Luigi Auriemma

me@aluigi.org [PGP]


News QuickBMS Research MyToolz Advisories Proof-of-concepts Fake players bug Patches Password recovery MyMusic TestingToolz About... RSS feeds
aluigi.org zenhax old forum mirror   twitter linkedin
SEARCH
adv.htm
    any game based on DP8 like Robot Arena 2, Dungeon Siege 2, Vietcong, Deer Hunter 2004 and 2005, Trophy Hunter 2003, Homeworld 2, Freelancer, Giants, Sacrifice, SWINE, Wings of War, ...
    18 Jul 2010:  adv - poc - dplay8blah


adv.htm
    Unreal Tournament 3, Unreal Tournament 2003 and 2004, Dead Man's Hand, Pariah, WarPath, Postal2, Shadow Ops, ...
    15 Sep 2008:  adv - poc - unreaload


adv.htm
    Multiple vulnerabilities in Live for Speed 0.5X10 (game)
    14 Aug 2007:  adv - poc - lfsbof


adv.htm
    Details about the hlfreeze/hl-headnut/csdos/"Born to be pig" bugs (game)
    06 Apr 2007:  adv - poc - hlfreeze/hl-headnut/csdos/Born to be pig


adv.htm

adv.htm

adv.htm

adv.htm

poc.htm

poc.htm

poc.htm

poc.htm

poc.htm

poc.htm

poc.htm

poc.htm

poc.htm

poc.htm

poc.htm

poc.htm

papers.htm

papers.htm
    sudppipe -l unreal_sudp.dll SERVER 7777 1234
    then from the console of the game (~ key) type: open 127.0.0.1:1234

  • Unreal engine basic client and Fake Players DoS (unrealfp)
    link to the experimental client emulator tool available in the Fake Players section.
    it allows to send custom "control" commands to the servers based on the Unreal engine.

fakep.htm
  • Generic TCP Fake Players DoS 0.2.2a (tcpfp)
    basic tool which creates multiple simultaneous connections to a specific host and port, something similar to a simple "for(;;) connect();" supports also some options for adapting it to specific types of servers through the sending of custom data (-f option).

fakep.htm
    it's interesting to notice that various programs which accept TCP connections suffer of some negative effects caused by their stressing through this simple tool.

  • Unreal engine basic client and Fake Players DoS 0.2.8 (unrealfp)
    interesting project about a basic client for sending custom commands to the servers of almost any game based on Unreal engine 1, 2 and 3:
    - America's Army

fakep.htm
    - with the games based on the Unreal 3 engine and where is possible to use the JOINSPLIT command (Unreal Tournament 3, America's Army 3 and so on), it's enough to specify such command for testing the filling of the entire server slots using only one player: unrealfp -1 -x 2 -s JOINSPLIT 1 64 -l "ui_bink_master?Name=player?team=0?Face=0" 127.0.0.1 7777

  • Torque game engine Fake Players DoS 0.1 (torquefp)

  • C4 Engine Fake Players DoS 0.1 (c4fp)

fakep.htm

fakep.htm

fakep.htm
    supports both normal and invisible (-i) fake players.
    works with both Shadow of Chernobyl and Clear Sky.

  • Crysis invisible Fake Players DoS 0.1 (crysisfp)
    can test passworded server without knowing the keyword.


fakep.htm

fakep.htm

fakep.htm

fakep.htm
    works only with servers without authentication (WON/Steam) and implements the testing of all the hlfreeze/hl-headnut/csdos/Born_to_be_pig vulnerabilities.
    try using "-p 1 -r steam" or "-p 4 -r valve" or "-p 2 -r 00000000000000000000000000000000" (substituiting that hash with your valid Steam "raw" hash) for Steam and Valve authenticated servers or directly the -x option for testing all the bugs (the manual testing is preferred).

