Renegade Public Forums
C&C: Renegade --> Dying since 2003™, resurrected in 2024!
Home » Tiberian Technologies / Blackhand Studios » Tiberian Technologies Forum » How did this happen?
Re: How did this happen? [message #440278 is a reply to message #440271] Mon, 29 November 2010 13:18 Go to previous messageGo to next message
Prulez is currently offline  Prulez
Messages: 439
Registered: August 2005
Location: The Netherlands
Karma: 0
Commander
Hypnos wrote on Mon, 29 November 2010 21:02

@Prulez:- I take it you're referring to the capability to scan for the likes of Big Bodies, Big Heads, RGH, etc?

Yes, I've seen logs of the data folder being scanned for models.

As for Whiskey:

"As far as I am concerned this can only be executed from the server, and thus only by server owners, people with access to the FDS or with a bot that allows people to execute that command. Yes, it is a loophole, and quite a big one too, but I deem the chance slim that this would have been abused in the past. Also, as far as I know, you can only check the files in place; not actually read them. That is, only if you have access to the command."


http://i32.tinypic.com/2j1rey8.png

nikki6ixx wrote on Fri, 08 May 2009 19:47

Every so often, I get this positive feeling that humanity can somehow, possibly attain pure awesomeness, and enlightenment, and that there is light at the end of the road for us all. However, I only need to go to the latest HUD thread at RenForums to remind me of how dumb I was for thinking such stupid things.
Re: How did this happen? [message #440279 is a reply to message #440237] Mon, 29 November 2010 13:24 Go to previous messageGo to next message
Canadacdn is currently offline  Canadacdn
Messages: 1830
Registered: September 2005
Location: Temple of Nod
Karma: 0
General (1 Star)
PLECOS MASTER
What a joke.

GG guys.
Re: How did this happen? [message #440280 is a reply to message #440279] Mon, 29 November 2010 13:34 Go to previous messageGo to next message
Jerad2142 is currently offline  Jerad2142
Messages: 3809
Registered: July 2006
Location: USA
Karma: 6
General (3 Stars)
It is fail, but it was going to happen sooner or later, your just asking for trouble when the source code starts getting out to the testers.

However I don't see this killing renegade by any means. I mean really, who the fuck would still design cheats for Renegade its getting to be boring enough making mods for it, let alone making cheats for its already shrinking player base. Thumbs Up

Worse case we just go into the code and change a few lines here and there and that'll keep the cheaters guessing for years how to make that already way out of date release compatible with the current/new TT code revisions.

(Shame he didn't release an exe of 4.0 in there, I think that'd probably start doing exactly the opposite of what he wanted and people would start coming back to the game).


Re: How did this happen? [message #440282 is a reply to message #440237] Mon, 29 November 2010 13:41 Go to previous messageGo to next message
GoTWhisKéY is currently offline  GoTWhisKéY
Messages: 320
Registered: July 2004
Location: Canada
Karma: 0
Recruit
There is a scripts4.0.exe in there... i'm gonna try installing it when i get home

Old School Renny

Re: How did this happen? [message #440283 is a reply to message #440237] Mon, 29 November 2010 13:44 Go to previous messageGo to next message
StealthEye is currently offline  StealthEye
Messages: 2518
Registered: May 2006
Location: The Netherlands
Karma: 0
General (2 Stars)

I wasn't aware of this exploit, but as far as I can see from the code, it is only possible to check whether a file exists. i.e. it is not possible to get file listings or something which seemed to be suggested above.

BlackIntel admin/founder/coder
Please visit http://www.blackintel.org/
Re: How did this happen? [message #440286 is a reply to message #440283] Mon, 29 November 2010 13:47 Go to previous messageGo to next message
Jerad2142 is currently offline  Jerad2142
Messages: 3809
Registered: July 2006
Location: USA
Karma: 6
General (3 Stars)
StealthEye wrote on Mon, 29 November 2010 13:44

I wasn't aware of this exploit, but as far as I can see from the code, it is only possible to check whether a file exists. i.e. it is not possible to get file listings or something which seemed to be suggested above.

