Jump to content

N!tmod - GUID verification & other security features

Nitrox*

By Nitrox*
in ET Discussion

 Share

Recommended Posts

Nitrox* Newbie

Nitrox*

Posted
Posted

Haiiii there! :)

 

I just finished working on N!tmod GUID checker.

 

I've spent more than an hour testing it with randomly hacked or invalid guid and none of my attemps to connect were successfull.

 

Here is a screenshot showing what clients with invalid guid will see when they will attempt to connect to a N!tmod (future versions) server.

 

post-2041-12674965588703_thumb.jpg

 

By default, N!tmod accepts connections from players that have no guid (i.e.: cl_guid = "unknown")

 

If you're running a server and you don't want to allow empty guids, you can simply set g_allowNoGUID to 0 (Other checks willl still be performed)

 

We will also probably add a Valid IP checker.

  • Like 3
Link to comment
Share on other sites
Nitrox* Newbie

Nitrox*

Posted
  • Author
Posted

Ok i'm back for more infos, i had to take some screenshots to compare Jaymod and N!tmod. I compared to Jaymod because Jaymod is the most used mod after ETPro (and still so hackable...)

 

Note : I used a hacked client to perform these tests, still this hacked client is available to everyone that knows how to use google.

 

You probably already heard of the famous ET callvote exploit. If you didn't, it allows you passing rcon commands by calling some specific votes with a special string.

 

Jaymod (without any addon) is 100% vulnerable.

 

N!tmod isn't vulnerable to this exploit. And what's the good thing ? It's built in the mod. You don't need to install any server addons :D

 

Want any proofs ? There we go :

 

Jaymod 2008-01-25-2.1.8 (latest release, older versions are also vulnerable)

 

post-2041-1267498276812_thumb.png

 

N!tmod 1.4-feb28 (older versions are NOT vulnerable either)

 

post-2041-12674983537207_thumb.png

 

When using N!tmod, the vote isn't even called because the vote string isn't valid.

 

Safe eh? :)

Link to comment
Share on other sites
bLiNk Newbie

bLiNk

Posted
Posted (edited)

Nice feature Nitrox. Suggestion. For the 2nd error message box attached to the screenshot in your first post:

 

This server doesn't allow connections with an empty GUID

You should add a note at the bottom of the box for those who want to resolve that particular issue on the spot. Something like this:

 

Note: To remedy issue, type in "pb_cl_enable;pb_cdkeyreg" without the quotes in game console.

Edit: Changed procedure to enable PunkBuster Client and issue Cdkeyreg/GUID all in one step.

Edited by bLiNk
  • Like 3
Link to comment
Share on other sites
-=Medic=- Newbie

-=Medic=-

Posted
Posted

Nice feature Nitrox. Suggestion. For the 2nd error message box attached to the screenshot in your first post:

 

 

You should add a note at the bottom of the box for those who want to resolve that particular issue on the spot. Something like this:

 

 

 

yes +1

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

About Us

We are glad you decided to stop by our website and servers. At Fearless Assassins Gaming Community (=F|A=) we strive to bring you the best gaming experience possible. With helpful admins, custom maps and good server regulars your gaming experience should be grand! We love to have fun by playing online games especially W:ET, Call of Duty Series, Counter Strike: Series, Minecraft, Insurgency, DOI, Sandstorm, RUST, Team Fortress Series & Battlefield Series and if you like to do same then join us! Here, you can make worldwide friends while enjoying the game. Anyone from any race and country speaking any language can join our Discord and gaming servers. We have clan members from US, Canada, Europe, Sri Lanka, India, Japan, Australia, Brazil, UK, Austria, Poland, Finland, Turkey, Russia, Germany and many other countries. It doesn't matter how much good you are in the game or how much good English you speak. We believe in making new friends from all over the world. If you want to have fun and want to make new friends join up our gaming servers and our VoIP servers any day and at any time. At =F|A= we are all players first and then admins when someone needs our help or support on server.

Player Gaming Stats for =F|A= Servers.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept