[Lubricant Jam]

Quote:

Originally Posted by IT_KILLER Updated. Version 1.0.2 Test this version https://github.com/IT-KiLLER/Exploit-FIX-2018-04-17/ Added: AddAmbientSoundHook Removed: ban + logs

Thank you for removing the ban, I am unsure if I've been targeted with this crash yet or not however I've placed this into my servers.

Thanks for your help towards the community.

[gtmaniac]

Quote:

Originally Posted by IT_KILLER Updated. Version 1.0.2 Test this version https://github.com/IT-KiLLER/Exploit-FIX-2018-04-17/ Added: AddAmbientSoundHook Removed: ban + logs

Performing testing with the actual crash, the actual null.wav audio file isn't detected by either AddNormalSoundHook or AddAmbientSoundHook.

I wrote both of the hooks to constantly output what sounds were hooking through them and the actual null.wav doesn't actually ever get detected by either hook.

[IT_KILLER]

Quote:

Originally Posted by Lubricant Jam Thank you for removing the ban, I am unsure if I've been targeted with this crash yet or not however I've placed this into my servers. Thanks for your help towards the community.

Thanks for your comment!

Quote:

Originally Posted by gtmaniac Performing testing with the actual crash, the actual null.wav audio file isn't detected by either AddNormalSoundHook or AddAmbientSoundHook. I wrote both of the hooks to constantly output what sounds were hooking through them and the actual null.wav doesn't actually ever get detected by either hook.

Thank you for testing! I've reported the exploit to Valve. Will try to find a solution tomorrow.

[x00]

the recent exploit works by spamming signonstate messages, causing server to send player_connect_full event to all connected players - client then emits Music.StopMenuMusic which translates to common/null.wav



to fix it you should only allow one NETMsg_SignonState with signonstate in the packet you receive being SIGNONSTATE_FULL, some detouring might be required here not sure if sourcemod allows intercepting of arbitrary netmessages

[backwards]

This should fix the exploit for now until valve has an official patch. Automatically kicks clients abusing it. Let me know if you find any issues.

[VPPGamingNetwork]

Quote:

Originally Posted by 1337norway This should fix the exploit for now until valve has an official patch. Automatically kicks clients abusing it. Let me know if you find any issues.

Thank you for this man!!

[sneaK]

Quote:

Originally Posted by 1337norway This should fix the exploit for now until valve has an official patch. Automatically kicks clients abusing it. Let me know if you find any issues.

It works! Updated syntax and it now utilizes sourcebans for those who use it.

[Fearts]

Is this exploit only for CS:GO or can it be used on TF2 as well?

[SM9]

Thought I would release this modified version.

• Logs to a file when it kicks or bans somebody.
• Checks if the connect event was sent more than once instead of checking for more than 5 times, realistically nobody legit will send it more than once, I tested it myself and its impossible to false trigger.
• Added in the soundhooks because why not.
• Added a check for somebody sending the connect event too early (aka not ingame)
• Added cvar "sm_nwfix_ban" (Default 1) to ban player (Will use SourceBans if it exists and is running otherwise will ban normally.)
• General rewrite and syntax update.

[VPPGamingNetwork]

Quote:

Originally Posted by Fearts Is this exploit only for CS:GO or can it be used on TF2 as well?

yes sir its only on csgo