Server Help

Trash Talk - Is it legal to crack around?
Qndre - Fri May 21, 2004 9:00 am
Post subject: Is it legal to crack around?
This question may look a bit stupid to you. Is it illegal to write a cheat for CONT (without reverse-engineering) and open-source it everywhere? biggrin.gif This may sound very funny but it's an important question for me. If I find a security-hole, am I allowed to publish source how to abuse it?
Dr Brain - Fri May 21, 2004 10:10 am
Post subject:
Allowed? I don't know.

But regardless, you will never play on SSC again if you do. And most smaller billers would ban you too, out of spite.

So, if you never want to play again... go for it!
ExplodyThingy - Fri May 21, 2004 11:55 am
Post subject:
Bans are nothing to him.
Qndre - Fri May 21, 2004 1:24 pm
Post subject:
ExplodyThingy wrote:
Bans are nothing to him.

It's true but I don't want to get in trouble. I think this should be an ironic statement. If you don't believe I can bypass, please look at my open-source download location
http://www.subspace-addicted.de.vu/downloads/
You showed you know ASM and that someone, who doesn't know isn't a programmer. I've created and open-sourced a piece of code called "UNTRACK.ASM" - download it if you want and look if it is useful and if your ironic statement still matches or if it should be turned into a statement which means what you write in it.
Last but not least it is true that the code "UNTRACK.ASM" may or may not work on CONT client because there are some very advanced tracking methods and memory is encrypted, no permission to access memory, etc. so I can't give any guarantee that it works on every client.
Mine GO BOOM - Fri May 21, 2004 2:13 pm
Post subject:
Qndre wrote:
http://www.subspace-addicted.de.vu/downloads/



Anyways, releasing object files is pointless, its just an intermediate step between source code and executable program. And what does release-id mean? Most places use MD5 or some other checksums to verify correct file. If this is what you meant, Summer Properties is a program I'm sure you'd enjoy. Right click on any file, Properties, and there is a new tab called Checksums. Can do CRC16, CRC32, MD5, and SHA1 checksums on any file in a very simple way.

As for the untrack, you could do the same thing with a very simple registry change, which has been published a long time ago back in Twister days. I believe Catid also has the location for the registry values on his site, but I don't believe he has the old program in which it did the changes for you.

If you do find an exploit in almost any program, usually the kindest way to resolve the problem is to email the creators of the program exact what the exploit is, how to use it, some of the damages that can occur from this exploit, and a time frame before you would make public the exploit. This allows the developer of the software time to fix the problem before it can be used against the public.
Qndre - Fri May 21, 2004 3:05 pm
Post subject:
Mine GO BOOM wrote:

[..] And what does release-id mean? Most places use MD5 or some other checksums to verify correct file. If this is what you meant, Summer Properties is a program I'm sure you'd enjoy. Right click on any file, Properties, and there is a new tab called Checksums. Can do CRC16, CRC32, MD5, and SHA1 checksums on any file in a very simple way.

The release-ID is an MD4-hash generated out of filename and version number. So if you have "file.nam" and "1.0.0" it's the MD4 of "file.nam1.0.0" (no caps within the file name so "FiLe.NaM" would also be MD4 of "filenam1.0.0"). It's not meant as a checksum but for some later internal usage (in case the download area gets too huge - you could write a search-engine or a download manager with unique release-IDs).
Quote:

its just an intermediate step between source code and executable program

Yes. It contains binary assembly code without a EXE header. It's not executable because much information is missing or in the incorrect form.
Quote:

which has been published a long time ago back in Twister days

Just downloaded Twister - how was it possible to modify weapony, energy, etc. without making security checksums invalid.
Cyan~Fire - Fri May 21, 2004 4:41 pm
Post subject:
Qndre wrote:
The release-ID is an MD4-hash generated out of filename and version number. So if you have "file.nam" and "1.0.0" it's the MD4 of "file.nam1.0.0" (no caps within the file name so "FiLe.NaM" would also be MD4 of "filenam1.0.0"). It's not meant as a checksum but for some later internal usage (in case the download area gets too huge - you could write a search-engine or a download manager with unique release-IDs).

WTF are you talking about? Can't you just use Ctrl+F?
Anonymous - Fri May 21, 2004 5:02 pm
Post subject:
Qndre wrote:
[..]


Just downloaded Twister - how was it possible to modify weapony, energy, etc. without making security checksums invalid.


