+ Reply to Thread
Results 1 to 9 of 9

Thread: New Exploit?

  1. #1
    Junior Member BluDogg is on a distinguished road
    Join Date
    May 2011
    Posts
    18

    New Exploit?

    I posted this in the tech support forum, but wanted to know if anyone else has seen this and believe it will be more visible here and we might get some more information:

    Issue: Client that spawned server paused match. Player disconnected simultaneously and the pause didn't take. Console shows a weird error "Unknown client command: complaint" or something to that effect. Other player is still 'frozen' as in 'match pause' but players can join and play.

    I kinda think it's an exploit. Player claimed his client crashed, but he disconnected simultaneously with the 'match pause' rather than timed out. Literally X paused match, X Disconnected appeared simultaneously. Rounds continued to cycle even though there were no players in game and my client was unable to move or look.

    Also, server spawn disappeared from Quakelive, though it was still active. I dunno if it was a glitch that someone exploited (pause/dc script that replicates this), or they were hijacking a server or what...

    User was mildly raging and never explained why he thought he needed to pause match in the first place. As far as replicating, he claimed to have accidently executed the wrong CFG (this was in the middle of a firefight during a round, and we had been playing several matches). I don't know why he didn't think it was a bizarre glitch, why he chose to pause the match at such a point WHILE executing the 'wrong' CFG. I don't know why he claimed his client crashed when it clearly disconnected. I don't know why this players server spawn disappeared from QuakeLive server list immediately though it was still active. I don't know why this server sent me the ambiguous, and never before seen, "Unknown client command: complaint". I would actually like to report this player to be honest as there is just too much weird about this. If it's possible to hijack QL servers it would be a big issue

  2. #2
    Junior Member BluDogg is on a distinguished road
    Join Date
    May 2011
    Posts
    18
    burn, perhaps you can help us out. You were in spec privately 'tell'ing with this person and asking him who I was and why I was there and whether I was invited or not. You realize he wasn't using '/tell' to talk back to you right? He was using common chat...

  3. #3
    Junior Member BluDogg is on a distinguished road
    Join Date
    May 2011
    Posts
    18
    This is pretty serious. At least someone ask me some questions.

    X's spawned CA server: X pauses and dc's simultaneously. My screen locks with a big "Match Paused" in the center. I can neither move nor look with mouse. X joins 1 min later and claims QL crashed on him. I still have a big "Matched Paused" on my screen and complete immobility as he runs around on the screen 'killing' me.

    1.) If QL crashed he would time out, not instantly DC along with an inexplicable 'match pause' in the middle of a fight.

    2.) Where did server go on QL?

    3.) Basic QL rules were broken. CA matches progressed despite the fact that I was the only player, albeit entirely immobile. By 'progressed' I mean rounds would start and end while I was still in "Match Paused". They would last approximately 10-20 seconds and my statuette would inexplicably die. This continued to happen after player that spawned server rejoined.

    4.) What is "Unknown client command: complaint"? It doesn't even read like a proper server error. It doesn't identify itself as the server talking to the client. It reads like some idiot using rcon to force text to my console like in Q3 days.

    I'm certain this person was messing with this server. It's possible they are an ID employee abusing their powers, but more worrying is that it may be possible to take over spawns, or possibly any server for that matter.

    I thought I'd even see if that match existed in my stats...and it does. The stats are way off 'considering I had no opportunity to play', but I won apparently. Where did these numbers even come from? Also I have no opponent:

    http://www.quakelive.com/#!profile/s...59031fd90/ca/1

    So hack, or ID employees being terrible trolls?
    Last edited by BluDogg; 06-16-2013 at 03:58 PM.

  4. #4
    Senior Member Lorfa is a jewel in the rough Lorfa is a jewel in the rough Lorfa is a jewel in the rough Lorfa's Avatar
    Join Date
    Aug 2010
    Location
    Kepler-22b
    Posts
    8,387
    Quote Originally Posted by BluDogg View Post
    X's spawned CA server: X pauses and dc's simultaneously. My screen locks with a big "Match Paused" in the center. I can neither move nor look with mouse. X joins 1 min later and claims QL crashed on him. I still have a big "Matched Paused" on my screen and complete immobility as he runs around on the screen 'killing' me. 2.) Where did server go on QL?
    Ok, will investigate.

    4.) What is "Unknown client command: complaint"? It doesn't even read like a proper server error. It doesn't identify itself as the server talking to the client. It reads like some idiot using rcon to force text to my console like in Q3 days.
    Part of the team kill complaint system.

    I believe it is handled between the client and server internally, and perhaps in the ca game type it doesn't exist but was issued by the client anyways via some glitch.

    It may not have anything to do with the problem you experienced.

    I'm certain this person was messing with this server.
    I honestly think that it's more likely to be a glitch. Timeouts are always buggy. If the server is in timeout no one can join or they will get an overflow error. I would surmise that pause suffers from the same problems, but I haven't tested it.

    It's possible they are an ID employee abusing their powers,
    This is about as unlikely as it gets.

    but more worrying is that it may be possible to take over spawns, or possibly any server for that matter.
    Only the server owner, and _maybe_ ops have the ability to pause the server. Random clients cannot do this. They wouldn't need to 'take over' a server since they would arguably already have the ability to control it.

    I thought I'd even see if that match existed in my stats...and it does. The stats are way off 'considering I had no opportunity to play', but I won apparently. Where did these numbers even come from? Also I have no opponent:

    http://www.quakelive.com/#!profile/s...59031fd90/ca/1
    Your opponent is there, it just shows that he quit. Click the 'switched/quit' bar to see who is listed there.

    So hack, or ID employees being terrible trolls?
    Very likely none of the above.

  5. #5
    Senior Member Lorfa is a jewel in the rough Lorfa is a jewel in the rough Lorfa is a jewel in the rough Lorfa's Avatar
    Join Date
    Aug 2010
    Location
    Kepler-22b
    Posts
    8,387
    Ok, I tried it out.

    Ops can pause the game btw.

    I paused the game, then I reconnected. I couldn't join, it was stuck at awaiting snapshot.

    This is what the other player reported:

    player: well after u left
    player: round after round
    player: none stop
    player: says I win win win
    Lorfa: ok
    player: and game obver lol
    player: over
    player: but there was no body played against me when u left
    Lorfa: hrm
    player: lookedl ike I played against some one who was invosoble lol
    player:
    player: invisible
    player: thats most strangest wierdest bug ever seen know

    He also reported that he couldn't move during the paused game despite that the rounds were going.

    I did not get any errors in the console while I was 'Awaiting Snapshot'. I waited for quite a while.

    So yeah, there's a bug. Easy to reproduce.

    The only thing that doesn't make sense is that you said that he was moving and that you couldn't. I am not able to reproduce that since when the server is paused I simply can't connect.

  6. #6
    Senior Member intheway will become famous soon enough intheway's Avatar
    Join Date
    Aug 2010
    Location
    Ottawa...ehhh!
    Posts
    539
    And I suppose if you had a demo you would have posted it?
    Sometimes I wonder...
    "Why is that frisbee getting bigger?"
    Then it hits me.

  7. #7
    Senior Member Lorfa is a jewel in the rough Lorfa is a jewel in the rough Lorfa is a jewel in the rough Lorfa's Avatar
    Join Date
    Aug 2010
    Location
    Kepler-22b
    Posts
    8,387
    Quote Originally Posted by intheway View Post
    And I suppose if you had a demo you would have posted it?
    I didn't take a demo, because I was running the server and there was nothing to see on my end other than what I described.

    I'm not sure what a demo would actually pick up while the server is in pause mode anyways. Maybe nothing.

    Worth a try I guess, but I'll have to find someone with pro willing to run the tests so that I can be the client and record.

  8. #8
    Senior Member intheway will become famous soon enough intheway's Avatar
    Join Date
    Aug 2010
    Location
    Ottawa...ehhh!
    Posts
    539
    There was some lag in my post showing up lorfa. My posting the demo comment was aimed at the op.
    Sometimes I wonder...
    "Why is that frisbee getting bigger?"
    Then it hits me.

  9. #9
    Web Programmer sponge will become famous soon enough sponge will become famous soon enough sponge's Avatar
    Join Date
    Aug 2010
    Posts
    894
    Being unable to connect during pause is an engine limitation of how pause works that we can't easily work around. It sounds like just a simple bug within the pause system, and not a malicious exploit. If you have a demo of this match and can post it, we can look into reproducing it and seeing if we can fix it.

    There are certainly cases where the client will think it's lagged out, but players will continue to move around and be able to kill you. It sounds like this happened around the pause, but since it happens so rarely (and not reproducible) that it's probably not worth addressing.

+ Reply to Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts