I started mentioning this in the JJ2 Abuse Thread, but heres its own thread.

A Project started by Overlord and myself to help protect the JJ2-MP from the abuse it gets.

Filter version 0.2 has just been released which includes the ability to block Laser Shields from being used online. It also has "ASD" crash prevent and Download Blocker.

All these filters only need to be used by the Server. All traffic from every player is routed thru the server so if the server is running these filters, they will take affect on everyone in the game. So if your a client and you run this, it wont do you much good.


Download Blocker was used on the Bash server, it blocks your JJ2 from sending levels/tilesets to clients. This could be useful in organized events like JDC or JJ2WC, where users can download the maps/tilesets from a site before an event therefore stopping servers suffer from download lag.

"ASD" Crash prevent stops the deadly silent attacks which can be launched from the recently leaked "ASD" tool. Certain people have been actively using this online to crash servers. Its a silent cowdly attack, which can now be blocked.

Laser Shield Protection will stop lasers from being used in your Server. Clients can still cheat and get a laser shield, but the server will NOT see the shield, nor will anyother clients (as all data is routed thru the server). If a user starts firing with the laser shield, there charactor will show the firing animation, but will be firing blanks. No one else can see the laser fire as its dropped by the filter.


You can get access to these filters at:
http://nimmy-online.com/jj2networkfilter


Enjoy

Good job for creating these filters, they will become very useful to the community.

Erm, yeah, my Norton really calls it a "Trojan Horse", not a "Hack Tool", and turning off protection from HackTools doesn't stop it...

Edit: I put the Jazz2 folder on the Exclusions list, and now it doesn't call it malware anymore...

Quote:

Originally Posted by Bas

Erm, yeah, my Norton really calls it a "Trojan Horse", not a "Hack Tool", and turning off protection from HackTools doesn't stop it...

As me and Boggy mentioned in the other thread, its not a Trojan horse. I also mentioned in the other thread if you go round accusing it of being one like you are, your gonna end up stopping people from taking this up, therefore leaving more servers open to attack.

Nortons actual response is:
http://securityresponse.symantec.com...ktool.wpe.html
Notice "HackTool" not "Trojan Horse"

What is a HackTool, according to Norton?
Tools that can be used by a hacker or unauthorized user to attack, gain unwelcome access to or perform identification or fingerprinting of your computer. While some hack tools may also be valid for legitimate purposes, their ability to facilitate unwanted access makes them a risk.

The reason Norton may class this as a HackTool is its ability to monitor/record packets. It needs to do this to allow people to make efficent filters to block packets which cause halm (eg: ASD Silent Attack).

Then again, Norton also told me a program i use for sharing desktops called Remote Administrator needed to be removed as it COULD be used for naughty purposes. I'd say take Nortons warnings with a pinch of salt or consider a AntiVirus package which actually only deals with real threats, like AVG AntiVirus available at: http://free.grisoft.com

gj, can you say sticky?

Nobody ever tries to pull of this crap in my server, but ill download it anyway.

Nimrod, Bas wasn't accusing you of anything, he was merely reporting what he had observed.

Anyway, I have plans for a filtering program based on a different system, which may make things simpler.
(Warning: extreme geekery follows)
Basically, it's possible to bind in-front of a program by binding to a specific IP address instead of 'any'. That way it's possible to create a proxy for JJ2 that runs on the same computer, with the same TCP/UDP ports. The only downside of this is that attempting to kick or ban a user by IP through JJ2 will kick/ban everyone, so as a workaround the proxy could watch for special commands (like "!kick" and/or "!ban"), remove them from the packet stream, and kick/ban the specific player.

If you can do that, AND make it XP compattable, that would be friggin awesome, for lack of a better phrase.

Quick question: to all of you who a) use or b) would consider using an anti-cheat anti-crash network filter, what would be a reasonable minimum system spec? Windows 95? 98? ME? NT 4? 2000? XP?

