ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Mon Oct 23, 2017 2:42 am

All times are UTC




Post new topic  Reply to topic  [ 4 posts ] 
Author Message
PostPosted: Thu Sep 21, 2017 12:01 pm 

Joined: Thu Sep 21, 2017 11:46 am
Posts: 2
I was trying to modify name parameter in incoming connection packet to server of quake 3 protocol 43 with proxocket in myrecvfrom method.
Here is my code of myrecvfrom:

Code:
int __cdecl myrecvfrom(SOCKET s, u_char *buf, int len, int flags, struct sockaddr *from, int *fromlen) {             

   if (buf[0] == 0xFF && buf[1] == 0xFF &&
      buf[4] == 'c' && buf[7] == 'n') {      
      buf = find_replace_string(buf, &len, "name\\TEST1", "name\\TEST2");
   }

    return(len);
}

But it seems server still receiving original packet. I wonder is it even possible, or maybe I'm doing something wrong? :?


Top
   
PostPosted: Thu Sep 21, 2017 4:21 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 6904
First you must be 100% sure that proxocket is loaded, if I remember correctly you have to set a registry key on Windows 7 and above.

Then the find_replace_string function reallocate the buffer if the new string is bigger than the original one, so "buf" will not be updated and there are probably also other downsides because the original buffer is freed as far as I remember.


Top
   
PostPosted: Thu Sep 21, 2017 6:17 pm 

Joined: Thu Sep 21, 2017 11:46 am
Posts: 2
I double checked and it seems proxocket works good. I think I understand what's the problem.
According to server log it received modified packet, however after connection it seems received once more info from client and changed it back.
Server log:
Code:
ClientUserinfoChanged: 0 n\TEST2\t\2\model\sarge/blue\c1\4\hc\300\w\0\l\0
broadcast: print "TEST2 connected\n"
ClientUserinfoChanged: 0 n\TEST1\t\2\model\sarge/blue\c1\4\hc\300\w\0\l\0
broadcast: print "TEST1 entered the game\n"

Unfortunately after connection all info is not simply readable and encoded.


Top
   
PostPosted: Thu Sep 21, 2017 6:53 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 6904
Ah right the game commands. The name of the player is "updated" with the cl->userinfo string sent via SV_UpdateUserinfo_f, SV_DirectConnect and SV_UserinfoChanged.
Things that you can't change by using a raw socket solution.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 4 posts ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited