Re: Server Crash exploit.
/sign
*** JUSTICE ALWAYS WINS ***
You are not logged in. Please login or register.
Registrations are disabled due to spam. If you want to register an account, drop by on IRC/Matrix/Discord.
Server Crash exploit. (Page 2 of 2)
Teeworlds Forum → Development → Server Crash exploit.
Posts: 26 to 42 of 42
- Captain AMN
- Member
- Offline
Re: Server Crash exploit.
I can +1 to NFD tee.
if($poster["intelligence"] == $intelligence["idiot"])
deny_post($poster);
deny_post($poster);
Re: Server Crash exploit.
please provide a patch file
regards
Re: Server Crash exploit.
rajh posted a patch file. i have problems with creating a patch because the patch-file changes the code. but you can download the source-file and try to make a patch 
. if you made a patch please post how you get the correct output
Re: Server Crash exploit.
ok i tried it and i hope it will work 
1. i removed all files except the createdir.txt file from the directory src/game/generated of your provided .zip
2. to create the patch i used
diff -Naur x/teeworlds-0.4.2-src/src teamspamprot/src > patch_autokick3. from the teeworlds source folder i applied the patch by
patch -p1 < ../../patch_autokickand here is the patch
diff -Naur x/teeworlds-0.4.2-src/src/game/g_variables.h teamspamprot/src/game/g_variables.h
--- x/teeworlds-0.4.2-src/src/game/g_variables.h 2008-04-05 15:13:02.000000000 +0200
+++ teamspamprot/src/game/g_variables.h 2008-05-26 10:45:15.000000000 +0200
@@ -55,5 +55,10 @@
MACRO_CONFIG_STR(sv_gametype, 32, "dm")
MACRO_CONFIG_INT(sv_tournament_mode, 0, 0, 1)
MACRO_CONFIG_INT(sv_spamprotection, 1, 0, 1)
+MACRO_CONFIG_INT(sv_teamchanges, 4, 0, 100)
+MACRO_CONFIG_INT(sv_teamchangeskick, 2, 0, 100)
+MACRO_CONFIG_INT(sv_messagesnum, 8, 0, 100)
+MACRO_CONFIG_INT(sv_messageskick, 2, 0, 100)
+MACRO_CONFIG_STR(sv_endroundmessage, 500, "")
MACRO_CONFIG_INT(sv_spectator_slots, 0, 0, 12)
diff -Naur x/teeworlds-0.4.2-src/src/game/server/gs_common.h teamspamprot/src/game/server/gs_common.h
--- x/teeworlds-0.4.2-src/src/game/server/gs_common.h 2008-04-05 15:13:02.000000000 +0200
+++ teamspamprot/src/game/server/gs_common.h 2008-05-26 10:51:51.000000000 +0200
@@ -352,6 +352,9 @@
virtual bool take_damage(vec2 force, int dmg, int from, int weapon);
virtual void snap(int snaping_client);
+ int last_message_tick; unsigned char message_num; bool muted;
+ bool teamchanging; unsigned char team_changes; int last_team_set;
+ bool voted;
};
extern player *players;
diff -Naur x/teeworlds-0.4.2-src/src/game/server/gs_game.cpp teamspamprot/src/game/server/gs_game.cpp
--- x/teeworlds-0.4.2-src/src/game/server/gs_game.cpp 2008-04-05 15:13:02.000000000 +0200
+++ teamspamprot/src/game/server/gs_game.cpp 2008-05-26 11:27:37.000000000 +0200
@@ -90,7 +90,15 @@
{
if(warmup) // game can't end when we are running warmup
return;
-
+ if(strlen(config.sv_endroundmessage) > 0)
+ {
+ NETMSG_SV_CHAT msg;
+ msg.team = 0;
+ msg.cid = -1;
+ msg.message = config.sv_endroundmessage;
+ msg.pack(MSGFLAG_VITAL);
+ server_send_msg(-1);
+ }
world->paused = true;
game_over_tick = server_tick();
sudden_death = 0;
diff -Naur x/teeworlds-0.4.2-src/src/game/server/gs_server.cpp teamspamprot/src/game/server/gs_server.cpp
--- x/teeworlds-0.4.2-src/src/game/server/gs_server.cpp 2008-04-05 15:13:02.000000000 +0200
+++ teamspamprot/src/game/server/gs_server.cpp 2008-05-26 13:28:10.000000000 +0200
@@ -39,6 +39,85 @@
static void send_chat(int cid, int team, const char *text)
{
+ if(cid > -1 && cid < MAX_CLIENTS)
+ {
+ player *tmp = get_player(cid);
+ if(strcmp("/++",text) == 0 || strcmp("/--", text) == 0)
+ {
+ if(tmp->voted)
+ {
+ char voted[] = "You already voted the map, ignoring vote";
+ NETMSG_SV_CHAT msg;
+ msg.team = 0;
+ msg.cid = -1;
+ msg.message = voted;
+ msg.pack(MSGFLAG_VITAL);
+ server_send_msg(cid);
+ }
+ else
+ {
+ tmp->voted = true;
+ dbg_msg("game", "map-voting %s", text);
+ char voted[] = "You voted for the map, thank you";
+ NETMSG_SV_CHAT msg;
+ msg.team = 0;