It will run under Windows 2000, as that's what my development machine runs. But I want to know if I need to support 9x, as it affects my choice of system APIs and just how I implement this (e.g. there's one way of writing this wich requires at least windows 2000, and another way which is not as good but will work under 9x/NT)

I'd say 2K and up, but that's just because I use 2000 and XP.

I can give you information about how renaming works, or even the ApprehendJJ2 source code, if you're interested in adding that sort of blocking to this. As for the operating system, maybe make two versions if it's not too much trouble.

Just a little status update with the filter (so don't worry - I haven't abandoned it). I'm having some problems getting the bind-in-front trick to work - it works with the Winsock control in VB6 and netcat, it works with JJ2 and netcat, but it doesn't work with VB6 and JJ2. So I'm currently trying to work out what netcat does differently with networking stuff.

Thanks for the offer, Link. I'm currently trying to get something solid working first, before I add filtering to it. But this could concieveably be used to block most network attacks, as I intend to proxy both the TCP and UDP traffic. I intend to add support for special commands sent through the chat system, to allow kicking and banning to work (because of how this works JJ2 would see all connections as coming from localhost, and so kicking/banning by IP would just boot everyone off).

As soon as I've got something that works, I'll post it here for people to test and attempt to break. Unfortuantly I can't host or join JJ2 myself, due to router issues (if anyone knows the magic incanctations needed to make a Vigor 2200USB work with JJ2, I'd be grateful).

I do appreciate you guys releasing this list of hacks. So, instead of setting them to block these packets, it will send them when i type a certain text like say"CRASH 1"
.
BTW: You should all thank me for my help on this project since I pointed out a vulnerability it had to Overlord.(The usage of the LASER bullets YOU REMEMBER DON'T YOU? n00b...)
EDIT:NORTON AND AVG BOTH SUCK BTW MCAFEE STILL OWNS YOUR SOUL. (AS YOU CAN ACTUALLY DISABLE THE PROGRAM EASILY WITH-OOT THE USE OF A DEBUGGER.

Thanks for crediting me too, Nimrod

Quote:

Originally Posted by Spazzyman

Thanks for crediting me too, Nimrod

I credit you for helping me learn packets in WPE, giving me the ability to make filters

Quote:

Originally Posted by fiendmm++

I do appreciate you guys releasing this list of hacks. So, instead of setting them to block these packets, it will send them when i type a certain text like say"CRASH 1"

I think your find, its far easier just to join a network game, and select Laser Shield in Jazz Advantage and fire, than to edit the filters to change there effect. So congrats on wasting your time.

Quote:

Originally Posted by fiendmm++

BTW: You should all thank me for my help on this project since I pointed out a vulnerability it had to Overlord.(The usage of the LASER bullets YOU REMEMBER DON'T YOU? n00b...)

I dont think overlord owes you any thanks. You seem to hate Overlord, soley based on he knows more than you, and uses his knowledge to help? Unlike you, who just uses the knowledge you learnt from Overlord to look "cool" and attack people.

Calling him a n00b? Go ahead but we know the truth dont we.

Quote:

Originally Posted by fiendmm++

EDIT:NORTON AND AVG BOTH SUCK BTW MCAFEE STILL OWNS YOUR SOUL. (AS YOU CAN ACTUALLY DISABLE THE PROGRAM EASILY WITH-OOT THE USE OF A DEBUGGER.

Thanks for advertising Mcafee, I'm sure there thank you with a free copy

Actuall Viper helped us once and made a sprite viewing program. Yay.

I am not a white hat (-) cat like Overlord. :P Black Hat for life!
and BTW: I would only have to copy the Chat packet i wish to send the malicious code into the top part and place the malicous code on the the bottom and yes this would be easier since I dont have jazz trainers. I have what we HACKERS call addresses (I wouldn't expect you to know about those nimmy ).

Quote:

Originally Posted by fiendmm++

yes this would be easier since I dont have jazz trainers.

Don't lie.

Quote:

Originally Posted by fiendmm++

I have what we HACKERS call addresses (I wouldn't expect you to know about those nimmy ).