Wasn't.
It worked nicely for offline mode, if you were smod+ or if the owner were too numb to turn the security setting on.
Otherwise it would send red checksum errors all over the place.
k0zy - Fri May 21, 2004 5:04 pm
Post subject:
Mine GO BOOM wrote:
I believe Catid also has the location for the registry values on his site, but I don't believe he has the old program in which it did the changes for you.


There are other programs that do it for you.

I think legally they are used if two or more pcs on a network have the same id, because the same image was copied to their hd.

Bob Dole.. Bob Dole... Bob Dole...... bob dole.... bob... dole....
ExplodyThingy - Fri May 21, 2004 6:35 pm
Post subject:
Oh the humanity! WOnt someone make it stop!
Mr Ekted - Fri May 21, 2004 7:45 pm
Post subject:
The only effect publishing Cont cheats will have is that Cont will be updated to make the cheats useless. If you find a "hole", the proper thing to do is quietly notify Priit or myself. Using a cheat--other than to show us that it really works--will result in a very long SSC netban.
Qndre - Sat May 22, 2004 4:56 am
Post subject:
Mr Ekted wrote:
The only effect publishing Cont cheats will have is that Cont will be updated to make the cheats useless. If you find a "hole", the proper thing to do is quietly notify Priit or myself. Using a cheat--other than to show us that it really works--will result in a very long SSC netban.

Yes. Didn't find such a security-hole where I expected it. biggrin.gif I expected that the keystream and seed is transferred between "subgame2" and "subspace.exe" using STACK, ALU-registers or some unprotected memory. So I wrote some ASM code to replace "subspace.exe" with or to simultanously log the staffic on these registers, but I wasn't successful. Seems to be that the memory segment (which is used to exchange that data) is encrypted or elsewhere hidden. So useless anyways. Good work! No security hole! icon_cool.gif
Mr Ekted - Sat May 22, 2004 8:16 am
Post subject:
Keystreams are not transferred in any encryption system. Keys are.
Qndre - Sat May 22, 2004 10:05 am
Post subject:
Mr Ekted wrote:
Keystreams are not transferred in any encryption system. Keys are.

With "transfer" I don't mean that they are sent around the network and exchanged between server and client but the exchange between server and keystream generator (which has to be done somehow because the keystream generator is seperate from the server and not within it).
_
So if the server needs to get a keystream, it may give the seed to the keystream generator. But the keystream generator also has to put the response (the keystream) somewhere in memory.
_
Without any "exchange" or "transfer" of the keystreams, the CONT encryption system wouldn't work because the server needs a keystream for the encryption, but cannot itself generate it. So it calls the keystream generator, which is in the "./version1/" directory and has the filename "subspace.exe".
_
To proof that the "./version1/subspace.exe" generates the keystream, open "scrty1" (the keystream) in Notepad or somewhere and call "subgame2" - you see it has been changed. Now rename the "subspace.exe" in the "./version1/" folder to something else, for example "hello.two"! Run "subgame2" again and "scrty1" won't change any more. If you now log in using CONT you will see that it suddenly uses VIE encryption to encrypt the login packet as well as the VIE handshake (01, 05, 06, 02) instead of CONT encryption and CONT handshake (01, 10, 11). But of course CONT doesn't stay connected using VIE encryption, but disconnects immediatelly.
Mr Ekted - Sun May 23, 2004 10:31 am
Post subject:
What color is the sky in your world?
Qndre - Sun May 23, 2004 12:54 pm
Post subject:
Mr Ekted wrote:
What color is the sky in your world?

You don't believe me, do you?
_
You yourself said that the server cannot itself generate a keystream, but only the client can. So the server calls the client (which is in "./version1/" folder) to generate a keystream.
_
If you rename the "subspace.exe" in "./version1/", delete the "scrty" and "scrty1" in server's folder and connect with CONTINUUM client over a logged connection, you will see the VIE Subspace handshake and VIE-encrypted login packet in the log. CONTINUUM disconnects immediatelly after the login with an error message about a version-conflict.
_
This may not work on ContinuumOnly-Zones but it prooves that CONTINUUM client still contains a VIE-like encryption.
Paine - Sun May 23, 2004 12:57 pm
Post subject:
dude, he didnt say he didnt believe you, he just wanted to know what colour the sky was >^..^<
Qndre - Sun May 23, 2004 2:03 pm
Post subject:
To proove it I've logged two sessions:
_
1. With VIE decryption:
http://www.subspace-addicted.de.vu/downloads/packets.txt
_
2. Without VIE decryption:
http://www.subspace-addicted.de.vu/downloads/packets2.txt
_
I've taken these two logs from a CONT-disabled ("scrty1"-removed and "subspace.exe"-renamed) "subgame2"-Server!
ExplodyThingy - Sun May 23, 2004 4:33 pm
Post subject:
Gasp! Qndre is right again and Ekted is wrong! What is the sun? There is no sky...
nintendo64 - Sun May 23, 2004 4:36 pm
Post subject:
ExplodyThingy wrote:
Gasp! Qndre is right again and Ekted is wrong! What is the sun? There is no sky...


