Mouseflip + GUID Spoofing

Post any bugs you may find here.
Post Reply
Tankey
Server n00b
Posts: 16
Joined: Fri Apr 08, 2011 8:24 am

Mouseflip + GUID Spoofing

Post by Tankey » Thu Apr 21, 2011 7:50 am

Dear Jaymod,

I want to report 2 things for now.
There things are:

- Mouseflip bug.
There is a bug (i think it's a bind or command) and when you use that bind/command the mouse of every player flips to above.

- GUID Spoofing
Many players are spoofing GUIDs for getting admin commands.

I hope Jaymod can fix this cause now we are kind of forced to use Enhmod with Jaymod. (I hope you're also able to edit the binaries of jaymod 2.1.7 since many ET servers are using that version, we use it too, and we like to use that version instead of higher versions)

Best wishes from DC Clan,
Tankey

User avatar
jaybird
Jaymod Developer
Posts: 2733
Joined: Thu Feb 24, 2005 12:27 pm
Location: San Antonio, TX
Contact:

Re: Mouseflip + GUID Spoofing

Post by jaybird » Thu Apr 21, 2011 8:16 am

we like to use that version instead of higher versions
Why?

I won't be releasing a "fixed" 2.1.7. That's a beta version, and 2.1.8 is the next beta version, etc, leading up to the impending 2.2.0 release. The beta versions are stepping stones.

Also, I can fix these things if you give me an idea of how they're reproduced.

Genert
Server n00b
Posts: 12
Joined: Thu Mar 24, 2011 9:10 am

Re: Mouseflip + GUID Spoofing

Post by Genert » Thu Apr 21, 2011 11:19 am

Jaybird,you could make new GUID system.
You should surely check out the following registry path, 'HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptograph y\MachineGuid'
Windows has always stored a unique ID in its registry. The strength of beeing unique is in combining multiple pieces together that are not necessarily strong enough by themselves. Take a look at "CPUID". It should go something like this:

Code: Select all

_asm
{
	xor eax, eax
	CPUID

	mov eax, ebx
	<-- get stuff out of ebx
}
You should add new Shrubbot command:

Code: Select all

	{"guids",	G_shrubbot_guids,	'9', 0,
		"Shows players unique guids",
		"[^8Guids]"},
And now work on command out,following players cmd.
..etc
And this should show in concole:

Code: Select all

GUIDS:
GENERT: 0000000000000000001A
JAYBIRD: 0000000000000000002A
ANOTHER: 00000000000000000003A
Something like this...

And I have heard about JayMAC.
Can you explain what is that?

User avatar
jaybird
Jaymod Developer
Posts: 2733
Joined: Thu Feb 24, 2005 12:27 pm
Location: San Antonio, TX
Contact:

Re: Mouseflip + GUID Spoofing

Post by jaybird » Thu Apr 21, 2011 1:27 pm

I have no idea what JayMAC is.

Destroy666
Server n00b
Posts: 30
Joined: Wed Mar 23, 2011 8:43 am

Re: Mouseflip + GUID Spoofing

Post by Destroy666 » Thu Apr 21, 2011 4:17 pm

jaybird wrote:I have no idea what JayMAC is.
some stupid hacker wrote:This simple tool will give you a random MAC address each time you connect to a Jaymod server to unban you from any '!ban' command bans performed by a Jaymod server admin.

The !ban command also bans your IP address and GUID, so you will need to change them too.

Please note that this tool has no need for use on a machine running Windows Vista as your MAC address is returned as "00:00:00:00:00" anyway, and unless they have (really) stupid server admins, they will notice this and not ban anyone, otherwise they'd ban everyone running Vista.

User avatar
jaybird
Jaymod Developer
Posts: 2733
Joined: Thu Feb 24, 2005 12:27 pm
Location: San Antonio, TX
Contact:

Re: Mouseflip + GUID Spoofing

Post by jaybird » Thu Apr 21, 2011 4:34 pm

Great, now I know the case where the MAC code is failing :)

User avatar
stealth
Rambo Medic
Posts: 375
Joined: Sun Jun 11, 2006 1:17 pm
Location: Chair

Re: Mouseflip + GUID Spoofing

Post by stealth » Thu Apr 21, 2011 6:07 pm

Tankey wrote:D
- Mouseflip bug.
There is a bug (i think it's a bind or command) and when you use that bind/command the mouse of every player flips to above.
caused by corrupted / edited packets I think.

Well not sure about this, all I know is that you can reproduce it by injecting packets (don't know exactly how though)
:D

Destroy666
Server n00b
Posts: 30
Joined: Wed Mar 23, 2011 8:43 am

Re: Mouseflip + GUID Spoofing

Post by Destroy666 » Thu Apr 21, 2011 6:20 pm

GUID spoofing is fixed in EnhancedMod and flipping crosshair issue is called "non-ascii exploit" by RedSector. I don't think you'll contact him anyways and this info will help you, but whatever...

Tankey
Server n00b
Posts: 16
Joined: Fri Apr 08, 2011 8:24 am

Re: Mouseflip + GUID Spoofing

Post by Tankey » Fri Apr 22, 2011 8:35 am

Hey,

I know EnhMod fixxes it. That's why I set it up on my servers. But it would be nice if jaymod could fix this by itself, so we do not need Enhmod.

Best wishes from DC Clan,
Tankey

Destroy666
Server n00b
Posts: 30
Joined: Wed Mar 23, 2011 8:43 am

Re: Mouseflip + GUID Spoofing

Post by Destroy666 » Fri Apr 22, 2011 10:20 am

Actually, I was replying to this.
jaybird wrote: Also, I can fix these things if you give me an idea of how they're reproduced.
Why would you look for the solutions as these bugs are already fixed?

User avatar
jaybird
Jaymod Developer
Posts: 2733
Joined: Thu Feb 24, 2005 12:27 pm
Location: San Antonio, TX
Contact:

Re: Mouseflip + GUID Spoofing

Post by jaybird » Fri Apr 22, 2011 10:39 am

Then please, by all means, put him in contact with me if he's willing to contribute to the mod.

Smootsy
Server n00b
Posts: 4
Joined: Mon Apr 11, 2011 9:22 am

Re: Mouseflip + GUID Spoofing

Post by Smootsy » Fri Apr 22, 2011 12:42 pm

Ive send him a mail lately but he never answered. Ive even resended it to make sure he got it.

So i guess he stopped. Not sure though
Image

User avatar
jaybird
Jaymod Developer
Posts: 2733
Joined: Thu Feb 24, 2005 12:27 pm
Location: San Antonio, TX
Contact:

Re: Mouseflip + GUID Spoofing

Post by jaybird » Fri Apr 22, 2011 5:14 pm

I've added extended ASCII exploit prevention to the stable branch.

Ligustah
Panzer n00b
Posts: 66
Joined: Wed Apr 13, 2011 9:03 am

Re: Mouseflip + GUID Spoofing

Post by Ligustah » Tue Apr 26, 2011 8:45 am

The GUID concept is generally not really up to date and i would indeed appreciate some sort of new system there.
A public key mechanism that's not as easy to circumvent would be good. GUIDs are about as safe as player names.

Post Reply