HACKER CALL ADDRESSES? Some sort of HACKER STUFF?
Oh go you, you l33t hax0r

Memory address would be blocked though, same packets. (Omg that is my limited knowledge at werk.) Except there are a few gun values that would give you laser, when last I checked.

Quote:

Originally Posted by Nimrod

Don't lie.



HACKER CALL ADDRESSES? Some sort of HACKER STUFF?
Oh go you, you l33t hax0r

You know I don't use trainers. Remember when you downloaded my desktop of dc++? Yeah, look for a working trainer you won't find one. And if you need to be condescending to someone to boost your poor british little self esteem go ahead, we americans don't have problems with self esteem like you "Blokes".

Quote:

Originally Posted by Sonyk

Memory address would be blocked though, same packets. (Omg that is my limited knowledge at werk.) Except there are a few gun values that would give you laser, when last I checked.

You can't block the editing of memory addies because I can do whatever I want on the client side but the server would block oh say lazers but no one will use this program for more than a week since it's not built into a jazz client.... and then there are the people who don't know it exists because they stay away from this shoddy forum.

Quote:

Originally Posted by fiendmm++

You know I don't use trainers. Remember when you downloaded my desktop of dc++? Yeah, look for a working trainer you won't find one. And if you need to be condescending to someone to boost your poor british little self esteem go ahead, we americans don't have problems with self esteem like you "Blokes".

Last I knew I didn't have any problems with self esteem. And yes, I am British.

Quote:

You can't block the editing of memory addies because I can do whatever I want on the client side but the server would block oh say lazers

Correct. You can do whatever you like with your client. The filter can happily block any attempts made by your client to intefere with the server. Is this a problem?

Quote:

...but no one will use this program for more than a week since it's not built into a jazz client....

This program is designed to be run on the server only, and is not designed to be run on the client. The only people who need to know about the filter are those who host games, not those who join games.

Quote:

and then there are the people who don't know it exists because they stay away from this shoddy forum.

You're assuming that the *only* place this filter will ever be advertised is here.

Quote:

Originally Posted by fiendmm++

You know I don't use trainers. Remember when you downloaded my desktop of dc++? Yeah, look for a working trainer you won't find one. And if you need to be condescending to someone to boost your poor british little self esteem go ahead, we americans don't have problems with self esteem like you "Blokes".

You give me another reason to be sad about being american.

Quote:

Originally Posted by BoggyB

And yes, I am British.

I don't have a problem with you or nimmy but, nimmy and I go back and forth over things like this. Kind of a yin versus yang so to speak.(nimmy = light, I = dark)

Quote:

Originally Posted by BoggyB

The filter can happily block any attempts made by your client to intefere with the server. Is this a problem?

No I was pointing out a flaw in what sonyk said.

Quote:

Originally Posted by BoggyB

This program is designed to be run on the server only, and is not designed to be run on the client. The only people who need to know about the filter are those who host games, not those who join games.

You're assuming that the *only* place this filter will ever be advertised is here.

Der? But, you seemed to have missed my point, this will not automatically run with jazz and WPE has a tendency to crash because 1)It is and will forever be a BETA and 2) It's DLL injection have roots in the 9x API's(It still uses old code since Olly didn't revamp the entire program).
To go to WPE's official site which contains another useful tool(T-Search) go to: http://fly.to/mtc
another good resource for this kind of stuff is http://www.gamehacking.com (they offer resources and tutorials for the usage of WPE and other GAME HACKING SOFTWARE)

Quote:

Originally Posted by fiendmm++

Der? But, you seemed to have missed my point, this will not automatically run with jazz and WPE has a tendency to crash because 1)It is and will forever be a BETA and 2) It's DLL injection have roots in the 9x API's(It still uses old code since Olly didn't revamp the entire program).

Okay, but you seem to have also missed my point which is that only people hosting games need to run the filter. I didn't know about the instability of WPE, but you always end up with funky stuff happening when you try dll injection. This is something I aim to avoid with my filtering system (when I eventually finish it - I was not amused when I managed to wedge Win2k with my latest changes not saved. I must write that autosaver for VB).

Quote:

Originally Posted by BoggyB

Okay, but you seem to have also missed my point which is that only people hosting games need to run the filter. I didn't know about the instability of WPE, but you always end up with funky stuff happening when you try dll injection. This is something I aim to avoid with my filtering system (when I eventually finish it - I was not amused when I managed to wedge Win2k with my latest changes not saved. I must write that autosaver for VB).

I didn't miss that I just choose not to comment on the thing you are elluding to.

Anyone think this needs to get locked before people start getting warnings?

Quote:

Originally Posted by Spazzyman

Anyone think this needs to get locked before people start getting warnings?

Why would anyone get warnings? This is just a healthy discussion on the future of hacking and crashing in jazz.

This is horrible. Nimrod and Overlord came out with a pretty solid way to stop annoying server crashes in JJ2, and you're just spitting in their face. I also think the links you posted should be removed. They're just going to encourage hundreds of n00bs to get memory editors and screw with JJ2.

In my personal experience, these filters have worked perfectly. I only wish there was a way to distribute them without WPE Pro, because I expect this will encourage lots of idiots to take up the fine art of packet editing.

Quote:

Originally Posted by Black Ninja

I only wish there was a way to distribute them without WPE Pro, because I expect this will encourage lots of idiots to take up the fine art of packet editing.

Ditto black ninja
I'd work on a way if you found a library for me to use to block specific packets ;d

c++/vb work..as long as I am able to manipulate the packets as i please...then I could have it block any dos/f9/rename/ w/e attack

See now that's the hard part Spazzyman. I haven't found any such library yet myself.

Yeah it's very tough. The best I can find is just a sniffing library for c++.

Quote:

Originally Posted by Spazzyman

Yeah it's very tough. The best I can find is just a sniffing library for c++.

Then maybe you should stop being lazy and contact corsica :P(Windows packet editor was written in microsoft visual c++) Olly is pro open source so maybe you could drop corsica an email for some help. BTW: You probably won't get the WPE source but, Olly will most likely try to help your n00bish little self.

EDIT: Those websites for learning to use wpe and other useful tools are http://fly.to/mtc (Windows Packet editor's Home) and http://www.gamehacking.com (Has good tutorials and other network tools which maybe useful)

I've approached the Orbitz issue a different way and made another suitable way to block him.

The Network Filter is still the best thing around to stop ASD attacks (and other attacks) as it stops anyone launching those attacks at you. The problem is the only program we got the filter working with is WPE Pro. Some people are uncomfortable with this program as it can be used for naughty stuff to, it also sets off some AntiVirus programs which some people are not amused by.

Its because of this I have also made a Jazz 2 Network Blocker. It works with a program called "PeerGuardian" which blocks selected IP addresses. It has a special filter I created which contains Orbitz IP Address. By running this program Orbitz will be blocked from everything on you host on your PC (including JJ2 Games). The problem with this is it doesnt stop anyone else performing attacks on you, and if Orbitz finally managed to change his IP it would need to be updated to work. Its because of this that I wont be promoting this too much, but will provide it for those who are still under constant attack.

You can download it from here: http://nimmy-online.com/jj2networkfilter/peer.zip
Just unzip it all into one location, and run the exe. It will be a icon in your tray when its active.

I hope this helps some of you unable to work with the Network Filter.
Alternative if you have a Firewall or Router with an IP Block feature, you could just add the IP: 24.114.132.155
This is Orbitz current IP I've seen him use. If it changes someone please let me know

Thanks, and get back to enjoying hosting jj2 games.

Can't you just ban orbitz from the listservers? That networkfilter is good and peerguardian increases the chances of him not harming a computer which runs peerguardian but he might just change his ip and also I think he found other methods how to crash servers that networkfilter cant block yet. Sonyk hosted a server protected by the network filter. The result was: Crashed by orbitz. Sonyk downloaded peerguardian and until now he is quite safe. But as I said before orbitz might just change his ip. Also it is annoying to run about 5 tools to play jazz2 properly (networkfilter, peerguardian and more e.g. seekerholefix, pc4, gamma, respawn or other stuff). I say just ban that silly guy from the listservers and bye. As some jazzer already said: We are getting owned by a 10 years old noob and some admins dont even care. Nimrod tried to push it but he failed - though he has been making progress recently. Also not everyone will be willing to run the networkfilter or peerguardian or other tools.

