| Jan 1, 2004, 09:51 AM | |
|  Laser shield detection 
		  
			
			This is one of the things that has bothered me since I released the first version of project Cataclysm. It is as well one of the things known for most server crashes in the past and can still be seen today. It is mostly done by newbies who learned it a moment ago and want to show their new 1337 cheating skills online by lasering servers and/or crashing them on purpose. It has just recently happened to me while I was hosting an idle server. Fortunately I was watching at the screen when some foo joined my empty server, looked if anyone was in it and then started to laser it. I quickly typed ban and reached for enter... BOOM! My server crashed just a moment before I pressed enter. It's just sick if there's no way to prevent this. No wonder all dedicated servers are gone. Hopefully there will be more servers if someone puts a stop to this crashing once and for all! I know. I should have used anticrash but according to my knowledge that doesn't fully help. The thing is to detect the laser user and ban him immediately before causing any damage. So does anyone in any way know or have any ideas how to detect if a user is using laser shield? For normal shields I would simply look at the shield memory address and see if it is non-zero: Fire shield = 1 Water shield = 2 Plasma shield = 3 The problem is that when a client uses laser shield the server would simply not see it as the shield memory address remains at 0 instead of changing to 4. Cataclysm was programmed to detect the laser shield this way but this is the reason it doesn't work. According to my currend knowledge detecting laser shield is possible (I said it's possible but we don't yet know how) via memory editing. There must be an address that changes when a laser is fired. Yes. There must be at least one or server and all other players would not see laser at all. But finding this address is the tricky part as I would have to freeze the entire jj2 exactly when I see a laser shot so the address doesn't change and can be picked by a memory searcher. I have no luck so far. The second way of detecting it would be looking onto the packets from each player and finding the "laser" packets. This is again challenging as there are countless packets to analyze. These are my ideas but there may be more ways than just this. Has anyone ever succeeded in detecting laser shield (I mean by using a program, not just looking at jj2 display, doh)? I would like to upgrade Cataclysm to detect laser shields but I need a way "how to" first. Yes. I'm asking for a bit of help. Is anyone willing to do any research on this? If the memory editing way fails, the packet editind would have to do. I would prefer the packet editing way as it can be upgraded to filter out other evil and dangerous packets. I should've posted this topic long time ago. Well? 
				__________________ <a href="http://nmap.org/"><img border="0" alt="Nmap Security Scanner" src="http://images.insecure.org/nmap/images/prop/nmap_bnr_matrix_pfos.gif"/></a> | 
| Jan 1, 2004, 04:43 PM | |
| 
		  
			
			What would be even cooler would be if you could code so once it detected the lezer shield user, it kicks/bans that user as soon as it is fired.
		 | 
| Jan 1, 2004, 06:12 PM | |
| 
		  
			
			Wow...really? I didn't know that.  Seriously, I didn't. I think I should be more informed on these things before I open my big gob   | 
| Jan 1, 2004, 07:51 PM | |
| 
		  
			
			I guess if the player data doesn't indicate the sheild, probably the only thing that is different are the shots fired.  Shots are far too dynamic to be able to find in memory, I would think, and so reading the network packets would work best.  Most likely it would be with the shot-fired packet, but I don't know how much of the networking (if any) you have figured out to be able to find those.
		 
				__________________ <div style="float: right; width: 100px; height: 70px; margin: 5px 15px;"><img src="http://madskills.org/monolith/idleserver.gif" style="width: 98px; height: 65px;"><img src="http://madskills.org/monolith/theserver.gif" style="width: 98px; height: 65px; position: relative; top: -65px;"></div><div style="margin: 0 3em; font-size: 80%; font-style: italic;">Love is patient, love is kind. It does not envy, it does not boast, it is not proud. It is not rude, it is not self-seeking, it is not easily angered, it keeps no record of wrongs. Love does not delight in evil but rejoices with the truth. It always protects, always trusts, always hopes, always perseveres.</div><div style="text-align: right; text-size: 80%;">1 Corinthians 13:4-7</div> | 
| Jan 2, 2004, 03:54 AM | ||
| Quote: 
 Yes, I know some networking with winsock so far. I wrote a part of code for the JazzForce, allowing you to join passworded levels by entering the password right into JazzForce  I was the one who analyzed the password packets and figured out the checksum pattern/algorithem. The hard one that is :P Spazzyman did the easy one. So packet analyzing would not be a problem for me. The problem is that I need to intercept the packets and analyze/filter them before they reach jj2. To do that I would require a packet filtering code (which I have no idea how to do in Visual Basic). 
				__________________ <a href="http://nmap.org/"><img border="0" alt="Nmap Security Scanner" src="http://images.insecure.org/nmap/images/prop/nmap_bnr_matrix_pfos.gif"/></a> | ||
| Jan 4, 2004, 03:29 PM | |
| 
		  
			
			I've attempted to analyze the packets JJ2 uses for gameplay without success.  There are just too many (hundreds every minute) to really isolate anything.  I haven't had much time to try recently though, so maybe if I looked at it again I could do something. How long are you back for, Overlord? We should probably talk about this further. 
				__________________ With our extreme gelatinous apology, We beg to inform your Imperial Majesty, Unto whom be dominion and power and glory, There still remains that strange precipitate Which has the quality to resist Our oldest and most trusted catalyst. It is a substance we cannot cremate By temperatures known to our Laboratory. ~ E.J. Pratt | 
| Jan 4, 2004, 07:00 PM | |
| 
		  
			
			Does JJ2 use both TCP and UDP for game packets? I wonder if it would transmit shots being fired over the TCP connection since they'd want to make sure those packets get transmitted.  If that's so, then they might be easier to find as there should be less TCP packets.  Otherwise you'll just need to start filtering packet types until you could be able to see the different packet upon firing a shot.  Ideally there are unique identifiers for each type of packet, so you could easily filter out the often-sent non-shot ones.  And hopefully the packets aren't compressed, which could be possible if their networking is anything like their file formats.
		 
				__________________ <div style="float: right; width: 100px; height: 70px; margin: 5px 15px;"><img src="http://madskills.org/monolith/idleserver.gif" style="width: 98px; height: 65px;"><img src="http://madskills.org/monolith/theserver.gif" style="width: 98px; height: 65px; position: relative; top: -65px;"></div><div style="margin: 0 3em; font-size: 80%; font-style: italic;">Love is patient, love is kind. It does not envy, it does not boast, it is not proud. It is not rude, it is not self-seeking, it is not easily angered, it keeps no record of wrongs. Love does not delight in evil but rejoices with the truth. It always protects, always trusts, always hopes, always perseveres.</div><div style="text-align: right; text-size: 80%;">1 Corinthians 13:4-7</div> | 
| Jan 4, 2004, 07:42 PM | ||
| Quote: 
 
				__________________ With our extreme gelatinous apology, We beg to inform your Imperial Majesty, Unto whom be dominion and power and glory, There still remains that strange precipitate Which has the quality to resist Our oldest and most trusted catalyst. It is a substance we cannot cremate By temperatures known to our Laboratory. ~ E.J. Pratt | ||
| Jan 5, 2004, 07:39 PM | |
| 
		  
			
			If you could, Link or Overlord or someone, post a chunk of recorded packets somewhere, I'd take a look at it and see if I could find anything.  Guessing from how simple it's been to mess up multiplayer already, I wouldn't think they had put too much effort into obscuring or securing the packets.
		 
				__________________ <div style="float: right; width: 100px; height: 70px; margin: 5px 15px;"><img src="http://madskills.org/monolith/idleserver.gif" style="width: 98px; height: 65px;"><img src="http://madskills.org/monolith/theserver.gif" style="width: 98px; height: 65px; position: relative; top: -65px;"></div><div style="margin: 0 3em; font-size: 80%; font-style: italic;">Love is patient, love is kind. It does not envy, it does not boast, it is not proud. It is not rude, it is not self-seeking, it is not easily angered, it keeps no record of wrongs. Love does not delight in evil but rejoices with the truth. It always protects, always trusts, always hopes, always perseveres.</div><div style="text-align: right; text-size: 80%;">1 Corinthians 13:4-7</div> | 
| Jan 9, 2004, 06:27 AM | ||
| Quote: 
  On topic: Yes. I have noticed that there are 2 types of packets that are transmitted between server and a client during the game. I didn't know they are TCP and UDP. I thought they use the same protocol tho something didn't feel right in Winsock Packet Editor (shortly WPE from now on) as some packets had a "Send To" signature while most other had only a "Send" signature. Or was that vice-versa? Anyway I think the Send To are TCP ones - the first (2) ones a client sends to a server when joining a game. These can be fairly easily analyzed as they appear to be unencrypted. But it is the other ones (UDP) that contain player information and stuff. I haven't been able to find a pattern here so far either but I'll look a little deeper into the code once I get back home next week :P Until then, Monolith, I suggest you get a packet editor like WPE (for XP you will need WPE Pro Alpha). Analyzing the packets is just the first step towards our goal. Next step is to find a way to filter these packets and log them. A program in VB would be nice. C++ too but more people appear to know VB better than C so I would not be very much of use in C++ coding.  Let's proceed with the first step. First things first! 
				__________________ <a href="http://nmap.org/"><img border="0" alt="Nmap Security Scanner" src="http://images.insecure.org/nmap/images/prop/nmap_bnr_matrix_pfos.gif"/></a> | ||
| Jan 12, 2004, 02:54 PM | ||
| Quote: 
 I'm one of the few lucky people who doesn't use XP. (It sucks, just plain sucks.) -RoW | ||
| Jan 15, 2004, 11:12 AM | ||
| Quote: 
 http://www.jazz2online.com/downloads 
				__________________ <a href="http://nmap.org/"><img border="0" alt="Nmap Security Scanner" src="http://images.insecure.org/nmap/images/prop/nmap_bnr_matrix_pfos.gif"/></a> | ||
| Jan 17, 2004, 01:35 AM | |
| 
		  
			
			Spazzyman has a long time ago maked a prog to show the weapon of the other players maybe can modifed version of this prog detect laser shield and ban the shield user
		 
				__________________ Spamm0rn Rulzort<Note: Signature edited.> save your freedom in the web    Germany RuLeZ!  Quotes: hmm....- Xayo fool.-Yumoma I thanched the rules.-Stud Fastfood Quotes: "Try the new McPlastic burger today!"-defalcon That's goin' in my sig, right now.-Coppertop The dad of Jazz,Spaz and Lori:   | 
| Jan 18, 2004, 11:15 AM | |
| 
		  
			
			project omega also sees what weapon is used, you can use a tag to say like: My -blaster- is better than your -toaster-!!! if the value for detecting the weapon can be sent trough to cataclysm you can kick/ban em if it is -laser-. whatever, i hardly do HTML so dont expect help from me. -Scatman | 
| Jan 18, 2004, 12:12 PM | ||
| Quote: 
 
				__________________ <a href="http://nmap.org/"><img border="0" alt="Nmap Security Scanner" src="http://images.insecure.org/nmap/images/prop/nmap_bnr_matrix_pfos.gif"/></a> | ||
| Jan 18, 2004, 12:34 PM | ||
| Quote: 
 
				__________________ With our extreme gelatinous apology, We beg to inform your Imperial Majesty, Unto whom be dominion and power and glory, There still remains that strange precipitate Which has the quality to resist Our oldest and most trusted catalyst. It is a substance we cannot cremate By temperatures known to our Laboratory. ~ E.J. Pratt | ||
| Feb 2, 2004, 04:02 AM | ||
| Quote: 
 
				__________________ <a href="http://nmap.org/"><img border="0" alt="Nmap Security Scanner" src="http://images.insecure.org/nmap/images/prop/nmap_bnr_matrix_pfos.gif"/></a> | ||
| Feb 2, 2004, 05:19 AM | |
| 
		  
			
			TOPIC REVIVE >((((((( Actually, it's good that the topic is back in life, because it's like this: SOMEONE HAS AN IDLE SERVER ON SOME FIEND COMES AND LASERS IT BYE BYE, IDLE SERVER That shall be stopped =( | 
| Feb 4, 2004, 01:36 PM | |
| 
		  
			
			Well I only know a little C++ and barely any Java, but my idea is this:  Instead of trying to discover the lazer shield values in the packets or whatever, what if you write some code that finds out that they don't  have the fire shield, water shield, etc, or no shield on?  Then, when it finds that none of those values are met, the lazer shield would be the only option left and it can safely ban the player.  I imagine you've thought of that already and there's some reason it won't work...
		 | 
| Feb 4, 2004, 02:31 PM | ||
| Quote: 
 | ||
| Feb 4, 2004, 09:35 PM | |
| 
		  
			
			k. I think I got it. Address [pm2Overlord.A] shows what weapon they use, so if they changed the weapon instead of getting the shield, that would stop it. The other way is to check [pm2Overlord.B] and see if there is any time on their shield timer, and then check if [pm2Overlord.C] says if it is shield one, two or three. If not, then they are using either a lazer shield or a negitive shield. Both are ban material. `N0 
				__________________ <.< >.> -.- | 
| Feb 5, 2004, 02:28 AM | ||
| Quote: 
 | ||
| Feb 5, 2004, 06:27 AM | ||
| Quote: 
 That post was a personal attack And could you just stay on topic? | ||
| Feb 5, 2004, 01:36 PM | |
| 
		  
			
			I think N0 is right with the no_weapon+no_shield=ban_material method i only think of when you join, youll have no weapon selected yet so you will be banned immidiatly (probably im wrong but hey i cant even write proper HTML) i think N0` s idea is worth giving a try. | 
| Feb 6, 2004, 09:30 AM | ||
| Quote: 
 I have been doing some research on the packets recently and I think I know how to detect not if a user has the laser shield but when a user fires it. The thing now is to make a packet filter in VB that would analyze the packets from each client and because I believe packets don't contain any data from which client they come the filter would somehow have to find the source IP of the packet (where they came from) and compare it to the client IP database found in jj2 memory. This would allow me to get the client number and BANG! This user has been banned. Have a nice day. 
				__________________ <a href="http://nmap.org/"><img border="0" alt="Nmap Security Scanner" src="http://images.insecure.org/nmap/images/prop/nmap_bnr_matrix_pfos.gif"/></a> | ||
| Feb 6, 2004, 03:31 PM | |
| 
		  
			
			Done a little testing... And it seems that when you look at a client with a lazer shield, both [pm2overlord.b] and [.c] both equal zero.  When they don't have a sheild,  B = -4 and C = 0 I now know that lazer time works with shields 1-3, but not 4. Uh, I know nothing about packets, so if it works, inform us, ok? `N0 
				__________________ <.< >.> -.- | 
|  | 
  		«
  			Previous Thread
  			|
  			Next Thread
  		»
  	
  
  
  
  
  
  
  
  
  
  
  
  | Thread Tools | |
| 
 | 
 | 
All times are GMT -8. The time now is 07:33 AM.
		Jazz2Online © 1999-INFINITY (Site Credits). Jazz Jackrabbit, Jazz Jackrabbit 2, Jazz Jackrabbit Advance and all related trademarks and media are ™ and © Epic Games. Lori Jackrabbit is © Dean Dodrill. J2O development powered by Loops of Fury and Chemical Beats. Powered by vBulletin® Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Original site design by Ovi Demetrian. DrJones is the puppet master. Eat your lima beans, Johnny.


 
    	    
    		  
    		  
    		  
    		


 
  
 