EXPLOTE

[soumyadip77]

Some one plz patch this exploit

LINK => https://www.youtube.com/watch?v=KUg4JV4RMWM

[fleshascs]

Same here, CPU usage up to 100%.

ReHLDS version: 3.4.0.654-dev

[WPMGPRoSToTeMa]

tcpdump?

[soumyadip77]

idk i got this exploit from and its working on rehlds plz patch rehlds :)

[fleshascs]

We haven't noticed any flood throw tcpdump. The worst part that the CPU usage is 80-100% all the time.

[dystopm]

Attach a dump file, so we can verify which packet does it sends.

[fleshascs]

server ip: 91.211.246.7:27020 players online: ~4 tcpdump duration: ~5min 4playersonline.zip

[WPMGPRoSToTeMa]

@fleshascs attacker's ip?

[fleshascs]

I may mislead you by mentioning amount of players, as far as i watched, i haven't noticed any big diffrence in players amount. The good news for us, that the attack recently stoped after ~3days of LAGness.

[dexter2486]

I had already posted the issue of high cpu usage. The log created by firewall is dropped invalid packets.The issue has no known solution till date. Hope some one fix it soon.

[soumyadip77]

this is 1 type of exploit i dont know much about this any one plz try to fix this help..

[Dr-Strange91]

One here too -> http://www.dedicated-server.ru/vbb/showthread.php?t=28144

[ChrysUk]

This problem is since 2016, i dont understand how Re Dev Team didnt fix this, on HLDS is fixed the problem.

And as i can see the problem start to be a big pain for all the ReHLDS servers with the exploit causing "Can't use keys or values with a"

[ChrysUk]

@aron9forever where can i find some fix for reunion and dproto ? If you can help us/me.

[aron9forever]

@ChrysUk Wouldn't be here posting if I had one. I've been told HLDS + latest dproto is immune to this exploit; but then that should open a bunch of other holes, so I can't recommend it. I'm not even sure if we're all talking about the same stuff; some old videos have been posted here, AFAIK reHLDS patches all these sorts of issues at engine level; if it's a problem with the reunion code then we're barking at the wrong tree.

I don't speak Russian and it's hard to navigate these 3rd party resources because they're sadly mostly maintained on Russian forums.

[hashnimo]

Just use Steam-only server, and get rid of all other bullshit. End of story.

[soumyadip77]

me tried but failed :/

[theAsmodai]

Just use Steam-only server, and get rid of all other bullshit. End of story.

Steam is not protection against any bugs.

[PredatorFly]

this not fixed?

https://github.com/dreamstalker/rehlds/pull/595

[soumyadip77]

not fixed yet fix :(

[OsweRRR]

I think I have also received a similar attack. but there is a difference and that is that I do not use rehlds and I have not received attacks for 2 days, I just blocked the steamid they used to connect from hlds.

i use google translate

[SkillartzHD]

@OsweRRR update rehlds , this is https://www.extreamcs.com/forum/diverse/checkforduplicatenames-explota-t355914.html

[germansassone]

[afwn90cj93201nixr2e1re]

rly stupid? Update rehlds.

[xpt1x]

@theAsmodai What about this : https://github.com/dreamstalker/rehlds/issues/630#issuecomment-399756371

This issue was not for SV_checkforduplicatenames exploit ( "Cant use values ... ) we know its been already fixed in 640 But what about this one ?

[aron9forever]

@xpt1x it's not fixed mate, currently experiencing it on **

3.4.0.653-dev/	Sun May 13 20:38:22 CEST 2018

**

that is, the second latest version. Latest causes segfault on my installation, don't have time to document why. No difference between them anyways, at least based on the commits.

hosting providers blocked it already thru firewall which is why it's not causing havoc everywhere, doesn't mean it's fixed. The infinite loop is well and alive in the engine.

[ChrysUk]

ReHLDS Team any news for is ?

[germansassone]

My version

[SkillartzHD]

@aron9forever a really bad idea to use that iptabels of on russian sites he blocked netchan_process for sending packets(that you notice only when you decrypt the packets COM_Munge) on the player(not all packets in netchan_process use 0xfe , but there , it would raise the issue of lack of players/timeout quickly) anyway , if netchan_process not works (I mean when the server is empty) protection bypass if NET_QueuePacket receives a packet respectively for the value 0

[aron9forever]

@SkillartzHD I'm not suggesting anything especially not desperately rushed iptables filters, just explaining why not all servers are offline right now

the problem is pretty clear in the engine so no need to filter specific packets; this bug has been known since 2002-2004 anyways; no easy fix in a shit coded engine

[ChrysUk]

Any news guys ? The problem is still here. Dose anyone know how to get in touch with ReHLDS TEam ?

[In-line]

Part of the ReHLDS team is actually on summer vacation. Project wasn't dropped and will receive more updates and maintenance in the future.

ReHLDS contributors work free of charge and have no obligation to do something for the users who are too lazy to even report something. In fact I saw a fix involving okapi, but no attempt to do a contribution. So in my opinion shit community == appropriate response.

[ChrysUk]

@In-line why to work free if you can make some money, work is not free, they should make an donation page or sompting so they can get some money for theyr work.

Nothink is free in this world not even pussy any more :) you still have to give her a drink :))

[krangm]

good point about donations

i'll gladly donate to this project

ps. please click on reaction (good/bad idea) rly curious to see how many are up

[IgnacioFDM]

If anybody has the exploit to test, I can develop a fix.

[raheem-cs]

Not related to ReHLDS, tested and for me these packets did not pass through OVH Anti-DDoS GAME. Try stick to company that can filter udp packets and protect your server and you will not face such problem.

[germansassone]

Nice spam @raheem-cs , we almost bought It

Better luck next time

If you have the exploit, why the fuck don't you give It to @IgnacioFDM

Sorry for the rudeness, but your comment is that annoying

[raheem-cs]

@germansassone Yes you are rude that's a fact.

Second thing you read this post: https://github.com/dreamstalker/rehlds/issues/629#issue-333055851?

And i did not spam, Already the author of this issue contacted me on steam and used the exploit in my server and it's ddosed, but this because the anti ddos was disabled on my vps, i go enabled it and told him to try and failed. Also i downloaded the program myself and tried it and it did not pass.

Program in the video @soumyadip77 posted: http://shortmony.me/JIWmDddW

Please next time learn how to read, and respect others.

[soumyadip77]

Thanks @raheem-cs to chek this :D i under stand :)

[germansassone]

Not everyone have the product you mentioned, and changing host for exploits, annoying

[ChrysUk]

@germansassone is not theat one, SkillartzHD develop a new exploit

[germansassone]

Oh lord, ignacio is going to kill me 😋

[raheem-cs]

I captured some packets, i think the data being sent not special.

Two data types sent and it's repeated:

1. fe:ff:ff:ff:ff:ff:ff:ff:ff:f7:7f:12
2. fe:ff:ff:ff:ff:ff:ff:ff:ff:f7:7f:12:31:32:33:31:32:33:5a:78:63:fe:ff:ff:ff:ff:ff:ff:ff:ff:f7:7f:12

I don't know if these data can do something to ReHLDS or not, Developers can confirm this. If someone need the tcpdump here it's: test.zip

[aron9forever]

God damn please stop spreading misinformation, you are mixing together two different exploits and confusing everyone.

The one that everyone is talking about(can't use values with a) is a payload type exploit, aka a single packet or collection of packets needs to be sent to overflow the shitty checkforduplicates function which causes the while(true) brake condition to never happen, from which point onward the server is dead. It's very unlikely that anyone will capture the packets in question because they only come one time, it's not a repeated flood that keeps the server lagging, so you'd have to keep tcpdump on and just wait for the server to die. Also, the exploit is not released to the public and you will not find it online to be able to test-capture the data.

The best solution is someone with intrinsic knowledge of the engine to refactor that function completely, to a solution which is not susceptible to overflows and/or does not use while(true) with a brake to parse the playername. I'm saying this because it's been a source of exploits since 2002, and people are only fixing edge cases.

And please stop spamming the issue threads if you're not adding anything. Contributors are all volunteers with other crap to do in their lives and will fix it anyways as soon as they can, spamming and making 10 threads will only make it harder for them to trace the truth.

[raheem-cs]

@aron9forever, What you speak about not posted in this issue. You can open your issue and stop flood others issues. What i provide is a help for @soumyadip77 problem who opened this issue not you. So i think you now should know who spam.

[afwn90cj93201nixr2e1re]

@raheem-cs u fucking stupid? What are u talking about? He is right. Dumbass.

[IgnacioFDM]

Hi, I've developed a fix for the 0xFE exploit. I'll test for a few hours in a live server and will submit a PR with the fix.

[soumyadip77]

ok thanks

[IgnacioFDM]

Please check the following fix #644

Thanks @raheem-cs for providing the exploit to test

[ChrysUk]

Thanks guys. It will be added to new release of ReHLDS ?

[IgnacioFDM]

@ChrysUk When it gets merged, which can take some time. You can compile from my branch if you were to need it now.