Explody... icon_lol.gif icon_smile.gif biggrin.gif

-nintendo64
Mr Ekted - Sun May 23, 2004 4:56 pm
Post subject:
He's a child let loose in a nuclear power plant. He's pressing random buttons and guessing what they do, while the rest of us watch in horror. He knows enough to be annoying, but not enough to be useful.
Mine GO BOOM - Sun May 23, 2004 5:49 pm
Post subject:
Qndre wrote:
This may not work on ContinuumOnly-Zones but it prooves that CONTINUUM client still contains a VIE-like encryption.

Yes, Continuum does contain the VIE encryption. In fact, there is a special way to force any Continuum client to use VIE encryption instead, while still blocking VIE clients/bots. ASSS, in its unreleased form, had to do this, because neither Grelminar nor I could make heads or tails of getting the Continuum encryption to work. After a while, Priit through together a bit more code and filled in the holes.

But you went about figuring this out in the wrong way. Continuum's encryption method is not based on VIE encryption in anyway. They exchange keys differently, their encryption method are different, their 'streams' treat data differently, their tables are formatted differently. The only thing thats the same is that both of them work on the same set of input/output data.
Qndre - Mon May 24, 2004 6:15 am
Post subject:
Mine GO BOOM wrote:

But you went about figuring this out in the wrong way. Continuum's encryption method is not based on VIE encryption in anyway.

That's right. I've seen a piece of code which handles encryption - it puts data and key stuff in different dwords, rotates (leftshifts in encryption, rightshifts in decryption) them somehow and combines them with the key in a strange way. It's a very complicated algorithm and I don't understand how the decryption algorithm reverses the encryption algorithm because the number of bits they are rotated are the lowest bytes from the input dword, so decryption cannot know how much it is rotated. However there is a way to decrypt, otherwise it wouldn't make sense. biggrin.gif In fact I don't know much about the encryption and I have to admit that I'm not really interested in it any more. I've written a self-coded encryption and I am very content with it. The next difficulty is the client-side implementation of user-database and server-side implementation of my self-coded encryption.
Mr Ekted - Mon May 24, 2004 10:00 am
Post subject:
Qndre wrote:
[..]I've written a self-coded encryption and I am very content with it.


You should post it here so we can see how secure it is.
Dr Brain - Mon May 24, 2004 11:23 am
Post subject:
^.^
liito-orava - Tue May 25, 2004 11:01 am
Post subject:
ExplodyThingy wrote:
Bans are nothing to him.

Yep.

quotes.ssforum.net wrote:
P Op>Coster *kill
Player kicked off

minute later..

P Qndre> h3h3
P Qndre> Bypass
5:Qndre> changine MACID and PERMISSIONID is so simple
50% Packetloss - Tue May 25, 2004 11:18 am
Post subject:
If that was from a SSC zone, it is network policy to netban you for avoiding a ban aka cheating because the client doesn't avoid bans on its own.
http://www.ssforum.net/index.php?showtopic=3600
You obviously have no self control. Just lame.
Qndre - Tue May 25, 2004 12:21 pm
Post subject:
50% Packetloss wrote:
If that was from a SSC zone, it is network policy to netban you for avoiding a ban aka cheating because the client doesn't avoid bans on its own.
http://www.ssforum.net/index.php?showtopic=3600
You obviously have no self control. Just lame.

I didn't modify the client but only the sources of BAN information (hardware-profile, machineID, permissionID, etc. are read from somewhere - you are usually able to change these sources)!
Dr Brain - Tue May 25, 2004 12:32 pm
Post subject:
Yes, that's why it's called cheating. Because you didn't do it with the client.
Mr Ekted - Tue May 25, 2004 12:56 pm
Post subject:
Qndre has gone from being our resident fool, to being our resident SS terrorist. I liked the fool better.
Cyan~Fire - Tue May 25, 2004 1:48 pm
Post subject:
I dunno if you noticed, but the funny thing about that quote is that the op did not specify a time, which only kicks a player off, not bans them.
k0zy - Tue May 25, 2004 2:03 pm
Post subject:
Cyan~Fire wrote:
I dunno if you noticed, but the funny thing about that quote is that the op did not specify a time, which only kicks a player off, not bans them.


