[SCHWEDEN]

Quote:

Originally Posted by sawce Just so the 5 or so people who use his plugin know: There is a backdoor where he can delete this plugin (and any other) from your server remotely, via a say command. Additionally, he has two steamids hardcoded as admin, they are: STEAM_0:1:4302228 STEAM_0:177793 Those two steamids have access to create a file on your server ("amxmodx/plugins/adminstmod.amxx"), when that file exists, the server will be registered as an "illegal copy" - and it will do all that spamming crap that you described earlier. Deleting that file and banning those two steamids will only half-solve the problem. There is a say text backdoor (as stated earlier), where he can gain access to two commands, one to list plugins on your server, and one to delete plugins from your server. I'll have to edit the plugin for all of this to be removed, but it'll take a little while - no earlier than tomorrow.

Bless you Sawce! But lets say i ban those steam-ids and then chmod my plugins, wouldnt that stop him from doing anything completely?

[vvg125]

Quote:

Originally Posted by SCHWEDEN Bless you Sawce! But lets say i ban those steam-ids and then chmod my plugins, wouldnt that stop him from doing anything completely?

A better suggestion would be to wait another day. Some further advancement may be headed your way shortly.

[Zenith77]

Quote:

Originally Posted by Da_sk8rboy what's the function?

Wow you people. It couldn't possible be delete_file() or anything.

[sawce]

The "function to delete files" was the already stated ability to delete any plugin from the server running the plugin.


Here is a version of the plugin which should have all of the known exploits removed

NOTE: I do NOT have the sourcecode, I did NOT decompile the entire plugin (parts of it, though to find the exploit). I wrote a small program to manually "remove" opcodes from the binary file; so I "removed" all of the bad crap from it.

If you disassemble it again you'll still see that "delete_file" is in the native list, and his STEAMids / the exploit magic words are in the string tables - that's OK. They are no longer accessed anywhere within the plugin itself though.

Also I cannot easily change the version number so you can tell this plugin apart from the bad copy.

Lastly, I cannot test this too much, but the little bit I did test it I found no issues, and none of the previously known exploits worked.

Let me know of any modification-induced issues. If its a bug with his plugin itself I don't care.

(Oh, final note. My tool doesn't remove stuff from the 64bit copy of the plugin and I'd have no way to test it; do not run this under 64bit linux servers - although nobody should be using 64bit anyway)

[sawce]

Lastly, here's the small tool I wrote to work with the opcodes. I do not have cygwin installed and I don't feel like setting up MSVC for a project for this, so you only get the source. It should build with minimal effort on a Linux environment.

[hackziner]

You're loosing your time by doing that ... It's only for the challenge ? ^^

[sawce]

I'm like a gpl sheriff or something.

The time would just be spent on wow anyway.

[Ka NIP Shun]

FOR THE HORDE!!!! uhh i mean go sawce!!!!

[hoboman]

errrr...fixing that version was a bit of a waste since it is not the newest one out... I already posted about that but it was lost in these 13 pages somewhere...
i also recall vgg125 saying that he could his hands on the binary of the v3.00 of this plugin though

[kp_uparrow]

MD says (the stuff in [quote] is what he says, the others are stuff that he quoted)

Quote:

Just wait until sawce is done decompiling becuase I do not care that he is decompiling it. Many people believe that my TOS and what I do is in violation of the GNU but you know what? They are mis reading it. I actually do provide the source code but no one has asked when they purchased the install.

Many people believe that the spirit of the GNU project is that you should not charge money for distributing copies of software, or that you should charge as little as possible — just enough to cover the cost.

Actually we encourage people who redistribute free software to charge as much as they wish or can.



Does the GPL allow me to sell copies of the program for money?

Yes, the GPL allows everyone to do this. The right to sell copies is part of the definition of free software. Except in one special situation, there is no limit on what price you can charge. (The one exception is the required written offer to provide source code that must accompany binary-only release.)

Quote:

This says that the source code must accompany the binary BUT!

Does the GPL allow me to charge a fee for downloading the program from my site?

Yes. You can charge any fee you wish for distributing a copy of the program. If you distribute binaries by download, you must provide “equivalent access” to download the source—therefore, the fee to download source may not be greater than the fee to download the binary.

Quote:

As this say, I must provide the same access to download the source if they were to download it off my site, which they do. I do give them the “equivalent access” to receive the source if they request it. They must request for it because I require them to follow the same procedure as if they were to purchase the binary only install. As that says, I can charge them the same as the install w/ the binary. No one has ever paid for it, only the install w/ the binary.

Quote:

As many people seem to think that I am violating the GNU in my TOS by not publically releasing the source code but read this.

If I distribute GPL'd software for a fee, am I required to also make it available to the public without a charge?

No. However, if someone pays your fee and gets a copy, the GPL gives them the freedom to release it to the public, with or without a fee. For example, someone could pay your fee, and then put her copy on a web site for the general public.

Quote:

As it says, I don't have to publicly release it so I am within the GNU. And as some may think that I am denying people the rights to redistribute it, I am not. The TOS simply states that you can not redistribute it in the same exact way as I have, which does allow you to redistribute it but not by copy and pasting.

i say: so if we asked for it he would have given it?