[help][8311] Fix an exploit with ColorMe hack addon!

[horogandris]

With this addon anybody can write a system message, or write with anther person's or GM's name.

You can download the addon from here: http://becko.hu/colorme.zip

We need to updgrade the mangos fake message preveting code!

src/shared/Util.cpp:

void stripLineInvisibleChars(std::string &str)
{
   static std::string invChars = " \\t\\7";

   size_t wpos = 0;

   bool space = false;
   for(size_t pos = 0; pos < str.size(); ++pos)
   {
       if(invChars.find(str[pos])!=std::string::npos)
       {
           if(!space)
           {
               str[wpos++] = ' ';
               space = true;
           }
       }
       else
       {
           if(wpos!=pos)
               str[wpos++] = str[pos];
           else
               ++wpos;
           space = false;
       }
   }

   if(wpos < str.size())
       str.erase(wpos,str.size());
}

it's a hackfix, to keep the message in 1 line so you can detect the user fast:

diff --git a/src/shared/Util.cpp b/src/shared/Util.cpp
index fa18ad9..0b70aac 100644
--- a/src/shared/Util.cpp
+++ b/src/shared/Util.cpp
@@ -73,7 +73,7 @@ Tokens StrSplit(const std::string &src, const std::string &sep)

void stripLineInvisibleChars(std::string &str)
{
- static std::string invChars = " \\t\\7";
+ static std::string invChars = " \\t\\7\\n";

size_t wpos = 0;

[Morphau]

Don't post the link of this addon !

Remove it fast ..

Thanks for the patch but, work it ?

[Homenixx]

it works ?

[NetSky]

colorme does not work with addon channels activated and fake message preventing....

i dont think this fix is needed...

anyways this problem will only occure if you host public private servers :-/

[xeross155]

Still bugs/exploits should be fixed regardless if the problem is only on illegal public servers.

[arrai]

Thanks for the patch but, work it ?

He posted the current mangos code, not a patch - so what do you all thank him for?

I had a brief look at that addon, it uses \\n to seperate the players message from the faked one. So you could add that char to the list:

diff --git a/src/shared/Util.cpp b/src/shared/Util.cpp
index fa18ad9..0b70aac 100644
--- a/src/shared/Util.cpp
+++ b/src/shared/Util.cpp
@@ -73,7 +73,7 @@ Tokens StrSplit(const std::string &src, const std::string &sep)

void stripLineInvisibleChars(std::string &str)
{
-    static std::string invChars = " \\t\\7";
+    static std::string invChars = " \\t\\7\\n";

    size_t wpos = 0;

That way the faked messages should be in the same line as the players message - it should be pretty obvious. However, this doesn't prevent posting pictures in chats, this requires some deeper analysis of each message.

[xeross155]

pictures in chat ???

[arrai]

pictures in chat ???

Yes, you can post .blp images on the chat, that's the way how GM status is faked:

CMStringSpecial = Skipline.."\\124cffff80ff\\124TInterface\\\\ChatFrame\\\\UI-ChatIcon-Blizz.blp:18:12:0:0\\124

If we want to prevent this, we have to scan every chatmessage for valid \\124 commands - if we disallow them at all ingame linking of quests/items wouldn't work either.

[horogandris]

yes, its the current mangos code, we had to develop it because the new addon can write anything, in GM in system message, etc.

i think we dont have to scan all message, we need an addon disabler...

[lp-vamp]

is this the right place where we can scan the \\124 messages?

void WorldSession::HandleMessagechatOpcode( WorldPacket & recv_data )

Maybe it is possible to log and trace the messages at this point.

I know there is source git for a chat logger with lyrics check.

Are all \\124 handled by this opcocde, or are there some others to mention?

I am not be able to find any further information about \\124 commands.

thx

[arrai]

i think we dont have to scan all message, we need an addon disabler...

That's bogus, you can just rename the addon and any disabler will fail. Scanning messages for such strings is the only (and official) way.

[apendix]

addon chatcopy can help you with these fake messages

[henhouse]

Thanks for the fix! This is a big exploit and is blocked on retail servers. Will this mess any chat features up, or will it strictly block the use of \\n? If it only blocks that it should be pushed into repo.

Also, another big exploit, is like that AddOn, changing font colors. That's a really big exploit and problem, any hope on blocking that?

[insane008]

aaah i was looking for this thanks!

[VladimirMangos]

base at fact that in normal chat you can't write message with \\n i not see problem with adding this to code.

In [8311]. Thank you

[arrai]

Fixing the other issues (pictures and manipulated links in general) should be discussed in the bugtracker:

https://mangos.lighthouseapp.com/projects/18208/tickets/200-chat-colored-text