Indeed, and with out the dir command it would be a lot of "fun" to find anything on someone's hard drive, as you'd have to guess every folder and then on top of that guess the name of the file your after in those folders. And after all that work, you'd get an all useful "The file Exists" or "SOL no file" sounds worth one's time doesn't it.


Re: How did this happen? [message #440289 is a reply to message #440237] Mon, 29 November 2010 13:57 Go to previous messageGo to next message
GoTWhisKéY is currently offline  GoTWhisKéY
Messages: 320
Registered: July 2004
Location: Canada
Karma: 0
Recruit
The fact that it has the capability to scan your hard drive at all - that means the loophole is there and CAN be abused. Troop mentioned using a 'private' brenbot plugin with it, and Hypno's said a server owner used it to bring up private message logs... Now whats true and whats not, who knows. But if it can 'see' the files', it can essencially read them. It can probably be written into brenbot as a plugin, if it hasn't been already.

No matter the case, if that loophole exists, what else does in this 3rd party software that all of us Renegade players are using.

EA isn't going to be happy about their netcode being leaked either.


Old School Renny

[Updated on: Mon, 29 November 2010 13:58]

Report message to a moderator

Re: How did this happen? [message #440293 is a reply to message #440289] Mon, 29 November 2010 14:09 Go to previous messageGo to next message
EvilWhiteDragon is currently offline  EvilWhiteDragon
Messages: 3751
Registered: October 2005
Location: The Netherlands
Karma: 0
General (3 Stars)

GoTWhisKéY wrote on Mon, 29 November 2010 21:57

The fact that it has the capability to scan your hard drive at all - that means the loophole is there and CAN be abused. Troop mentioned using a 'private' brenbot plugin with it, and Hypno's said a server owner used it to bring up private message logs... Now whats true and whats not, who knows. But if it can 'see' the files', it can essencially read them. It can probably be written into brenbot as a plugin, if it hasn't been already.

No matter the case, if that loophole exists, what else does in this 3rd party software that all of us Renegade players are using.

EA isn't going to be happy about their netcode being leaked either.

The scan code should indeed be limited to the Renegade dir only, if we decide to keep it in place.

The source code from EA was AFAIK not about the netcode, but that is probably of little relevance. They will not like it anyways.

The netcode bits are highly annoying as it could make servers rather vulnerable for crashes.


http://www.blackintel.org/usr/evilwhitedragon/pointfix.gif
BlackIntel admin/founder/PR dude (not a coder)
Please visit http://www.blackintel.org/

V, V for Vendetta

People should not be afraid of their governments.
Governments should be afraid of their people.
Re: How did this happen? [message #440295 is a reply to message #440237] Mon, 29 November 2010 14:22 Go to previous messageGo to next message
TheBeerinator is currently offline  TheBeerinator
Messages: 141
Registered: November 2010
Karma: 0
Recruit
Oh boy, best not click okay on that EULA. This is not a new technique at all. Hell, if you ever play a blizzard game there is an entire DLL just for watching what you have running while you play.

http://i47.photobucket.com/albums/f186/thebeerinator/My%20Stuffs/Tentacles-1.png
Re: How did this happen? [message #440297 is a reply to message #440237] Mon, 29 November 2010 14:27 Go to previous messageGo to next message
Xpert is currently offline  Xpert
Messages: 1588
Registered: December 2005
Location: New York City
Karma: 0
General (1 Star)
Ugh people keep speculating and making up shit. Reading logs using MAPCH? Who ever said that is full of shit and is just making up things.

*On #Jelly*
Quote:


<Xpert> MAPCH is harmless
<Xpert> It doesn't support wildcard. You can look for any filepath yes, but not wildcard for a specific file.
<Xpert> The only useful thing about it is probably checking if the user has big bodies files.



