Solutions for a security issue

Discussions about Coding and Scripting
User avatar
PrinceOfFunky
Godlike
Posts: 1160
Joined: Mon Aug 31, 2015 10:31 pm

Solutions for a security issue

Post by PrinceOfFunky » Mon Dec 11, 2017 8:13 am

So, some of you already read the topic about being able to open/run anything on the Server/Client machine using unrealscript, fact is, you can use the command 'servertravel' for the same purpose since it calls one of the functions that let you do that thing, I can tell it works on clients too since I opened pornhub and calculator today on the victims who connected to my server, just by using the command 'servertravel'.
Can you think of a solution to avoid worse stuff coming from this exploit and the 'write file' feature?
"Your stuff is known to be buggy and unfinished/not properly tested"

JackGriffin
Godlike
Posts: 3765
Joined: Fri Jan 14, 2011 1:53 pm
Personal rank: -Retired-

Re: Solutions for a security issue

Post by JackGriffin » Mon Dec 11, 2017 3:20 pm

I've been watching these discussions with a great deal of interest. Gugi did this stuff in UT2004 years back but I don't think he published a lot of the things he had found (for obvious reasons). I do know he was able to use the client connection as a tunnel and poke around in their system outside of the game installation. I'm not sure if a protection was ever implemented. If he's still around you might ask him. I'll bet he is very interested in these discussions even if he's not active any longer.

Increasingly as things like this are found to be possible it becomes more important than ever for coders to monitor things they get sent by servers and ring the alarm bell if something looks wrong. This is one reason why I won't use mods that are obfuscated, especially if there is console command code embedded. I'm happy to use your work but I'm going to know what it does ahead of time.

Let's face it, UEngine doesn't have the best history when it comes to self-policing bad practices. Fake bots registering as players, rewriting client favorites, password stealing, it goes on and on. If it's found to be possible there will be servers using it. For me personally if I ever found this type of code in the wild and undeclared I'd let everyone know and then I'd uninstall UT. Aside from write-protecting your installation (which won't work at all if you play) I don't see how it's possible to prevent/defend against this unless the ability is removed via Epic updating the engine (and that's very unlikely).
So long, and thanks for all the fish

nogardilaref
Masterful
Posts: 577
Joined: Tue Jun 20, 2017 1:00 pm
Personal rank: ⚋⚊⚌☰⚞⌖⚟☰⚌⚊⚋

Re: Solutions for a security issue

Post by nogardilaref » Mon Dec 11, 2017 9:55 pm

Perhaps the only real sure to work solution is to isolate the game install in some way, and ensure that the game is executed with a user that isn't able to do anything at all outside of that install location.
I think this is easily possible in Linux systems, but I am not sure in the case of Windows.
If you run it from a dummy virtual machine for instance (if you have a good enough machine for that) you're also safe.

An alternate less optimal solution is to ensure you only download mods and join servers that you trust.
The mods themselves you can generally trust, especially from known developers, but the servers not so much, although if you stick with the most popular ones I hardly think that's ever going to be a problem at all.

Also, players using Windows, which should account for most of them, always run AV software of some kind (unless they're still on XP), which should flag and prevent most real malicious code entering your system that easily.

Maybe even Higor may be already accounting for this and preventing it in his XC_Engine perhaps? Given that he can override pretty much any function, although I am not sure if this includes native ones.

User avatar
sektor2111
Godlike
Posts: 5336
Joined: Sun May 09, 2010 6:15 pm
Location: On the roof.

Re: Solutions for a security issue

Post by sektor2111 » Mon Dec 11, 2017 11:28 pm

Bad stuff was done like Jack said from all time, the question is why do we need to do that. This is similar with Real Life. I can setup a fire burning a lot of stuff but why should do that ? If you know to write some Evil code why do you need to do it ? Why do you send players into crap servers ? Perhaps because we don't want anymore players ON-Line. Good keep going then... In fact the question stays what security issue is about ? We have bunches. Are you done ? Can you do something useful ?
in forum already was started another such discussion with DLL inside U files and that can be fired even without to ask user. A DLL can do more that you can imagine. What is the problem ? Don't play UT.

Aside Notes:
All known bad hosts are already listed here for not being accessed. Other IP addresses useless and harmful have been restricted as well. Send me there if you can... Now you can go to get some sleep and then let's go to do useful things rather than writing files. Btw, I know a free application able to write INT and INI files. It's called NotePad++ I don't need UScript for writing files and neither Editor for testing maps with fake results - like that brush with light and no light if you can recall it... :|
nogardilaref wrote:Also, players using Windows, which should account for most of them, always run AV software of some kind (unless they're still on XP),
Yes, I'm on XP using a limited account and I'm not gonna change it to soon. I'm relaxed and happy how are things working so I'm not switching to new bugs - see "TheHackerNews" for relevant information about great new "OS"es developed. Yeah, really secured no doubts... It was the night of mind how were fixing MS process doppleganging malware dodging bug... :loool: which actually does not exist in XP - no info posted like before, it starts with Vista... Still asking why do I need another OS for UT ? For pain and issues ? Won't happen.

