AlliedModders

AlliedModders (https://forums.alliedmods.net/index.php)
-   Plugins (https://forums.alliedmods.net/forumdisplay.php?f=108)
-   -   [TF2] No Thriller Taunt (https://forums.alliedmods.net/showthread.php?t=171343)

Misc 08-23-2017 22:04

Re: [TF2] No Thriller Taunt
 
Quote:

Originally Posted by Spirit_12 (Post 2530234)
Looks like you need proper offset and signatures for Linux platform.

Any idea how I do that please?

Spirit_12 08-24-2017 04:43

Re: [TF2] No Thriller Taunt
 
Quote:

Originally Posted by Misc (Post 2543956)
Any idea how I do that please?

You will have to decompile the library and then find the appropriate function to create signature. It is a rather tedious task and offsets might be a whole new fuzz.

ThatKidWhoGames 10-31-2017 13:33

Re: [TF2] No Thriller Taunt
 
I would suggest that a moderator move this to the plugins forum as this is technically no longer an extension it is now a plugin.

nosoop 05-12-2018 13:08

Re: [TF2] No Thriller Taunt
 
1 Attachment(s)
Decided to test my skill in disassembly. Have some updated gamedata.

For anyone that wants to follow along or update it for next time, assuming Valve didn't completely overhaul the halloween taunt logic since then:
  1. Load up the server binary in IDA.
  2. Open up the Strings subview and look up the IsHalloweenTaunt string.
  3. Find cross-references to the string, then head over to one of those subroutines. Switch to graph view so you have a sense of what you're looking at.
  4. In the Linux binary, since you have signatures, you'll be in CTFPlayer::ModifyOrAppendCriteria(). There's a call to rand right before to decide if the Halloween taunt is applied. I ended up patching the near JA instruction with a near JO (from 0F 87 to 0F 80). Add one to the instruction offset and set the payload in the gamedata file to 128 (0x80). Use the symbol for the signature.
  5. Same thing in the Windows binary, except no symbols. Structure is about the same, though; find those floating point operations right before. I patched the short JBE with a short JNO. Grab the offset. Use makesig for the signature.

Here's an image for reference. The forum image proxy doesn't seem too fond of it, so it's linked.

There's probably a more resilient signature that doesn't involve offsets deep into the function (since this will absolutely break if ModifyOrAppendCriteria changes), but that's an exercise for the next person. :wink:

FletchS 06-24-2018 10:12

Re: [TF2] No Thriller Taunt
 
Just wanted to say thank you to @nosoop.
Just tested the gamedata you added and its still working as of today (26 July)


Quote:

Originally Posted by nosoop (Post 2591866)
Decided to test my skill in disassembly. Have some updated gamedata.

For anyone that wants to follow along or update it for next time, assuming Valve didn't completely overhaul the halloween taunt logic since then:
  1. Load up the server binary in IDA.
  2. Open up the Strings subview and look up the IsHalloweenTaunt string.
  3. Find cross-references to the string, then head over to one of those subroutines. Switch to graph view so you have a sense of what you're looking at.
  4. In the Linux binary, since you have signatures, you'll be in CTFPlayer::ModifyOrAppendCriteria(). There's a call to rand right before to decide if the Halloween taunt is applied. I ended up patching the near JA instruction with a near JO (from 0F 87 to 0F 80). Add one to the instruction offset and set the payload in the gamedata file to 128 (0x80). Use the symbol for the signature.
  5. Same thing in the Windows binary, except no symbols. Structure is about the same, though; find those floating point operations right before. I patched the short JBE with a short JNO. Grab the offset. Use makesig for the signature.

Here's an image for reference. The forum image proxy doesn't seem too fond of it, so it's linked.

There's probably a more resilient signature that doesn't involve offsets deep into the function (since this will absolutely break if ModifyOrAppendCriteria changes), but that's an exercise for the next person. :wink:


Fearts 06-24-2018 12:24

Re: [TF2] No Thriller Taunt
 
Just so anyone using this plugin knows if you set "tf_forced_holiday 8" it does fullmoon mode and has pretty much everything halloween mode has except thriller taunt.

