type: 8
Unhandled type 8
full buffer:
deathrun
Map: deathrun_akai_final
Players: 34 / 50
Build: 3943
Server Number: 84
Sending client table CRC
Signing on
Signing on
Signing on
Sending command: say hello
...
Game packet seq: 160 flags: 96 ack: 9 type: 1
Disconnect: Donate to GMod Tower.
Disconnected from server 216.245.206.82:27015 - Donate to GMod Tower.
[/code]
[QUOTE=AzuiSleet;21134187][code]code[/code][/QUOTE]
Took the words right out of my mouth.
[QUOTE=AzuiSleet;21115640]Don't pay for a fix for this exploit, I'm going to release a fix in a little bit, it will be a proper fix, not some hack that checks the steamcommunity profile.
It's done:
[url]http://gmodmodules.googlecode.com/svn/trunk/serverplugin_serversecure/validation.cpp[/url]
[url]http://gmodmodules.googlecode.com/svn/trunk/serverplugin_serversecure/Release/Serverplugin_serversecure.dll[/url][/QUOTE]
I've got a problem with "your idea" how you check for valid auths.
Your method is checking the IP within the AuthTicket you have decrypted with the users current IP. On mismatch, you kick him.
Today, I found out, the IP in the auth-package you check against is the IP when the AuthTicket got created for this user. This is a major problem for those, who have their Steam set to auto-login: Once their IP changes (due to 24h disconnect like I have on my DSL or manually), the auth-ticket stays the same and so does the IP within it. Now people get kicked for no reason. This method has simply too much false-positives.
But on the other side I can't think about a better way currently.
[editline]08:32PM[/editline]
Also: Your might add this to the code
[cpp]#include <dll.h> //CryptoC++
using namespace CryptoPP;
//Without below code, the program crashs on deletion of objects which used Crypto++
static PNew s_pNew = NULL;
static PDelete s_pDelete = NULL;
//########## Externally called to set new "new/delete" handlers
extern "C" __declspec(dllexport) void __cdecl SetNewAndDeleteFromCryptoPP(PNew pNew,PDelete pDelete,PSetNewHandler pSetNewHandler){
s_pNew = pNew;
s_pDelete = pDelete;
}
//########## new
void * __cdecl operator new(size_t size){
return s_pNew(size);
}
//########## delete
void __cdecl operator delete(void* p){
s_pDelete(p);
}[/cpp]
I've got crashes using Crypto++ in dll-mode without the above code and I have not seen it in the source of your module yet. The code comes directly from dlltest.cpp of the Crypto++-repository.
[QUOTE=aVoN;21233270]Today, I found out, the IP in the auth-package you check against is the IP when the AuthTicket got created for this user. This is a major problem for those, who have their Steam set to auto-login: Once their IP changes (due to 24h disconnect like I have on my DSL or manually), the auth-ticket stays the same and so does the IP within it. Now people get kicked for no reason. This method has simply too much false-positives.[/QUOTE]
[QUOTE=AzuiSleet;21130034]Hmm it actually turns out the IP I'm checking is tied to the clientregistry.blob, for now if you have issues connecting you'll have to delete it to join a server running the plugin (until I find another solution)[/QUOTE]
But that isn't feasible for most players. Not many people are going to know that they're required to do it.
The solution is quite simple: Use tranquility, use the vl2 source, give every child and their friends the ability to use it. Only Valve can actively do something against this, but they're apparently holding back because they don't believe it's an important enough issue.
I'd make it dead simple, then release it on just about all the cheating/hacking communities for HL2 around under the GPL and say go to town. VoiDeD, do it, because then VALVe will notice.
I guess they aren't really prioritizing it high because it can't affect retail games as much as it can a mod. If this could get around the early disconnect from VAC issue in something like TF2, then VALVe would jump on it.
[QUOTE=VoiDeD;21233790]But that isn't feasible for most players. Not many people are going to know that they're required to do it.
