Secure Wlserver Against "extasis"

1+12 · Post by **1+12** » Sat Feb 11, 2006 7:30 pm

1 wrote: Tommu00, can ya tell me what is wrong?...

My WorldLogserver.exe is named _3WorldLServer but when I run patsh.exe it says Cannot launch WorldLogServer...

But my friend for who the patsh.exe works for can do it, he sent his and it still wouldn't work for me.. =X

Can you tell me what im doing wrong, btw just incase if you need to know Im using Win XP Home edition.

Can anyone help me out?

Thanks

Desco · Post by **Desco** » Thu Feb 23, 2006 10:41 pm

i think that there is already a way to hack a server with pasth

laizkloom · Post by **laizkloom** » Fri Feb 24, 2006 9:20 am

tommu can you smtg with these guys who are using MainLog server for extasis.

tommu00 · Post by **tommu00** » Sun Feb 26, 2006 5:37 pm

1+12 @ Feb 10 2006 wrote:Tommu00, can ya tell me what is wrong?...

My WorldLogserver.exe is named _3WorldLServer but when I run patsh.exe it says Cannot launch WorldLogServer...

But my friend for who the patsh.exe works for can do it, he sent his and it still wouldn't work for me.. =X

Can you tell me what im doing wrong, btw just incase if you need to know Im using Win XP Home edition.

Here is the WorldLogServer I made and tested this WLPatsh with:
<a href='http://members.tiscali.fi/tommi00/_3WorldLServer.zip' target='_blank'>http://members.tiscali.fi/tommi00/_3WorldLServer.zip</a>

</div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Desco @ Feb 24 2006)</td></tr><tr><td id='QUOTE'>i think that there is already a way to hack a server with pasth[/quote]
Not that I know of, nor did I leave any hole's that I know of.

</div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (laizkloom @ Feb 24 2006)</td></tr><tr><td id='QUOTE'>tommu can you smtg with these guys who are using MainLog server for extasis.[/quote]
What does "smtg" mean?

Tafka12 · Post by **Tafka12** » Sun Feb 26, 2006 6:07 pm

that worldLpatch changed port and WS name back to default

tommu00 · Post by **tommu00** » Sun Feb 26, 2006 6:24 pm

Tafka12 wrote: that worldLpatch changed port and WS name back to default

If you mean WLPatsh by "worldLpatch" then I say that bullshit, it doesn't change anything. Only thing it changes (and thats temporary) is unused block of memory when it starts and only things it does is to check wether remote IP is allowed to connect or not.

1+12 · Post by **1+12** » Tue Feb 28, 2006 10:16 pm

I still get the error, heres a screenshot...

Dshaked · Post by **Dshaked** » Tue Feb 28, 2006 10:31 pm

I had same problem , i fixed it.I maked new folder , and downloader in <a href='http://helbreathss.tk' target='_blank'>http://helbreathss.tk</a> 3.51 server files , and i put them to new folder , and i tested, works.
Later i added my own server files little by little to folder, and always tested do it works , and later it works , all with my files.

:rolleyes:

1+12 · Post by **1+12** » Wed Mar 01, 2006 12:12 am

Dshaked wrote: I had same problem , i fixed it.I maked new folder , and downloader in <a href='http://helbreathss.tk' target='_blank'>http://helbreathss.tk</a> 3.51 server files , and i put them to new folder , and i tested, works.
Later i added my own server files little by little to folder, and always tested do it works , and later it works , all with my files.
:rolleyes:

What was the folder name?

sp1rit · Post by **sp1rit** » Wed Mar 01, 2006 3:01 am

As far as i know, no folders in the path should have spaces, but best one, i sugest is C:\Serv or any other drive...works the best.

ADDKiD · Post by **ADDKiD** » Mon May 15, 2006 11:35 pm

tommu00 wrote: yada yada, i didnt have time atm to check if there are any new magnificent
ways to protect your worldlogserver from unauthorized connections, besides
my last "worlogfilter" err heres the topic url, page 2(scroll a bit down):
<a href='index.php?showtopic=4093&hl=filter&st=25' target='_blank'>index.php?...hl=filter&st=25</a>

that didnt earn much "yawn" if i could say so, and the url became wasted so i
post here "new" url to it: <a href='http://members.tiscali.fi/tommi00/World ... Filter.zip' target='_blank'>http://members.tiscali.fi/tommi00/World ... ter.zip</a>

BUT to the new method, its here: <a href='http://members.surfeu.fi/tommi00/wlpatsh_v3.zip' target='_blank'>http://members.surfeu.fi/tommi00/wlpatsh_v3.zip</a>
its nifty executable patcher which launches WorldLogServer when you start
patsh.exe, patches it so that it tried memory compare on
WLServer.cfg with the ip address of the hgserver connecting to your worldlogserver

and if match is found, it allows it, otherwise it goes failed =)

be sure to understand this: it matches the ip against wlserver.cfg as a one
string, so every ip which matches the connecting user's ip, will be allowed
(gateserver ip = blaablaa) will be accepted (lazy, hurry, well generally
you dont add foreigner's ip's to wlserver.cfg)

if you want to disallow some ip, remove it completely from wlserver.cfg
if the patch cannot open wlserver.cfg for one reason or another, it will
allow every hgserver, be sure to try connecting to it yourself

