Cvolton / GMDprivateServer

Geometry Dash Private Server
GNU General Public License v3.0
394 stars 291 forks source link

Scan uploaded levels for ACE #1002

Open 0x1DEA opened 1 year ago

0x1DEA commented 1 year ago

Added a LevelParser class which scans uploads for invalid things. I'd like someone with access to a PoC level to test on a local installation. And also sanity check my late-night code.

0x1DEA commented 1 year ago

Using PHP's SPL gzread() function you can read the uncompressed data in a loop. Changing the parser, the pickup trigger scan can be done incrementally. However the code uses zlib_decode() I am still researching the specifics but I was unable to use the gz functions to decompress the level string. Only zlib_decode() seemed to work. This is only an issue for extremely large levels like Ocular Miracle which result in an out-of-memory error.

0x1DEA commented 1 year ago

Fixed various things. I think this also necessitates a server scan utility for existing levels.

Cvolton commented 1 year ago

does this support levelstrings compressed with both gzdeflate (H4sIAAA header in b64) and gzcompress (eJ header in b64), as well as uncompressed levelstrings?

0x1DEA commented 1 year ago

does this support levelstrings compressed with both gzdeflate (H4sIAAA header in b64) and gzcompress (eJ header in b64), as well as uncompressed levelstrings?

Yes, zlib_decode() works on both deflate and gzip data. When the level string is uncompressed, the b64 and decompression don't run.

0x1DEA commented 1 year ago

Yes, zlib_decode() works on both deflate and gzip data. When the level string is uncompressed, the b64 and decompression don't run.

Correction, it works as described but I haven't added the magic for deflate so it doesn't run. I'll fix this when I get home.

MegaSa1nt commented 3 weeks ago

Hello! I'm creator of this core's fork, could i have your permission to add this PR to my repo? https://github.com/MegaSa1nt/GMDprivateServer