search

danielga / gmsv_serversecure

A module for Garry's Mod that mitigates exploits on the Source engine.
https://github.com/danielga/gmsv_serversecure
Other
125 stars 31 forks source link

Responds with invalid a2s_info response thus making battle metrics show invalid.( The game displays it though ) #81

Closed Synkstar closed 2 years ago

Synkstar commented 2 years ago

Without server secure image With server secure image As you can see its missing one byte so the packet length is 114 instead of 115 in this case

danielga commented 2 years ago

Seems there's a missing prefix space to the tags section of the A2S_INFO response. Would that break BattleMetrics? I doubt it but I also noticed the SteamID64 seems slightly different.

Synkstar commented 2 years ago

I just figured out that this wasn't caused by server secure..... thanks anyways though. Basically me and a friend modified it so we can make it show joining players in the list like meta construct. I was just basically going off of wireshark but then I realized that when running regular server secure it works in battle metrics because they update every 30 minutes or so. But I thought it wouldn't because it looked different from the regular response on a regular server.

Synkstar commented 2 years ago

Would you happen to know anything about a2s_players in gmod because the regular game server response works on battlemetrics but what we are doing it exactly what is outlined in https://developer.valvesoftware.com/wiki/Server_queries. https://github.com/A5R13L/gmsv_serversecure/blob/b9538c992893a7820153bbd7ccbb6b6718ce98c1/source/netfilter/core.cpp#L394 this is basically the one my friend did its basically the taken from gmsv_query for the a2s_players?

danielga commented 2 years ago

As the Wiki says, It needs an initial step to acquire a challenge number. The code you linked to doesn't respond with a challenge number for the initial steps.

danielga commented 2 years ago

More information at https://developer.valvesoftware.com/wiki/Server_queries#A2S_SERVERQUERY_GETCHALLENGE

Synkstar commented 2 years ago

That wouldn't really explain how battlemetrics works if everyone has the same time. Plus the challenge is handled by CBaseServer. This is just super confusing because me and a friend were trying to get this to work for over a day lol.

Synkstar commented 2 years ago

We figured out what it was its because battlemetrics checks if it has less decimal places than 7 which is the minimum the engine returns by default. Edit: Its actually because it has to be ordered by the most time lol