The solution is quite simple: Use tranquility, use the vl2 source, give every child and their friends the ability to use it. Only Valve can actively do something against this, but they're apparently holding back because they don't believe it's an important enough issue.[/QUOTE]
The thing is, in the last week nobody has even tried connecting to my server using Tranquility / Serenity. Obviously releasing the files hasn't made it big, and so Valve don't care.
[editline]10:24PM[/editline]
Plus, my server is rather popular. So it's not as if it would be an empty server someone wouldn't want to waste an auth packet on.
[editline]10:26PM[/editline]
Mind you, I do see at least two packet leech servers running currently.
I agree with nicatron, Garrysmod is not valve's product (valve didn't write it) so if there are security issues, they are no concern of valves. If the exploit found it's way into another steam game, it would be a very big concern.
Technically the procedure works in TF2 and DoD:S, but you can't stay on a server for a long period of time.
As nicatronTg said, you get forcefully disconnected from a server after approximately 1-2 minutes. This is, however, plenty of time to [url=http://www.facepunch.com/showthread.php?t=810796]"aquire" some administrative ability and abuse it[/url].
Although Valve supposedly wants to move the GMod/CS:S authentication method over to what TF2 and DoD:S is using, that wouldn't be a complete fix. They would need to start checking the external IP located in the auth tickets themselves.
If I had to infer, the lack of spreading around actual compiled files has lead to people not doing anything, because the people who are smart enough to compile the files are the same people who are talking in this thread right now. I think that if someone did one of the many YouTube admin hacking tutorials that get so many views, then put it up on Steampowered, it would definitely start to attract attention.
Correct me if I'm wrong, but all we currently have are uncompiled PoCs not actual running down-loadable programs? Best way to attract attention would be a full scale release.
Edit: It appears that Tranquility is a fully distributed executable file, but not sure if anyone actually has tried it or made sure it's not some deep rooted keylogger? Sorry for arriving a bit late to the party, but the only way I found it was via the google cache.
The last time Tranquility was posted, [url]http://www.facepunch.com/showpost.php?p=21105898&postcount=434[/url], it was deleted by some ignorant mod who thought it was a virus.
I don't exactly feel confident posting anything here, but I'd be willing to share what I have through other means.
[editline]01:50AM[/editline]
[url]http://www.facepunch.com/showpost.php?p=21105937&postcount=5[/url]
:irony:
[url]http://www.facepunch.com/showpost.php?p=21107294&postcount=438[/url]
No need, I have Tranquility. After running sandboxed, no it's not a virus, but it's also not the easiest thing to use after first glance. I kind of wonder what the risks of running it are in the first place, after all, VALVe might be doing the same honey pot idea they did to burn the idlers with.
I'll toy with it later, but honestly I don't see the point. I'm not going to be going on any hacking sprees with servers anytime soon, so it's actually quite useless from my end(unless I want to unmute myself early from NoXiousNet).
One interesting side effect of Tranquility is that you don't even need to own Garry's mod to join legit servers!
Hell, you don't even need Steam!
[editline]02:13AM[/editline]
...Or so I heard from Avaster!
Well, Garry might not like this, considering the implications of the anti piracy measures on gmod.org.
Just more pressure for Valve to do something against it.
Derp you can't spoof an admins SteamID right away. And I'm quite sure that he won't join your server just for fun.
If you don't know how stuff works shut up.
[QUOTE=The-Stone;21246252]Derp you can't spoof an admins SteamID right away. And I'm quite sure that he won't join your server just for fun.
If you don't know how stuff works shut up.[/QUOTE]
Tranquility/Serenity has an inbuild "sorting" system judging on the community-group-ids if a person can be interesting - Such as "Gmod Tower Admins" or similar.
Since when :v:
[QUOTE=Voidy;21244341][img]http://dl.dropbox.com/u/99606/weather.PNG[/img]
[img]http://specieslist.com/images/yucatan/pictures/web/PICT0002.JPG[/img][/QUOTE]
I guess this is what happens when you type with a headache at night. Oh well, I'm sure he understands I don't mean the temperature but the other [I]whether[/I].
Sorry, you need to Log In to post a reply to this thread.