User avatar
PrinceOfFunky
Godlike
Posts: 1160
Joined: Mon Aug 31, 2015 10:31 pm

Re: Solutions for a security issue

Post by PrinceOfFunky » Tue Dec 12, 2017 12:42 am

Running UT in a virtual environment would probably be a good solution.
"Your stuff is known to be buggy and unfinished/not properly tested"

Higor
Godlike
Posts: 1832
Joined: Sun Mar 04, 2012 6:47 pm

Re: Solutions for a security issue

Post by Higor » Tue Dec 12, 2017 1:20 am

My leg can grow a tumor!
I'll just remove my leg!

Also, waiting for Epic update :loool:
ImageImage
Image unreal://23.111.157.138:7777
Image unreal://46.228.199.205:7788

nogardilaref
Masterful
Posts: 577
Joined: Tue Jun 20, 2017 1:00 pm
Personal rank: ⚋⚊⚌☰⚞⌖⚟☰⚌⚊⚋

Re: Solutions for a security issue

Post by nogardilaref » Tue Dec 12, 2017 1:44 am

It's true that the motivation to write real nasty malware towards an old game like this isn't really there at all, but it's still a concern, especially given the wicked and vindictive history of some members of the overall community.
In other words, it doesn't take much imagination to come up with a way to fuck up someone's day with this, or worse. I won't speak out loud the kind of stuff you can do with this, since I don't want to give anyone any ideas, but it's still pretty fucked up.

User avatar
PrinceOfFunky
Godlike
Posts: 1160
Joined: Mon Aug 31, 2015 10:31 pm

Re: Solutions for a security issue

Post by PrinceOfFunky » Tue Dec 12, 2017 2:02 am

nogardilaref wrote:It's true that the motivation to write real nasty malware towards an old game like this isn't really there at all
I'm not sure about it, I was talking with someone yesterday who wanted to use these exploits against a specific server through a single map spreaded between many servers and this person is well known, also known not to be a bad person lol.
At the beginning when I started those topic I didn't think about the malicious accesses since I was focused on using those exploits to reduce engine limitations, but if I would have thought there was a security issue I think I would have published those anyway since the more people know the more they can prevent malicious access in this case.
"Your stuff is known to be buggy and unfinished/not properly tested"

JackGriffin
Godlike
Posts: 3765
Joined: Fri Jan 14, 2011 1:53 pm
Personal rank: -Retired-

Re: Solutions for a security issue

Post by JackGriffin » Tue Dec 12, 2017 4:08 am

PrinceOfFunky wrote:I was talking with someone yesterday who wanted to use these exploits against a specific server through a single map spreaded between many servers and this person is well known, also known not to be a bad person lol.
That person should be named. There's no room in this community for shit like that and it shouldn't be tolerated. Ugh...so disheartening.
PrinceOfFunky wrote:At the beginning when I started those topic I didn't think about the malicious accesses since I was focused on using those exploits to reduce engine limitations, but if I would have thought there was a security issue I think I would have published those anyway since the more people know the more they can prevent malicious access in this case.
Proverbial cat's out of the bag now. Let's see where this goes.
So long, and thanks for all the fish

Higor
Godlike
Posts: 1832
Joined: Sun Mar 04, 2012 6:47 pm

Re: Solutions for a security issue

Post by Higor » Tue Dec 12, 2017 6:01 am

Ok everyone getting too cryptic, angry and not properly communicating:

The command in question is OPEN, and can be called directly using ConsoleCommand, NexGen does this to send players to URL's and open TeamSpeak/Discord addons as well.
The command can be used to open files using the 'file:///path' protocol.
The command internally calls UGameEngine::Browse.

Guess what easily stands in the way here? UXC_GameEngine::Browse
I can easily filter all non-Unreal protocols, or add a whitelist, whatever.
ImageImage
Image unreal://23.111.157.138:7777
Image unreal://46.228.199.205:7788

User avatar
sektor2111
Godlike
Posts: 5336
Joined: Sun May 09, 2010 6:15 pm
Location: On the roof.

Re: Solutions for a security issue

Post by sektor2111 » Tue Dec 12, 2017 6:18 am

Screwing IpToCountry and other useful things because a new coder has decided to practice his skills by sending players into shit servers.
PrinceOfFunky wrote:I'm not sure about it, I was talking with someone yesterday who wanted to use these exploits against a specific server through a single map spreaded between many servers and this person is well known, also known not to be a bad person lol.
Interesting... so it's a good person but which wants to do evil things. Fascinating ! What did I miss here ? Another language barrier or it's time for another hit granted to UT by community supposed to improve and continue this game ? Eh, intruders are inside for years... and they won't help UT, no worries...

