Forum

> > CS2D > General > CS2D Bug Reports
Forums overviewCS2D overviewGeneral overviewLog in to reply

English CS2D Bug Reports

2,057 replies
Page
To the start Previous 1 296 97 98102 103 Next To the start

old Re: CS2D Bug Reports

Kolia_rus
Security Supporter Off Offline

Quote
@user Mami Tomoe: can this exploit be used to bypass Game ban in USGN? I mean, is it possible to fake USGN accounts which are game banned?

old Re: CS2D Bug Reports

Steru
User Off Offline

Quote
Yes 2 days ago i got banned in my server. Some new player join, in 1 minute change USGN ID to my USGN ID and ban me by Admin script... Idk how he do it but propably cheat engine? Can someone check it?

old Re: CS2D Bug Reports

Kolia_rus
Security Supporter Off Offline

Quote
@user mrc: currently it can be fixed by simple Lua. On the previous page I told that I made a script which checks for users' IP if his USGN ID belongs to an admin. It's not so hard to create this Anti-Exploit script manually.

Also I plan to let all my server users use this kind of protection. In a conception, it can have web-interface. If user will send a HTTP GET request (means he will open a link in browser as regularly) and it will look like www.example.com/trust.php?uid=12345 the handler on server-side will record the UID and IP and will trust it. The solution to prevent HTTP GET requests from violators is a Basic authentication. It is so simply to be configured.

If you are the one admin and would like to write a script just for yourself, on the web-side you can use something like this:

1
2
3
4
5
6
7
8
<?php

// Makes your current IP as the one admin's IP should be trusted.
// Works with HTTP Basic Authentication. See for: https://www.php.net/manual/en/reserved.variables.server.php

file_put_contents("/usr/cs2d/sys/lua/data/ip-".$_GET['uid'].".txt", $_SERVER['REMOTE_ADDR']);
file_put_contents("/usr/logs.txt", "[".time()."]"." added for ".$_SERVER['PHP_AUTH_USER']." from ".$_SERVER['REMOTE_ADDR'].".");
die();

Not tested by the way, but this rewrite I did looks better than the first version of this script I made in before.

I think this is a good idea to use until the vulnerability will be fixed in CS2D and/or USGN code, so I suggest it to all server owners.

old Re: CS2D Bug Reports

Gaios
Reviewer Off Offline

Quote
user The Dark Shadow has written
@user Mami Tomoe: Can they log-in into their USGN accounts here or only in-game?

user Mami Tomoe has written
@user The Dark Shadow, the exploit only works in-game.

user Steru has written
Yes 2 days ago i got banned in my server. Some new player join, in 1 minute change USGN ID to my USGN ID and ban me by Admin script... Idk how he do it but propably cheat engine? Can someone check it?

user Mami Tomoe has written
@user Steru, I don't think this is how it's done, and I suggest against trying anything weird.

I just cracked it yesterday with user Steru, and I can 100% confirm the exploit. Looks like USGN Master Server gets IP (and maybe some random hash) from CS2D Client. After some idle time in menu, the target/victim USGN is cracked, and you can play on any server. Also looks like I couldn't log into somebody's USGN that he wasn't currently playing on.
USGN in console was saying
U.S.G.N.: Ping/State 'not playing'
instead of
U.S.G.N.: Ping/State 'playing'

old Re: CS2D Bug Reports

MikuAuahDark
User Off Offline

Quote
Could it be caused by me requesting change to USGN server a year ago that user DC implemented to allow more relaxed IP address matching because my IP is "too dynamic"?

old Re: CS2D Bug Reports

Mami Tomoe
User Off Offline

Quote
On the cs2d lua hook shieldhit hook, the weapon paramter will return the source's currently held weapon.
This is not normal, because if the victim is being hit by a turret, the value will remain as the source's held weapon.

Example:
If CT gets hit by a T's turret, but the T is currently holding a knife, the weapon will be set as the knife, while the object will be set as the turret.

old Re: CS2D Bug Reports

DC
Admin Off Offline

Quote
I'm aware that there are reports about USGN security issues but I didn't manage to find the problem yet. I'm on it.

@user Mami Tomoe: You are right. This seems to be wrong. Also in some other hooks maybe. Will check.

@user mrc: true, there's a typo in the code.
It should work when you use
hostedamage
. Will be fixed.
edited 3×, last 17.10.21 12:19:46 pm

old Re: CS2D Bug Reports

leref01
User Off Offline

Quote
please help me every time I'm on my server cs2d change map alone can someone help me
@user DC: plis bro

old Re: CS2D Bug Reports

leref01
User Off Offline

Quote
@user Kolia_rus: thanks
can someone help me create an awp script like do for fun awp because i want to play with my friends with this script can someone help me

I just want to have fun with this script for fun # awp his script is very good

can someone also help me create an aim_shot style script please always wanted to play with this script plis


@user DC: what do you think about teaching people to script

old Re: CS2D Bug Reports

Kolia_rus
Security Supporter Off Offline

Quote
user leref01 has written
@user DC: what do you think about teaching people to script


There's official guide to Lua scripting: https://www.cs2d.com/tut/tkdlua/luatut.html. It's not related to the AWP script you've mentioned, but the article would be helpful to start coding for CS2D.

I can't say Lua is so hard. I've made my first serious script for CS2D after few hours of studying it, but I already had experience in JS, Python and PHP (not related to this game directly). If you'll have any questions related to scripting in the future, you'll need to gently ask them here: https://www.unrealsoftware.de/forum_threads.php?forum=105&sub=2.

---
@user DC:, the smoke grenade sound has a clicky glitch noise on its end.
edited 2×, last 21.10.21 08:47:30 pm

old Re: CS2D Bug Reports

Hajt
User Off Offline

Quote
@user DC: Did you see that? I believe it's related with empty UDP packets problem. Did you already fixed these three buffer overflows in your local file bnetex.bmx?
To the start Previous 1 296 97 98102 103 Next To the start
Log in to replyGeneral overviewCS2D overviewForums overview