English CS2D Bug Reports

1,953 replies
Goto Page
To the start Previous 1 2 ... 95 96 97 98 Next To the start
21.08.21 11:15:47 am
Up
juTyPrinc
User
Offline Off
Quote:
LUA ERROR: Cannot add 'test' to hook 'connect_attempt' (hook does not exist)!


This happen when I try create hook.
21.08.21 12:03:55 pm
Up
DC
Admin
Offline Off
cs2d lua hook connect_attempt is a new hook which will become available with the next update (same for cs2d lua hook connect_initplayer)
www.UnrealSoftware.de | www.CS2D.com | www.CarnageContest.com | Use the forum & avoid PMs!
21.08.21 04:23:12 pm
Up
juTyPrinc
User
Offline Off
When the player joins, the file download starts, if the player downloads files for a long time, the server kick off the player for the reason 'ping timeout', because of this, it is impossible to download all gfx/sfx files from the server
edited 1×, last 27.08.21 10:57:46 pm
14.09.21 08:55:48 pm
Up
Mami Tomoe
User
Offline Off
I'm going to mention this again, because this is very annoying.

The command cs2d cmd spawnprojectile is flawed under the dedicated server, as the animated image of the item never gets removed, and just stays on top of the actual item.


EDIT:
When using images in a broadcast (
@C
) cs2d lua cmd msg or cs2d lua cmd msg2 the message won't centre (because it's registering the path as part of the message even though only the image shows).
This also applies to anything else apparently, such as cs2d cmd hudtxt and cs2d cmd hudtxt2.
Also, using images in a HUD text will add unnecessary spaces before and after the image.
edited 3×, last 21.09.21 08:47:07 am
03.10.21 12:32:13 am
Up
Kolia_rus
GAME BANNED
Offline Off
In case if the Mute all when joining server feature enabled, user can bypass such hooks as cs2d lua hook join and cs2d lua hook connect. The solution is disabling voice chat feature on the whole server or calling functions with other hooks.

Example: on my server I use a custom anti-exploit feature which check user's IP if his UID marked as admin's UID. If the IP does not match the IP stored in separated .txt file, it bans the user automatically. But as for now I should enable call function not only on cs2d lua hook join and cs2d lua hook connect, but on various actions like cs2d lua hook serveraction, cs2d lua hook move. So the hacker will be banned not after he has joined the server, but after he used keys like F2, F3, F4 or moved on map.

And also it's possible to fake USGN IDs. One of our moderators () got faked and the hacker had an access to our admins script… That's why I wrote a script which checks if the admin IP is allowed. I mean, I can send the script to anyone but it's one of the first things I wrote on Lua so it looks poor. All it does is checks the UID (Steam and/or USGN). If the UID belongs to admin, it scans for the IP from a file. If the player's IP is not the same as in the file, the player being banned.

In log files this vulnerability looks like this:

Code:
1
2
[22:15:52] U.S.G.N.: Player (xx.xx.xx.xx) joining with U.S.G.N. ID #XXX  - verifying...
[22:15:53] U.S.G.N.: xx.xx.xx.xx is using U.S.G.N. ID #YYY


• #XXX — admin's UID
• #YYY — not admin's UID

In other words, the hacker joins with admin's UID, but then it changes to non-admin's UID. But in TAB menu I am able to see that he is an admin and he can use admin script as well. And I've made a poor script which fixes this thing…

Spoiler >
edited 1×, last 03.10.21 12:56:36 pm
You received a game ban because you seem to be a cheater. You are not able to log-in in-game anymore.
03.10.21 10:02:01 am
Up
The Dark Shadow
User
Offline Off
@user Kolia_rus: That's not true, it doesnt let the player join the server then. Just make sure sv_checkusgn is enabled.
03.10.21 12:58:20 pm
Up
Kolia_rus
GAME BANNED
Offline Off
@user The Dark Shadow: that's true. And this console command was set to 1 already.
You received a game ban because you seem to be a cheater. You are not able to log-in in-game anymore.
03.10.21 03:05:58 pm
Up
The Dark Shadow
User
Offline Off
@user Kolia_rus:
Code:
1
2
U.S.G.N.: Player (xxx) joining with U.S.G.N. ID #XXX - verifying...
U.S.G.N.: xxx is NOT LOGGED IN!
Code:
1
2
U.S.G.N.: Player (xx.xx.xx.xx) joining with U.S.G.N. ID #XXX  - verifying...
U.S.G.N.: xx.xx.xx.xx is using U.S.G.N. ID #YYY

