61
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
62
General Discussion / Re: why is team deathmatch crc'd?
« on: June 20, 2017, 10:06:22 PM »Have there actually been 1.7 billion CRC'd addons? Or just a number.
It's a CRC: https://en.wikipedia.org/wiki/Cyclic_redundancy_check
63
Drama / Re: Kott's False BLhack accusation on Kott's Mafia Madness Too server
« on: June 20, 2017, 03:38:45 PM »jesus loving christ that's definitely not aimbot but why is youre camera movement so choppy
It looks like someone spamming setControlObject on his player so they can get pseudo-spectation. It's one of those crappy hacks usually done on the client end but I guess it could be implemented hackily with selective ghosting.
Does BLHack even work or exist anymore?
The old one I think does, and I posted how to fix it on the forums long ago but nothing has happened (can't find the post)
64
Drama / Re: Kott's False BLhack accusation on Kott's Mafia Madness Too server
« on: June 20, 2017, 12:56:12 PM »
I can confirm the sudden 360 thing, I see it happen a lot on various servers from unique people. Its probably something to do with high angle and low angle equivalency, like how 0 and 360 degrees are the same. So if you're at angle 15 deg and you quickly change to angle 355 deg, it might take the "long way around the circle" and cause the interpolation to make you look like you just spun rapidly when really the angles are the same and the circular distance is biased by rendering.
The aimbot math doesn't "forget up" either, I remember fixing this later on when I discovered it taking the long way around the circle at the 0 point. It's mathematically correct but you have to take the short angle change so interpolation agrees with it. I can see how they'd think someone was using aimbot with the above bug though. IDK what they mean by jitter since its relatively smooth otherwise.
And the thing with aimbots, especially projectile prediction ones: an aimbot that's mostly correct (aim wise) is basically equally as useless as one that doesn't aim at all. You either aim perfectly or forget it. Back when this thing was made it was a simple kinematic equation that modeled people's movement to predict. Blockland has a lot more going on behind the scenes (ie air drag, collision, some things that would create acceleration, etc) that make it much more different than a simple equation. So hosts can have comfort knowing the aimbot is essentially useless in any long range combat (IDK if MM uses long range combat much).
The aimbot math doesn't "forget up" either, I remember fixing this later on when I discovered it taking the long way around the circle at the 0 point. It's mathematically correct but you have to take the short angle change so interpolation agrees with it. I can see how they'd think someone was using aimbot with the above bug though. IDK what they mean by jitter since its relatively smooth otherwise.
And the thing with aimbots, especially projectile prediction ones: an aimbot that's mostly correct (aim wise) is basically equally as useless as one that doesn't aim at all. You either aim perfectly or forget it. Back when this thing was made it was a simple kinematic equation that modeled people's movement to predict. Blockland has a lot more going on behind the scenes (ie air drag, collision, some things that would create acceleration, etc) that make it much more different than a simple equation. So hosts can have comfort knowing the aimbot is essentially useless in any long range combat (IDK if MM uses long range combat much).
65
Off Topic / Re: so i hijacked a school laptop and made it dualboot windows 7
« on: June 20, 2017, 10:03:50 AM »
It's cool but not as cool as finding the actual bios password. With that you can bypass the USB boot lock and not risk them taking your laptop and finding all kinds of modified crap on your hard drive. Lucky for us they had 3.0 ports so it wasn't actually terrible to run an operating system off a flash drive.
The way I got it was the same way, through pxe boot. They use the network boot to quickly "flash" and configure windows onto machines so they can just hook a bunch up and press the go button. What I noticed over the years is that they used to have no bios password on computers then they added one. So I figured it was part of this imaging process and they had a utility to auto config the bios.
The imaging is done through MDT and the binary they used over network boot was pxe linux which booted Lite touch. They had a password on the network boot prompt but since it's all done over tftp it was as easy as grabbing the config file from the pxe linux directory and cracking the hash over night. (You could also just reverse the binary and bypass the password check but it was 7 characters long so I didn't bother)
It would show you it was downloading Lite touch through a directory after that. So I used tftp once again to grab that image and opened it, inside was a config file which contained username and password to an elevated account that could download the rest of the garbage from the imaging servers and finish the job. I used samba on the imaging servers ip and inside there you could find the bios config utility. Right next to it was the config for that which contained the password. Sweet!
And from there you could do more interesting things like finding the domain controller password/domain admin. What's cool about my school laptops is they have all kinds of ports open that the admins use to control and monitor students. Have the domain admin? You're essentially a school administrator and have full access to peoples hdd.. yeah not so secure. Of course I kept this privilege to small pranks on my friends. No way was I about to get expelled for that crap lol.
And I like your ambition. It's fun to do this hacky crap, so never stop learning.
