Mod updates

[jaybird]

So I've been playing on DRI's servers and hated how the game looked on my nice wide screen monitor. So I did something about it The client now has wide screen support, and most of the elements on the screen are now drawn correctly.

I've also started merging Omnibot 0.81 into the mod codebase.

Just thought some folks would like to know.

Also, anyone able to hook me up with a test server? SSH access would be freaking great, but as long as I can upload/change whatever I need, that should be good enough. Needs to be linux.

[stealth]

Any bug fixes planned? Also any chance of lua mod support this time around? (For if you go away again)

[jaybird]

A bug can sometimes be pretty subjective. I have (I think) fixed the artillery shake bug. The problem occurred because we weren't sending the origin of the explosion to the client, so it was shaking in the wrong place.

I've also fixed a pretty minor bug with the shotgun spread. The individual shots on the client didn't match the server shots. It really didn't matter, as it's only a visual thing, but I saw it and fixed it nonetheless.

We'll see on anything else

[stealth]

wwwdl exploit?

I also think it was jaymod where it's possible to hack the ref (and possibly rcon?)

hacking ref was done by changing your ip to the ip of the server or to the ip of localhost I believe.
rcon hack was done by getting a vote to pass that had a secondary argument.
aka everybody sees (shuffleteams?) but really it does something else

I forgot the details since we stopped running jaymod ages ago

I'll post more if I remember more...

- Mmm just remembered another one. The satchel glitch was still possible (throwing unlimited satchels).
Something like jump com_maxfps 1 throw satchel com_maxfps normal value

the omnibot update is VERY nice!

EDIT: Could you also fix the link to view the Documentation online?
And the old forums looked better imo

[hellreturn]

wwwdl exploit?

I think that's based on game binaries. Not sure if it can be fixed in mod or not.

I also think it was jaymod where it's possible to hack the ref (and possibly rcon?)
hacking ref was done by changing your ip to the ip of the server or to the ip of localhost I believe.

Yes.

rcon hack was done by getting a vote to pass that had a secondary argument.

Yes.

Couple of more:
1. You can crash the server by changing teams or class continuously.
2. Fake players flooding. Would it be possible to limit the connections based on IP?

Suggestions if you are planning to add new features.
1. Custom admin commands.
2. sv_cvar and sv_cvarempty commands.
3. MAC address info fix. For some reason, many times in !finger correct MAC is not shown or it shows 00:00:00:00:00:00 and if you ban that player, you end up banning many players.
4. Possible to add map voting feature so users can vote during intermission to play next map?
5. UI enhancement which shows there total Kills:death near lagometer?
6. LUA support as requested by stealth.

Many thanks!

[stealth]

wwwdl exploit can be fixed in the mod, tjmod has a fix for it.

[jaybird]

I couldn't find anything related to a game code fix for the wwwdl exploit. It would be rather difficult to fix it in game code considering the problem lies in the engine. Do you have any more details?

[jaybird]

Also not sure to do about the referee thing. It sucks that clients can inject a fake IP into the userinfo string. I can remove the local user functionality, but I'd rather not if I don't have to.

I've made the fix for the callvote exploit.

[jaybird]

I actually don't think the localhost ip spoof is even possible with the latest ET engine. Here's an excerpt from the engine source related to userinfo updates:

Code: Select all

	// TTimo
	// maintain the IP information
	// this is set in SV_DirectConnect (directly on the server, not transmitted), may be lost when client updates it's userinfo
	// the banning code relies on this being consistently present
	// zinx - modified to always keep this consistent, instead of only
	// when "ip" is 0-length, so users can't supply their own IP
	//Com_DPrintf("Maintain IP in userinfo for '%s'\n", cl->name);
	if ( !NET_IsLocalAddress( cl->netchan.remoteAddress ) ) {
		Info_SetValueForKey( cl->userinfo, "ip", NET_AdrToString( cl->netchan.remoteAddress ) );
	} else {
		// force the "ip" info key to "localhost" for local clients
		Info_SetValueForKey( cl->userinfo, "ip", "localhost" );
	}

The engine forces the IP address every time the client sends the server an updated userinfo string. Since zinx made this, I'm assuming this is a 2.60 fix.

It's also worth noting that the client userinfo string is the only way the game code can get the client's ip address, so it has to trust that the engine is sending it a legitimate ip address.

[stealth]

I don't know exactly how the localhost exploit works. But I know it works on 2.60
Couldn't you disable the functionality if a server is dedicated? Cause in that case I don't see a reason why you'd need it?

As for the wwwdl exploit I will ask how they did it in tjmod, but maybe it's just as simple as disabling that command? or limiting it's use.

[jaybird]

If you have an idea of how to actually execute the exploit, it would be very helpful to locate the problem. Don't post here though obviously, PM it to me

The wwwdl stuff exists solely in the engine code, so you can't really disable it. If you find out how they accomplished it, please let me know.

[stealth]

Indeed you are right.
You need to patch ETDED to fix wwwdl exploit, oops.

[hellreturn]

If you have an idea of how to actually execute the exploit, it would be very helpful to locate the problem. Don't post here though obviously, PM it to me

PM Sent.

[Destroy666]

Suggestions if you are planning to add new features.
1. Custom admin commands.
2. sv_cvar and sv_cvarempty commands.
4. Possible to add map voting feature so users can vote during intermission to play next map?
5. UI enhancement which shows there total Kills:death near lagometer?

These features are already in Enhanced Mod and Enhanced HUD together with a lot of other useful things. So I don't think adding few of them into Jaymod is a good idea. It will just force Enhanced Mod author to rewrite/stop working on addon. So, in my opinion, all (most) or none changes from Enhanced Mod/HUD need to be added.
Agree with the rest suggested here, especially LUA.

[jaybird]

While I am glad people have taken the initiative to get features they want, I won't defer the functionality of my project to others.