Yeah, I thougt that that's why it was actually quoted.

Bob Dole.. Bob Dole... Bob Dole...... bob dole.... bob... dole....
ExplodyThingy - Tue May 25, 2004 2:03 pm
Post subject:
Thats why its a fucking quote on quotes.ssforum.net. Because he thinks he bypassed when there was nothing there to bypass. I swear youre all inept.
nintendo64 - Tue May 25, 2004 2:05 pm
Post subject:
Cyan~Fire wrote:
I dunno if you noticed, but the funny thing about that quote is that the op did not specify a time, which only kicks a player off, not bans them.


That's why it's on the quotes, because Qndre didn't bypass anything, besides *kill can be bypassed very easily that's why you should only use it to boot rather than ban.

More Qndre funny quotes at:
http://quotes.ssforum.net/index.php?search=qndre

My favorite:
Quote:
6:Explody Thingy> Write it into chat in 1 line.
6:Qndre> but why should i publish it?
6:Qndre> printf 'Hello World';
6:Qndre> icon_smile.gif
6:Solo Ace> ...
6:Qndre> rofl
6:Explody Thingy> Wrong bitch
6:Qndre> wrong?
6:Solo Ace> printf("Hello idiot");
6:Qndre> after a look into C book i'd also told you this
6:Explody Thingy> #include <stdio.h> int main(int argc, char *argv[]) {printf("Hello world."); return 1; }
6:Qndre> you don't need this include fuck - it's only in Visual C++
6:Solo Ace> lol
6:Solo Ace> yes you do
6:Explody Thingy> Ouch
6:Explody Thingy> That hurt my head
6:Qndre> it's only needed for Visual C++
6:Solo Ace> Qndre
6:Solo Ace> go kill yourself
6:Explody Thingy> Qndre Ill hurt you
6:Qndre> y?
6:Broken God> What compiler does not require the include?
6:Qndre> stdio.h is specific include for Visual Studio
6:Explody Thingy> std is a standrad C compliant library
6:Explody Thingy> so stdio is in all
6:Explody Thingy> so its #included as needed
6:Explody Thingy> In all
6:Broken God> And you're saying that in, lets say gcc, you could just do without the include?
6:Qndre> i thouglt stdio = visual STuDIO
6:Solo Ace> LOL
6:Qndre> stdio = STuDIO
6:Qndre> icon_smile.gif


-nintendo64
Mr Ekted - Tue May 25, 2004 2:16 pm
Post subject:
ExplodyThingy wrote:
Thats why its a fucking quote on quotes.ssforum.net. Because he thinks he bypassed when there was nothing there to bypass. I swear youre all inept.


Hahaha. Pwnt.
Mr Ekted - Tue May 25, 2004 2:19 pm
Post subject:
OMG nin! That log is almost as good as that cybersex one with the "wizard robe and hat"!
CypherJF - Tue May 25, 2004 4:40 pm
Post subject:
Ekted comes up w/ the best responces ever.. lol
Mine GO BOOM - Tue May 25, 2004 8:30 pm
Post subject:
This whole thread reminds me of something someone once said:

Quote:
ME: "Hmmm, I need to buy a chocolate cereal, but I don't know which one to purchase. What should I do?"
RIGHT SIDE OF MY BRAIN: "Woooah there, looky at that! Choco Donuts! The 'O' is a graphical representation of the aforementioned chocolate donut! This appeals to me on many unique levels! Buy that! Buy that! Buy that!"
LEFT SIDE OF MY BRAIN: "While that small chocolate donut drawing replacing the 'O' is indeed nice, I think we should instead take a big steaming dump right here in the middle of the store! It's the logical thing to do."
RIGHT SIDE OF MY BRAIN: "No! No dumping! Choco Donuts! Choco Donuts!"
LEFT SIDE OF MY BRAIN: "Shut up you! We're going to pull down our pants and just shit all over the place now. This is going to be great, you just watch. You'll thank me for this later, right side."
RIGHT SIDE OF MY BRAIN: "No dumping! No dumping! Choco Donuts!"
ME: "I think I'll purchase these Quaker Oats' Cap'n Crunch's OOPS! Choco Donuts."
RIGHT SIDE OF MY BRAIN: "HOORAY!!!"
ME: "Then I'll piss on the cashier."
LEFT SIDE OF MY BRAIN: "HOORAY!!!"
All times are -5 GMT
View topic
Powered by phpBB 2.0 .0.11 © 2001 phpBB Group