  • Kaillera Fake Players DoS 0.1 (kaillerafp)

  • SA:MP invisible Fake Players DoS 0.1.12 (sampfp)

fakep.htm

fakep.htm

fakep.htm

  • ZDoom Fake Players DoS 0.1 (zdoomfp)

  • Zdaemon Fake Players DoS 0.1.3a (zdaemonfp)
    due to the default limit in the server (when the tester was created this limit/fix didn't exist) which doesn't allow more than 2 players from the same IP this tool is autolimited to 2 fake players each 26 seconds.


fakep.htm

fakep.htm

fakep.htm

fakep.htm

fakep.htm

fakep.htm

fakep.htm

fakep.htm

fakep.htm

fakep.htm

fakep.htm

fakep.htm

  • IGI 2: Covert Strike Fake Players DoS 0.1a (igi2fp)

  • FunLabs games Fake Players DoS 0.1a (funlabsfp)
    this tool should work with all the games developed by FunLabs: 4X4 Off-road Adventure III, Cabela's Big Game Hunter 2004 Season, Cabela's Big Game Hunter 2005, Cabela's Deer Hunt 2005 Season, Cabela's Dangerous Hunts, Revolution, Secret Service - In harm's Way, Shadow Force: Razor Unit, US Most Wanted: Nowhere To Hide and possibly others.
    works partially also with servers protected by password without knowing the keyword.

fakep.htm

fakep.htm

fakep.htm

fakep.htm

fakep.htm

fakep.htm

fakep.htm

fakep.htm
    can test any password protected server without to know the keyword.
    causes a crash of the games that use the UDP protocol.

  • Lithtech engine Fake Players DoS 0.3 (lithfp)
    can test servers protected by password without knowing the keyword
    compatible with almost any existent game based on the Lithtech engine and other can be added easily through their GUID at command-line:

fakep.htm

fakep.htm

fakep.htm
    that version of DirectPlay is used by various games (DirectX 8/9, the older use DirectPlay 7) which can be easily recognized by the dpnsvr.exe process and/or the UDP port 6073 in listening mode when the server is running.
    it uses some files (called join_files) needed for each specific game because, except some of them, many games use some particulars parameters in the join packet which sometimes change even between different game versions.
    read the text file inside for all the needed information, details and examples.
    latest dp8games package: 30 Aug 2005
    example of games which use the DirectPlay 8 protocol: Age of Wonders Shadow Magic, Bandits, Besieger, Dangerous Waters, Deer Hunter 2004 and 2005, Dungeon Siege 1 and 2, DXQuake 3, FairStrike, Freelancer, G.I. Combat Episode I, Gekkeiju, Giants: Citizen Kabuto, Hidden " Dangerous 2 / SS, Homeworld 2, Il rosso e il nero, Jolt3D, Judge Dredd vs Death, Locomotion, Monopoly Tycoon, New World Order, No brakes 4x4 racing, O.R.B, Operation Blockade, Operation Flashpoint, Perimeter, Pro Bass Fishing 2003, Pro Rugby Manager 2004, Robot Arena 2, S.W.I.N.E., Sacrifice, Scorch an Island, SkyTracks, State of Emergency, Steel Tide, Supreme Ruler 2010, Trophy Hunter 2003, True Crime Streets of LA, Vietcong, Warlords Battlecry III, Warrior Kings, Wings of War, Condor, FSHost and more.

fakep.htm
    fake players tester for all the DirectPlay games (version 7 and below).
    If you don't know what games support this version of DirectPlay check if they open the ports 47624 and 2300, typical of this version of DirectPlay.

  • Teamspeak Fake Players DoS 0.2.1 (tspeakfp)
    the code is enough commented and the tool supports also some options for testing/stressing specific parts of the application.


fakep.htm

fakep.htm

fakep.htm

fakep.htm

fakep.htm

fakep.htm

fakep.htm

fakep.htm
    - other engines
    the tool contains some interesting options for choosing the nicknames to use and moreover to send a sequence of custom commands to the server for each fake player.

  • Medal of Honor (AA, SH and BT) Fake players DoS 0.2.1a (mohaafill)
    proof-of-concept specific for the Medal of Honor games: Allied Assault, Spearhead and Breakthrough.
    the only requirement is for the last two games (SH and BT) where is required a valid online cd-key to test an internet server due to the usage of online authentication.

fakep.htm

fakep.htm

fakep.htm

fakep.htm

fakep.htm

72 results found