Significant server exploit
#1

It came to my attention today of a exploit that occurred it would appear that it is possible to connect multiple players on the same playerid which means accounts could potentially be compromised if the name they connect with is a registered user.

Here is a log file of what happened (Unrelated data has been trimmed)

Код:
[11:51:10] [join] Khartman has joined the server (125:179.135.151.211)
[11:51:10] JOIN: Khartman, 179.135.151.211, 904D54CC0C84E4548F48ADF4DA5480089CCECEC8
[11:51:25] Player Logged In
[11:51:52] [join] [uL]Kanada42O has joined the server (125:179.135.151.211)
[11:51:52] JOIN: [uL]Kanada42O, 179.135.151.211, 904D54CC0C84E4548F48ADF4DA5480089CCECEC8
[11:51:53] Player was moving alive killed Player Name: [uL]Kanada42O
As you can see playerid 125 has never disconnected but connected again with a spoofed name.

The last output means they basically force spawned themselves at this point but the system sees that they shouldn't be alive so it kills them automatically.

Here is my patch, make sure this is included after <a_samp> to ensure it always called first, no I have not had time to fully test it against a real attack.

Simply use OnPlayerSpoofName() callback to do any banning and please note use ReturnName() to get their real name or you might inadvertently ban the wrong name.

pawn Код:
// Marks a playerid as a valid connection
static bool:ValidConnections[MAX_PLAYERS] = { false, ... };

// Keep track of names at login
new PlayerNames[MAX_PLAYERS][MAX_PLAYER_NAME];

// Return name will always return name at login
#define ReturnName(%0) PlayerNames[%0]

// Called when a spoofed name is detected
forward OnPlayerSpoofName(playerid);

// Player connects
public OnPlayerConnect(playerid)
{
    // Is that player already connected?
    if(ValidConnections[playerid])

        // Spoofing names
        CallLocalFunction("OnPlayerSpoofName", "i", playerid);
        return 1;
    }
    // Player was not connected
    else
    {
        // Save name mark as valid connection
        GetPlayerName(playerid, PlayerNames[playerid], MAX_PLAYER_NAME);
        ValidConnections[playerid] = true;
    }

    // Continue callback hooking
    if (funcidx("AntiSpoof_OnPlayerConnect") != -1)
    {
        return CallLocalFunction("AntiSpoof_OnPlayerConnect", "i", playerid);
    }
    return 1;
}

// Player disconnects
public OnPlayerDisconnect(playerid, reason)
{
    ValidConnections[playerid] = false;

    // Continue callback hooking
    if (funcidx("AntiSpoof_OnPlayerConnect") != -1)
    {
        return CallLocalFunction("AntiSpoof_OnPlayerDisconnect", "ii", playerid, reason);
    }
    return 1;
}


#if defined _ALS_OnPlayerConnect
    #undef OnPlayerConnect
#else
    #define _ALS_OnPlayerConnect
#endif
#define OnPlayerConnect AntiSpoof_OnPlayerConnect

forward AntiSpoof_OnPlayerConnect(playerid);

#if defined _ALS_OnPlayerDisconnect
    #undef OnPlayerDisconnect
#else
    #define _ALS_OnPlayerDisconnect
#endif
#define OnPlayerDisconnect AntiSpoof_OnPlayerDisconnect

forward AntiSpoof_OnPlayerDisconnect(playerid, reason);
Reply


Messages In This Thread
Significant server exploit - by Pottus - 04.12.2013, 19:18
Re: Significant server exploit - by Sublime - 05.12.2013, 01:44
Re: Significant server exploit - by Sublime - 05.12.2013, 04:23
AW: Significant server exploit - by BigETI - 05.12.2013, 05:11
Re: AW: Significant server exploit - by Pottus - 05.12.2013, 05:52
AW: Significant server exploit - by BigETI - 05.12.2013, 06:26
Re: AW: Significant server exploit - by Pottus - 05.12.2013, 06:49
AW: Re: AW: Significant server exploit - by BigETI - 05.12.2013, 06:56
Re: Significant server exploit - by Pottus - 05.12.2013, 07:08
Re: Significant server exploit - by Kyle - 05.12.2013, 08:54

Forum Jump:


Users browsing this thread: 2 Guest(s)