Either one, they get stuck in verification prompt
03.10.21 04:59:22 pm
Up
Kolia_rus
GAME BANNED
Offline Off
@user The Dark Shadow: what do you want to say? Do you think that I had a nightmare or dream about it? I saw it with my own eyes — player were using admin's USGN ID and the admin script too.
You received a game ban because you seem to be a cheater. You are not able to log-in in-game anymore.
03.10.21 05:49:35 pm
Up
Marcell
Super User
Offline Off
Stop playing on C4... You cannot fake USGN Id. Period.
03.10.21 05:56:41 pm
Up
Mami Tomoe
User
Offline Off
@user Marcell, it is possible.

It's just not possible to do it to every ID, there are circumstances.

And no, cs2d cmd sv_checkusgnlogin has nothing to do with this current exploit.
03.10.21 06:37:03 pm
Up
The Dark Shadow
User
Offline Off
Yes, some conditions are required for that. Most of USGNs could not be hijacked. It doesn't affect the vast majority of the community.
DC and a few others endorsed that, and I don't think they're going to fix it.

Don't download random hacks/fake programs that steal your account information.
03.10.21 06:46:44 pm
Up
Mami Tomoe
User
Offline Off
@user The Dark Shadow, it has nothing to do with the victim, anyone can get spoofed as long as they do X things (that I shall not bring up here).
Those things are super common and are part of the game, so there's no real way to avoid getting spoofed, unless you just don't play the game.
03.10.21 06:52:41 pm
Up
The Dark Shadow
User
Offline Off
@user Mami Tomoe: Can you tell what exactly makes you get spoofed? Say X does Y, or it isn't necessary to say anything at all.
03.10.21 07:26:20 pm
Up
Mami Tomoe
User
Offline Off
@user The Dark Shadow, I already directed all the info to @user DC.
This isn't new, just move along.
03.10.21 11:57:01 pm
Up
Kolia_rus
GAME BANNED
Offline Off
user Marcell has written:
Stop playing on C4... You cannot fake USGN Id. Period.


C-4 is the server I got banned at (as far as I remember). I don't play it since 2016. The vulnerability I am talking about happened on my server. By the way, I am so glad to know that you have checked the CS2D & USGN source code so you are sure that the UID can't be stolen.

user The Dark Shadow has written:
Don't download random hacks/fake programs that steal your account information.


If the fact "don't install hacks" sounds like a great knowledge for you, it does not mean that anyone else does not know it. I am playing CS2D since late 00s so of course I know about security basics.

I am completely not sure what guys do you mean. Do you think that we with @user Mami Tomoe: are trolling you?
You received a game ban because you seem to be a cheater. You are not able to log-in in-game anymore.
04.10.21 09:18:20 am
Up
Marcell
Super User
Offline Off
Only DC and Simonas can do that, but I am still curious as interestingly never seen anyone doing such.
04.10.21 12:58:43 pm
Up
Kolia_rus
GAME BANNED
Offline Off
@user Marcell: this means that only DC and SQ can be sure if the code has vulnerabilities.
You received a game ban because you seem to be a cheater. You are not able to log-in in-game anymore.
04.10.21 04:09:44 pm
Up
Marcell
Super User
Offline Off
@user Kolia_rus:

Yes, that is right, but again, what I said, I never seen anyone doing similar since i playing this game, and it's more than 10 years.
04.10.21 07:00:03 pm
Up
Mami Tomoe
User
Offline Off
@user Marcell, if you don't keep an open mind, you'll never be ready.

I predicted this would happen and created protection for my servers months in advance.
Also, I have plans as to what to do if this gets more widespread.
To the start Previous 1 2 ... 95 96 97 98 Next To the start