So in short, if I wanted to look for someone's rgh.exe file on their computer, I would need to know the EXACT file path it's in for me to know if the user has it or not. There's no wildcard, so therefore it's impossible to pinpoint a file name without knowing where the file is.

So stop worrying that we're looking through your whole C drive or whatever.

And as far as this goes, I think it only works for your renegade folder.


http://i32.photobucket.com/albums/d42/XpertMaverick/xpertyankee.jpg

Creator of NetGuard, an IRC network regulator.
Developer of the CloudyServ 0.982-X project.
Developer of the CloudyServ Ren-X bot.

Part time streamer - https://twitch.tv/gg_wonder

[Updated on: Mon, 29 November 2010 14:29]

Report message to a moderator

Re: How did this happen? [message #440298 is a reply to message #440297] Mon, 29 November 2010 14:30 Go to previous messageGo to next message
Starbuzzz
Messages: 1637
Registered: June 2008
Karma: 0
General (1 Star)
So troops's actions are very damaging. Will it really kill the game? I am trying to be optimistic.

What's the damage control on this thing? How many months before any new strains of cheats?


http://img30.imageshack.us/img30/8746/buzzsigfinal.jpg
Re: How did this happen? [message #440299 is a reply to message #440237] Mon, 29 November 2010 14:32 Go to previous messageGo to next message
Hypnos is currently offline  Hypnos
Messages: 683
Registered: August 2009
Location: Scotland
Karma: 0
Colonel
@Xpert - I'm not making things up, I saw the EKT Launcher working, and it used a modified version of this MAPCH function, or at least something similar to pull up logs and internet history.

http://i33.tinypic.com/2ls7bzb.png

Caveman wrote on Fri, 21 January 2011 08:26

Well this topic is still going on. I have to say I haven't watched much Anime recently (maybe a year or so) the last thing I saw was GITS (for the third time)

Im not too sure whether I just dont enjoy Anime anymore or whether its just I dont have time really to shit and watch it.






Re: How did this happen? [message #440300 is a reply to message #440237] Mon, 29 November 2010 14:34 Go to previous messageGo to next message
StealthEye is currently offline  StealthEye
Messages: 2518
Registered: May 2006
Location: The Netherlands
Karma: 0
General (2 Stars)

Quote:

But if it can 'see' the files', it can essencially read them. It can probably be written into brenbot as a plugin, if it hasn't been already.
No, it can not read them. It can only ask the client "hey, does this file exist?" and then the client says either "yes" or "no". I'm pretty confident you can't abuse this to read files by any server side modification.

If something pulled up logs and internet history, it's probably not related at all to this mapch function (nor any other Renegade function I know of).


BlackIntel admin/founder/coder
Please visit http://www.blackintel.org/
Re: How did this happen? [message #440302 is a reply to message #440298] Mon, 29 November 2010 14:36 Go to previous messageGo to next message
Xpert is currently offline  Xpert
Messages: 1588
Registered: December 2005
Location: New York City
Karma: 0
General (1 Star)
Starbuzzz wrote on Mon, 29 November 2010 16:30


So troops's actions are very damaging.



Somewhat.

Starbuzzz wrote on Mon, 29 November 2010 16:30


Will it really kill the game?



No.

Starbuzzz wrote on Mon, 29 November 2010 16:30


I am trying to be optimistic.



Good, stay that way.


Starbuzzz wrote on Mon, 29 November 2010 16:30


What's the damage control on this thing? How many months before any new strains of cheats?



It's not that bad really, from what I've seen really. Also, anyone with 4.0, it automatically triggers [BIATCH]'s netcode hack detection because of the different netcode in 4.0 being different. Ya people probably got a sneak peak at what TT looks like, but there's no anti-cheat in there or anything important. And from the logs, looks like this code is over 6 months old. The binaries are recent but not the code.


http://i32.photobucket.com/albums/d42/XpertMaverick/xpertyankee.jpg

Creator of NetGuard, an IRC network regulator.
Developer of the CloudyServ 0.982-X project.
Developer of the CloudyServ Ren-X bot.

