Server Crash Exploit - Please Fix

Saw a minge do this, for starts place 2 gates like this:

:snip:

The server WILL crash.

-DownWithThePK Signing Out.

Is this crash preventable with https://github.com/Kefta/Entity-Crash-Catcher?

A better question would be why would you post a detailed tutorial on how to crash it to the public full of people who would actually use it maliciously. I understNd that your trying to get the word out to get it fixed but I would have pm’ed someone about it or made a vague tutorial so that kiddies can’t just do it.

Making it public forces the developers hand into fixing it. Not the nicest way of going about things but I guess it works too.

[editline]17th February 2016[/editline]

This should fix it, but it also assumes that it only happens on that model, and only with the grav gun, and only when gravity is disabled, will do some more investigating.

[lua]
hook.Add( “GravGunPickupAllowed”, “ServerExploitFix”, function( ply, ent )

if ( string.lower( ent:GetModel() ) == "models/props_building_details/storefront_template001a_bars.mdl" and ent:GetNWBool( "gravity_disabled", false ) ) then
	return false
end

end)
[/lua]

[editline]17th February 2016[/editline]

Crashes single player but takes longer.

[editline]17th February 2016[/editline]

Pull request here: https://github.com/garrynewman/garrysmod/pull/1133

I don’t think that’s a proper solution. This can undoubtedly be recreated with other props as well, there’s no reason for it to be restricted to those doors.

Garrysmod tries to remove the crazy prop but totally breaks physics (props start falling through the world) and the game crashes seconds later. I’m not certain but maybe it’s not handling the removal of the constraints and the frozen prop and it causes some insane overflow.

I just tested it with srcds and the crash catcher installed, it doesn’t catch it. The engine catches it first, causing this issue, or it’s not designed to catch this. I’m not sure which.

http://s17.postimg.org/6jfzkf3a7/screenshot_1455756092.png

Trying to get a capture of an error message that appeared once. It might be insightful, but I figure the crash dumps I have could also be useful.

Entities with nan/inf positions can’t actually be removed before VPhysics crashes, which is very lame.

[editline]17th February 2016[/editline]

So this is another issue with entities generating infinite velocity, but Entity.Remove not working. This is the log I got from following the steps:


] lua_run Entity(1):GetEyeTrace().Entity:GetPhysicsObject():EnableGravity( false )
> Entity(1):GetEyeTrace().Entity:GetPhysicsObject():EnableGravity( false )...
] lua_run Entity(1):GetEyeTrace().Entity:GetPhysicsObject():EnableGravity( false )
> Entity(1):GetEyeTrace().Entity:GetPhysicsObject():EnableGravity( false )...
ServerLog: [GS] Removed prop_physics (ID: 116) for moving too fast (3675.969971)
ServerLog: [GS] Removed prop_physics (ID: 116) for moving too fast (3789.617920)
ServerLog: [GS] Removed prop_physics (ID: 116) for moving too fast (3789.617920)
ServerLog: [GS] Removed prop_physics (ID: 116) for moving too fast (2085.102539)
ServerLog: [GS] Removed prop_physics (ID: 116) for moving too fast (2027.477661)
] lua_run Entity(1):GetEyeTrace().Entity:GetPhysicsObject():EnableGravity( false )
> Entity(1):GetEyeTrace().Entity:GetPhysicsObject():EnableGravity( false )...
ServerLog: [GS] Removed prop_physics (ID: 173) for moving too fast (3906.458496)
ServerLog: [GS] Removed prop_physics (ID: 173) for moving too fast (2712.600098)
ServerLog: [GS] Removed prop_physics (ID: 173) for moving too fast (2712.600342)
ServerLog: [GS] Removed prop_physics (ID: 173) for moving too fast (5425.197754)
] lua_run Entity(1):GetEyeTrace().Entity:GetPhysicsObject():EnableGravity( false )
> Entity(1):GetEyeTrace().Entity:GetPhysicsObject():EnableGravity( false )...
ServerLog: [GS] Removed prop_physics (ID: 184) for moving too fast (3947.816406)
ServerLog: [GS] Removed prop_physics (ID: 184) for moving too fast (2998.009033)
ServerLog: [GS] Removed prop_physics (ID: 184) for moving too fast (2998.009033)
ServerLog: [GS] Removed prop_physics (ID: 184) for moving too fast (2998.009033)
ServerLog: [GS] Removed prop_physics (ID: 184) for moving too fast (2998.009033)
ServerLog: [GS] Removed prop_physics (ID: 184) for moving too fast (2998.009033)
ServerLog: [GS] Removed prop_physics (ID: 184) for moving too fast (2998.101620)
ServerLog: [GS] Removed prop_physics (ID: 184) for moving too fast (11495.438866)

Although it ended up removing the prop each time, you can see it took a multitude of tried before succeeding. Should note that this was single-player, which might account for how it got removed before becoming nan/inf.

This appears to happen often on here… one has to wonder if it’s meant to actually be fixed, or to be a how-to troll guide.

Especially considering the attention it gets from people that want to see how it works, but realistically can’t fix it.

Because it involves the community in a fix. This is an exploit that requires discussion among possible causes and how to tackle this issue. Just because you own servers does not mean you should be condemning those finding issues and reporting them, regardless of how they do it. Security through obscurity does not work.

Security through actually following logic and sending exploits to DEVELOPERS does work, however. Tinkering with it and giving it all this attention just gets it into the hands of more trolls and minges. GG.

This is a thread that will be overwhelmingly viewed by developers. It would have been different having posted in on MGPH or something, but now that he posted it here, I can actually get to improving my entity crash catching script and a possible fix. If he had just told a dev, I might have never gotten more info on what’s causing these infinite velocities.

Wow… so, you think that your script will somehow be used by all the folks that don’t get on here to read about it? Or, do you mean the script you use on YOUR servers?

Either way, again… you’re missing the point. Anyway, I’m out.

I don’t own servers. I’m talking about the script that is currently the only fix to VPhysics collision/velocity crashes since it’s impossible to fix it in the engine.

Yes my friend, this can be recreated with many props of a similar shape and size, e.g. doors and such alike.

–DownWithThePK

Funny thing is that it seems to crash when Crazy Physics detection tries to remove it.
It’s also naturally a vphysics error which is near impossible to properly fix.

Ok so you’re obviously someone a pker who are you just tell me lol because this is really funny and HILLARIOUS. Obviously someone mad and you’re a pker yourself in the other post you had 33.3ms lerp only I gave that command to a few people and you said you’re a minge yourself so whats with this betrayal and believe me I will find out who you are for this disgusting behaviour as its obvious its someone I taught/trained. - Dark

This’ll be fixed in the next update. You could have just reported it on GitHub or via PM, though.

cl_updaterate 30
cl_interp_ratio 1
cl_interp 0

You could do better by setting cl_updaterate to the server’s tickrate (or sv_maxupdaterate) though.

The current Metastruct crazy physics interceptor script prevents this crash without modification.
I exported it a few hours ago here: https://github.com/notcake/vphysics-airbag
and Willox made it obsolete a few hours ago.

You’re a bad man Willox ;-;
You even copied my terminology.

-Snip-

Didnt read the replies, I apologize.

[editline]18th February 2016[/editline]

Maybe your imbecilic PK-Mafia or whatever you call them shouldn’t place their server crash exploit INSIDE MY SERVER SPAWN AREA.

Aw fuck, I never thought of removing the physics object and recreating it. That’s a good script

aaaaaaaaand another old exploit that every pker knew about for years