Since about a week before the server went offline.
[QUOTE=aVoN;21246342]Tranquility/Serenity has an inbuild "sorting" system judging on the community-group-ids if a person can be interesting - Such as "Gmod Tower Admins" or similar.[/QUOTE]
Neither of them have any such feature. Being the most limited, Serenity simply let you select a specific SteamID from a database of stored auth tickets.
You could do that with Heron Proxy, however.
[IMG]http://dl.dropbox.com/u/99606/heronproxy.png[/IMG]
[editline]02:40PM[/editline]
From an attacker's standpoint, the best way to get admin authtickets is to clone a community's servers.
It makes it even easier when the community has a billion retarded admins (edgegamers).
[editline]02:41PM[/editline]
Oh and the only way to do any of this is to compile your own tools, nothing compiled exists for TF2.
We only have the server DLL source code not the program it self right ?
[QUOTE=Voidy;21248182]Neither of them have any such feature. Being the most limited, Serenity simply let you select a specific SteamID from a database of stored auth tickets.
You could do that with Heron Proxy, however.
[IMG]http://dl.dropbox.com/u/99606/heronproxy.png[/IMG][/QUOTE]
Well I read the sorting mechanism in the leaked/later-released source-code. The Heron-Proxy is partially included in that. Maybe I mixed that up.
That's what I read there
[cpp] static Dictionary<long, string> InterestingGroups = new Dictionary<long, string>()
{
{ 103582791429579864, "NoxiousNet" },
{ 103582791429522331, "GU1" },
{ 103582791429834219, "GU2" },
{ 103582791429523936, "GMT" },
{ 103582791430610244, "Sass admins" },
{ 103582791430138333, "Darkland Staff" },
{ 103582791429956670, "PE" },
{ 103582791430358242, "PERP" },
{ 103582791430387500, "Kuromeku's republic" },
{ 103582791430620730, "Role nation" },
{ 103582791429809192, "GMT Devs" },
};[/cpp]
and later in code
[cpp] List<string> memberGroups = new List<string>();
if ( fullProf != null )
{
if ( fullProf.groups != null )
{
foreach ( ProfileGroup group in fullProf.groups )
{
//if ( InterestingGroups.ContainsKey( group.groupID64 ) )
memberGroups.Add( group.groupName );
}
}
}[/cpp]
When you join one of these fake servers, do you get disconnected (kicked?) with the message "Disconnect"?
[QUOTE=Deco Da Man;21260901]When you join one of these fake servers, do you get disconnected (kicked?) with the message "Disconnect"?[/QUOTE]
Server is full.
[QUOTE=The-Stone;21262533]Server is full.[/QUOTE]
oh shit
[QUOTE=Deco Da Man;21286612]oh shit[/QUOTE]
Log in and out of steam. You'll invalidate your ticket and it won't work for anyone who stole it.
[QUOTE=VoiDeD;21292004]Log in and out of steam. You'll invalidate your ticket and it won't work for anyone who stole it.[/QUOTE]
[img]http://www.facepunch.com/fp/rating/wrench.png[/img]
Right, so we're changing to the TF2 engine in a month. Maybe this is the reason why Garry/VALVe aren't caring about it?
[img]http://localhostr.com/files/8663af/new%20engine.png[/img]
They're making a mistake by upgrading to full blown OB.
They're throwing out whatever semblance of security the current protocol has. v15 has no encryption whatsoever.
The only proper fix would be enabling the IP check.
how do i change my steam id?
[QUOTE=VoiDeD;21316817]They're making a mistake by upgrading to full blown OB.
They're throwing out whatever semblance of security the current protocol has. v15 has no encryption whatsoever.
The only proper fix would be enabling the IP check.[/QUOTE]
That's garry for ya ;)
Oh fucking hell. VAC [b]and[/b] I'll get dropped from every second game because of my auth packet getting rejected by VAC (No idea why)
[editline]06:21PM[/editline]
Plus [b]even more[/b] prediction errors.
[QUOTE=|FlapJack|;21328091]Oh fucking hell. VAC [b]and[/b] I'll get dropped from every second game because of my auth packet getting rejected by VAC (No idea why)
[editline]06:21PM[/editline]
Plus [b]even more[/b] prediction errors.[/QUOTE]
So upgrading to the tf2 engine would enable VAC in garrysmod?