Part time streamer - https://twitch.tv/gg_wonder
Re: How did this happen? [message #440303 is a reply to message #440299] Mon, 29 November 2010 14:37 Go to previous messageGo to next message
Xpert is currently offline  Xpert
Messages: 1588
Registered: December 2005
Location: New York City
Karma: 0
General (1 Star)
Hypnos wrote on Mon, 29 November 2010 16:32

@Xpert - I'm not making things up, I saw the EKT Launcher working, and it used a modified version of this MAPCH function, or at least something similar to pull up logs and internet history.


That's a 3rd party program, that's different. Goku did something malicious his own way and people were stupid enough to download it. Not to mention he used *cheat name removed*himself. But that's a different story.


http://i32.photobucket.com/albums/d42/XpertMaverick/xpertyankee.jpg

Creator of NetGuard, an IRC network regulator.
Developer of the CloudyServ 0.982-X project.
Developer of the CloudyServ Ren-X bot.

Part time streamer - https://twitch.tv/gg_wonder
Re: How did this happen? [message #440310 is a reply to message #440237] Mon, 29 November 2010 14:54 Go to previous messageGo to next message
Gen_Blacky is currently offline  Gen_Blacky
Messages: 3250
Registered: September 2006
Karma: 1
General (3 Stars)
Indeed i have been using mapch for years to check for object files and other sensitive files that can be used as cheats. mapch is harmless you have to know the exact filename and you cant access any of files only check if the client has the file.

http://s18.postimage.org/jc6qbn4k9/bricks3.png

[Updated on: Mon, 29 November 2010 14:54]

Report message to a moderator

Re: How did this happen? [message #440326 is a reply to message #440237] Mon, 29 November 2010 15:35 Go to previous messageGo to next message
Renardin6 is currently offline  Renardin6
Messages: 1570
Registered: December 2003
Location: Belgium
Karma: 0
General (1 Star)

who banned him in the first place? I know the reason but come on... when you know someone has all your code...damn you think twice before banning him...

If the result is: This game is fucked, then I change of engine for Reborn. All the graphical stuff is done for now and I know a mod that will be ready for our stuff (RenX).

Re: How did this happen? [message #440328 is a reply to message #440326] Mon, 29 November 2010 15:53 Go to previous messageGo to next message
EvilWhiteDragon is currently offline  EvilWhiteDragon
Messages: 3751
Registered: October 2005
Location: The Netherlands
Karma: 0
General (3 Stars)

Renardin6 wrote on Mon, 29 November 2010 23:35

who banned him in the first place? I know the reason but come on... when you know someone has all your code...damn you think twice before banning him...

If the result is: This game is fucked, then I change of engine for Reborn. All the graphical stuff is done for now and I know a mod that will be ready for our stuff (RenX).



Troop shouldn't have had the code. It was due to Troop's asshattery and Jonwil's error of leaving a previous leak on an open webdir, that Troop could get the code.
Yes errors have been made, but banning troop is not one of them.

Oh and please move your mod over to RenX, saves JW a lot of time.


http://www.blackintel.org/usr/evilwhitedragon/pointfix.gif
BlackIntel admin/founder/PR dude (not a coder)
Please visit http://www.blackintel.org/

V, V for Vendetta

People should not be afraid of their governments.
Governments should be afraid of their people.
Re: How did this happen? [message #440331 is a reply to message #440328] Mon, 29 November 2010 16:09 Go to previous messageGo to next message
Gen_Blacky is currently offline  Gen_Blacky
Messages: 3250
Registered: September 2006
Karma: 1
General (3 Stars)
EvilWhiteDragon wrote on Mon, 29 November 2010 16:53

Renardin6 wrote on Mon, 29 November 2010 23:35

who banned him in the first place? I know the reason but come on... when you know someone has all your code...damn you think twice before banning him...

