BaseJKA Security Fix

Miscellaneous programs and scripts, opensource or not, and sometimes, random mathematical stuff.
Post Reply
User avatar
cybermaniac
Posts: 30
Joined: Tue Apr 10, 2007 12:05 am

Re: BaseJKA Security Fix

Post by cybermaniac »

under normal circumstances yes, but when you have about 30-40 logs to look through, and them being from different servers, things get slightly complicated.


feel free to contact me on xfire or msn and i can go through the details of this further:

msn: modem7@hotmail.com
xfire: modem7
Admin and Owner of Baskerville Server
87.117.202.147:29070
62.4.74.231:30400
Gamall
Hic sunt dracones
Posts: 4174
Joined: Fri May 26, 2006 11:09 pm
Contact:

Re: BaseJKA Security Fix

Post by Gamall »

If you look daily at the logs of 30 to 40 servers to debunk lamers, then you are even more paranoid than I ever was :lol

I will add the IP to name change logs, but it will be optional (cvar).

Note that you can use tools such as *nix grep or variants of regex to make your daunting task much easier... judicious use of them can replace (and outshine) logs redundancy ;).
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }
User avatar
cybermaniac
Posts: 30
Joined: Tue Apr 10, 2007 12:05 am

Re: BaseJKA Security Fix

Post by cybermaniac »

Gamall wrote:If you look daily at the logs of 30 to 40 servers to debunk lamers, then you are even more paranoid than I ever was :lol

I will add the IP to name change logs, but it will be optional (cvar).

Note that you can use tools such as *nix grep or variants of regex to make your daunting task much easier... judicious use of them can replace (and outshine) logs redundancy ;).
i have a program already in the works that takes your logs, and sorts them out on IP vs Name.

however, the issue arises when people connect as "padawan" and change later on, thats where my program is currently failing :(

what can i say - im a paranoid little nerd :P
Admin and Owner of Baskerville Server
87.117.202.147:29070
62.4.74.231:30400
Gamall
Hic sunt dracones
Posts: 4174
Joined: Fri May 26, 2006 11:09 pm
Contact:

Re: BaseJKA Security Fix

Post by Gamall »

cybermaniac wrote:i have a program already in the works that takes your logs, and sorts them out on IP vs Name.
That is Good :ouioui
cybermaniac wrote:however, the issue arises when people connect as "padawan" and change later on, thats where my program is currently failing
As a workaround before I add more redundancy, you can track these back through client number: for instance have your prog detect connect statements and extract the ip and client number (easy), and replace every subsequent occurence of ClientUserinfoChanged : N by the same plus the ip corresponding to client N. This will emulate the wanted redundancy.

I think that after the next release I shall make the thing open-source, that way everyone can make that kind of custom modifications to their liking :?
what can i say - im a paranoid little nerd :P
Now I'm really scared :fuite
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }
Gamall
Hic sunt dracones
Posts: 4174
Joined: Fri May 26, 2006 11:09 pm
Contact:

Re: BaseJKA Security Fix

Post by Gamall »

Ok, I am at last resuming work on this thing.

What I intend to do is
  • Clean some parts of my code.
  • Add as many of the requested features as I can and have time to, given my timetable.
  • Rewrite the documentation with GaTeX.
  • When I'm through, I'll make a final build and release the whole source code under the terms of the GNU General Public License, so you can add any other desired feature yourself.
After that, I won't be adding any feature any more, as I stopped playing JKA too long ago :?

I'll still support the mod though, and to some extent help with the code if need be.
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }
Gamall
Hic sunt dracones
Posts: 4174
Joined: Fri May 26, 2006 11:09 pm
Contact:

Re: BaseJKA Security Fix

Post by Gamall »

First off, the 1.0f version for Linux. Identical to 1.0f May 11 07, but for Linux ;)

Just replace the jampgame.so by this one. Test server: 213.251.186.99:29070
Attachments
basejka_Gamalls_fix_10f_linux.zip
(766.64 KiB) Downloaded 715 times
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }
Gamall
Hic sunt dracones
Posts: 4174
Joined: Fri May 26, 2006 11:09 pm
Contact:

Re: BaseJKA Security Fix

Post by Gamall »

Humm... I cannot reproduce the /model jedi_hm/head_a1|head_a1|head_1 bug you mentioned. It yields a seemingly normal human skin, which appears "silver" in the skin selection screen, but that is about it... No invisible skin :?
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }
User avatar
John Preston
Posts: 14
Joined: Thu May 10, 2007 3:08 am

Re: BaseJKA Security Fix

Post by John Preston »

/model jedi_hm/head_a1|head_a1|head_1
Mistake - head_a1
User avatar
John Preston
Posts: 14
Joined: Thu May 10, 2007 3:08 am