**********************

usage: extract <a href='http://members.surfeu.fi/tommi00/wlpatsh_v3.zip' target='_blank'>http://members.surfeu.fi/tommi00/wlpatsh_v3.zip</a>
to your worldlogserver's folder, rename your worldlogserver to
_3WorldLServer.exe
and then start patsh.exe and voila (pray that you have even remotely same
kind of worldlogserver as i do, my wlserver's size is 106496bytes

i'm no expert in asm so it might crash but as far as i tested it, it did not
(well not anymore, at _last_

**********************

from. >_<

UPDATE!!!!!! I released version 2 (v2) as I noted BIG FREAKIN' mistake >:(
It let hgservers pass through due to a *drum drum* bug!

Now this wlpatsh_v2.zip does not do it, it also makes check so it can't
be crashed if hgserver sends its information as "zero". Keep posted, if I
find new bugs, I'll try to fix them (hope there's none anymore)

--------

Update!
After friggin stupid wlpatsh-hbhax overwriting-confusion(I just woke up), I managed to put this wlpatsh_v3.zip in the correct thread and correct .zip file..

It should have fixed those crashed on different os'es as it now relocates those functions it's using and doesn't just jump there assuming its in X.
Download the new version: <a href='http://members.surfeu.fi/tommi00/wlpatsh_v3.zip' target='_blank'>http://members.surfeu.fi/tommi00/wlpatsh_v3.zip</a>

Thanks for the patience.

I get this msg..

"Could Not Launch WorldLogServer"

Dshaked · Post by **Dshaked** » Tue May 16, 2006 2:19 pm

If yours _3worldserver are in some folder, it cant be in 2 folders, i mean make new folder to c:, and add little by little your files to it.
But first download files from www.helbreathss.tk, and test do it works, if it works add your files to the folder.

marleythe9 · Post by **marleythe9** » Wed Jan 03, 2007 12:33 am

this is a secure way for your WL
the ip code is buggy its stil hackable.

this u can create your own Password

so if the password is incorrect.
they cannot access your data

.

HG server code:
//---------Game.h-----------//

Code: Select all

char cSecurity[11];

//---------Game.cpp-----------//

in function

Code: Select all

CGame::bSendMsgToLS

Search

Code: Select all

case MSGID_REQUEST_REGISTERGAMESERVER:

after

Code: Select all

*cp = m_iTotalMaps;
  cp++;

add

Code: Select all

  memcpy(cp, cSecurity, 10);
  cp += 10;

  memcpy(cp, m_cGameServerAddrInternal, 16);
  cp += 16;

Change iRet to

Code: Select all

iRet = m_pMainLogSock->iSendMsg(G_cData50000, 55 + 6 + m_iTotalMaps*11);

Find

Code: Select all

CGame::bReadSettingsConfigFile

in the function after

Code: Select all

switch (cReadMode) {

add

Code: Select all

  case 26: 
  	if(strlen(token) <= 0) {
  	strcpy(cSecurity, "1");
  	}
  	if(strlen(token) > 10) {
  	strcpy(cSecurity, "1");
  	}
  	strcpy(cSecurity, token);
               cReadMode = 0;
               break;

after

Code: Select all

if (memcmp(token, "max-player-level", 16) == 0)  cReadMode = 20;

add

Code: Select all

if (memcmp(token, "Security-WL", 11) == 0)  cReadMode = 26;

//-------------settings.cfg----------//
add line

Security-WL = password

and hers the WL source.

kokodriloz · Post by **kokodriloz** » Wed Mar 28, 2007 11:40 pm

nice man! good job marleythe9 , all in 1 wl

bone-you · Post by **bone-you** » Thu Mar 29, 2007 2:22 am

wtf... you do realize that ALL of this can be avoided easily.

You want an non-hackable world log? Here's how I set mine up.

In the WLS on accept, if the ip matches the one the server is running on (or a list of server ips) then set m_pServerList->m_bIsGameServer = 1;

Code: Select all

	case MSGID_REQUEST_PLAYERDATA:
  // Sub-log-socket
  //if (_bCheckSubLogSocketIndex() == FALSE) return FALSE;

  if (m_pServerList[iClientH] == NULL) return;
  if (m_pServerList[iClientH]->m_bIsGameServer == FALSE) return;

Code: Select all

	case MSGID_REQUEST_REGISTERGAMESERVER:
  // °ÔÀÓ¼¹ö·ÎºÎÅÍ µî·Ï ¿äÃ» 
  if (m_pServerList[iClientH]->m_bIsGameServer == FALSE) return;
  RegisterGameServerHandler(iClientH, pData);
  break;

Code: Select all

	case MSGID_REQUEST_NOSAVELOGOUT:
  if (m_pServerList[iClientH]->m_bIsGameServer == FALSE) return;
  ProcessClientLogout(pData+6, FALSE, iClientH);
  break;

You get the idea. Basically only YOUR ip (or the preset list) can access server functions. The only function open to the public is the server enter command for clients switching servers. That blocks all hacking right there. Done.