Raised This Month: $12 Target: $400
 3% 

A new ban evasion hack?


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
Chdata
Veteran Member
Join Date: Aug 2012
Location: Computer Chair, Illinois
Old 01-10-2017 , 19:56   A new ban evasion hack?
Reply With Quote #1

So I have this command called /id that gives me the users steam2/steam3/steam64 ids via GetClientAuthId.

I tried to ban someone via sourcebans and it was telling me 'The ban couldn't be verified' so I tried to check the users profile by getting his steam64 link, only for it to say his profile doesn't exist.

So I finally id'd him and saw this:

[SM] Skully's SteamID: STEAM_ID_STOP_IGNORI | STEAM_ID_STOP_IGNORI | http://steamcommunity.com/profiles/STEAM_ID_STOP_IGNORI

Wat da eff
__________________
Chdata is offline
Aymeric VII
BANNED
Join Date: Jun 2016
Location: Hiding under my sheets
Old 01-10-2017 , 19:57   Re: A new ban evasion hack?
Reply With Quote #2

Seen this about 2 times this week as well.
The client was banned and still was able to join, you have to IP ban him and it fixes it.
But either way , wonder what can be patched for this regardless to ip banning them.
Aymeric VII is offline
asherkin
SourceMod Developer
Join Date: Aug 2009
Location: OnGameFrame()
Old 01-10-2017 , 20:03   Re: A new ban evasion hack?
Reply With Quote #3

The players steamid wasn't validated (probably because your server wasn't connected to Steam - standard Tuesday maintenance window for Valve); unlike sm_ban, SourceBans requires validated steamids (because it is ancient and unmaintained, and thus has not been updated since validation became the default); your sm_id plugin doesn't check the fucking return value of GetClientAuthId and blindly uses the buffer (which is set to STEAMID_STOP_IGNORING_RETVALS because of the number of people like you who think their plugins are too good for error checking, and were reusing the same buffer for multiple calls without clearing it or checking the return value).
__________________

Last edited by asherkin; 01-10-2017 at 20:04.
asherkin is offline
ThatOneGuy
Veteran Member
Join Date: Jul 2012
Location: Oregon, USA
Old 01-10-2017 , 20:09   Re: A new ban evasion hack?
Reply With Quote #4

Dang...asherkin beat me to it. Was gonna link this:

https://forums.alliedmods.net/showpo...43&postcount=4
__________________
ThatOneGuy is offline
Chdata
Veteran Member
Join Date: Aug 2012
Location: Computer Chair, Illinois
Old 01-10-2017 , 20:24   Re: A new ban evasion hack?
Reply With Quote #5

My plugin actually did have error checking, but I'm not familiar with everything about how steam works so I didn't have proper error checking where I thought I did.

I remember like a year ago I had this problem where it'd just return empty strings if I used it on people who weren't fully in-game yet, and after putting a check in for that I thought it was more or less fixed.

I didn't think it was failing because it was only returning that little undocumented "easter egg error" for one player out of anyone else, and I don't really know much about how steamid validation works.

Since the "error" string wasn't just an empty one like I'd expect, for all I knew a hacker was just trolling me with some nonsense steam id, maybe he was trying to say STOP IGNORANT ADMINS or something. Which I know, is ironic for me to say when a small plugin I made a year ago has the very mistake you want people to avoid.

I feel like if you're going to get mad about people forgetting to check if the call fails, you could've had a note in the damn documentation instead of some easter egg error that's this rare to come across.

Now that I "got lucky" and found out about this I have a hunch behind various other plugins being broken since until now I only somewhat bothered to check if the call fails on whims.
__________________

Last edited by Chdata; 01-11-2017 at 09:49.
Chdata is offline
Visual77
Veteran Member
Join Date: Jan 2009
Old 01-11-2017 , 08:59   Re: A new ban evasion hack?
Reply With Quote #6

Code:
decl String:steamID[64]; 

if (GetClientAuthId(client, AuthId_Steam2, steamID, sizeof(steamID))) { 
PrintToChat(client, "Idiot %N steamID: %s", client, steamID);
}
I guess this is only needed in SM 1.8-1.9 and for CSGO?

There's also "SteamAuthstringValidation" "no" that you can try in configs/core.cfg
Visual77 is offline
psychonic

BAFFLED
Join Date: May 2008
Old 01-11-2017 , 12:44   Re: A new ban evasion hack?
Reply With Quote #7

There have always been cases where getting auth id could fail, regardless of game and SM version. Those cases were just more rare before SteamAuthstringValidation existing and being enabled on any game, and also a recent-ish CS:GO update.

The documentation has always said that the function (the old GetClientAuthString and the newer GetClientAuthId) would return false if they failed to retrieve the id. In older SM versions, the buffer passed in wasn't touched, so if you had used decl instead of new, it would have garbage data in it, often a different user's Steam id. That is why we explicitly write the string we do now upon failure.
psychonic is offline
kadet.89
Veteran Member
Join Date: Nov 2012
Location: Serbia
Old 01-11-2017 , 13:17   Re: A new ban evasion hack?
Reply With Quote #8

asherkin, sounds like one of those facts about Chuck Norris.
Sometimes my server loose connection to steam and can't validate steam id's for a while, though it's not my server's problem. Steam has been working not very well recently.

Last edited by kadet.89; 01-11-2017 at 13:18.
kadet.89 is offline
Send a message via Skype™ to kadet.89
Chdata
Veteran Member
Join Date: Aug 2012
Location: Computer Chair, Illinois
Old 01-15-2017 , 13:37   Re: A new ban evasion hack?
Reply With Quote #9

I just found out that status will show STEAM_ID_STOP_IGNORING_...

Was status always a sourcemod command?

What is going on there?
__________________
Chdata is offline
asherkin
SourceMod Developer
Join Date: Aug 2009
Location: OnGameFrame()
Old 01-15-2017 , 14:01   Re: A new ban evasion hack?
Reply With Quote #10

No, you are running a plugin that is hooking and replacing the status command.
__________________
asherkin is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 22:03.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode