[SOLUTION] Invalid shot data for player(id). Offset out of bounds

[Emre__]

Hello everybody,

I was recently having this error on my server_log.txt file and lost some players because they were crashing out of the game when this error happens. This error is not being randomly generated or a malfunctioning on SAMP server. It's because some guy is attacking your server with a script that is can be found easily on any samp hack forums.

Let's describe how this attack works. As you know PAWN language is based on 32-bit language so any data, string, float or integer can not be bigger then 32 bits. When 32 bit is fully used in this case our maximum number in bits is 1111111111111111111111111111111 which is equals to 2147483647. This also applies to floats.

So attacker sends a bullet shot data to server with random float offsets which is around 2147483647 or bigger. When the offset position is bigger then this number SAMP Server can not process the data normally so sends malformed data to user and that makes client crash not server.

To prevent this you can use this simple solution: When a offset is bigger then 2 billion and 147 million then do not send the weapon data. It can be done simply like this:

Code:

public OnPlayerWeaponShot(playerid, weaponid, hittype, hitid, Float:fX, Float:fY, Float:fZ)
{
    if(fX > 2140000000 || fY > 2140000000 || fZ > 2140000000) {
        new PlayerName[MAX_PLAYER_NAME];
        GetPlayerName(playerid, PlayerName, sizeof PlayerName);
        printf("[BULLET ATTACK] User %s(%d) is tried to shot an invalid bullet @ fX: %f, fY: %f, fZ: %f", PlayerName, playerid, fX, fY, fZ);
        return 0;
    }
    return 1;
}

Note: In order this to work you must have enabled lagmodcomp 1 in server.cfg

EDIT: This system detects this attack but still invalid shot data still being sent. You can try to Ban attacker at the very moment when attack is detected. Simply add

Code:

 BanEx(playerid, "possible bullet crash");

just before

Code:

return 0;

[awsomedude]

There is a include that detects invalid bullet shots http://forum.sa-mp.com/showthread.php?t=581017

[Emre__]

Quote:

Originally Posted by awsomedude

There is a include that detects invalid bullet shots http://forum.sa-mp.com/showthread.php?t=581017

That include doesn't solve the exact problem here.

[Mellnik]

Tbh, the SA-MP server should sort out such stuff and perform sanity checks.

[Lorenc_]

Quote:

Originally Posted by Emre__

That include doesn't solve the exact problem here.

If you are talking about the most recent player-crasher release, then that in fact does patch it. Most recent ones exploit the invalid weapon id to crash players, simple as that.

Quote:

Originally Posted by Emre__

That include doesn't solve the exact problem here.

You sure?

Code:

} else if ((hittype == BULLET_HIT_TYPE_NONE) && GetPlayerDistanceFromPoint(playerid, fX, fY, fZ) > 200.0 && (fX != 0.0 && fY != 0.0 && fZ != 0.0)) {