Admin patch for Annihilation 2.x

Announcements, Important Things and other Cool Stuff

Moderator: Moderators

1 Mon Oct 25, 2004 2:55 am

Without going into specifcs that may leave unpatched servers exposed, there is an admin vulnerability in Annihilation.
This problem was carried over from Sex mod admin, and forgotten.
The patch will fix Sex Mod, and Annihilation 2.x
My apologies for any inconvenience this may have caused.

http://www.tribes0.com/adminFix.zip

-Plasmatic
User avatar
Plasmatic
Lead Developer
Lead Developer
 
Posts: 8375

2 Mon Oct 25, 2004 6:48 am

riiight...
Perrinoia
Suggestion bot 10,000
 
Posts: 11185

3 Mon Oct 25, 2004 6:58 am

wait a minute... all that does is change the hack to something else... thats not actually a fix... a real fix would remove the stupid functions from admin.cs, not replace the keywords with new ones.
Perrinoia
Suggestion bot 10,000
 
Posts: 11185

4 Mon Oct 25, 2004 7:26 am

Does it work?

Because if it works perr, im happy, no matter what it does :?
xboxmaster56
Change is Swell
 
Posts: 1906

5 Mon Oct 25, 2004 7:43 am

it will work till someone figures out how to use the fix to their advantage just as they used the original problem to their advantage.

i'd be the first to figure it out if i felt the need... but i can just delete the original problems easier than i could "fix" them...

they have no practical application, no purpose other than to admin plas on every server running a mod he coded, and since this particular function is the most easily abused one than it should be removed rather than replaced by a new, just as useless "fix".
Perrinoia
Suggestion bot 10,000
 
Posts: 11185

6 Mon Oct 25, 2004 7:45 am

in short. i don't trust plas anymore. i'm sticking with 1.31, and i'll attempt fix the old bugs/cheats my self.
Perrinoia
Suggestion bot 10,000
 
Posts: 11185

7 Mon Oct 25, 2004 9:45 am

There's a code in there that checks for a specific ip and gives him super admin. Plas's ip maybe?

But then again, he coded it so he's allowed :)
robindegen
I ril pr0 men
 
Posts: 6698

8 Mon Oct 25, 2004 11:00 am

Perrinoia, he fixed the admin vulnerability, not just changed it. Since you seem adept at Tribes programming, go read the code yourself...
Uber Mannastic 2
Spambot in training
Spambot in training
 
Posts: 16

9 Mon Oct 25, 2004 12:01 pm

i did, i loooked at it, it appears that it changes the variable that the original function looks for. inother words, you have to use a different name to hack or something... there is an ip mentioned in the original code, but if i'm able to use this hack, and my ip doesn't even match the first digit of his ip, then obviously it's not reserving the function to only him.

also, uber mannastiic2, why the hell are you posting on that name? don't post under alias, you don't need to protect your identity while defending plas's secretive autoadmin script.
Perrinoia
Suggestion bot 10,000
 
Posts: 11185

10 Mon Oct 25, 2004 12:17 pm

I guess you aren't as much of a Tribes programmer as I thought. It does not change any variables, but to say what it does do would compromise any unpatched servers.

Lol I get it, you think I am defending a bad patching of the admin vulnerability... I guess there is no way I can convince you that I am not, so I won't try. I guess you'll just have to either ask someone who knows what it does or go on using 1.31.

Oh and the admin-by-ip thing is totally different from what this patch addresses.
Uber Mannastic 2
Spambot in training
Spambot in training
 
Posts: 16

11 Mon Oct 25, 2004 5:03 pm

Uber Mannastic 2 wrote:I guess you aren't as much of a Tribes programmer as I thought.

