Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 17:37

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 14 posts ] 
Author Message
 Post subject: Request : Call Of Duty 4
PostPosted: 22 Dec 2007 06:32 

Joined: 09 Sep 2007 18:14
Posts: 6
Hello,

Think you can stir up anything for COD4?


Top
 Profile  
 
 
 Post subject:
PostPosted: 22 Dec 2007 15:30 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
actually I have not yet touched this game, anyway at the moment I'm not much focused on games


Top
 Profile  
 
 Post subject:
PostPosted: 14 Jan 2008 04:07 

Joined: 09 Sep 2007 18:14
Posts: 6
looks like someone found out how to do it


Top
 Profile  
 
 Post subject:
PostPosted: 14 Jan 2008 22:31 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
what engine does it use ? ..its not steam based ..isnt it ? ..i know nothing about cod4 lol.


Top
 Profile  
 
 Post subject:
PostPosted: 15 Jan 2008 10:26 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
CoD4 is still Q3 based as far as I know, but I don't have a sniffed session to test for compatibility with q3fill


Top
 Profile  
 
 Post subject:
PostPosted: 15 Jan 2008 23:39 

Joined: 09 Sep 2007 18:14
Posts: 6
The reason why I said that comment above because i seen it first hand


Top
 Profile  
 
 Post subject:
PostPosted: 18 Jan 2008 14:20 

Joined: 16 Aug 2007 06:25
Posts: 367
I have the game installed, and did a little sniffing. Here is the first few packets sent to/from the server (all UDP):

1) From client:

....getchallenge 0 "ABCDEF1234567890ABCDEF1234567890"

2) From server:

....challengeResponse 1234567890

3) From client:

....connect "\cg_predictItems\1\cl_anonymous\0\cl_punkbuster\1\cl_voice\1\cl_wwwDownload\1\rate\25000\snaps\20\name\USERNAME\protocol\3\challenge\1234567890\qport\15074"

4) From server:

....connectResponse


The first packet from the client appears to be the client asking for a challenge key with the hash of your cod4 cd key (I am assuming this hash is a variation of the punkbuster key hashing algorithm).

The second packet from the server is the challenge response if the key is ok. There are a few various replies I have found that you can get, such as one for a key currently in use.

The third packet from the client looks like the string to connect. The username is not from any registation (clients can use any name they want) so no worries there, it can probably be whatever you please. The challenge at the end of the string will be the same one the server sent you in the previous packet.

Not too sure about the 4th packet, as that was all it contained.

This was from a successful connection to a server (editing out my personal information though), so maybe luigi or someone can utilize it in an application... doesn't look too difficult. After the 4th packet, it seemed to be all encoded data that I couldn't read.

Hope that helps a little!


Top
 Profile  
 
 Post subject:
PostPosted: 18 Jan 2008 16:43 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
except for "getchallenge" the rest seems ever the same, right?


Top
 Profile  
 
 Post subject:
PostPosted: 19 Jan 2008 14:39 

Joined: 16 Aug 2007 06:25
Posts: 367
[quote="aluigi"]except for "getchallenge" the rest seems ever the same, right?[/quote]

Not really sure what you're asking, if you were talking to me.


Top
 Profile  
 
 Post subject:
PostPosted: 19 Jan 2008 16:56 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
SomaFM wrote:

1) From client:

....getchallenge 0 "ABCDEF1234567890ABCDEF1234567890"

2) From server:

....challengeResponse 1234567890

3) From client:

....connect "\cg_predictItems\1\cl_anonymous\0\cl_punkbuster\1\cl_voice\1\cl_wwwDownload\1\rate\25000\snaps\20\name\USERNAME\protocol\3\challenge\1234567890\qport\15074"

4) From server:

....connectResponse


does this mean ..that it has some kind of ''live'' checking if its the actual game client that connects or just some packets ?


Top
 Profile  
 
 Post subject:
PostPosted: 19 Jan 2008 20:14 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
anyway with or without the new getchallenge the server replies ever with the needcdkey error.
So weaklinks who was able to fill the CoD4 servers simply used the correct value (is it a hash?) in getchallenge or did a previous authorization with the master server


Top
 Profile  
 
 Post subject:
PostPosted: 23 Jan 2008 22:44 

Joined: 16 Aug 2007 06:25
Posts: 367
The first packet uses the punkbuster hash of the cd key. How that is generated from the original cd key is unknown. Luigi and I have looked into it for BF2 (since it appears to be quite similar with the 2 games), but we haven't found any solutions yet for either game. But if that can be figured out it would be pretty cool.

What I do know is that when I first start up COD4 and type "pb_myguid" in console, I get a GUID shown. But when I connect to a server, disconnect, and try the command again in console, I get a totally different GUID. But this second guid is the one that is actually used for ban checking, and connecting to a server.

So the first GUID may be related to how the second GUID is created (hash of a hash maybe). Luigi you should install the game and poke around and see if you can figure it out :D


Top
 Profile  
 
 Post subject:
PostPosted: 23 Jan 2008 23:43 

Joined: 16 Aug 2007 06:25
Posts: 367
In addition, not that this has to do with fake players, but I think it would be pretty simple to remove (or at least temporarily remove) servers from the master server list via spoofed udp packets. After starting my own server, it appears that heartbeat udp packets are sent at a certain interval to the master server (cod4master.activision.com:20800)

Upon closing the server, it sends 1 udp packet to the master server. Here is the hex version of that single UDP packet: ffffffff68656172746265617420666c61746c696e650a

In plain text, it is simply ....heartbeat flatline.

So by spoofing the udp packet, you could probably remove servers from the cod4 master server list. Flooding the spoofed packets could probably keep the server off the list.

Luigi also has a tutorial on the gamespy method of heartbeat packets here: http://aluigi.altervista.org/papers/msdisc.txt


Top
 Profile  
 
 Post subject:
PostPosted: 26 Apr 2008 15:44 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
Call of Duty 4 requires the uncompressed "connect" command (strange choice from the developers) so remember to use -c:

q3fill -c SERVER 28960


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 14 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
cron