If the result is: This game is fucked, then I change of engine for Reborn. All the graphical stuff is done for now and I know a mod that will be ready for our stuff (RenX).



Troop shouldn't have had the code. It was due to Troop's asshattery and Jonwil's error of leaving a previous leak on an open webdir, that Troop could get the code.
Yes errors have been made, but banning troop is not one of them.

Oh and please move your mod over to RenX, saves JW a lot of time.


Troop had the code long before this. Why give code out to beta testers.


http://s18.postimage.org/jc6qbn4k9/bricks3.png

[Updated on: Mon, 29 November 2010 16:09]

Report message to a moderator

Re: How did this happen? [message #440333 is a reply to message #440328] Mon, 29 November 2010 16:15 Go to previous messageGo to next message
Renardin6 is currently offline  Renardin6
Messages: 1570
Registered: December 2003
Location: Belgium
Karma: 0
General (1 Star)

EvilWhiteDragon wrote on Mon, 29 November 2010 23:53


Oh and please move your mod over to RenX, saves JW a lot of time.


With such answer, I begin to understand why you get your stuff leaked. What a pity.
Re: How did this happen? [message #440334 is a reply to message #440331] Mon, 29 November 2010 16:16 Go to previous messageGo to next message
EvilWhiteDragon is currently offline  EvilWhiteDragon
Messages: 3751
Registered: October 2005
Location: The Netherlands
Karma: 0
General (3 Stars)

Gen_Blacky wrote on Tue, 30 November 2010 00:09

EvilWhiteDragon wrote on Mon, 29 November 2010 16:53

Renardin6 wrote on Mon, 29 November 2010 23:35

who banned him in the first place? I know the reason but come on... when you know someone has all your code...damn you think twice before banning him...

If the result is: This game is fucked, then I change of engine for Reborn. All the graphical stuff is done for now and I know a mod that will be ready for our stuff (RenX).



Troop shouldn't have had the code. It was due to Troop's asshattery and Jonwil's error of leaving a previous leak on an open webdir, that Troop could get the code.
Yes errors have been made, but banning troop is not one of them.

Oh and please move your mod over to RenX, saves JW a lot of time.


Troop had the code long before this. Why give code out to beta testers.

We don't, AND FUCK YOU IF YOU DON'T WANT TO READ MY POSTS.

As said, at some point it was on a open webdir (because of a leak related to Hex/Jnz). In that time Troop apparently found it and stored it so he could use it to show the world what kind of FUCKTARD he actually is at a later time.

Also, if you knew he had the code, why didn't you warn us about it? Would've been nice to actually get support from the community for once.


http://www.blackintel.org/usr/evilwhitedragon/pointfix.gif
BlackIntel admin/founder/PR dude (not a coder)
Please visit http://www.blackintel.org/

V, V for Vendetta

People should not be afraid of their governments.
Governments should be afraid of their people.
Re: How did this happen? [message #440338 is a reply to message #440334] Mon, 29 November 2010 16:24 Go to previous messageGo to next message
Gen_Blacky is currently offline  Gen_Blacky
Messages: 3250
Registered: September 2006
Karma: 1
General (3 Stars)
EvilWhiteDragon wrote on Mon, 29 November 2010 17:16

Gen_Blacky wrote on Tue, 30 November 2010 00:09

EvilWhiteDragon wrote on Mon, 29 November 2010 16:53

Renardin6 wrote on Mon, 29 November 2010 23:35

who banned him in the first place? I know the reason but come on... when you know someone has all your code...damn you think twice before banning him...

If the result is: This game is fucked, then I change of engine for Reborn. All the graphical stuff is done for now and I know a mod that will be ready for our stuff (RenX).



Troop shouldn't have had the code. It was due to Troop's asshattery and Jonwil's error of leaving a previous leak on an open webdir, that Troop could get the code.
Yes errors have been made, but banning troop is not one of them.

Oh and please move your mod over to RenX, saves JW a lot of time.



Troop had the code long before this. Why give code out to beta testers.