Gumiland 06-24-2018 15:19

Re: [TF2] No Thriller Taunt
 
Quote:

Originally Posted by nosoop (Post 2591866)
Decided to test my skill in disassembly. Have some updated gamedata.

For anyone that wants to follow along or update it for next time, assuming Valve didn't completely overhaul the halloween taunt logic since then:
  1. Load up the server binary in IDA.
  2. Open up the Strings subview and look up the IsHalloweenTaunt string.
  3. Find cross-references to the string, then head over to one of those subroutines. Switch to graph view so you have a sense of what you're looking at.
  4. In the Linux binary, since you have signatures, you'll be in CTFPlayer::ModifyOrAppendCriteria(). There's a call to rand right before to decide if the Halloween taunt is applied. I ended up patching the near JA instruction with a near JO (from 0F 87 to 0F 80). Add one to the instruction offset and set the payload in the gamedata file to 128 (0x80). Use the symbol for the signature.
  5. Same thing in the Windows binary, except no symbols. Structure is about the same, though; find those floating point operations right before. I patched the short JBE with a short JNO. Grab the offset. Use makesig for the signature.

Here's an image for reference. The forum image proxy doesn't seem too fond of it, so it's linked.

There's probably a more resilient signature that doesn't involve offsets deep into the function (since this will absolutely break if ModifyOrAppendCriteria changes), but that's an exercise for the next person. :wink:

Few questions, would it be possible to do this on just a normal linux machine, do i need tf2 installed on it, also, would it be possible for a video tutorial?

nosoop 06-25-2018 00:02

Re: [TF2] No Thriller Taunt
 
Quote:

Originally Posted by Gumiland (Post 2599109)
Few questions, would it be possible to do this on just a normal linux machine, do i need tf2 installed on it, also, would it be possible for a video tutorial?

  1. The freeware version of IDA is available on Linux, so if you're using Linux as your personal operating system (that is, you're not trying to perform this on a headless remote server), you should be able to use that. Other disassemblers may also be usable, though I had trouble getting the binary analyzed in Binary Ninja and cutter (radare2) as of this time.
  2. You need a copy of server_srv.so and server.dll for Linux and Windows, respectively. No need for the whole game. They're available online for some other projects; not sure if I can link them directly here.
  3. I'm sure a video tutorial would be doable. I wouldn't know how to go about it in a way that would make sense to someone that is new to IDA / assembly, however, nor would it be a priority for me to make one.

FletchS 06-25-2018 00:11

Re: [TF2] No Thriller Taunt
 
Quote:

Originally Posted by Fearts (Post 2599090)
Just so anyone using this plugin knows if you set "tf_forced_holiday 8" it does fullmoon mode and has pretty much everything halloween mode has except thriller taunt.

Neat!
I thought full moon was 9.
Guess its wrong in this thread - https://forums.alliedmods.net/showthread.php?p=1587251

Are there any other differences between full moon and halloween?

nosoop 06-25-2018 11:57

Re: [TF2] No Thriller Taunt
 
Quote:

Originally Posted by FletchS (Post 2599164)
Neat!
I thought full moon was 9.
Guess its wrong in this thread - https://forums.alliedmods.net/showthread.php?p=1587251

Are there any other differences between full moon and halloween?

The correct value will always be in sm-tf2.games.txt; Valve may insert / remove values whenever they'd like as it's internal for the most part, but the TF2 extension (and SourceMod) have a neat way of keeping it up to date without having a fixed constant that needs a plugin recompile.

Other than the taunt, I believe you'd be missing out on the crit candy pickups as well. No idea how the game handles things during the actual Halloween season, though.


All times are GMT -4. The time now is 05:29.

Powered by vBulletin®
Copyright ©2000 - 2018, vBulletin Solutions, Inc.