SA-MP Forums

Go Back   SA-MP Forums > SA-MP Server > Server Support

Reply
 
Thread Tools Display Modes
Old 14/01/2015, 04:31 PM   #1
Whizion
Huge Clucker
 
Join Date: Sep 2008
Posts: 404
Reputation: 14
Exclamation Client freeze exploit

Remember that exploit with bad camera data? And then again with bad bullet data?

Well, there's another one out there ...

There's actually a couple of them packed in this tool. The first one works by shooting any weapon and the players around you will freeze. They will have to restart their computer or WINKEY+L, taskmanager and then kill gta_sa to regain control. The second one works by jumping on a bicycle and i don't know (haven't tested) but i think the effect is same as the first one.

I am in the possession of said exploit and i would like to patch it if i could. The problem is i don't know how. So could the people who figured out the first two exploits tell me how they did it? What they used to do it? I can also send this exploit so you can try it yourself (only trusted members / beta testers).

I would really like this to be fixed as soon as possible, thank you for your answers.

EDIT: Just to explain, in "how you did it" i meant what tool besides "printf-ing" every callback and no need to explain any scripting.
Whizion is offline   Reply With Quote
Old 14/01/2015, 06:01 PM   #2
Whitetiger
Huge Clucker
 
Whitetiger's Avatar
 
Join Date: Nov 2007
Posts: 406
Reputation: 156
Default Re: Client freeze exploit

your best bet is sending the tool to kurta999 so he can fix it in YSF.
__________________
GitHub

Author of SA-MP AC

Whitetiger is offline   Reply With Quote
Old 14/01/2015, 06:04 PM   #3
Vince
Spam Machine
 
Vince's Avatar
 
Join Date: Sep 2007
Location: Belgium
Posts: 10,067
Reputation: 2660
Default Re: Client freeze exploit

What format is the tool? Is it a CLEO script of some sort?
__________________
Vince is offline   Reply With Quote
Old 14/01/2015, 06:11 PM   #4
Whizion
Huge Clucker
 
Join Date: Sep 2008
Posts: 404
Reputation: 14
Default Re: Client freeze exploit

Quote:
Originally Posted by Whitetiger View Post
your best bet is sending the tool to kurta999 so he can fix it in YSF.
Will do, thanks.

Quote:
Originally Posted by Vince View Post
What format is the tool? Is it a CLEO script of some sort?
It's a .dll, s..... (with added features).
Whizion is offline   Reply With Quote
Old 14/01/2015, 06:22 PM   #5
Yera96
Little Clucker
 
Join Date: Mar 2013
Posts: 48
Reputation: 0
Default Re: Client freeze exploit

Yep... They are destroying my server right now..

They should hit you with any weapon (not fist) and your client is getting frozen. Debugged OnPlayerWeaponShot and output was:

pawn Code:
[00:51:26] OnPlayerWeaponShot playerid 0, weaponid 31, hittype 1, hitid 1, fX -0.176513, fY -0.156494, fZ -0.105707

Second one is when they use bikes & trains, streamed players will get frozen. Debugged all callbacks related to vehicles, but nothing special.

I could give you the soft, if it's really needed to test.
Yera96 is offline   Reply With Quote
Old 14/01/2015, 07:35 PM   #6
Carper
Little Clucker
 
Carper's Avatar
 
Join Date: Oct 2013
Posts: 32
Reputation: 5
Default AW: Client freeze exploit

You can fix it self... very easy.
The cheat (sob edit) is open source.
Carper is offline   Reply With Quote
Old 14/01/2015, 08:48 PM   #7
georgian1
Big Clucker
 
Join Date: Jul 2014
Posts: 60
Reputation: 0
Default Re: Client freeze exploit

you can fix it using same method used on anti bullet crasher
georgian1 is offline   Reply With Quote
Old 15/01/2015, 07:57 AM   #8
Yera96
Little Clucker
 
Join Date: Mar 2013
Posts: 48
Reputation: 0
Default Re: Client freeze exploit

Could you give an example code?
Yera96 is offline   Reply With Quote
Old 16/01/2015, 01:07 PM   #9
Yera96
Little Clucker
 
Join Date: Mar 2013
Posts: 48
Reputation: 0
Default Re: Client freeze exploit

Bumping... That's really a big problem
Yera96 is offline   Reply With Quote
Old 16/01/2015, 11:08 PM   #10
Matite
Beta Tester
 
Matite's Avatar
 
Join Date: Dec 2006
Location: Australia
Posts: 145
Reputation: 119
Default Re: Client freeze exploit

"Vehicle component crasher" = Add code to OnVehicleMod to check if the component being synced is not valid for the vehicle (return 0 if it is bad). Look for a post by JernejL with this code.

"Bullet crasher (Player)" = Add code to OnPlayerWeaponShot to check the type of shot. If the player is shooting themselves (not possible) then do not sync it (return 0). If the bullet hit location is outside what would be considered a normal range then do not sync it (return 0). If the bullet hit location is INF or NaN then kick/ban and do not sync it (return 0). Look for code on the forum to do this if you need more help.

"Bullet crasher (Vehicle)" = Same as above for "Bullet crasher (Weapon)".

"Train crasher" = Add code to OnPlayerUpdate or a timer that checks the train and trams Z position. If it is outside the range of -10 to 100 then it is not valid. In OnPlayerUpdate you could de-sync this data (return 0) or in a timer you could alert admins and kick/ban the player.

"Attached object crasher" = Add code to OnPlayerEditAttachedObject to check the model ID returned is valid. You should not attach an object in this callback using the model ID that is returned... it should be stored in a variable elsewhere when the player first starts editing the attached object.


Update 1:
"Weapon crasher" = Use GetPlayerCameraPos to check the Z value when aiming or shooting. If it is really high or low then kick/ban the player.

"Train crasher v2" = Check the velocity of the train/tram is not really high.

Update 2:
"Bike crasher v2" = Use OnPlayerStateChange to detect rapid changes from on foot to driver and driver to on foot. Credit to Tamer.


As Kalcor mentioned in his announcement thread these exploits are all patched in SA-MP 0.3.7.
__________________

GamerX 0.3.7 Server 188.165.219.63:8800
www.gamerxserver.com

Last edited by Matite; 29/01/2015 at 09:17 AM. Reason: Added more info
Matite is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
New exploit? No not again please! Pravin Server Support 15 19/12/2014 11:37 AM
New Exploit 0.3z..(HELP) SPA Scripting Help 2 04/09/2014 06:59 PM
Trying to Connect to any server with 0.3z results in client freeze Zach7 Client Support 9 18/02/2014 08:19 PM
New exploit? Bloodhacker Server Support 1 05/01/2014 09:50 AM


All times are GMT. The time now is 03:46 PM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.