|
Luigi Auriemmaaluigi.org (ARCHIVE-ONLY FORUM!) |
|
It is currently 19 Jul 2012 19:18
|
View unanswered posts | View active topics
Author |
Message |
Some Guy Named Dave
|
Post subject: Posted: 04 Nov 2007 22:38 |
|
Joined: 24 Oct 2007 00:44 Posts: 26
|
Yeah, we need to be able to use the jk2 1.03 dedicated server for 1.02, so that we can use the 1.03 source code in 1.02.
Oh and, server side lol, since not everyones gonna download it..
|
|
Top |
|
|
aluigi
|
Post subject: Posted: 04 Nov 2007 22:54 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
Exactly was I meant, in fact the check is server side.
Do you need the modification for teh Linux or Windows executable?
|
|
Top |
|
|
Some Guy Named Dave
|
Post subject: Posted: 04 Nov 2007 23:28 |
|
Joined: 24 Oct 2007 00:44 Posts: 26
|
|
Top |
|
|
aluigi
|
Post subject: Posted: 04 Nov 2007 23:36 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
For Windows 1.02c go at offset 0x26EE2, you should find the byte 0x74, substituite it with 0xeb
For Linux, wait tomorrow ih ih ih
|
|
Top |
|
|
Some Guy Named Dave
|
Post subject: Posted: 05 Nov 2007 00:04 |
|
Joined: 24 Oct 2007 00:44 Posts: 26
|
Well I edited 1.03a dedicated exe, but now I get a client side error:
CL_ParsePacktEntities: End of message
So I set sv_pure to 0, then I get a bad animation number: 1100 error.
Last edited by Some Guy Named Dave on 05 Nov 2007 03:05, edited 1 time in total.
|
|
Top |
|
|
evan1715
|
Post subject: Posted: 05 Nov 2007 02:12 |
|
Joined: 05 Oct 2007 01:20 Posts: 402 Location: Florida
|
what!??! ok totally confused lol
1. i did not find offset 0x36ee2
2. we're trying to let 1.02 people connect to 1.03a, so don't know why u said to look in 1.02c
3. err what?
4. how do u know where to put it?
|
|
Top |
|
|
aluigi
|
Post subject: Posted: 05 Nov 2007 11:25 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
Windows 1.03: 28A12 - 74 -> EB
Linux 1.03a: 1b0f - 74 -> EB
Last edited by aluigi on 05 Nov 2007 22:25, edited 1 time in total.
|
|
Top |
|
|
evan1715
|
Post subject: Posted: 05 Nov 2007 21:48 |
|
Joined: 05 Oct 2007 01:20 Posts: 402 Location: Florida
|
err what? what do we do with that, it couldnt find those
(1.03a jk2ded windows)
|
|
Top |
|
|
aluigi
|
Post subject: Posted: 05 Nov 2007 22:27 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
the offsets to change with your hex editor:
hexadecimal offset - old byte -> new byte
|
|
Top |
|
|
Some Guy Named Dave
|
Post subject: Posted: 05 Nov 2007 22:43 |
|
Joined: 24 Oct 2007 00:44 Posts: 26
|
aluigi wrote: Windows 1.03: 28A12 - 74 -> EB
Are you sure? There isnt a 74 there, but a 40.
|
|
Top |
|
|
evan1715
|
Post subject: Posted: 05 Nov 2007 22:48 |
|
Joined: 05 Oct 2007 01:20 Posts: 402 Location: Florida
|
yeah definitly only a 40, no 74 there
|
|
Top |
|
|
aluigi
|
Post subject: Posted: 05 Nov 2007 23:07 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
jk2ded.exe v1.03, the offset is right
|
|
Top |
|
|
Some Guy Named Dave
|
Post subject: Posted: 06 Nov 2007 00:45 |
|
Joined: 24 Oct 2007 00:44 Posts: 26
|
Ok, I thought you ment 1.03a lol. I patched the exe, and I still get the client errors.
Bad Animation number: 1100.
|
|
Top |
|
|
evan1715
|
Post subject: Posted: 06 Nov 2007 01:06 |
|
Joined: 05 Oct 2007 01:20 Posts: 402 Location: Florida
|
eh my error was
Cl_ParsePacketEntities
|
|
Top |
|
|
evan1715
|
Post subject: Posted: 06 Nov 2007 01:17 |
|
Joined: 05 Oct 2007 01:20 Posts: 402 Location: Florida
|
blarg
Last edited by evan1715 on 21 Jan 2008 19:07, edited 1 time in total.
|
|
Top |
|
|
aluigi
|
Post subject: Posted: 06 Nov 2007 17:20 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
Dave:
"Bad Animation number: 1100" is normal since allowing an old client to join doesn't mean that it's compatible with the server. Trying is never bad but you must be prepared to compatibility issues.
evan:
the "blah blah" is just the confirmation of the 1.03a patch when I told you that the bug is NOT the q3msgboom bug, the fact that my PoC can be used to exploit this other server-side bug means only that you need to send a lot of data to the server. stop.