Quote:

Originally Posted by Umba

Can't you just ban orbitz from the listservers? That networkfilter is good and peerguardian increases the chances of him not harming a computer which runs peerguardian but he might just change his ip and also I think he found other methods how to crash servers that networkfilter cant block yet. Sonyk hosted a server protected by the network filter. The result was: Crashed by orbitz. Sonyk downloaded peerguardian and until now he is quite safe. But as I said before orbitz might just change his ip. Also it is annoying to run about 5 tools to play jazz2 properly (networkfilter, peerguardian and more e.g. seekerholefix, pc4, gamma, respawn or other stuff). I say just ban that silly guy from the listservers and bye. As some jazzer already said: We are getting owned by a 10 years old noob and some admins dont even care. Nimrod tried to push it but he failed - though he has been making progress recently. Also not everyone will be willing to run the networkfilter or peerguardian or other tools.

I agree this hacking situation must become under someone's control. I don't agree with banning someone from the listserver however because of the fact that they can easily bypass it by using the gip scripts. The only thing that would do is inconvience them and not allow them to host. I sincerely doubt the problem was with him hosting. I also doubt this fellow knows how to change his IP since he is using a trainer pack and a program which I'm told was written by a member of the group formerly known as the J2HG(although I'm not sure what they are as I am long time listener first time caller).

Quote:

Originally Posted by Umba

Can't you just ban orbitz from the listservers? That networkfilter is good and peerguardian increases the chances of him not harming a computer which runs peerguardian but he might just change his ip and also I think he found other methods how to crash servers that networkfilter cant block yet. Sonyk hosted a server protected by the network filter. The result was: Crashed by orbitz. Sonyk downloaded peerguardian and until now he is quite safe. But as I said before orbitz might just change his ip. Also it is annoying to run about 5 tools to play jazz2 properly (networkfilter, peerguardian and more e.g. seekerholefix, pc4, gamma, respawn or other stuff). I say just ban that silly guy from the listservers and bye. As some jazzer already said: We are getting owned by a 10 years old noob and some admins dont even care. Nimrod tried to push it but he failed - though he has been making progress recently. Also not everyone will be willing to run the networkfilter or peerguardian or other tools.

Right now the network filter is still the most effective means of protecting your game servers. It's more effective than banning him from the list servers because that's not a perfect solution either.

If you care, I just caught another renamer, DrEggman.

Quote:

Originally Posted by BoggyB

I was not amused when I managed to wedge Win2k with my latest changes not saved. I must write that autosaver for VB).

so what? you work for microsoft now? cause reprogramming VB as you state you can do is 100% ILLEGAL.

Quote:

Originally Posted by Nimrod

Its because of this I have also made a Jazz 2 Network Blocker. It works with a program called "PeerGuardian" which blocks selected IP addresses. It has a special filter I created which contains Orbitz IP Address. By running this program Orbitz will be blocked from everything on you host on your PC (including JJ2 Games).

What if he runs through a proxy server? What will you do then?

i only state that because i use proxy and i can be ip banned on jazz servers and log right back on. though i haven't played jazz in a while.

COMPLETELY DIFFERENT SUBJECT

well i've been away for a while (my car broke down) how's everyone doing? How's your mother? your father workin'?

yeah... i said it....

Quote:

Originally Posted by VashtheStampede

so what? you work for microsoft now? cause reprogramming VB as you state you can do is 100% ILLEGAL.

Did I ever say it would require reprogramming VB? Nope. Then don't jump to conclusions so quickly. The best way of creating an auto-saver for VB would probably be to create an add-in by following the documentation available on the MSDN for doing so.