Forum

> > CS2D > General > CS2D Bug Reports
Forums overviewCS2D overviewGeneral overviewLog in to reply

English CS2D Bug Reports

2,059 replies
Page
To the start Previous 1 295 96 97102 103 Next To the start

old Re: CS2D Bug Reports

juTyPrinc
User Off Offline

Quote
Quote
LUA ERROR: Cannot add 'test' to hook 'connect_attempt' (hook does not exist)!


This happen when I try create hook.

old Re: CS2D Bug Reports

juTyPrinc
User Off Offline

Quote
When the player joins, the file download starts, if the player downloads files for a long time, the server kick off the player for the reason 'ping timeout', because of this, it is impossible to download all gfx/sfx files from the server
edited 1×, last 27.08.21 10:57:46 pm

old Re: CS2D Bug Reports

Mami Tomoe
User Off Offline

Quote
I'm going to mention this again, because this is very annoying.

The command cs2d cmd spawnprojectile is flawed under the dedicated server, as the animated image of the item never gets removed, and just stays on top of the actual item.


EDIT:
When using images in a broadcast (
@C
) cs2d lua cmd msg or cs2d lua cmd msg2 the message won't centre (because it's registering the path as part of the message even though only the image shows).
This also applies to anything else apparently, such as cs2d cmd hudtxt and cs2d cmd hudtxt2.
Also, using images in a HUD text will add unnecessary spaces before and after the image.
edited 3×, last 21.09.21 08:47:07 am

old 2 vulnerabilities

Kolia_rus
Security Supporter Off Offline

Quote
In case if the Mute all when joining server feature enabled, user can bypass such hooks as cs2d lua hook join and cs2d lua hook connect. The solution is disabling voice chat feature on the whole server or calling functions with other hooks.

Example: on my server I use a custom anti-exploit feature which check user's IP if his UID marked as admin's UID. If the IP does not match the IP stored in separated .txt file, it bans the user automatically. But as for now I should enable call function not only on cs2d lua hook join and cs2d lua hook connect, but on various actions like cs2d lua hook serveraction, cs2d lua hook move. So the hacker will be banned not after he has joined the server, but after he used keys like F2, F3, F4 or moved on map.

And also it's possible to fake USGN IDs. One of our moderators () got faked and the hacker had an access to our admins script… That's why I wrote a script which checks if the admin IP is allowed. I mean, I can send the script to anyone but it's one of the first things I wrote on Lua so it looks poor. All it does is checks the UID (Steam and/or USGN). If the UID belongs to admin, it scans for the IP from a file. If the player's IP is not the same as in the file, the player being banned.

In log files this vulnerability looks like this:

1
2
[22:15:52] U.S.G.N.: Player (xx.xx.xx.xx) joining with U.S.G.N. ID #XXX  - verifying...
[22:15:53] U.S.G.N.: xx.xx.xx.xx is using U.S.G.N. ID #YYY

• #XXX — admin's UID
• #YYY — not admin's UID

In other words, the hacker joins with admin's UID, but then it changes to non-admin's UID. But in TAB menu I am able to see that he is an admin and he can use admin script as well. And I've made a poor script which fixes this thing…

Spoiler >
edited 1×, last 03.10.21 12:56:36 pm

old Re: CS2D Bug Reports

The Dark Shadow
User Off Offline

Quote
@user Kolia_rus:
1
2
U.S.G.N.: Player (xxx) joining with U.S.G.N. ID #XXX - verifying...
U.S.G.N.: xxx is NOT LOGGED IN!
1
2
U.S.G.N.: Player (xx.xx.xx.xx) joining with U.S.G.N. ID #XXX  - verifying...
U.S.G.N.: xx.xx.xx.xx is using U.S.G.N. ID #YYY
Either one, they get stuck in verification prompt

old Re: CS2D Bug Reports

Kolia_rus
Security Supporter Off Offline

Quote
@user The Dark Shadow: what do you want to say? Do you think that I had a nightmare or dream about it? I saw it with my own eyes — player were using admin's USGN ID and the admin script too.

old Re: CS2D Bug Reports

The Dark Shadow
User Off Offline

Quote
Yes, some conditions are required for that. Most of USGNs could not be hijacked. It doesn't affect the vast majority of the community.
DC and a few others endorsed that, and I don't think they're going to fix it.

Don't download random hacks/fake programs that steal your account information.

old Re: CS2D Bug Reports

Mami Tomoe
User Off Offline

Quote
@user The Dark Shadow, it has nothing to do with the victim, anyone can get spoofed as long as they do X things (that I shall not bring up here).
Those things are super common and are part of the game, so there's no real way to avoid getting spoofed, unless you just don't play the game.

old Re: CS2D Bug Reports

Kolia_rus
Security Supporter Off Offline

Quote
user Marcell has written
Stop playing on C4... You cannot fake USGN Id. Period.


C-4 is the server I got banned at (as far as I remember). I don't play it since 2016. The vulnerability I am talking about happened on my server. By the way, I am so glad to know that you have checked the CS2D & USGN source code so you are sure that the UID can't be stolen.

user The Dark Shadow has written
Don't download random hacks/fake programs that steal your account information.


If the fact "don't install hacks" sounds like a great knowledge for you, it does not mean that anyone else does not know it. I am playing CS2D since late 00s so of course I know about security basics.

I am completely not sure what guys do you mean. Do you think that we with @user Mami Tomoe: are trolling you?

old Re: CS2D Bug Reports

Marcell
Super User Off Offline

Quote
Only DC and Simonas can do that, but I am still curious as interestingly never seen anyone doing such.

old Re: CS2D Bug Reports

Marcell
Super User Off Offline

Quote
@user Kolia_rus:

Yes, that is right, but again, what I said, I never seen anyone doing similar since i playing this game, and it's more than 10 years.

old Re: CS2D Bug Reports

Mami Tomoe
User Off Offline

Quote
@user Marcell, if you don't keep an open mind, you'll never be ready.

I predicted this would happen and created protection for my servers months in advance.
Also, I have plans as to what to do if this gets more widespread.
To the start Previous 1 295 96 97102 103 Next To the start
Log in to replyGeneral overviewCS2D overviewForums overview