Re: BaseJKA Security Fix

Post by John Preston »

also u can try
/model jedi_hm/model_siege|head_a1|torso_a1
Its more weird :)

btw, if u want to prevent new bugs & glitches, dont release source code :D It is not so needfull.
Just make a final version.
Gamall
Hic sunt dracones
Posts: 4174
Joined: Fri May 26, 2006 11:09 pm
Contact:

Re: BaseJKA Security Fix

Post by Gamall »

Ok, I'll test that, I didn't notice the mistake :)

While I'm at it, here is what I've done so far:

Version 1.0f to 1.1 changelog:
  • fixed a false positive: bots were detected as a fake player attack ; although this had no real consequence, it was a source of confusion in the logs.
  • Logs now differentiate connexions from bots and from real players.
  • messages from the dedicated server have been made slightly more visible: the tag is now [SERVER], with colors.
  • :n on the other hand, the /svsay command can't be altered, as it is hard coded into jampded instead of jampgame.
  • The IP is now logged each time somebody changes their names.
  • Added the /(t)ime client command, displaying the local time of the server:
    servertime.PNG
    servertime.PNG (17.25 KiB) Viewed 26205 times
  • Added cvar ga_doNotAllowDualKataSpin, default 0, preventing anyone in a dual kata from spinning like a madman. (slightly buggy, as the screen seems to vibrate when moving the mouse, but it works. I'll improve that if I find a way)
  • Added cvar ga_nameLengthLimit: names will be truncated not to exceed that length. Note that color escape sequences, such as ^1, are not counted.
  • Some ga_* cvars are now marked as serverinfo (external tools can read them).
  • Added the /info client command and ga_serverInfo cvar. /info displays the contents of the cvar. Admins can put rules, etc in there, and any player can read it anytime.
  • Anti model/color change spam/lag: any player can now freely change their info only 50 times per map (unless they reconnect of course). After that, they need to wait three full seconds between each change.
left to do: connection log.
John Preston wrote:btw, if u want to prevent new bugs & glitches, dont release source code :D It is not so needfull.
Just make a final version.
The source code of that jampgame component is already out :D It is what I'm working on :huhu

Besides, security through obscurity (ie. puting your code in a vault hoping nobody will find anything without it) does not work ;)
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }
User avatar
cybermaniac
Posts: 30
Joined: Tue Apr 10, 2007 12:05 am

Re: BaseJKA Security Fix

Post by cybermaniac »

fantastic work so far

thx
Admin and Owner of Baskerville Server
87.117.202.147:29070
62.4.74.231:30400
User avatar
John Preston
Posts: 14
Joined: Thu May 10, 2007 3:08 am

Re: BaseJKA Security Fix

Post by John Preston »

Great job, thanx.
we'll be waiting...
Gamall
Hic sunt dracones
Posts: 4174
Joined: Fri May 26, 2006 11:09 pm
Contact:

Re: BaseJKA Security Fix

Post by Gamall »

Hello :)

Changes made since last time:
  • Another log file, ga_ConnectLog.txt, listing every connection is now created by the server: for instance

    Code: Select all

    [Sun Sep 16 20:23:02 2007] [========================== SERVER START ==========================]
    
    [Sun Sep 16 20:23:11 2007] Connect :: name(num) = [^5G^7amall ^5W^7ednesday ^5I^7da]( 2) :: ip = [      127.0.0.1] :: userinfo = [COMPLETE USERINFO STRING LOGGED HERE]
    
  • The logs now use real time:

    Code: Select all

    [Sun Sep 16 20:24:03 2007]  Kill: 2 1 3: ^5G^7amall ^5W^7ednesday ^5I^7da killed Desann by MOD_SABER
    [Sun Sep 16 20:24:07 2007]  say: (1)Desann: Impressive, most impressive... but you are not a Jedi yet!
    [Sun Sep 16 20:24:11 2007]  Kill: 2 4 3: ^5G^7amall ^5W^7ednesday ^5I^7da killed Imperial Saboteur by MOD_SABER
Here is a windows build, so you can test the new features of v1.1 on your computer.

At the time, I cannot build it on linux (strange bug with the time functions).
Attachments
GamallFix DEV.pk3
(594.51 KiB) Downloaded 690 times
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }
User avatar
John Preston
Posts: 14
Joined: Thu May 10, 2007 3:08 am

Re: BaseJKA Security Fix

Post by John Preston »

aha...
any news?
Gamall
Hic sunt dracones
Posts: 4174
Joined: Fri May 26, 2006 11:09 pm
Contact:

Re: BaseJKA Security Fix

Post by Gamall »

John Preston wrote:aha...
any news?
Er, no, I'm waiting for feedback on the test version I have uploaded :?

Most of the changes since v1.0f are features you requested, you know, so I'm waiting for you to confirm that you have tested the thing and that they do work the way you wanted them to before moving on.
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }
Post Reply

Who is online

Users browsing this forum: No registered users and 183 guests