cheater

Page: 1 2 3 4 

  • Comrade

    It seems that giving Finch access to my VPN server at nullptr.one to allow him to host his own public server wasn't so good idea...

    0
  • Koenigsegg

    From what I see, two players are using this modified client now.

    !validate 68 xxxx_1587152346 ctaoistrach

    !validate 19 xxxx_1587516554 FinchMaster

    What happens when 10+ players are using the modified client and

    using it to propagate cheat on any server?

    No real concerns for me at this time. But, I wonder

    if zi cares and is the entire Crymp.net profile system compromised?

    0
  • Unknown user

    "Ich bin enttäuscht :(" dude wovon den bitte?
    Entweder benutzt du Google translate oder dein Deutsch ist einfach nur am Arsch..

    0
  • Zi;

    Geez, and this is exactly why standard !validate + well implemented validation mechanism are best way to stay safe. I didn't really want to do this, but looks like public key cryptography will become a must :D I don't think profile ID is compromised, as that !rpc thing was never meant to be solid proof about accounts.

    You know, when you do !validate 12345 abcdefgh_123 Nomad, that second part abcdefgh_123 can be used to verify whether first part 12345 is correct and not spoofed.

    All it takes is to simply connect https://crymp.net/api/validate?a=FIRST_PART&b=SECOND_PART&fetch and read result...

    0
  • Koenigsegg

    @ zi,

    You could have sent me that script by private mail since it only concerned me, like others here have, but no you posted it for all to see.

    "!rpc thing was never meant to be solid proof about accounts".

    So you sent me something that was never meant to be solid proof about accounts?

    A hackers dream come true. I guess it wasn't that important.

    I got a private mail says that FinchMaster is affiliated to German Crysis? really?

    Well, that explains it.

    He just executed a script on my server an attempt to deleted bans list. That failed :D

    FinchMaster has how many known statc_ids? Take a look!

    1008708
    1007578
    1008321
    1008858
    1008874


    0
  • Zi;

    The thing is, those IDs can be real, static ID really isn't nothing more that computer ID, so if somebody owns 3 computers, then he also has 3 of these IDs.

    Anyways, you can still counter this, but problem is, your server needs to contact CryMP using http to get response.
    Alongside static_id, in !rpc, you also get static_proof, so if you need to verify whether static ID is real or fake, all you gotta to is:

    1. Connect https://crymp.net/api/validate?a=STATIC_ID&b=STATIC_PROOF&fetch
    2. If response is {"msg":"ok"}, then ID is real, otherwise it's fake

    But again, you need your SSM to be able to use HTTP. In case it doesn't, you can install curl and make sure that it's inside Windows environment path (so when you type curl in Command prompt, it actually works and doesn't say Unknown command) and use this snippet:
    function Validate(id, proof)
    	id = tostring(id)
    	proof = tostring(proof)
    	if id:match("^[0-9]+$") and proof:match("^[0-9a-f]+$") then
    		local tmp = "Tmp"..tostring(math.random()).."_"..tostring(os.time())
    		os.execute("curl --silent \"https://crymp.net/api/validate?a="..id.."&b="..proof.."&check=1&fetch&_\"; > "..tmp)
    		local handle = io.open(tmp, "r")
    		local result = handle:read("*all")
    		handle:close()
    		os.remove(tmp)
    		if result:find([[{"msg":"ok"}]]) then
    			return true
    		else return false end
    	else
    		return false
    	end
    end

    And now you can do local isOk = Validate(static_id, static_proof), but this might cause small lag, because it's using cURL.
    Btw you can use this even if you wanted to properly implement !validate ID Proof Name, by simply passing ID and Proof as parameters.

    0
  • Koenigsegg

    @ Zi,

    But again, you need your SSM to be able to use HTTP.

    example of http script from past on the forum or crysis1 website. Can't find.

    0
  • Zi;

    Code above works for any SSM as long as you have curl installed.

    Quoting myself:

    But again, you need your SSM to be able to use HTTP. In case it doesn't, you can install curl and make sure that it's inside Windows environment path (so when you type curl in Command prompt, it actually works and doesn't say Unknown command) and use this snippet:


    cURL: https://curl.haxx.se/windows/
    How to set up on Windows: https://stackoverflow.com/a/16216825 bottom part of the post

    0
  • Koenigsegg

    @ zi,

    I look for script example where you show someone trying to use http to connect ssm Patriot server.

    I have error somewhere in current script I'm using.
    I can't seem to find the example on crysis1 website or here. I've already done all the above.

    0
  • Zi;

    Maybe you are looking for this https://crymp.net/thread?id=304 ?

    0
Page: 1 2 3 4