40k Backdoor

[partor 0]

Is this possible?

 

 

 

I using 40250 mainline have a backdoor , Is it boredom  ?

 

 

[Night 364]

backdoor as far as i can remember there was no one reporting such a thing maybe a 100 error a 100 warning and 1000 problem but never heard of any backdoor unless it was made by someone

 

boredom

do you mean bothersome? yeh they can be used to shutdown the server and ...etc. depending on what it was coded to do.

[partor 0]

I using mainline any problem ?

Yes bothersome

My bad English

[Night 364]

I using mainline any problem ?

Yes bothersome

My bad English

if you are using the regular one then i do not think there is any.

[Ken 892]

It's already public current exploits on internet.

• P2P Exploit

P2P Exploit fix ; 

 

I don't remember exactly all bugs. If you want to protect yourself server, you must look at all topics.

 

Kind Regards

Ken

[martysama0134 7039]

Actually, the "private port vulnerability" is neither a bug nor a backdoor. (highly used by kiddies since 2010)

That's how "game"s and "db" communicate with each others. (even though an authorized connection wouldn't be so bad to implement)

Ymir clearly specified the necessity of protecting such ports behind firewall. (in the source files, you can find some ipfw rules in korean)

There are no backdoors so far. (I'm not considering the /war or /cube issues since they are bugs, and it would be funny considering them as BD)

[Shogun 4513]

I can't imagine a professional game developer implementing backdoors on the code, and it's definately not Ymir's style.

 

The only protection against unauthorized use of the files that Ymir implemented is the expiration date.

[partor 0]

I can't imagine a professional game developer implementing backdoors on the code, and it's definately not Ymir's style.

 

The only protection against unauthorized use of the files that Ymir implemented is the expiration date.

So mainline  src is safe ? 

[Shogun 4513]

If I recall correctly there is an infected binary in the archive uploaded by Kraizy... packmaker if I'm not mistaken.But that's all.

[partor 0]

If I recall correctly there is an infected binary in the archive uploaded by Kraizy... packmaker if I'm not mistaken.But that's all.

Hmm thanks for all, Even so I be going to use mainline src

[djkotsos 101]

can you help me?

 

[martysama0134 7039]

So mainline  src is safe ?

Excluding bugs, it should be BD-free. (like the rest of the other branches)

I can't imagine a professional game developer implementing backdoors on the code, and it's definately not Ymir's style.

 

The only protection against unauthorized use of the files that Ymir implemented is the expiration date.

Previously, in 2012, the r2089 (not r2089m) game had the "temp gm privilege" backdoor. (even official servers, except gf servers, were affected by this)

[partor 0]

 

So mainline  src is safe ?

Excluding bugs, it should be BD-free. (like the rest of the other branches)

I can't imagine a professional game developer implementing backdoors on the code, and it's definately not Ymir's style.

 

The only protection against unauthorized use of the files that Ymir implemented is the expiration date.

Previously, in 2012, the r2089 (not r2089m) game had the "temp gm privilege" backdoor. (even official servers, except gf servers, were affected by this)

 

thanks 

[K3zX 4]

  

On 5/28/2015 at 2:56 PM, Shogun said:

If I recall correctly there is an infected binary in the archive uploaded by Kraizy... packmaker if I'm not mistaken.But that's all.

 

 

Where is it?

I want to delete it but could not find.

 

@masodikbela do your packmaker what you relesed to m2h includes that malicious code? Or just the "precompiled" original exe in the tgz infected?

Btw i see you updated it last week o_O

Edited April 12, 2020 by K3zX

[masodikbela 1339]

2 minutes ago, K3zX said:

  

 

 

Where is it?

I want to delete it but could not find.

 

@masodikbela do your packmaker what you relesed to m2h includes that malicious code? Or just the "precompiled" original exe in the tgz infected?

Btw i see you updated it last week o_O

I don't know about this, and I highly doubt that packmaker is infected, since its basically only one cpp, all the other files (or libs) are from the original binary.

Btw there was a little mistake that @xP3NG3Rx pointed out, so I updated the last version with the fix.

[K3zX 4]

locate PackMaker.exe <-- will list to the terminal where they're all.

I did not downloaded any to my desktop just deleted in the server so i can't tell which is the bad. Maybe i'll extract kraizy.tgz in a VM and i'll check them all in virustotal.com when i will have some time.

 

@masodikbela you should release your packmaker here since m2h closed, that's a great work and really usable archiver with source available 

Edited April 12, 2020 by K3zX

[Shogun 4513]

At this point I don't think anyone's having that archive from epvp in its original form so it doesn't matter.

 

nvm I read that you do have it. So iirc that packmacker.exe is infected, but it's been a while.

Edited April 12, 2020 by Shogun

[K3zX 4]

I did not wanted to use someone's modified source so i picked the kraizy.tgz. But i think everyone who using the "9.2 vm with source" what relesed here have it too.

[masodikbela 1339]

1 hour ago, K3zX said:

locate PackMaker.exe <-- will list to the terminal where they're all.

I did not downloaded any to my desktop just deleted in the server so i can't tell which is the bad. Maybe i'll extract kraizy.tgz in a VM and i'll check them all in virustotal.com when i will have some time.

 

@masodikbela you should release your packmaker here since m2h closed, that's a great work and really usable archiver with source available 

Probably thats not gonna happen, I don't think that its good enough to make a release about it on this forum, also there are better alternatives already published here, also lost the changelog with the fall of that forum.

Edited April 12, 2020 by masodikbela

[K3zX 4]

I just extracted the kraizy.tgz in a VM and checked every MakePack.exe one by one. They seems all clean however

novaline/Srcs/Tools/bin/test_d.exe
dev/Srcs/Tools/bin/test_d.exe

either have a false pos or a Sality. 

 

Better to delete it if someone have it in their workspace.

 

--------------------------------------------------------------------------------

 

@masodikbela Maybe but they're without source. Or which one do you think?

Edited April 12, 2020 by K3zX

[Yurik 0]

It's been 6 years but i still remember that the infected executable was one of the serverkeygenerator. But i can't remember which branch so use locate command as suggested above and delete every occurance.

 

Best way is to delete every *.exe, if you need one, then build your own one.