You got 2 options:
1. Switch to Linux + libcod.
2. sv_allowDownload 0.
And there is no option 3.
Printable View
You got 2 options:
1. Switch to Linux + libcod.
2. sv_allowDownload 0.
And there is no option 3.
Welp, I guess we're f...d then and have to go for option 3. sit and wait it out. I might be able to hack a script together that restarts the server as soon it goes offline, but that's just another workaround.
The 10 euros bounty still stands by the way. Not sure if it's patchable at all for Windows.
We're being extorted. I received this message today:
"if u want your COD2 servers online without Troubles ,,
Send cod2mp_s.exe which u already use it ,
send to this mail : [removed]
i will check my mail , if nothing .... forget ur servers then
but if u send , i will leave ur servers"
I have the IP of the sender, originates from Iran.
Since there are no guarantees the attacks will stop after I send him our binaries, I'd rather have the problem fixed instead of paying 'protection money'.
Therefore, I'm doubling the bounty to 20 euros for someone that can patch/fix the COD2 1.0 executable for Windows that stops these attacks, unless it's technically not possible. Then we'll just have to sit and wait.
What about blocking whole Iran with your firewall? Yes I know that it can be bypassed.
That could be an option yes. True, it can be bypassed via VPN or a proxy, but then he must be really dedicated to crash our servers.
You're right, it's not hard to use, but we run more than just COD2 servers on our Windows machine. We run ARK, Sniper Elite 3, TeamSpeak etc. I know some of those will also have a Linux variant available, but not all.
The most important reason we run Windows is because of Statsgen2. Now I could make Statsgen2 work with a Linux COD2 server, but that would require FTPing over logfiles etc and to be honest, I don't quite feel investing all that time and effort because some scriptkiddy is annoying is. But yes, you're right. Libcod would fix it, but again, I would be very grateful if someone could patch this exploit for Windows as well:)
PS. We've ran COD2 servers on Linux in the past. Headless, so Ubuntu Server (commandline only). After /boot got full with old kernels (100MB) and I accidentally deleted the wrong one (yes you're allowed to laugh), I gave up and switched to Windows Server.
Old kernels are mainly removed by apt-get autoremove.
Install proxmox and run it all virtualized through kvm. Supports windows and linux.
Oh that damn human kindness...
I was able to patch the exe but if something else will be broken, i dont care.
Patched the SV_UserinfoChanged() to ignore client snaps setting. (Just forced it to 20)
Original code:
Spoiler:
Patched code:
Spoiler:
Hex:
Spoiler:
A bit ugly but should do the trick. Plas test.
https://www.dropbox.com/s/hcdtplioe3...tched.exe?dl=0
And i dont need your money.
Virtualization would be an option yes, although I prefer Virtualbox for that. I could install Ubuntu Server in Virtual Box and make a virtual share/shared harddrive with the host OS (Windows) so that Statsgen would be able to grab it's logfiles. The drawback is that this costs quite some overhead in terms of CPU and RAM.
Many many thanks for your kindness, time and expertise! I will test it out! Also thanks for the instructions/source, 'Give a hungry man a fish, you feed him for a day, but if you teach him how to fish, you feed him for a lifetime.'
Which program do you use to modify the exe files? IDA Pro or an Hex editor?
PS. Did you modify the original cod2mp_s? We're using the one from Mitch, which allows Windows based COD servers to also show up on the masterlist. His exe can be found here:
https://killtube.org/showthread.php?...ll=1#post12540
Kind regards.
EDIT: It works! Well, I don't how to test if the exploit is being blocked (because I don't know how to execute the exploit), but at least I was able to connect to our server and walk around etc, so the server functions seem to be in working order.
As explained above, we use a modified COD2mp_s.exe by Mitch, which allows cracked servers to show up in the master list.
Thanks to your explanation/source how you patched/fixed the .exe, I managed to patch the modified COD2mp_s.exe by Mitch by myself. At least I hope I did it properly. I've attached it to this post: Attachment 1267
Again, server functions seem to be in working order, but I don't know if it actually blocks the exploit because I don't know how to execute it.
Once again, many many thanks!
Ida and hex (you can see the patched bytes on 3rd screenshot, they got red line bellow them). Patched cracked exe from mitch: https://www.dropbox.com/s/axh7ayr5y2..._snaps.7z?dl=0