+ msg.cid = -1;
+ msg.message = voted;
+ msg.pack(MSGFLAG_VITAL);
+ server_send_msg(cid);
+ }
+
+
+ return;
+ }
+ if(tmp->muted)
+ {
+ if(tmp->last_message_tick + 180*SERVER_TICK_SPEED > server_tick())
+ {
+ tmp->message_num++;
+ if(tmp->message_num > config.sv_messageskick)
+ {
+ server_kick(cid,"You were kicked because of spamming");
+ }
+ return;
+ }
+ else
+ {
+ tmp->muted = false;
+ tmp->message_num = 0;
+ tmp->last_message_tick = server_tick();
+ }
+ }
+ else
+ {
+ if(tmp->last_message_tick + 30*SERVER_TICK_SPEED > server_tick())
+ {
+ if(tmp->message_num >= config.sv_messagesnum)
+ {
+ tmp->muted = true;
+ tmp->message_num = 0;
+ char *muting = (char *)malloc(sizeof(char) * 200);
+ sprintf(muting, "%s was muted for 3 minutes because of spamming.", server_clientname(cid));
+ dbg_msg("chat", "*** %s", muting);
+ NETMSG_SV_CHAT msg;
+ msg.team = 0;
+ msg.cid = -1;
+ msg.message = muting;
+ msg.pack(MSGFLAG_VITAL);
+ server_send_msg(-1);
+ free(muting);
+ return;
+ }
+ else
+ tmp->message_num++;
+ }
+ else
+ {
+ tmp->last_message_tick = server_tick();
+ tmp->message_num = 0;
+ }
+ }
+ }
if(cid >= 0 && cid < MAX_CLIENTS)
dbg_msg("chat", "%d:%d:%s: %s", cid, team, server_clientname(cid), text);
else
@@ -659,6 +738,9 @@
void player::init()
{
+ voted = false;
+ teamchanging = false; team_changes = 0; last_team_set = server_tick();
+ last_message_tick = server_tick(); message_num = 0; muted = false;
proximity_radius = phys_size;
client_id = -1;
team = -1; // -1 == spectator
@@ -750,6 +832,54 @@
void player::set_team(int new_team)
{
+ if(teamchanging)
+ {
+ if(last_team_set + 180*SERVER_TICK_SPEED > server_tick())
+ {
+ team_changes++;
+ if(team_changes > config.sv_teamchangeskick)
+ {
+ server_kick(client_id,"You were kicked because of fast teamchanging");
+
+ }
+ return;
+ }
+ else
+ {
+ teamchanging = false;
+ team_changes = 0;
+ last_team_set = server_tick();
+ }
+ }
+ else
+ {
+ if(last_team_set + 30*SERVER_TICK_SPEED > server_tick())
+ {
+ if(team_changes >= config.sv_teamchanges)
+ {
+ teamchanging = true;
+ team_changes = 0;
+ char *blocking = (char *)malloc(sizeof(char) * 200);
+ sprintf(blocking, "%s can't change team for 3 minutes", server_clientname(client_id));
+ dbg_msg("chat", "*** %s", blocking);
+ NETMSG_SV_CHAT msg;
+ msg.team = 0;
+ msg.cid = -1;
+ msg.message = blocking;
+ msg.pack(MSGFLAG_VITAL);
+ server_send_msg(-1);
+ free(blocking);
+ return;
+ }
+ else
+ team_changes++;
+ }
+ else
+ {
+ last_team_set = server_tick();
+ team_changes = 0;
+ }
+ }
// clamp the team
new_team = gameobj->clampteam(new_team);
if(team == new_team)
- ImMortallity
- Member
- Offline
Re: Server Crash exploit.
I run a server myself sometimes, and I can tell what the problem is of the teamchanging: my CPU and RAM raised through the roof while this happened and after my laptop reaches a certain CPU / RAM usage (didn't figure out how much yet), the server program stops responding, causing the server to crash in-game. I haven't been able to reconstruct it though, just happened two times..
[chat]: NAZI 4 LIFE: how the fuck u get out of the box
[chat]: nuff @ clan search: ctrl+shift+q
*** NAZI 4 LIFE has left the game
[chat]: nuff @ clan search: ctrl+shift+q
*** NAZI 4 LIFE has left the game
Re: Server Crash exploit.
@martin.9
thank you don't know why that didn't work here but the patch-file seems to be correct . i will try it at my next mod with the same command, hope that will work
Re: Server Crash exploit.
Much respect!
This basters are crashing my server 2 times a week, i hope this patch will help me ))
- azmeuk
- Donor
- Offline
Re: Server Crash exploit.
I have a little problme with martin.9's patch,
azmeuk@ramoloss:~/teeworlds/042$ patch -p1 < ../files/spamprotection.patch
patching file src/game/g_variables.h
patching file src/game/server/gs_common.h
Hunk #1 FAILED at 352.
1 out of 1 hunk FAILED -- saving rejects to file src/game/server/gs_common.h.rej
patching file src/game/server/gs_game.cpp
Hunk #1 FAILED at 90.
