// Proxy patch. // m_pCommandDesc will never be NULL : above SetData() did it everything. if (!pCmd->m_pCommandDesc->IsFlag(MCDT_PEER2PEER)) { delete pCmd; return NULL; }
case MC_AGENT_TUNNELING_TCP: // M2M { // Proxy patch. // When TCP tunneling is used normally? break;
MUID uidSender, uidReceiver; if (pCommand->GetParameter(&uidSender, 0, MPT_UID)==false) break; if (pCommand->GetParameter(&uidReceiver, 1, MPT_UID)==false) break;
/// Local ClockAâ Global ClockACEI oPEP static unsigned long int ConvertLocalClockToGlobalClock(unsigned long int nLocalClock, unsigned long int nLocalClockDistance); /// Global ClockAâ Local ClockACEI oPEP static unsigned long int ConvertGlobalClockToLocalClock(unsigned long int nGlobalClock, unsigned long int nLocalClockDistance);
public: // For Debug friend void MDebugUtil_PrintStagePeerList();
// Proxy patch. protected: MUID FindClientUID(const char* pszIP, WORD wPort); };
#endif
Is it like this?
Code:
MCommand* MMatchClient::MakeCmdFromTunnelingBlob(const MUID& uidSender, void* pBlob, int nBlobArrayCount)
{
if (nBlobArrayCount != 1)
{
mlog("MakeCmdFromTunnelingBlob: BlobArrayCount is not 1\n");
return NULL;
}
char* pPacket = (char*)MGetBlobArrayElement(pBlob, 0);
int nSize = MGetBlobArraySize(pBlob) - (sizeof(int) * 2);
if ((nSize <= 0) || (nSize >= MAX_BLOB_SIZE))
{
mlog("MakeCmdFromTunnelingBlob: Blob Size Error(size = %d)\n", nSize);
return NULL;
}
char* pData = new char[nSize];
if (!m_PeerPacketCrypter.Decrypt(pPacket, nSize, pData, nSize))
{
delete [] pData;
return NULL;
}
MCommand* pCmd = new MCommand();
if (!pCmd->SetData(pData, &m_CommandManager))
{
delete [] pData;
delete pCmd;
return NULL;
}
delete [] pData;
pCmd->m_Sender = uidSender;
pCmd->m_Receiver = m_This;
MMatchPeerInfo* pPeer = FindPeer(uidSender);
if (pPeer == NULL)
{
delete pCmd;
return NULL;
}
delete [] pData;
// Proxy patch.
// m_pCommandDesc will never be NULL : above SetData() did it everything.
if (!pCmd->m_pCommandDesc->IsFlag(MCDT_PEER2PEER))
{
delete pCmd;
return NULL;
}
pCmd->m_Sender = uidSender;
pCmd->m_Receiver = m_This;
MMatchPeerInfo* pPeer = FindPeer(uidSender);
return pCmd;
}
Can you explain better? I do not understand, is how you fix the topic and put the same Solarie? the topic it explains the location of the exploit and give place to replace, I do not understand much ...
Can you explain better? I do not understand, is how you fix the topic and put the same Solarie? the topic it explains the location of the exploit and give place to replace, I do not understand much ...
Well, you have to find it by ctrl + f,
and you have to add only the //Proxy patch parts.
Though I really appreciate your release, this isn't going to work out. Here are a few of my concerns:
You're placing a flag check in MMatchClient.cpp. Which is client-sided and also unsafe (m_pCommandDesc is assumed not being NULL).
You shouldn't be disabling TCP tunnelling as it is actually being used when UDP is unavailable. TCP is actually the safe protocol here with verified headers.
You verify UDP packets based on IP and port at the MatchAgent, which isn't going to patch anything. The header of a UDP packet is rarely verified (other than the checksum) which means that you can easily spoof both IP and port of a UDP packet. E.g. I can send peer info using your IP. I've done this once at Utopia using WinPcap and it was quite a lot of fun, I sent packets of my own with the IP and port of every other player in the stage.
I can send peer info using your IP (UDP Packet Header). I've done this once at Utopia using WinPcap and it was quite a lot of fun, I sent packets of my own with the IP and port of every other player in the stage.
Would really like to know what ISP you're using, since a lot of them block any such forged packets due to the problematic security risk they pose.
Would really like to know what ISP you're using, since a lot of them block any such forged packets due to the problematic security risk they pose.
There's not one single ISP in the Netherlands that blocks UDP spoofed packets. And as far as I'm aware, there's only a few that do so in the entire world.
There's not one single ISP in the Netherlands that blocks UDP spoofed packets. And as far as I'm aware, there's only a few that do so in the entire world.
The majority of ISPs in the world block outgoing packets with IP headers containing a forged source IP.
This has been in effect since RFC 2827: http://www.ietf.org/rfc/rfc2827.txt
Though I really appreciate your release, this isn't going to work out. Here are a few of my concerns:
Originally Posted by Solaire
You're placing a flag check in MMatchClient.cpp. Which is client-sided and also unsafe (m_pCommandDesc is assumed not being NULL).
You shouldn't be disabling TCP tunnelling as it is actually being used when UDP is unavailable. TCP is actually the safe protocol here with verified headers.
You verify UDP packets based on IP and port at the MatchAgent, which isn't going to patch anything. The header of a UDP packet is rarely verified (other than the checksum) which means that you can easily spoof both IP and port of a UDP packet. E.g. I can send peer info using your IP. I've done this once at Utopia using WinPcap and it was quite a lot of fun, I sent packets of my own with the IP and port of every other player in the stage.
2. TCP tunneling is not implemented.
3. Try ArticGunz
The majority of ISPs in the world block outgoing packets with IP headers containing a forged source IP.
This has been in effect since RFC 2827: http://www.ietf.org/rfc/rfc2827.txt
I was aware of that RFC, but it's not implemented here with any ISP as far as I know. Not sure about ISP's in other countries.
Originally Posted by dacharles
2. TCP tunneling is not implemented.
If I recall correctly, it was implemented back in '07 files.
2 exploit patches related to Agent command.
Originally Posted by God Of Sun
Reply With Quote