Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: because i can

  1. #1
    Private First Class php's Avatar
    Join Date
    Nov 2012
    Posts
    142
    Thanks
    28
    Thanked 116 Times in 59 Posts

    because i can

    -
    Last edited by php; 19th March 2021 at 14:37.

  2. The Following User Says Thank You to php For This Useful Post:

    smect@ (4th April 2014)

  3. #2
    Assadministrator kung foo man's Avatar
    Join Date
    Jun 2012
    Location
    trailerpark
    Posts
    2,010
    Thanks
    2,102
    Thanked 1,084 Times in 753 Posts
    Closed source: unsecure as fuck, Company gives no fuck.
    timescale 0.01

  4. #3
    Private First Class php's Avatar
    Join Date
    Nov 2012
    Posts
    142
    Thanks
    28
    Thanked 116 Times in 59 Posts
    -
    Last edited by php; 19th March 2021 at 14:38.

  5. The Following User Says Thank You to php For This Useful Post:

    BurntToast (4th April 2014)

  6. #4
    ... connecting
    Join Date
    Sep 2013
    Posts
    1
    Thanks
    6
    Thanked 0 Times in 0 Posts
    Honestly though why did you post this? You didn't even propose a useful method of protecting against it, instead choosing to release this "big security breach" to the public.

  7. #5
    Private First Class php's Avatar
    Join Date
    Nov 2012
    Posts
    142
    Thanks
    28
    Thanked 116 Times in 59 Posts
    -
    Last edited by php; 19th March 2021 at 14:38.

  8. The Following User Says Thank You to php For This Useful Post:

    smect@ (4th April 2014)

  9. #6
    Assadministrator kung foo man's Avatar
    Join Date
    Jun 2012
    Location
    trailerpark
    Posts
    2,010
    Thanks
    2,102
    Thanked 1,084 Times in 753 Posts
    Quote Originally Posted by BurntToast View Post
    You didn't even propose a useful method of protecting against it, instead choosing to release this "big security breach" to the public.
    Your fears in honor, but this "possibility" exists for a long time and not only CoD1, also CoD2 and CoD4. Is something more secure, because less people know about it, though others exploit it already?

    I don't have Facebook, maybe somebody wants to inform Infinity Ward.

    Probably it wouldn't even be allowed to patch those security errors, since Reverse Engineering is not allowed.

    Just asked php to test this in Sandboxie, the download and execution still works, but it might give more security, because it prevents total access on the filesystem.

    Sandboxie is able to whitelist processes, this may help (please try php and tell us ):

    Click image for larger version. 

Name:	sandboxie_1.jpg 
Views:	133 
Size:	46.4 KB 
ID:	686

    Click image for larger version. 

Name:	sandboxie_2.jpg 
Views:	129 
Size:	96.0 KB 
ID:	687

    All big Companies start seeing the value of Open Source, Google with Android, Microsoft is open sourcing C# etc... I hope IW will release the source code of Call Of Duty 1, 2, 4... otherwise there is nobody fixing their bugs.
    timescale 0.01

  10. The Following User Says Thank You to kung foo man For This Useful Post:

    smect@ (4th April 2014)

  11. #7
    Private First Class php's Avatar
    Join Date
    Nov 2012
    Posts
    142
    Thanks
    28
    Thanked 116 Times in 59 Posts
    -
    Last edited by php; 19th March 2021 at 14:38.

  12. #8
    Brigadier General
    Join Date
    Oct 2012
    Posts
    994
    Thanks
    20
    Thanked 588 Times in 388 Posts
    OK, I am a little confused. Perhaps some clarification would help:

    You can spoof an executable and make it look like an IWD/PK3 file. And this can be downloaded to the client as if it were a mod file. How is the executable started once its in the client's PC? Is it self-executing? I was under the impression that it is very difficult to make a self-executing executable. Even viruses need you to execute them before they can do any damage.

    Or, does the fake-IWD/PK3 file sit there and wait/hope that the client gets curious and double-clicks it to see what it is?
    Last edited by Tally; 4th April 2014 at 18:35.

  13. #9
    Private First Class php's Avatar
    Join Date
    Nov 2012
    Posts
    142
    Thanks
    28
    Thanked 116 Times in 59 Posts
    -
    Last edited by php; 19th March 2021 at 14:39.

  14. #10
    Brigadier General
    Join Date
    Oct 2012
    Posts
    994
    Thanks
    20
    Thanked 588 Times in 388 Posts
    Quote Originally Posted by php View Post
    Would love to tell you, but I won't.

    EDIT:
    The client itself doesn't have to do anything, upon connecting or whenever u want (in the gif upon playerspawn) you can do it.
    Then it's pointless you telling us about it. So you can make an executable mascaraed as a PK3 file. Whoppyfuckingdoo. If it doesn't do anything then no one is going to worry.

  15. The Following User Says Thank You to Tally For This Useful Post:

    BurntToast (5th April 2014)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •