Admin patch for Annihilation 2.x

Announcements, Important Things and other Cool Stuff

Moderator: Moderators

User avatar
Plasmatic
Lead Developer
Lead Developer
Posts: 8376
Joined: Mon Apr 29, 2002 11:00 pm
Location: 4th State of matter.
Contact:

Admin patch for Annihilation 2.x

Post by Plasmatic » Mon Oct 25, 2004 2:55 am

Without going into specifcs that may leave unpatched servers exposed, there is an admin vulnerability in Annihilation.
This problem was carried over from Sex mod admin, and forgotten.
The patch will fix Sex Mod, and Annihilation 2.x
My apologies for any inconvenience this may have caused.

http://www.tribes0.com/adminFix.zip

-Plasmatic

Perrinoia
Suggestion bot 10,000
Posts: 11185
Joined: Sat May 04, 2002 11:00 pm
Location: Rhode Island

Post by Perrinoia » Mon Oct 25, 2004 6:48 am

riiight...

Perrinoia
Suggestion bot 10,000
Posts: 11185
Joined: Sat May 04, 2002 11:00 pm
Location: Rhode Island

Post by Perrinoia » Mon Oct 25, 2004 6:58 am

wait a minute... all that does is change the hack to something else... thats not actually a fix... a real fix would remove the stupid functions from admin.cs, not replace the keywords with new ones.

xboxmaster56
Change is Swell
Posts: 1906
Joined: Fri May 09, 2003 10:15 am

Post by xboxmaster56 » Mon Oct 25, 2004 7:26 am

Does it work?

Because if it works perr, im happy, no matter what it does :?

Perrinoia
Suggestion bot 10,000
Posts: 11185
Joined: Sat May 04, 2002 11:00 pm
Location: Rhode Island

Post by Perrinoia » Mon Oct 25, 2004 7:43 am

it will work till someone figures out how to use the fix to their advantage just as they used the original problem to their advantage.

i'd be the first to figure it out if i felt the need... but i can just delete the original problems easier than i could "fix" them...

they have no practical application, no purpose other than to admin plas on every server running a mod he coded, and since this particular function is the most easily abused one than it should be removed rather than replaced by a new, just as useless "fix".

Perrinoia
Suggestion bot 10,000
Posts: 11185
Joined: Sat May 04, 2002 11:00 pm
Location: Rhode Island

Post by Perrinoia » Mon Oct 25, 2004 7:45 am

in short. i don't trust plas anymore. i'm sticking with 1.31, and i'll attempt fix the old bugs/cheats my self.

robindegen
I ril pr0 men
Posts: 6698
Joined: Thu Jul 10, 2003 3:20 pm

Post by robindegen » Mon Oct 25, 2004 9:45 am

There's a code in there that checks for a specific ip and gives him super admin. Plas's ip maybe?

But then again, he coded it so he's allowed :)

Uber Mannastic 2
Spambot in training
Spambot in training
Posts: 16
Joined: Sat Oct 23, 2004 3:49 pm

Post by Uber Mannastic 2 » Mon Oct 25, 2004 11:00 am

Perrinoia, he fixed the admin vulnerability, not just changed it. Since you seem adept at Tribes programming, go read the code yourself...

Perrinoia
Suggestion bot 10,000
Posts: 11185
Joined: Sat May 04, 2002 11:00 pm
Location: Rhode Island

Post by Perrinoia » Mon Oct 25, 2004 12:01 pm

i did, i loooked at it, it appears that it changes the variable that the original function looks for. inother words, you have to use a different name to hack or something... there is an ip mentioned in the original code, but if i'm able to use this hack, and my ip doesn't even match the first digit of his ip, then obviously it's not reserving the function to only him.

also, uber mannastiic2, why the hell are you posting on that name? don't post under alias, you don't need to protect your identity while defending plas's secretive autoadmin script.

Uber Mannastic 2
Spambot in training
Spambot in training
Posts: 16
Joined: Sat Oct 23, 2004 3:49 pm

Post by Uber Mannastic 2 » Mon Oct 25, 2004 12:17 pm

I guess you aren't as much of a Tribes programmer as I thought. It does not change any variables, but to say what it does do would compromise any unpatched servers.

Lol I get it, you think I am defending a bad patching of the admin vulnerability... I guess there is no way I can convince you that I am not, so I won't try. I guess you'll just have to either ask someone who knows what it does or go on using 1.31.

Oh and the admin-by-ip thing is totally different from what this patch addresses.

Perrinoia
Suggestion bot 10,000
Posts: 11185
Joined: Sat May 04, 2002 11:00 pm
Location: Rhode Island

Post by Perrinoia » Mon Oct 25, 2004 5:03 pm

Uber Mannastic 2 wrote:I guess you aren't as much of a Tribes programmer as I thought.

I could have told you that... i can read scripts. but when i write them, there are too many syntax errors to function properly.
Uber Mannastic 2 wrote:It does not change any variables, but to say what it does do would compromise any unpatched servers.

that sentance doesn't make any sence... if it doesn't change any variables, why does say %var="rfygvyhkbkjn"; or something like that... which is almost exactly what the first one had in it, except that it included the words mannastic and mannamarkiic all jumbled together.. i don't know what it spells now when unjumbled.. but i'll figure it out when i get home and can use my own comptuer.
Uber Mannastic 2 wrote:Lol I get it, you think I am defending a bad patching of the admin vulnerability... I guess there is no way I can convince you that I am not, so I won't try. I guess you'll just have to either ask someone who knows what it does or go on using 1.31.

yes, i do think your defending it, and the only way i will be convinced other wise is when i get home tonight and test it myself. i beleive i can figure out the new variable... but i could be wrong. i'll probably set up a test server on another computer, and then connect from mine, so that i can do it without love up someone else's server or be autoadmined for being the host.
Uber Mannastic 2 wrote:Oh and the admin-by-ip thing is totally different from what this patch addresses.

i know it's different, i was replying to the mention of the ip range in this hack function thing, i said i couldn't figure out why it was there, unless it excludes that ip.. because i was able to use this cheat despite my ip being totally different.

Perrinoia
Suggestion bot 10,000
Posts: 11185
Joined: Sat May 04, 2002 11:00 pm
Location: Rhode Island

Post by Perrinoia » Mon Oct 25, 2004 5:05 pm

btw: why are you still posting on an alias account. the only reason your using that name is because that is the name associated with this function...

you act like we're gonna ban you for hacking or something... you didn't write the hack. you just brought it to our attention.

Grog
Lt Commander
Lt Commander
Posts: 342
Joined: Sun Sep 08, 2002 11:00 pm
Location: USA.gif
Contact:

Post by Grog » Mon Oct 25, 2004 6:15 pm

i put the new patch on the au server

manastic came right in and had admin while i was watching and i banned him again.

Uber Mannastic 2
Spambot in training
Spambot in training
Posts: 16
Joined: Sat Oct 23, 2004 3:49 pm

Post by Uber Mannastic 2 » Mon Oct 25, 2004 6:53 pm

He either has the SAD password or you didn't install it correctly/didn't restart tribes after you installed it.

"the only reason your using that name is because that is the name associated with this function"

Uhm... Right... The reason I use this username is because I used it in Tribes. I'll PM you about what the function does...

User avatar
Plasmatic
Lead Developer
Lead Developer
Posts: 8376
Joined: Mon Apr 29, 2002 11:00 pm
Location: 4th State of matter.
Contact:

Post by Plasmatic » Tue Oct 26, 2004 4:19 am

I did forget to add something in the read me. Add:

Code: Select all

exec("adminfix.dsc"); 
To the end of your config/annihilation.cs

This patch deletes the function responsible for the vulnerability.

xboxmaster56
Change is Swell
Posts: 1906
Joined: Fri May 09, 2003 10:15 am

Post by xboxmaster56 » Tue Oct 26, 2004 7:25 am

Perr and I tested that heck in a few servers, and it really does work for now...

Perrinoia
Suggestion bot 10,000
Posts: 11185
Joined: Sat May 04, 2002 11:00 pm
Location: Rhode Island

Post by Perrinoia » Tue Oct 26, 2004 10:24 am

it doesn't work on plas's server... which probably has the so-called "fix"

but i spent like 2 hours trying to figure out what the fix really did last night and all i was about to do was figure out that i don't REALLY know what String::findSubStr and String::getSubStr do... i think find matches a string with a segment or something... and get finds a segment of a string...

but i couldn't figure out the forumla that makes Manamarkiic fit into the string in the hack...

once i figure that out, i'll figure out what the new "fix" does...

User avatar
Plasmatic
Lead Developer
Lead Developer
Posts: 8376
Joined: Mon Apr 29, 2002 11:00 pm
Location: 4th State of matter.
Contact:

Post by Plasmatic » Tue Oct 26, 2004 1:44 pm

Plasmatic wrote:This patch deletes the function responsible for the vulnerability.

Uber Mannastic 2
Spambot in training
Spambot in training
Posts: 16
Joined: Sat Oct 23, 2004 3:49 pm

Post by Uber Mannastic 2 » Tue Oct 26, 2004 5:26 pm

Uhm, Perrinoia, if you don't know what String::getSubStr and String::findSubStr do, then I don't know what makes you think you know anything near enough to have any reason to question Plas, so don't hurt yourself trying to figure it out as just do as Plas says... :D

(Scary really...)

Perrinoia
Suggestion bot 10,000
Posts: 11185
Joined: Sat May 04, 2002 11:00 pm
Location: Rhode Island

Post by Perrinoia » Thu Oct 28, 2004 1:36 pm

did you have a few too many soda pops before posting that? cause it was incoherent....

anywho... plas IMed me and walked me threw the stupid function... and then i did the math and realized i'm an idiot... so now i'm back to square one... modifying 3.0 beta for AnnihilationCANADA!...

So if i could now refer you to the coder's hangout section. i have a few bugs i need your help to swat...

Post Reply