Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent clients from receiving client IP addresses in the player_connect event #116

Merged
merged 2 commits into from
Apr 7, 2018
Merged

Prevent clients from receiving client IP addresses in the player_connect event #116

merged 2 commits into from
Apr 7, 2018

Conversation

TomyLobo
Copy link
Collaborator

@TomyLobo TomyLobo commented Apr 2, 2018

No description provided.

@TomyLobo TomyLobo added this to the v1.3.0.0 milestone Apr 2, 2018
@0x13371000 0x13371000 mentioned this pull request Apr 5, 2018
Closed
0x13371000
0x13371000 reviewed Apr 5, 2018
View reviewed changes
Copy link

@0x13371000 0x13371000 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This actually won't help, the fix i posted actually replaces the IP in the string with "none" before the event gets fired, and address is hardcoded in the engine.dll and engine.so which you can't change, and even when it gets changed, cheat developers could still find that out very easily, renaming is not an option.

@TomyLobo
Copy link
Collaborator Author

TomyLobo commented Apr 6, 2018
edited
Loading

Thanks for the input :)

Actually, my fix breaks a PoC exploit that I wrote to test for this issue.
I assume you also have a PoC exploit for this that you tested your fix with.
Can you verify that my fix indeed does not break your exploit?
Just download serverevents.res from GitHub and place it into dab/resources on the server.

If you need help setting up a test scenario, add me on Steam and I'll see what I can do.
If you want to discuss exploit details, also add me on Steam :)

@TomyLobo
Copy link
Collaborator Author

TomyLobo commented Apr 7, 2018

I'm merging this as is now, since I'm getting ready to release.
If you want, we can talk about it after the release.

@TomyLobo TomyLobo merged commit 6a8d570 into develop Apr 7, 2018
@TomyLobo TomyLobo deleted the ip-grab-fix branch April 7, 2018 22:58
@0x13371000
Copy link

0x13371000 commented Apr 8, 2018
edited
Loading

Send me a message when the release happens, then i'll check if it actually is fixed. (i guess i'll see when double action updates on steam but still, i'd like to know as soon as possible)

edit: to actually fix it it would just be a matter of actually using source sdk 2013 files with it, since it comes with source sdk 2010 files right now (and dlls), which is why the ip grab issue exists.
If you actually include all the files and libraries from source sdk 2013 (excluding hl2 and hl2mp folder), it's actually fixed.

@TomyLobo
Copy link
Collaborator Author

I just noticed I forgot to message you after the last release. It's been out for a while and I still think it fixes the issue.
Genuinely curious if you can get past that. Do your worst :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@0x13371000 0x13371000 0x13371000 left review comments

Assignees
No one assigned
Labels
Bug No client/server dependencies Server issue Steam/engine issue
Projects
None yet
Milestone
v1.3.0.0
Development

Successfully merging this pull request may close these issues.
2 participants
@TomyLobo @0x13371000