FUUUUCK.
VAC will never be enabled. The modules we all use require it to be disabled.
A change in engine [b]might[/b] trigger VAC to become active. We'll only know when it happens.
I wouldn't mind the end of "anyone can load up any custom module" if it meant we could get VAC.
[QUOTE=|FlapJack|;21328091]Oh fucking hell. VAC [b]and[/b] I'll get dropped from every second game because of my auth packet getting rejected by VAC (No idea why)
[editline]06:21PM[/editline]
Plus [b]even more[/b] prediction errors.[/QUOTE]
You can't be sure, if VAC would be enabled and banning in GMod then.
If so, it would [url=http://www.facepunch.com/showthread.php?t=896910]destroy some of my hard works and get several people VACed :( (It uses detours).[/url]
I'm assuming it's the custom engine which nulls VAC - which obviously using the orangebox engine would correct.
[editline]08:33PM[/editline]
There's always the chance it won't, but I reckon there is a small chance it could.
[QUOTE=aVoN;21330011]You can't be sure, if VAC would be enabled and banning in GMod then.
If so, it would [url=http://www.facepunch.com/showthread.php?t=896910]destroy some of my hard works and get several people VACed :( (It uses detours).[/url][/QUOTE]
You obviously have heard that a ton but this is really something that should be included into Garry's Mod. Maybe if modules are banned Garry will pay more attention to them.
I'm under the impression that Valve or Garry is able to control VAC on a game-by-game basis through the Steamworks back-end, and it's simply disabled for GMod.
That being said, from an auth protocol standpoint, GMod is more similar to CS:S than to TF2.
CS:S protocol version is 7, GMod is 14, and OB is 15. Although the version difference between CS:S and GMod seems huge, the underlying structure is relatively the same, the only difference being that the auth ticket header is moved near the end of the auth itself (thus being a footer).
CS:S and GMod both rely on the same known RSA/AES encryption method. The one major difference in all of this is that CS:S has VAC enabled, and thus unauthorized clients are kicked after a short period of time.
Given all this, I highly doubt a change over to OB will enable VAC. But it doesn't mean it's impossible.
[editline]08:20PM[/editline]
But on the off chance that VAC is enabled, I can see GMod losing much of it's customer base because it seems that a large portion of the people who play are VAC banned. Perhaps they play because they can't play anything else, who knows.
In any case, GMod is dead. Go play TF2, losers!
[QUOTE=Voidy;21331074]
In any case, GMod is dead. Go play TF2, losers![/QUOTE]
It's not dead until no one plays it anymore
I don't believe he would enable VAC without looking at the consequences. He does in fact know that people do use modules that aren't 100% legit by steam standards.
VoiDeD have you considered [url=http://valvesoftware.com/jobs/index.html]this website?[/url]
[QUOTE=nicatronTg;21335768]VoiDeD have you considered [url=http://valvesoftware.com/jobs/index.html]this website?[/url][/QUOTE]
Dear Valve,
I'm very interested in applying for a job as a software engineer for Steam.
My prior work experience includes destroying multiplayer gaming and causing general havoc.
Thanks,
VoiDeD
[QUOTE=VoiDeD;21337763]Dear Valve,
I'm very interested in applying for a job as a software engineer for Steam.
My prior work experience includes destroying multiplayer gaming and causing general havoc.
Thanks,
VoiDeD[/QUOTE]
They did [B]almost[/B] hire the guy who leaked HL2 beta, but instead they setup a sting operation with the FBI, so I guess that might not turn out well.
Seriously, if you can find bugs in the protocol like that, they might very well like to have you on their team.
[QUOTE=nicatronTg;21338581]Seriously, if you can find bugs in the protocol like that, they might very well like to have you on their team.[/QUOTE]
he wasn't the first to find these 'exploits', he was just the first to exploit them for monetary gain.
[QUOTE=Ninjers;21339805]he wasn't the first to find these 'exploits', he was just the first to exploit them for monetary gain.[/QUOTE]
ers is a pretty cool guy.
VoiDeD isn't lazy enough to apply to Valve.
[QUOTE=|FlapJack|;21348455]VoiDeD isn't lazy enough to apply to Valve.[/QUOTE]
Ye but he clearly likes making money so im sure he would apply if they would accept him but it would be a tarp
Sorry, you need to Log In to post a reply to this thread.