ShaiHulud
Adept
Posts: 414
Joined: Sat Dec 22, 2012 6:37 am

Re: Solutions for a security issue

Post by ShaiHulud » Tue Dec 12, 2017 6:29 am

That sounds worthwhile Higor. I had to create an Asynchronous Pluggable Protocol for an application some years ago - I believe that's what's at work behind the scenes here on Windows.

Nirsoft has a utility which allows you to enable disable protocols individually or collectively with Select All. It hasn't been updated since 2009, so I don't know what the implications might be for versions of Windows after Vista. Could consider running this before firing up the game. Be nice if there was a way of preventing protocol handling for individual directories.

nogardilaref
Masterful
Posts: 577
Joined: Tue Jun 20, 2017 1:00 pm
Personal rank: ⚋⚊⚌☰⚞⌖⚟☰⚌⚊⚋

Re: Solutions for a security issue

Post by nogardilaref » Tue Dec 12, 2017 1:55 pm

PrinceOfFunky wrote:
nogardilaref wrote:It's true that the motivation to write real nasty malware towards an old game like this isn't really there at all
I'm not sure about it, I was talking with someone yesterday who wanted to use these exploits against a specific server through a single map spreaded between many servers and this person is well known, also known not to be a bad person lol.
Uhh...
nogardilaref wrote:It's true that the motivation to write real nasty malware towards an old game like this isn't really there at all, but it's still a concern, especially given the wicked and vindictive history of some members of the overall community.
I don't see this to be used as a general malware spread, the UT population simply isn't worth the trouble over how small it is, but as a means of pure revenge or blowing up servers from other admins, sure.
And I can actually think on plenty of people in the community with reasons to do that sort of thing towards very specific admins, so maybe I probably know whom exactly you're talking about.
But I don't like it, it's like having a chemical or biological warfare, both sides will loose, with a lot of collateral damage, that's why the tendency is to stay away from that sort of thing.
PrinceOfFunky wrote: At the beginning when I started those topic I didn't think about the malicious accesses since I was focused on using those exploits to reduce engine limitations, but if I would have thought there was a security issue I think I would have published those anyway since the more people know the more they can prevent malicious access in this case.
I started replying more with that intent too... although I am starting to regret doing it, as I ended pretty much contributing with some of the needed code to fuck everyone up in some way as well.

The thing is, much of security in UT has been relying on obfuscation, with just a select few able to know and understand how to really exploit it to this degree, and mostly because UT provides all the means to fuck things up, but none to actually prevent them at all. It's the consequence of working with an old outdated engine, which never had much of a thought put into its security to begin with.

You cannot prevent any of this for instance, other than using trusted stuff.
Even with Higor releasing something to prevent this natively, you're still putting your trust in what he built, as if it was someone else, you wouldn't probably trust that person to even prevent it in the first place, so it all goes down to use trusted stuff only, and yes, this includes both mods and maps, since both run code.

JackGriffin
Godlike
Posts: 3765
Joined: Fri Jan 14, 2011 1:53 pm
Personal rank: -Retired-

Re: Solutions for a security issue

Post by JackGriffin » Tue Dec 12, 2017 2:30 pm

Nah, you did nothing wrong. This is very much like the aimbot/wallhack argument. I personally think it's best if every server admin tries a few bots out (privately of course) so they know what they are dealing with when trying to look for that activity on their servers. If hijacking or the ilk is a confirmed problem as it appears to be then the more it's discussed the better, even if damaging information is inevitably shared. It used to be in the old original days of UT you could rely on knowledge not being available but now there's a YT vid on anything and the learning curve is very short. It's enough to say the possibility of these exploits exist for the person wanting to do bad things, they need only to spend a weekend learning the 'how' part.

It's going to happen now, that's obvious. It might be time to discuss how it will be handled and maybe, just maybe appeal to Flak to see if some official thing could be done. To my limited knowledge it looks like this is something that can't be suitably fixed by coders doing mods and is a very real threat to the average player.
So long, and thanks for all the fish

Aldebaran
Masterful
Posts: 672
Joined: Thu Jan 28, 2016 7:30 pm

Re: Solutions for a security issue

Post by Aldebaran » Tue Dec 12, 2017 4:31 pm

Perhaps it is possible to code an external program that helps admins to easily check new files (.unr/.u) if there exists commands like StatLogFinal or other potentially dangerous commands in them. So admins know where they should have a closer look into before adding them to the server.