Page 1 of 1

Mouseflip + GUID Spoofing

Posted: Thu Apr 21, 2011 7:50 am
by Tankey
Dear Jaymod,

I want to report 2 things for now.
There things are:

- Mouseflip bug.
There is a bug (i think it's a bind or command) and when you use that bind/command the mouse of every player flips to above.

- GUID Spoofing
Many players are spoofing GUIDs for getting admin commands.

I hope Jaymod can fix this cause now we are kind of forced to use Enhmod with Jaymod. (I hope you're also able to edit the binaries of jaymod 2.1.7 since many ET servers are using that version, we use it too, and we like to use that version instead of higher versions)

Best wishes from DC Clan,
Tankey

Re: Mouseflip + GUID Spoofing

Posted: Thu Apr 21, 2011 8:16 am
by jaybird
we like to use that version instead of higher versions
Why?

I won't be releasing a "fixed" 2.1.7. That's a beta version, and 2.1.8 is the next beta version, etc, leading up to the impending 2.2.0 release. The beta versions are stepping stones.

Also, I can fix these things if you give me an idea of how they're reproduced.

Re: Mouseflip + GUID Spoofing

Posted: Thu Apr 21, 2011 11:19 am
by Genert
Jaybird,you could make new GUID system.
You should surely check out the following registry path, 'HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptograph y\MachineGuid'
Windows has always stored a unique ID in its registry. The strength of beeing unique is in combining multiple pieces together that are not necessarily strong enough by themselves. Take a look at "CPUID". It should go something like this:

Code: Select all

_asm
{
	xor eax, eax
	CPUID

	mov eax, ebx
	<-- get stuff out of ebx
}
You should add new Shrubbot command:

Code: Select all

	{"guids",	G_shrubbot_guids,	'9', 0,
		"Shows players unique guids",
		"[^8Guids]"},
And now work on command out,following players cmd.
..etc
And this should show in concole:

Code: Select all

GUIDS:
GENERT: 0000000000000000001A
JAYBIRD: 0000000000000000002A
ANOTHER: 00000000000000000003A
Something like this...

And I have heard about JayMAC.
Can you explain what is that?

Re: Mouseflip + GUID Spoofing

Posted: Thu Apr 21, 2011 1:27 pm
by jaybird
I have no idea what JayMAC is.

Re: Mouseflip + GUID Spoofing

Posted: Thu Apr 21, 2011 4:17 pm
by Destroy666
jaybird wrote:I have no idea what JayMAC is.
some stupid hacker wrote:This simple tool will give you a random MAC address each time you connect to a Jaymod server to unban you from any '!ban' command bans performed by a Jaymod server admin.

The !ban command also bans your IP address and GUID, so you will need to change them too.

Please note that this tool has no need for use on a machine running Windows Vista as your MAC address is returned as "00:00:00:00:00" anyway, and unless they have (really) stupid server admins, they will notice this and not ban anyone, otherwise they'd ban everyone running Vista.

Re: Mouseflip + GUID Spoofing

Posted: Thu Apr 21, 2011 4:34 pm
by jaybird
Great, now I know the case where the MAC code is failing :)

Re: Mouseflip + GUID Spoofing

Posted: Thu Apr 21, 2011 6:07 pm
by stealth
Tankey wrote:D
- Mouseflip bug.
There is a bug (i think it's a bind or command) and when you use that bind/command the mouse of every player flips to above.
caused by corrupted / edited packets I think.

Well not sure about this, all I know is that you can reproduce it by injecting packets (don't know exactly how though)

Re: Mouseflip + GUID Spoofing

Posted: Thu Apr 21, 2011 6:20 pm
by Destroy666
GUID spoofing is fixed in EnhancedMod and flipping crosshair issue is called "non-ascii exploit" by RedSector. I don't think you'll contact him anyways and this info will help you, but whatever...

Re: Mouseflip + GUID Spoofing

Posted: Fri Apr 22, 2011 8:35 am
by Tankey
Hey,

I know EnhMod fixxes it. That's why I set it up on my servers. But it would be nice if jaymod could fix this by itself, so we do not need Enhmod.

Best wishes from DC Clan,
Tankey

Re: Mouseflip + GUID Spoofing

Posted: Fri Apr 22, 2011 10:20 am
by Destroy666
Actually, I was replying to this.
jaybird wrote: Also, I can fix these things if you give me an idea of how they're reproduced.
Why would you look for the solutions as these bugs are already fixed?

Re: Mouseflip + GUID Spoofing

Posted: Fri Apr 22, 2011 10:39 am
by jaybird
Then please, by all means, put him in contact with me if he's willing to contribute to the mod.

Re: Mouseflip + GUID Spoofing

Posted: Fri Apr 22, 2011 12:42 pm
by Smootsy
Ive send him a mail lately but he never answered. Ive even resended it to make sure he got it.

So i guess he stopped. Not sure though

Re: Mouseflip + GUID Spoofing

Posted: Fri Apr 22, 2011 5:14 pm
by jaybird
I've added extended ASCII exploit prevention to the stable branch.

Re: Mouseflip + GUID Spoofing

Posted: Tue Apr 26, 2011 8:45 am
by Ligustah
The GUID concept is generally not really up to date and i would indeed appreciate some sort of new system there.
A public key mechanism that's not as easy to circumvent would be good. GUIDs are about as safe as player names.