1 out of 1 hunk FAILED -- saving rejects to file src/game/server/gs_game.cpp.rej
patching file src/game/server/gs_server.cpp
Hunk #1 FAILED at 39.
Hunk #2 FAILED at 738.
Hunk #3 FAILED at 832.
3 out of 3 hunks FAILED -- saving rejects to file src/game/server/gs_server.cpp.rej
azmeuk@ramoloss:~/teeworlds/042$Where am I wrong ?
Play ctf_fall if you dare!
Re: Server Crash exploit.
scosu provided a binary earlier in the thread. no need to compile
oh btw, can this be implemented in the next release? because this seriously needs to be addressed and should be in the official build. otherwise we'll have to be patching every release =P
- azmeuk
- Donor
- Offline
Re: Server Crash exploit.
I need to compile becaus I want to apply another patch ...
Play ctf_fall if you dare!
Re: Server Crash exploit.
i don't know why the patch doesn't work, at least i was not able to make it . But you could simply apply the patch by copy and paste(are not so much changes) or take the src folder from earlier in this thread or take the physics patch. there are the same features but more code changes so it could be difficult to apply another patch.
Re: Server Crash exploit.
They aren't. Here is the diff, and thanks for the help.
--- gs_server.cpp 2008-06-09 15:41:10.000000000 -0700
+++ grenade2.cpp 2008-06-09 15:44:55.000000000 -0700
@@ -1,42 +1,36 @@
- case WEAPON_GRENADE:
- {
if(!grenade_shotspread)
+ grenade_shotspread = 3;
+ msg_pack_start(NETMSGTYPE_SV_EXTRA_PROJECTILE, 0);
+ msg_pack_int(grenade_shotspread);
+ for(int i = grenade_shotspread; i <= grenade_shotspread; i++)
{
- int grenade_shotspread = 1;
- msg_pack_start(NETMSGTYPE_SV_EXTRA_PROJECTILE, 0);
- msg_pack_int(grenade_shotspread);
- }
- else
- {
- msg_pack_start(NETMSGTYPE_SV_EXTRA_PROJECTILE, 0);
- msg_pack_int(grenade_shotspread*2+1);
- }
-
- for(int i = -grenade_shotspread; i <= grenade_shotspread; i++)
- {
- float spreading[] = {-0.185f, -0.070f, 0, 0.070f, 0.185f};
+
+ float spreading[] = {-0.070f, 0, 0.070f};
+ latest_input.target_x= latest_input.target_x+spreading[i+12];
+ latest_input.target_y= latest_input.target_y+spreading[i+12];
+ vec2 new_dir = normalize(vec2(latest_input.target_x, latest_input.target_y));
float a = get_angle(direction);
a += spreading[i+2];
float v = 1-(abs(i)/(float)grenade_shotspread);
- float speed = mix((float)tuning.shotgun_speeddiff, 1.0f, v);
+ float speed = mix((float)tuning.grenade_speed, 1.0f, v);
projectile *proj = new projectile(WEAPON_GRENADE,
client_id,
projectile_startpos,
- vec2(cosf(a), sinf(a))*speed,
+ new_dir,
(int)(server_tickspeed()*tuning.grenade_lifetime),
this,
1, projectile::PROJECTILE_FLAGS_EXPLODE, 0, SOUND_GRENADE_EXPLODE, WEAPON_GRENADE);
-
+
// pack the projectile and send it to the client directly
NETOBJ_PROJECTILE p;
proj->fill_info(&p);
-
- msg_pack_start(NETMSGTYPE_SV_EXTRA_PROJECTILE, 0);
- msg_pack_int(1);
+
for(unsigned i = 0; i < sizeof(NETOBJ_PROJECTILE)/sizeof(int); i++)
msg_pack_int(((int *)&p)[i]);
}
+
msg_pack_end();
- server_send_msg(client_id);
+ server_send_msg(client_id);
+
create_sound(pos, SOUND_GRENADE_FIRE);
} break;if($poster["intelligence"] == $intelligence["idiot"])
deny_post($poster);
deny_post($poster);
39 2008-06-20 17:11:32 (edited by martin.9 2008-06-20 17:11:59)
Re: Server Crash exploit.
@scosu
maybe this mod should also be posted in the "content: other" forum
regards
Re: Server Crash exploit.
@martin.9
in case you didn't see it already, i posted it here: http://www.teeworlds.com/forum/viewtopic.php?id=1726
Re: Server Crash exploit.
thx
- Hellow
- Member
- Offline
Re: Server Crash exploit.
They have tried many times to crash my server, they cant. They should include this patch into the main teeworlds downloads and patch the files in the Ubuntu Repos (where i got my server files).
Ubuntu Member
Power tends to corrupt and absolute power corrupts absolutely. - Lord Acton
Power tends to corrupt and absolute power corrupts absolutely. - Lord Acton
Posts: 26 to 42 of 42
Teeworlds Forum → Development → Server Crash exploit.
Powered by PunBB, supported by Informer Technologies, Inc.
Currently installed 3 official extensions. Copyright © 2003–2009 PunBB.