Hello all, I'm running cracked server on CoD2 and I have got one suggestion.. As you know, b3 uses GUID to recognise players and my question is: Is possible to change it to something else? For example: self.loginname

Thank you for reply or any tips, help, .. :)

Yes, but it will require major work to the b3 core.

Hi, thank you for answer. Did you try to do something like this before? Because I don't know where to start :/ so I will be glad for any help.

I don't see any good replacement for the GUID, since the name e.g. can be faked. Probably you want your own Account menu mod or add something like !login secretpass

If you wanna learn a bit about B3 command parsing: https://killtube.org/showthread.php?1259-Tutorial-B3-Simple-and-Easy-Command-Adding!

Also you might wanna look at IzNoGoD's "persistent client variable" thread: https://killtube.org/showthread.php?1750-Saving-a-variable-client-side-(persistently)

The easiest (and even safest) would probably be a simple !login command tho: https://killtube.org/showthread.php?1201-Extension-Player-Command-Control-(includes-CHAT-Control-for-Builtin-B3!)

Also, in whole CoD2 there is no magic way to generate a "secure" guid, not even with the masterserver auth instance based on the cd key. There is at least one highly played CoD2 server which steals all cd keys from it's users. For your own security, you rather wanna not put any trust in guids for non-cracked players. On the other hand, who cares about the security of ingame commands like !kick

But if a malicious server admins has the admin cd key he might be able to escalate rights via intelligent use of !set (changing server cvars) or so

There is at least one highly played CoD2 server which steals all cd keys from it's users.
What server?

Won't mention/blame, since it's hearsay

Hello, I have one more question. Is there a way to completle block rcon? Someone is still trying to get our rcon pass and he usually success :/ So I have did not set rcon pass but he is still able to login with codrcontool..

If your rcon_password is not set at all then it should not allow any remote commands. Just don't set it at all.

Failing that, you could just replace sub_8097188 with an empty function (1.3)

Hi IzNoGoD, thank you for answer. But I'm not so good.. Where can I replace this sub_8097188?

Might be a bit easier to replace "rcon" or "login" via WinHex to some super secret "cron" and "inlog" or something.

iptables for packets starting with \xff\xff\xff\xffrcon might work aswell.

But what's the point? The real issue is that somebody is able to steal the password in the first place and that needs escalated rights, which you grant somehow.

Do you run untrusted mods? Maybe he sneaked some code into which prints the rcon cvar password to him. Try to search all "getcvar" calls via Notepad++ File Search and check if they query the rcon password. File searching for "rcon" is not enough, because it could be encoded like "r"+"con" etc.

If thats not the case, he might have access to the whole user account and you should set a new shell password.

Or maybe some other admin is simply telling/selling the password to random people.

The moment the "hacker" is using codrcontool, is a rcon password set? Keep watching the server console and check rcon_password, don't just run CoD2 as a headless daemon. What's your hosting environment?

Hi kung, we are running my own mod so I don't think that he can steal pass this way. I have removed rcon password so it was not set, but he was still able to login with codrcontools, even without password set..
Can you help me with iptables? I have no idea how ir should be formated (packet starting with .... ) And if I will block it, will it block everything related to rcon? Thank you for answer :)

Seems not so easy: http://stackoverflow.com/questions/825481/iptable-rule-to-drop-packet-with-a-specific-substring-in-payload

Also:



If thats not the case, he might have access to the whole user account and you should set a new shell password.




The moment the "hacker" is using codrcontool, is a rcon password set? Keep watching the server console and check rcon_password, don't just run CoD2 as a headless daemon. What's your hosting environment?

Without a rcon password set the server denies all rcon commands.

Something is wrong with your config.

I have did not set rcon password.. When I want to login it says that rcon password is not set. But he is still able to login (check screenshots, he sent me them on skype).

kung:
1) I have already changed all passwords and chacked last logins.. only me and co-owner of server has logged in (I trust him)
2) Rcon password is not set and we run our server on VPS

2) I don't think you understood what I asked for

I still guess @ simple backdoor in .gsc code or leaked password (maybe some trojan in OS aswell), since I can't imagine a CoD kiddie playing these kind of "hurr i hack u games" is going to exploit the shit out of CoD.