Urban Terror Forums: SVN repository for ioUrbanTerror exploit fixes - Urban Terror Forums

Jump to content

 Login | Register 
Advertisement
  • (5 Pages)
  • +
  • « First
  • 2
  • 3
  • 4
  • 5
  • You cannot start a new topic
  • This topic is locked

SVN repository for ioUrbanTerror exploit fixes Rate Topic: ****- 6 Votes

#31 User is offline   XiniX Icon

  • Account: xinix
  • Country:
  • Joined: 28-February 10
  • Posts: 18
  • Notoriety: basic (gone)

Posted 02 October 2010 - 07:21 PM

:laugh: Maj?

but tbh, i have no idea.

if you do it alone, big up

This post has been edited by XiniX: 02 October 2010 - 07:31 PM


#32 User is offline   Rambetter Icon

  •   community dev   
  • Account: rambetter
  • Joined: 28-February 10
  • Posts: 1,140
  • Notoriety: basic (gone)

Posted 02 October 2010 - 09:48 PM

View PostXiniX, on 02 October 2010 - 07:21 PM, said:

:laugh: Maj?

but tbh, i have no idea.

if you do it alone, big up


I miss MaJ. He's afk in a major way.

#33 User is offline   Nitro Icon

  •   former FS member   
  • Account: nitro
  • Main tag: |PWNY|
  • Country:
  • Joined: 15-March 10
  • Posts: 1,130
  • Notoriety: basic (afk)

Posted 06 October 2010 - 02:27 AM

this thread should be stickied - very usefull
Corsair 230T Orange | Intel 6600K @ 4.8GHz | 16GB DDR4 2133MHz | 512GB Samsung 950pro NVMe SSD | 8GB AMD Radeon RX-480

#34 User is offline   Rambetter Icon

  •   community dev   
  • Account: rambetter
  • Joined: 28-February 10
  • Posts: 1,140
  • Notoriety: basic (gone)

Posted 14 October 2010 - 01:26 AM

I'm working on a new patch called "checkuserinfo.patch" after I discovered that it's possible to send specially crafted connect or userinfo packets that contain funny characters such as ';' (semicolon) or '\r' (carriage return) in the userinfo string proper.

In particular, I found the following disturbing. I sent a userinfo that looks like this more or less:

\challenge\1019066863\qport\303\protocol\68\name\Ramb;etter\rate\8000\cg_predictitems\0\snaps\20\model\sarge\headmodel\sarge\team_model\james\team_headmodel\*james\color1\4\color2\5\handicap\0\sex\male\cl_anonymous\0\teamtask\0\cl_guid\0BFCD16926A21814B98E42AAAF4ABF01

Note the semicolon in the name. The server accepted this just fine. In ioquake3 if I do an "/rcon status" I get the semicolon in the name, sure enough. However, the game engine converts this player's name to "badinfo". In fact if there is a semicolon anywhere in the userinfo the player's name becomes "badinfo" in the game engine.

However, since there is a semicolon in the name as far as the ioquake3 code is concerned, I'm worried that some kind of exploit is possible, although I have not been able to come up with one.

So, I'm writing a patch that has very strict guidelines on the structure and contents of the userinfo string for a client, just to be safe nothing bad happens in the future.

#35 User is offline   Nitro Icon

  •   former FS member   
  • Account: nitro
  • Main tag: |PWNY|
  • Country:
  • Joined: 15-March 10
  • Posts: 1,130
  • Notoriety: basic (afk)

Posted 14 October 2010 - 02:28 AM

Well spotted ramb :) good to see your still actively pursuing your goals :) and I'm loving these builds of your everyday by every patch, very handy :laugh:
Corsair 230T Orange | Intel 6600K @ 4.8GHz | 16GB DDR4 2133MHz | 512GB Samsung 950pro NVMe SSD | 8GB AMD Radeon RX-480

#36 User is offline   theRipper Icon

  • Account: theripper
  • Main tag: C.M.M.
  • Country:
  • Joined: 26-September 10
  • Posts: 924
  • Notoriety: basic (afk)

Posted 05 April 2011 - 02:25 PM

im trying to use this build but botAIsetupclient always fails :( how do i fix this?
A.K.A. [idgaf.]Face(Clan Leader)


#37 User is offline   Nitro Icon

  •   former FS member   
  • Account: nitro
  • Main tag: |PWNY|
  • Country:
  • Joined: 15-March 10
  • Posts: 1,130
  • Notoriety: basic (afk)

Posted 05 April 2011 - 05:22 PM

get rid of custom maps from the server, and only use supported maps :)
Corsair 230T Orange | Intel 6600K @ 4.8GHz | 16GB DDR4 2133MHz | 512GB Samsung 950pro NVMe SSD | 8GB AMD Radeon RX-480

#38 User is offline   theRipper Icon

  • Account: theripper
  • Main tag: C.M.M.
  • Country:
  • Joined: 26-September 10
  • Posts: 924
  • Notoriety: basic (afk)

Posted 05 April 2011 - 05:32 PM

View Postnitro, on 05 April 2011 - 05:22 PM, said:

get rid of custom maps from the server, and only use supported maps :)

i am.


no extra maps. just trying to run bots on mandolin with this exploit fix build. the build works and i tested forcecvar... works fine.


but when i go to addbots it gives me that error
A.K.A. [idgaf.]Face(Clan Leader)


#39 User is offline   Nitro Icon

  •   former FS member   
  • Account: nitro
  • Main tag: |PWNY|
  • Country:
  • Joined: 15-March 10
  • Posts: 1,130
  • Notoriety: basic (afk)

Posted 05 April 2011 - 07:33 PM

View PosttheRipper, on 05 April 2011 - 05:32 PM, said:

i am.


no extra maps. just trying to run bots on mandolin with this exploit fix build. the build works and i tested forcecvar... works fine.


but when i go to addbots it gives me that error



not all maps support bots, even the default ones.

not all maps support bots on all gametypes.
Corsair 230T Orange | Intel 6600K @ 4.8GHz | 16GB DDR4 2133MHz | 512GB Samsung 950pro NVMe SSD | 8GB AMD Radeon RX-480

#40 User is offline   theRipper Icon

  • Account: theripper
  • Main tag: C.M.M.
  • Country:
  • Joined: 26-September 10
  • Posts: 924
  • Notoriety: basic (afk)

Posted 05 April 2011 - 07:35 PM

mandolin does. i promise


it also cant find casa.bsp.

i compiled exactly as it says :/

maybe i installed the new binary wrong?
A.K.A. [idgaf.]Face(Clan Leader)


  • (5 Pages)
  • +
  • « First
  • 2
  • 3
  • 4
  • 5
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

Advertisement


Copyright © 1999-2018 Frozensand Games Limited  |  All rights reserved  |  Urban Terror™ and FrozenSand™ are trademarks of Frozensand Games Limited

Frozensand Games is a Limited company registered in England and Wales. Company Reg No: 10343942