[help][8311] Fix an exploit with ColorMe hack addon!

horogandris · July 12, 2009

With this addon anybody can write a system message, or write with anther person's or GM's name.

You can download the addon from here: http://becko.hu/colorme.zip

We need to updgrade the mangos fake message preveting code!

src/shared/Util.cpp:

void stripLineInvisibleChars(std::string &str)
{
   static std::string invChars = " \\t\\7";

   size_t wpos = 0;

   bool space = false;
   for(size_t pos = 0; pos < str.size(); ++pos)
   {
       if(invChars.find(str[pos])!=std::string::npos)
       {
           if(!space)
           {
               str[wpos++] = ' ';
               space = true;
           }
       }
       else
       {
           if(wpos!=pos)
               str[wpos++] = str[pos];
           else
               ++wpos;
           space = false;
       }
   }

   if(wpos < str.size())
       str.erase(wpos,str.size());
}

it's a hackfix, to keep the message in 1 line so you can detect the user fast:

diff --git a/src/shared/Util.cpp b/src/shared/Util.cpp
index fa18ad9..0b70aac 100644
--- a/src/shared/Util.cpp
+++ b/src/shared/Util.cpp
@@ -73,7 +73,7 @@ Tokens StrSplit(const std::string &src, const std::string &sep)

void stripLineInvisibleChars(std::string &str)
{
- static std::string invChars = " \\t\\7";
+ static std::string invChars = " \\t\\7\\n";

size_t wpos = 0;

Morphau · July 15, 2009

Don't post the link of this addon !

Remove it fast ..

Thanks for the patch but, work it ?

Homenixx · July 15, 2009

it works ?

NetSky · July 15, 2009

colorme does not work with addon channels activated and fake message preventing....

i dont think this fix is needed...

anyways this problem will only occure if you host public private servers :-/

xeross155 · July 15, 2009

Still bugs/exploits should be fixed regardless if the problem is only on illegal public servers.

arrai · July 15, 2009

Thanks for the patch but, work it ?

He posted the current mangos code, not a patch - so what do you all thank him for?

I had a brief look at that addon, it uses \\n to seperate the players message from the faked one. So you could add that char to the list:

diff --git a/src/shared/Util.cpp b/src/shared/Util.cpp
index fa18ad9..0b70aac 100644
--- a/src/shared/Util.cpp
+++ b/src/shared/Util.cpp
@@ -73,7 +73,7 @@ Tokens StrSplit(const std::string &src, const std::string &sep)

void stripLineInvisibleChars(std::string &str)
{
-    static std::string invChars = " \\t\\7";
+    static std::string invChars = " \\t\\7\\n";

    size_t wpos = 0;

That way the faked messages should be in the same line as the players message - it should be pretty obvious. However, this doesn't prevent posting pictures in chats, this requires some deeper analysis of each message.

xeross155 · July 15, 2009

pictures in chat ???

arrai · July 15, 2009

pictures in chat ???

Yes, you can post .blp images on the chat, that's the way how GM status is faked:

CMStringSpecial = Skipline.."\\124cffff80ff\\124TInterface\\\\ChatFrame\\\\UI-ChatIcon-Blizz.blp:18:12:0:0\\124

If we want to prevent this, we have to scan every chatmessage for valid \\124 commands - if we disallow them at all ingame linking of quests/items wouldn't work either.

horogandris · July 17, 2009

yes, its the current mangos code, we had to develop it because the new addon can write anything, in GM in system message, etc.

i think we dont have to scan all message, we need an addon disabler...

lp-vamp · July 17, 2009

is this the right place where we can scan the \\124 messages?

void WorldSession::HandleMessagechatOpcode( WorldPacket & recv_data )

Maybe it is possible to log and trace the messages at this point.

I know there is source git for a chat logger with lyrics check.

Are all \\124 handled by this opcocde, or are there some others to mention?

I am not be able to find any further information about \\124 commands.

thx

arrai · July 17, 2009

i think we dont have to scan all message, we need an addon disabler...

That's bogus, you can just rename the addon and any disabler will fail. Scanning messages for such strings is the only (and official) way.

apendix · July 29, 2009

addon chatcopy can help you with these fake messages

henhouse · August 1, 2009

Thanks for the fix! This is a big exploit and is blocked on retail servers. Will this mess any chat features up, or will it strictly block the use of \\n? If it only blocks that it should be pushed into repo.

Also, another big exploit, is like that AddOn, changing font colors. That's a really big exploit and problem, any hope on blocking that?

insane008 · August 4, 2009

aaah i was looking for this thanks!

VladimirMangos · August 4, 2009

base at fact that in normal chat you can't write message with \\n i not see problem with adding this to code.

In [8311]. Thank you

arrai · August 22, 2009

Fixing the other issues (pictures and manipulated links in general) should be discussed in the bugtracker:

https://mangos.lighthouseapp.com/projects/18208/tickets/200-chat-colored-text

Sign In

[help][8311] Fix an exploit with ColorMe hack addon!

Recommended Posts

horogandris

Morphau

Homenixx

NetSky

xeross155

arrai

xeross155

arrai

horogandris

lp-vamp

arrai

apendix

henhouse

insane008

VladimirMangos

arrai

Recently Browsing 0 members

Contact Us

Repositories

Support

Wiki

Browse

Activity

My Activity Streams

Important Information