r1ch.net forums
* Home Help Search Login Register
r1ch.net  |  r1ch.net stuff  |  R1Q2  |  Topic: UNSUPPORTED, UNOFFICIAL Q2Admin Security Update!
Pages: 1 2 [3] 4 5
Print
Author Topic: UNSUPPORTED, UNOFFICIAL Q2Admin Security Update!  (Read 77184 times)
R1CH
Administrator
Member

Posts: 2625



« Reply #30 on: January 31, 2005, 05:51:06 pm »

None?
Logged
3c^sunrise
Guest
« Reply #31 on: March 06, 2005, 05:43:07 am »

Few technical questions if i may.

1. NoCheat version problem
If i set the client_check variable to "3" i also have to set the version_check which is uncomfortable. When it's set to 2.34 everything seems to work, but the server is not allowing any newer clients, such as unofficial 2.40beta2 (which actually are pretty popular in Poland). When i set it to 2.40 or something, then 2.34 is blocked. While trying to disable (hash out) the variable, or leaving it as "" - again, the server kicks out, telling it wants the 1.0 version. None of the wildcards do work, i tried many of them. * or ?? does nothing. Separating 2.34 and 2.40 with a semicolon also seems not being understood by q2admin. (I use the Linux one) Is there _ANY_ way to allow multiple versions of NoCheat client? If there is no, if i may suggest something, i think it would be a good idea to write a small update in a free time (actually i'm a programmer and i know it would be only few code lines).

2. Multiple server IPs problem
Another thing which does not work as IMvHO it should do, is the amount of variables in which i can set the server IP's. I use my own situation as an example. I run a server which is accessible from many ways. The linux box itself has four different network interfaces with different IP classes:
eth0 with a single local area network addres (192.168.1.0/24 class; 192.168.1.1 addr) which i do use for my house and few quake2 playing neighbours.
eth1:1 with a wide area network addres (10.0.0.0/16 class; 10.0.2.95 addr) which is used for my ISP's WAN. The WAN is pretty big, cause it's connected to the whole district. It has over 7000 comps in it and a lot of quake2 players.
eth1 with an internet IP class and four addresses. I want all of them available for people from the world to connect my server.
And now similar to the problem #1, i was unable to set multiple values to theese variables. Some of You would probably ask if there's any sense to allow all them playing on one server, cause it may cause a big ping difference and things. Maybe if this was a league, pro, or whatever pro-based server it would, but actually it's an OSP Tourney DM (FFA) machine with some set of custom maps so it does make sense to make the server as accessible as possible. I solved that problem by hashing out (disabling) both the "serverip" and "lanip" variables which i know is insecure, but seems to be the only way for now.

What do i suggest for these is to get rid of the "serverip" and "lanip" variables, replacing it with something like "serverip1", "serverip2", "serverip3" and so on, or just get rid of "lanip" variable and allowing the "serverip" to use multiple values separated by semicolon or whatever ASCII charracter. The same i would suggest to the "version_check" variable.

Anyway if there is any better solution, let me know.

Thanks!
Logged
Bossman
Member

Posts: 486


« Reply #32 on: March 06, 2005, 07:57:44 am »

 Now there is some old commands from the q2ace add on for q2admin.txt one of them is this...
speedbot_check_type "1"
speedbot_new_msec "1060"
   I am not to up on this but it is lower then the sv_msecs of 1800 that is default set for r1q2 could that be a problem for those seeing the 'irregular movement' Just a thought...

Maybe some of them commands still in your q2admin.txt file
Logged
QwazyWabbit
Member

Posts: 402


« Reply #33 on: March 06, 2005, 08:35:23 am »

What do i suggest for these is to get rid of the "serverip" and "lanip" variables, replacing it with something like "serverip1", "serverip2", "serverip3" and so on, or just get rid of "lanip" variable and allowing the "serverip" to use multiple values separated by semicolon or whatever ASCII charracter. The same i would suggest to the "version_check" variable.

I can't find these variables in the Q2admin, r1q2 or quake2 3.21 source files at all. Where is the documentation for their use to be found? Is this OSP Tourney mod specific? If so, it seems illogical to multihome a server and then specify an IP address. I also don't see how telling the server its own IP address has anything to do with securing it.
Logged
3c^sunrise
Guest
« Reply #34 on: March 06, 2005, 11:51:47 am »

I can't find these variables in the Q2admin, r1q2 or quake2 3.21 source files at all. Where is the documentation for their use to be found? Is this OSP Tourney mod specific?

Nope, i was thinking of q2admin 1.17.43 and it's "AppendSettings.txt" which do contains these variables.

I also don't see how telling the server its own IP address has anything to do with securing it.

Most z-bots, ratbots or other bots does a kind of "quake2 proxy server" wchich redirrects your connection through itself to the correct server. Nocheat remembers the exact address that u've connected and tells it to the server. For example while running some versions of ratbot, it starts as 127.0.0.1:some_port (or other IP u have configured on your box), and to use it you have to connect that IP:port, then u get redirected to the server u specified in ratbot's configuration... but the NoCheat client remembers that u connected 127.0.0.1 not the server IP. The NC client shows that IP to the server and if it does not match any of IPs configured in the server variables, q2admin it will kick u - even if the ratbot itself wasn't detected. Probably that's a good reason for setting server IPs.....
Logged
R1CH
Administrator
Member

Posts: 2625



« Reply #35 on: March 06, 2005, 12:52:31 pm »

I didn't mention it in the original post, but this version also fixes a security hole. Well I guess it's been long enough, here's the exploit for all versions of Q2Admin >= 1.17 except this patched one. The bug exists in the play_team functionality and the way Q2Admin intercepts the client printf function. Even if play_team is disabled, Q2Admin still checks for the "swpplay" string to indicate a play_team command. However, it doesn't filter the ; character, allowing you to string together multiple commands through something such as:

say "swpplay foo ; ccmd"

ccmd will then be stuffed to every client. Eg say "swpplay foo ; say I'm an idiot!" will make every client say "I'm an idiot". Use your imagination to come up with more exciting commands! Then bug the server admin to remove Q2Admin or something.
« Last Edit: March 06, 2005, 01:34:59 pm by R1CH » Logged
Bossman
Member

Posts: 486


« Reply #36 on: March 07, 2005, 08:48:17 am »

  What happens if you leave the version check blank?? Seems like then it would allow all nocheat versions. Maybe?
Logged
3c^sunrise
Guest
« Reply #37 on: March 07, 2005, 09:09:45 pm »

As i wrote in the previous post,

(...) While trying to disable (hash out) the variable, or leaving it as "" - again, the server kicks out, telling it wants the 1.0 version. None of the wildcards do work, i tried many of them. * or ?? does nothing.  (...)

Logged
Bossman
Member

Posts: 486


« Reply #38 on: March 08, 2005, 09:22:54 am »

   OK try this out it worked for me.... On the version check  do it like this it allows both  or probley all 3 versions of nocheat..

version_check "0"

You can leave the client check at 3 too.

I tried it on my windows server not the Linux one, but it should work there too.
Logged
3c^sunrise
Guest
« Reply #39 on: March 12, 2005, 12:44:27 am »

Didn't worked for me...
When i set the version_check to "0" (leaving the client_check "3") and connected to the server using q2 NC 2.34 it kicked me out telling it wants nocheat v0  embarassed

I run quake2 ncserver 0.3 (libc) with q2admin 1.17.43 and a hacked OSP Tourney 2.76 mod (all the hacks i've actually done myself refers to some things displayed in the game, such as (Admin) instead of <<<Referee>>> and stuff, so it just cant be any reason; i've tried on an original OSP2.76 dll too) on http://www.linuxfromscratch.org/ Linux 2.4 box with glibc 2.2.5 if this might be any of help...

The quake address is clan.31337.la:27910 if any of u would like to try it himself, but i don't know if this might be any of help.

I really have no idea what to do...

Anyway thanks really much for all the posts.
Logged
Bossman
Member

Posts: 486


« Reply #40 on: March 12, 2005, 07:59:24 pm »

  I was using R1q2 when I did it not the nocheat server, you can use r1q2 and still have just nocheat people come in with it set up like that,  Instead of the ncserver 0.3 (libc). Unless you were having trouble with your mod with r1q2?

Anyway sorry though you were using r1q2.
Logged
R1CH
Administrator
Member

Posts: 2625



« Reply #41 on: March 12, 2005, 08:39:37 pm »

Use client_check 0 to disable the NoCheat requirements. The version_check setting appears to be bugged from looking at the source, it will never do anything.
Logged
R1CH
Administrator
Member

Posts: 2625



« Reply #42 on: March 16, 2005, 11:04:18 pm »

Since some people prefer the 1.326 versions of Q2Admin, here is a binary patch to the Windows 1.326d Q2Admin DLL:
http://r-1.ch/q2admin-1.326d-win32-patched.zip

Do NOT use the Q2Admin lrcon functions with this DLL as I was unable to patch the bug that causes memory corruption (looking at the disassembly I actually think this bug may already be fixed in 1.326d... hard to tell though).
Logged
Bossman
Member

Posts: 486


« Reply #43 on: March 17, 2005, 07:40:19 am »

  Do you have the one for Linux too? Or can we just rename it?
Logged
R1CH
Administrator
Member

Posts: 2625



« Reply #44 on: March 17, 2005, 01:13:37 pm »

I don't know how to do disassembly and binary patching on Linux as well as I do on Win32, so no, there won't be a Linux 1.326d patch unless I get bored one day Smiley.
Logged
Pages: 1 2 [3] 4 5
Print
r1ch.net  |  r1ch.net stuff  |  R1Q2  |  Topic: UNSUPPORTED, UNOFFICIAL Q2Admin Security Update!
Jump to:  

Powered by SMF 1.1.19 | SMF © 2013, Simple Machines