We don't, AND FUCK YOU IF YOU DON'T WANT TO READ MY POSTS.

As said, at some point it was on a open webdir (because of a leak related to Hex/Jnz). In that time Troop apparently found it and stored it so he could use it to show the world what kind of FUCKTARD he actually is at a later time.

Also, if you knew he had the code, why didn't you warn us about it? Would've been nice to actually get support from the community for once.



"Also, if you knew he had the code, why didn't you warn us about it? Would've been nice to actually get support from the community for once." because jonwill gave it to him i can be completely wrong just what i heard from troop himself.

Read my server owner post



http://s18.postimage.org/jc6qbn4k9/bricks3.png

[Updated on: Mon, 29 November 2010 16:32]

Report message to a moderator

Re: How did this happen? [message #440347 is a reply to message #440237] Mon, 29 November 2010 18:07 Go to previous messageGo to next message
jonwil is currently offline  jonwil
Messages: 3557
Registered: February 2003
Karma: 0
General (3 Stars)

I can assure you I did NOT give Trooprm02 this code.
What happened is that at some point, I uploaded a file (containing a really old code dump of 4.0) to a server that was not as secure as I assumed it was. Once I found out that the file wasnt secure, I immediately removed it. Until this leak happened, I was unaware that anyone outside of TT even HAD the source code.

I for one do not intend to let this stop 4.0. After all, Valve had a major leak of the source code to Half-Life 2 and that went on to be a smash hit and one of the most popular FPS games of all time.

We are most definatly not "fucked". The code dump was old and did not contain most of the anti-cheat.


Jonathan Wilson aka Jonwil
Creator and Lead Coder of the Custom scripts.dll
Renegade Engine Guru
Creator and Lead Coder of TT.DLL
Official member of Tiberian Technologies
Re: How did this happen? [message #440355 is a reply to message #440347] Mon, 29 November 2010 19:32 Go to previous messageGo to next message
Ethenal is currently offline  Ethenal
Messages: 2532
Registered: January 2007
Location: US of A
Karma: 0
General (2 Stars)

jonwil wrote on Mon, 29 November 2010 19:07

I can assure you I did NOT give Trooprm02 this code.
What happened is that at some point, I uploaded a file (containing a really old code dump of 4.0) to a server that was not as secure as I assumed it was. Once I found out that the file wasnt secure, I immediately removed it. Until this leak happened, I was unaware that anyone outside of TT even HAD the source code.

I for one do not intend to let this stop 4.0. After all, Valve had a major leak of the source code to Half-Life 2 and that went on to be a smash hit and one of the most popular FPS games of all time.

We are most definatly not "fucked". The code dump was old and did not contain most of the anti-cheat.


Just to clarify, I read through one of the chat logs, found a url, took the file off, and voila - directory listing. It was infact the one you're talking about. Just throwing it out there to back up the point it was a simple mistake that was very easy to find.

(Although at that point it just had a build of scripts 4.0 in there, not any source code)


-TLS-DJ-EYE-K wrote on Mon, 18 March 2013 07:29

Instead of showing us that u aren't more inteligent than a Toast, maybe you should start becomming good in renegade Thumbs Up

Re: How did this happen? [message #440356 is a reply to message #440237] Mon, 29 November 2010 19:35 Go to previous messageGo to previous message
jonwil is currently offline  jonwil
Messages: 3557
Registered: February 2003
Karma: 0
General (3 Stars)

And FYI, even the scripts build has been removed (along with anything else sensitive)


Jonathan Wilson aka Jonwil
Creator and Lead Coder of the Custom scripts.dll
Renegade Engine Guru
Creator and Lead Coder of TT.DLL
Official member of Tiberian Technologies
Previous Topic: Scripts 4.0 FAQ
Next Topic: HUD.ini
Goto Forum:
  


Current Time: Thu Oct 31 14:19:10 MST 2024

Total time taken to generate the page: 0.01313 seconds