Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Edit b3

  1. #1
    Private
    Join Date
    Mar 2014
    Location
    Czech Republic
    Posts
    11
    Thanks
    1
    Thanked 2 Times in 1 Post

    Edit b3

    Hello all, I'm running cracked server on CoD2 and I have got one suggestion.. As you know, b3 uses GUID to recognise players and my question is: Is possible to change it to something else? For example: self.loginname

    Thank you for reply or any tips, help, ..

  2. #2
    Assadministrator IzNoGoD's Avatar
    Join Date
    Aug 2012
    Posts
    1,718
    Thanks
    17
    Thanked 1,068 Times in 674 Posts
    Yes, but it will require major work to the b3 core.
    "Does not work" is an error report for a bug between keyboard and chair.

    All hail Artie Effem

  3. #3
    Private
    Join Date
    Mar 2014
    Location
    Czech Republic
    Posts
    11
    Thanks
    1
    Thanked 2 Times in 1 Post
    Hi, thank you for answer. Did you try to do something like this before? Because I don't know where to start :/ so I will be glad for any help.

  4. #4
    Assadministrator kung foo man's Avatar
    Join Date
    Jun 2012
    Location
    trailerpark
    Posts
    2,010
    Thanks
    2,102
    Thanked 1,084 Times in 753 Posts
    I don't see any good replacement for the GUID, since the name e.g. can be faked. Probably you want your own Account menu mod or add something like !login secretpass

    If you wanna learn a bit about B3 command parsing: https://killtube.org/showthread.php?...Command-Adding!

    Also you might wanna look at IzNoGoD's "persistent client variable" thread: https://killtube.org/showthread.php?...(persistently)

    The easiest (and even safest) would probably be a simple !login command tho: https://killtube.org/showthread.php?...for-Builtin-B3!)

    Also, in whole CoD2 there is no magic way to generate a "secure" guid, not even with the masterserver auth instance based on the cd key. There is at least one highly played CoD2 server which steals all cd keys from it's users. For your own security, you rather wanna not put any trust in guids for non-cracked players. On the other hand, who cares about the security of ingame commands like !kick

    But if a malicious server admins has the admin cd key he might be able to escalate rights via intelligent use of !set (changing server cvars) or so
    timescale 0.01

  5. #5
    Brigadier General
    Join Date
    Dec 2012
    Posts
    1,012
    Thanks
    440
    Thanked 171 Times in 132 Posts
    Quote Originally Posted by kung foo man View Post
    There is at least one highly played CoD2 server which steals all cd keys from it's users.
    What server?

  6. #6
    Assadministrator kung foo man's Avatar
    Join Date
    Jun 2012
    Location
    trailerpark
    Posts
    2,010
    Thanks
    2,102
    Thanked 1,084 Times in 753 Posts
    Won't mention/blame, since it's hearsay
    timescale 0.01

  7. #7
    Private
    Join Date
    Mar 2014
    Location
    Czech Republic
    Posts
    11
    Thanks
    1
    Thanked 2 Times in 1 Post
    Hello, I have one more question. Is there a way to completle block rcon? Someone is still trying to get our rcon pass and he usually success :/ So I have did not set rcon pass but he is still able to login with codrcontool..

  8. #8
    Assadministrator IzNoGoD's Avatar
    Join Date
    Aug 2012
    Posts
    1,718
    Thanks
    17
    Thanked 1,068 Times in 674 Posts
    If your rcon_password is not set at all then it should not allow any remote commands. Just don't set it at all.

    Failing that, you could just replace sub_8097188 with an empty function (1.3)
    "Does not work" is an error report for a bug between keyboard and chair.

    All hail Artie Effem

  9. #9
    Private
    Join Date
    Mar 2014
    Location
    Czech Republic
    Posts
    11
    Thanks
    1
    Thanked 2 Times in 1 Post
    Hi IzNoGoD, thank you for answer. But I'm not so good.. Where can I replace this sub_8097188?

  10. #10
    Assadministrator kung foo man's Avatar
    Join Date
    Jun 2012
    Location
    trailerpark
    Posts
    2,010
    Thanks
    2,102
    Thanked 1,084 Times in 753 Posts
    Might be a bit easier to replace "rcon" or "login" via WinHex to some super secret "cron" and "inlog" or something.

    iptables for packets starting with \xff\xff\xff\xffrcon might work aswell.

    But what's the point? The real issue is that somebody is able to steal the password in the first place and that needs escalated rights, which you grant somehow.

    Do you run untrusted mods? Maybe he sneaked some code into which prints the rcon cvar password to him. Try to search all "getcvar" calls via Notepad++ File Search and check if they query the rcon password. File searching for "rcon" is not enough, because it could be encoded like "r"+"con" etc.

    If thats not the case, he might have access to the whole user account and you should set a new shell password.

    Or maybe some other admin is simply telling/selling the password to random people.

    The moment the "hacker" is using codrcontool, is a rcon password set? Keep watching the server console and check rcon_password, don't just run CoD2 as a headless daemon. What's your hosting environment?
    timescale 0.01

  11. The Following User Says Thank You to kung foo man For This Useful Post:

    kubislav23 (19th April 2017)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •