CS2D Bug Reports
Offline
Quote
LUA ERROR: Cannot add 'test' to hook 'connect_attempt' (hook does not exist)!
This happen when I try create hook.
Forum
CS2D General CS2D Bug ReportsThis happen when I try create hook.
connect_attempt is a new hook which will become available with the next update (same for connect_initplayer) edited 1×, last 27.08.21 08:57:46 pm
The command
spawnprojectile is flawed under the dedicated server, as the animated image of the item never gets removed, and just stays on top of the actual item.EDIT:
When using images in a broadcast (
@C)
msg or msg2 the message won't centre (because it's registering the path as part of the message even though only the image shows).This also applies to anything else apparently, such as
hudtxt and hudtxt2.Also, using images in a HUD text will add unnecessary spaces before and after the image.
edited 3×, last 21.09.21 06:47:07 am
join and connect. The solution is disabling voice chat feature on the whole server or calling functions with other hooks. 
Example: on my server I use a custom anti-exploit feature which check user's IP if his UID marked as admin's UID. If the IP does not match the IP stored in separated .txt file, it bans the user automatically. But as for now I should enable call function not only on
join and connect, but on various actions like serveraction, move. So the hacker will be banned not after he has joined the server, but after he used keys like F2, F3, F4 or moved on map.And also it's possible to fake USGN IDs. One of our moderators (
) got faked and the hacker had an access to our admins script… That's why I wrote a script which checks if the admin IP is allowed. I mean, I can send the script to anyone but it's one of the first things I wrote on Lua so it looks poor. All it does is checks the UID (Steam and/or USGN). If the UID belongs to admin, it scans for the IP from a file. If the player's IP is not the same as in the file, the player being banned.In log files this vulnerability looks like this:
1
2
2
[22:15:52] U.S.G.N.: Player (xx.xx.xx.xx) joining with U.S.G.N. ID #XXX - verifying... [22:15:53] U.S.G.N.: xx.xx.xx.xx is using U.S.G.N. ID #YYY
#XXX — admin's UID #YYY — not admin's UIDIn other words, the hacker joins with admin's UID, but then it changes to non-admin's UID. But in TAB menu I am able to see that he is an admin and he can use admin script as well. And I've made a poor script which fixes this thing…
edited 1×, last 03.10.21 10:56:36 am
Kolia_rus: That's not true, it doesnt let the player join the server then. Just make sure sv_checkusgn is enabled. The Dark Shadow: that's true. And this console command was set to 1 already. Kolia_rus: 1
2
2
U.S.G.N.: Player (xxx) joining with U.S.G.N. ID #XXX - verifying... U.S.G.N.: xxx is NOT LOGGED IN!
1
2
2
U.S.G.N.: Player (xx.xx.xx.xx) joining with U.S.G.N. ID #XXX - verifying... U.S.G.N.: xx.xx.xx.xx is using U.S.G.N. ID #YYY
The Dark Shadow: what do you want to say? Do you think that I had a nightmare or dream about it? I saw it with my own eyes — player were using admin's USGN ID and the admin script too. Marcell, it is possible.It's just not possible to do it to every ID, there are circumstances.
And no,
sv_checkusgnlogin has nothing to do with this current exploit. DC and a few others endorsed that, and I don't think they're going to fix it.
Don't download random hacks/fake programs that steal your account information.
The Dark Shadow, it has nothing to do with the victim, anyone can get spoofed as long as they do X things (that I shall not bring up here).Those things are super common and are part of the game, so there's no real way to avoid getting spoofed, unless you just don't play the game.
Mami Tomoe: Can you tell what exactly makes you get spoofed? Say X does Y, or it isn't necessary to say anything at all. The Dark Shadow, I already directed all the info to @ DC.This isn't new, just move along.
Marcell has writtenStop playing on C4... You cannot fake USGN Id. Period.
C-4 is the server I got banned at (as far as I remember).
I don't play it since 2016. The vulnerability I am talking about happened on my server. By the way, I am so glad to know that you have checked the CS2D & USGN source code so you are sure that the UID can't be stolen. The Dark Shadow has writtenDon't download random hacks/fake programs that steal your account information.
If the fact "don't install hacks" sounds like a great knowledge for you, it does not mean that anyone else does not know it. I am playing CS2D since late 00s so of course I know about security basics.
I am completely not sure what guys do you mean. Do you think that we with @
Mami Tomoe: are trolling you? Marcell: this means that only DC and SQ can be sure if the code has vulnerabilities. Kolia_rus: Yes, that is right, but again, what I said, I never seen anyone doing similar since i playing this game, and it's more than 10 years.
Marcell, if you don't keep an open mind, you'll never be ready.I predicted this would happen and created protection for my servers months in advance.
Also, I have plans as to what to do if this gets more widespread.