I could have told you that... i can read scripts. but when i write them, there are too many syntax errors to function properly.
Uber Mannastic 2 wrote:It does not change any variables, but to say what it does do would compromise any unpatched servers.

that sentance doesn't make any sence... if it doesn't change any variables, why does say %var="rfygvyhkbkjn"; or something like that... which is almost exactly what the first one had in it, except that it included the words mannastic and mannamarkiic all jumbled together.. i don't know what it spells now when unjumbled.. but i'll figure it out when i get home and can use my own comptuer.
Uber Mannastic 2 wrote:Lol I get it, you think I am defending a bad patching of the admin vulnerability... I guess there is no way I can convince you that I am not, so I won't try. I guess you'll just have to either ask someone who knows what it does or go on using 1.31.

yes, i do think your defending it, and the only way i will be convinced other wise is when i get home tonight and test it myself. i beleive i can figure out the new variable... but i could be wrong. i'll probably set up a test server on another computer, and then connect from mine, so that i can do it without love up someone else's server or be autoadmined for being the host.
Uber Mannastic 2 wrote:Oh and the admin-by-ip thing is totally different from what this patch addresses.

i know it's different, i was replying to the mention of the ip range in this hack function thing, i said i couldn't figure out why it was there, unless it excludes that ip.. because i was able to use this cheat despite my ip being totally different.
Perrinoia
Suggestion bot 10,000
 
Posts: 11185

12 Mon Oct 25, 2004 5:05 pm

btw: why are you still posting on an alias account. the only reason your using that name is because that is the name associated with this function...

you act like we're gonna ban you for hacking or something... you didn't write the hack. you just brought it to our attention.
Perrinoia
Suggestion bot 10,000
 
Posts: 11185

13 Mon Oct 25, 2004 6:15 pm

i put the new patch on the au server

manastic came right in and had admin while i was watching and i banned him again.
Grog
Lt Commander
Lt Commander
 
Posts: 342

14 Mon Oct 25, 2004 6:53 pm

He either has the SAD password or you didn't install it correctly/didn't restart tribes after you installed it.

"the only reason your using that name is because that is the name associated with this function"

Uhm... Right... The reason I use this username is because I used it in Tribes. I'll PM you about what the function does...
Uber Mannastic 2
Spambot in training
Spambot in training
 
Posts: 16

15 Tue Oct 26, 2004 4:19 am

I did forget to add something in the read me. Add:
Code: Select all
exec("adminfix.dsc");
To the end of your config/annihilation.cs

This patch deletes the function responsible for the vulnerability.
User avatar
Plasmatic
Lead Developer
Lead Developer
 
Posts: 8375

16 Tue Oct 26, 2004 7:25 am

Perr and I tested that heck in a few servers, and it really does work for now...
xboxmaster56
Change is Swell
 
Posts: 1906

17 Tue Oct 26, 2004 10:24 am

it doesn't work on plas's server... which probably has the so-called "fix"

but i spent like 2 hours trying to figure out what the fix really did last night and all i was about to do was figure out that i don't REALLY know what String::findSubStr and String::getSubStr do... i think find matches a string with a segment or something... and get finds a segment of a string...

but i couldn't figure out the forumla that makes Manamarkiic fit into the string in the hack...

once i figure that out, i'll figure out what the new "fix" does...
Perrinoia
Suggestion bot 10,000
 
Posts: 11185

18 Tue Oct 26, 2004 1:44 pm

Plasmatic wrote:This patch deletes the function responsible for the vulnerability.
User avatar
Plasmatic
Lead Developer
Lead Developer
 
Posts: 8375

19 Tue Oct 26, 2004 5:26 pm

Uhm, Perrinoia, if you don't know what String::getSubStr and String::findSubStr do, then I don't know what makes you think you know anything near enough to have any reason to question Plas, so don't hurt yourself trying to figure it out as just do as Plas says... :D

(Scary really...)
Uber Mannastic 2
Spambot in training
Spambot in training
 
Posts: 16

20 Thu Oct 28, 2004 1:36 pm

did you have a few too many soda pops before posting that? cause it was incoherent....

anywho... plas IMed me and walked me threw the stupid function... and then i did the math and realized i'm an idiot... so now i'm back to square one... modifying 3.0 beta for AnnihilationCANADA!...

So if i could now refer you to the coder's hangout section. i have a few bugs i need your help to swat...
Perrinoia
Suggestion bot 10,000
 
Posts: 11185

Next

Return to News

Who is online

Users browsing this forum: No registered users and 1 guest

cron