Now the patch:
the main difference between the two executables is just in the "Netchan_Process" message which has been removed, but I have not checked if have been implemented other optimized functions (for giving an example of what I mean: snprintf instead of sprintf).
You can try to modify the following bytes in jk2ded.exe 1.02c:
offset 11B5D, from byte 7E to EB
If this doesn't work, I repeat that "I don't support old versions" so I don't have desire to spend other time on it.
|
|
Top |
|
|
evan1715
|
Post subject: Posted: 06 Nov 2007 22:09 |
|
Joined: 05 Oct 2007 01:20 Posts: 402 Location: Florida
|
blarg
Last edited by evan1715 on 21 Jan 2008 19:07, edited 1 time in total.
|
|
Top |
|
|
evan1715
|
Post subject: Posted: 08 Nov 2007 22:23 |
|
Joined: 05 Oct 2007 01:20 Posts: 402 Location: Florida
|
blarg
Last edited by evan1715 on 21 Jan 2008 19:08, edited 1 time in total.
|
|
Top |
|
|
evan1715
|
Post subject: Posted: 10 Nov 2007 02:47 |
|
Joined: 05 Oct 2007 01:20 Posts: 402 Location: Florida
|
blarg
Last edited by evan1715 on 21 Jan 2008 19:08, edited 1 time in total.
|
|
Top |
|
|
aluigi
|
Post subject: Posted: 10 Nov 2007 11:40 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
The function is ConcatArgs located in game\g_cmds.c
This function is used for rebuilding the command sent by the client as an unique string instead of the various argv[0], argv[1] and so on.
|
|
Top |
|
|
evan1715
|
Post subject: Posted: 10 Nov 2007 15:46 |
|
Joined: 05 Oct 2007 01:20 Posts: 402 Location: Florida
|
blarg
Last edited by evan1715 on 21 Jan 2008 19:08, edited 1 time in total.
|
|
Top |
|
|
aluigi
|
Post subject: Posted: 10 Nov 2007 15:56 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
1024 is MAX_STRING_CHARS
the modification I did was from:
if ( len + tlen >= MAX_STRING_CHARS - 1 ) {
to:
if ( len + tlen >= 896 ) {
|
|
Top |
|
|
evan1715
|
Post subject: Posted: 10 Nov 2007 21:26 |
|
Joined: 05 Oct 2007 01:20 Posts: 402 Location: Florida
|
blarg
Last edited by evan1715 on 21 Jan 2008 19:08, edited 1 time in total.
|
|
Top |
|
|
aluigi
|
Post subject: Posted: 10 Nov 2007 22:34 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
Take a look to ClientUserinfoChanged in game/g_client.c
all the changes of nicknames and other options of the clients pass from this function (which as you can see is called also by ClientConnect which is the first function called when a client joins).
Info_ValueForKey is used for getting the cvars sent by the client and "name" contains its name.
|
|
Top |
|
|
aluigi
|
Post subject: Posted: 10 Nov 2007 22:34 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
Take a look to ClientUserinfoChanged in game/g_client.c
all the changes of nicknames and other options of the clients pass from this function (which as you can see is called also by ClientConnect which is the first function called when a client joins).
Info_ValueForKey is used for getting the cvars sent by the client and "name" contains its name.
|
|
Top |
|
|
aluigi
|
Post subject: Posted: 11 Nov 2007 14:45 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
I don't know if this works but try the attached patch for jk2 1.02c about the netchan bug
|
|
Top |
|
|
evan1715
|
Post subject: Posted: 11 Nov 2007 21:22 |
|
Joined: 05 Oct 2007 01:20 Posts: 402 Location: Florida
|
no that didn't work
and i had to download a new one because i tried it on my already patched jk2ded, patched from multircon, infoboom and q3dirtrav, and it said "there are no bytes to be patched"
|
|
Top |
|
|
aluigi
|
Post subject: Posted: 11 Nov 2007 22:24 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
the bytes searched by this experimental patch are not modified by the other patches and I have rechecked it with version 1.02c of jk2ded for Windows.
Anyway, in short, it's just the removing of the Netchan error and the setting of the string size to 0x3fff if is longer or equal to 0x4000.
You can try it manually with a disassembler and a hex editor
|
|
Top |
|
|
evan1715
|
Post subject: Posted: 13 Nov 2007 04:02 |
|
Joined: 05 Oct 2007 01:20 Posts: 402 Location: Florida
|
blarg
Last edited by evan1715 on 21 Jan 2008 19:09, edited 1 time in total.
|
|
Top |
|
|
aluigi
|
Post subject: Posted: 13 Nov 2007 11:30 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
I already compared that Netchan function between 1.03 and 1.03a and the only difference is just the complete removing of the Netchan error.
It's natural that there are other differences but having the full source code is one thing, spending hours comparing 2 executables is another.
Anyway the experimental modification I posted was my last tentative, if you want to fix these bugs upgrade to 1.04 or ask to someone else.
|
|
Top |
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum
|
|