Our school had us pay a rental fee but they're decent laptops I can't complain.
The way I got it was the same way, through pxe boot. They use the network boot to quickly "flash" and configure windows onto machines so they can just hook a bunch up and press the go button. What I noticed over the years is that they used to have no bios password on computers then they added one. So I figured it was part of this imaging process and they had a utility to auto config the bios.
The imaging is done through MDT and the binary they used over network boot was pxe linux which booted Lite touch. They had a password on the network boot prompt but since it's all done over tftp it was as easy as grabbing the config file from the pxe linux directory and cracking the hash over night. (You could also just reverse the binary and bypass the password check but it was 7 characters long so I didn't bother)
It would show you it was downloading Lite touch through a directory after that. So I used tftp once again to grab that image and opened it, inside was a config file which contained username and password to an elevated account that could download the rest of the garbage from the imaging servers and finish the job. I used samba on the imaging servers ip and inside there you could find the bios config utility. Right next to it was the config for that which contained the password. Sweet!
And from there you could do more interesting things like finding the domain controller password/domain admin. What's cool about my school laptops is they have all kinds of ports open that the admins use to control and monitor students. Have the domain admin? You're essentially a school administrator and have full access to peoples hdd.. yeah not so secure. Of course I kept this privilege to small pranks on my friends. No way was I about to get expelled for that crap lol.
And I like your ambition. It's fun to do this hacky crap, so never stop learning.
your school gives everyone their own personal laptops? wtf do you have to pay or something?
Our school had us pay a rental fee but they're decent laptops I can't complain.
66
Games / Re: Mario Land Fun Browser Port
« on: June 16, 2017, 03:06:55 PM »
I get lines above certain sprites: http://i.imgur.com/KhG1dU5.gifv (they don't blink like that though, that's just the gif)
67
Off Topic / Re: Furry Megathread v2 - RIP Vinny Edition
« on: June 11, 2017, 07:33:54 AM »
Hello I'm here for the new thread
...
I really like Pecon's art.
...
I really like Pecon's art.
68
General Discussion / Re: what servers are in store this summer?
« on: June 05, 2017, 09:41:54 PM »
Maybe some of Heedicalking's servers
69
Off Topic / Re: passed all my SOLs for the year, AMA
« on: June 02, 2017, 08:11:15 AM »
Do you get school nightmares the week after summer break starts, ie dreams about missing assignments, tests, teachers yelling and being horribly behind?
70
Modification Help / Re: what function can i use to find a player's username so i can display it?
« on: May 30, 2017, 07:27:24 PM »
$Pref::Player::NetName (its also refreshed after you authenticate)
Unless you want to get other player's names, well that gets a little more complicated and you'll have to describe your situation you use it in to get a definite answer.
Unless you want to get other player's names, well that gets a little more complicated and you'll have to describe your situation you use it in to get a definite answer.
71
Off Topic / Re: at a first robotics competition ama
« on: March 11, 2017, 02:11:04 PM »
Vex Robotics > whatever that is
72
Drama / Re: Amir - Trying to make me click on links to a (likely) Steam scam/phishing site
« on: December 22, 2016, 07:36:55 PM »
I think he thought it was something legitimate at first (and began to spread it without the intent of harm)... this is obvious because no dedicated scammer would do a complete 180 on himself like in the OP.
So I don't know why people are treating him like a spawn of Satan in this thread, I mean its a dumb thing to fall for, but since he didn't know it was an actual scamming site at first means he didn't actually want to harm Planar or anything. And then he went and said sorry to the potential victims (Planar included) so its not really that big of a deal unless you actually clicked it.
So I don't know why people are treating him like a spawn of Satan in this thread, I mean its a dumb thing to fall for, but since he didn't know it was an actual scamming site at first means he didn't actually want to harm Planar or anything. And then he went and said sorry to the potential victims (Planar included) so its not really that big of a deal unless you actually clicked it.
73
Off Topic / Re: "minorities" are ruining a tradition in my country because muh racism
« on: November 12, 2016, 01:12:16 PM »
This reminds me of a similar event that happened at my school:
http://www.omaha.com/news/education/millard-north-bans-full-facial-paint-after-blackout-event-draws/article_95fa6e2c-6bc2-11e6-a0de-4b9a58115c98.html
Despite the tradition of blackouts for over 10 years, it's only suddenly a tribal issue now. A lot of people were pissed off they couldn't wear body paint (of ANY color) anymore. So why wasn't this banned earlier? My guess is just current events with the whole BLM controversy mixed with teenagers trying to rile up everybody, but it's still dumb the greatest solution they thought of was just banning everything.
http://www.omaha.com/news/education/millard-north-bans-full-facial-paint-after-blackout-event-draws/article_95fa6e2c-6bc2-11e6-a0de-4b9a58115c98.html
Despite the tradition of blackouts for over 10 years, it's only suddenly a tribal issue now. A lot of people were pissed off they couldn't wear body paint (of ANY color) anymore. So why wasn't this banned earlier? My guess is just current events with the whole BLM controversy mixed with teenagers trying to rile up everybody, but it's still dumb the greatest solution they thought of was just banning everything.
74
Drama / Re: Cca has made a script to bypass authentication.
« on: September 06, 2016, 04:33:00 AM »
If you know the right functions to modify then it is easy to "bypass" or re-route server-side authentication for clients, in fact it doesn't take much to completely separate the game and have your own auth + master server, but this isn't anything to worry about for unmodified/legitimate servers.
Some people are wondering if this was something that could be abused on every server. And just looking at what goes on authentication-wise when you join a server, no, the game requires you to be authenticated in order to obtain your BLID in the first place before it even updates the player list. Unless the auth server itself has a bug, it will just fail you and you disconnect before anyone sees.
So its just a scummy little script that benefits a small handful of users who don't have a key.. kind of boring when your server selection is so limited. I remember when dotdotcircle wanted to do something similar back in 2013 to just have a completely independent version of the game and reverse it from there (this is where the dso disassembler came in to play) but it obviously never worked out.. kind of neat finding out how authentication worked though!
And I wouldn't get mad at Port or anyone for figuring or re-figuring these things out unless they abuse it, its a touchy subject like trying to justify hacking games, but figuring out the lower mechanisms of game authentication and the algorithms that go behind it is just so damn interesting. Like its comparable to researching nuclear reactions and then nuclear explosions are weaponized, its not necessarily the researchers fault in that instance for creating deadly weapons, just the guys who took it and wreaked havoc with it. Example: key research gave us KeyUtils to help recover lost keys, but at the same time let us figure out how to authenticate offline easily. So don't get mad at Ipquarx for figuring that stuff out, its the guys who abuse the offline keys who are the problem.
Some people are wondering if this was something that could be abused on every server. And just looking at what goes on authentication-wise when you join a server, no, the game requires you to be authenticated in order to obtain your BLID in the first place before it even updates the player list. Unless the auth server itself has a bug, it will just fail you and you disconnect before anyone sees.
So its just a scummy little script that benefits a small handful of users who don't have a key.. kind of boring when your server selection is so limited. I remember when dotdotcircle wanted to do something similar back in 2013 to just have a completely independent version of the game and reverse it from there (this is where the dso disassembler came in to play) but it obviously never worked out.. kind of neat finding out how authentication worked though!
And I wouldn't get mad at Port or anyone for figuring or re-figuring these things out unless they abuse it, its a touchy subject like trying to justify hacking games, but figuring out the lower mechanisms of game authentication and the algorithms that go behind it is just so damn interesting. Like its comparable to researching nuclear reactions and then nuclear explosions are weaponized, its not necessarily the researchers fault in that instance for creating deadly weapons, just the guys who took it and wreaked havoc with it. Example: key research gave us KeyUtils to help recover lost keys, but at the same time let us figure out how to authenticate offline easily. So don't get mad at Ipquarx for figuring that stuff out, its the guys who abuse the offline keys who are the problem.
75
Suggestions & Requests / Re: No Collision Player
« on: July 18, 2016, 01:53:04 PM »
There's a DLL somewhere to add a servercmd interface to this, but for a quick solution you can pull up cheat engine on blockland.exe and XOR out the player typemask bit in sServerCollisionContactMask. This should give the desired effect of players 'phasing' through eachother but things like vehicles, bullets, etc. will still collide.
The current address of that contact mask is at 0x71AA6C, so just start cheat engine on blockland and add that address, and modify the value to be (<that value> XOR $TypeMasks::PlayerObjectType). Example: 127000624 XOR 16384 = 126984240.
An interesting thing to note about this is that it breaks client sided prediction that deals with colliding with other players. This can be solved by fixing the mask on each client in a similar fashion (client collision mask address = 0x71AA70) but that requires everyone to participate on their end, so in the end it's a small sacrifice you'll just have to deal with.
The current address of that contact mask is at 0x71AA6C, so just start cheat engine on blockland and add that address, and modify the value to be (<that value> XOR $TypeMasks::PlayerObjectType). Example: 127000624 XOR 16384 = 126984240.
An interesting thing to note about this is that it breaks client sided prediction that deals with colliding with other players. This can be solved by fixing the mask on each client in a similar fashion (client collision mask address = 0x71AA70) but that requires everyone to participate on their end, so in the end it's a small sacrifice you'll just have to deal with.