Posted: Tue Jan 02, 2007 6:54 am Post subject: clientcrasher
Hello. I'm here to warn you about a malicious tool that has just emerged. It's called ClientCrasher.exe and apparently, it does not only crash the clients in its vicinity. It can also intercept logon packets, and then send ambigious packets towards clients which just logged on, kicking them from the server. Unfortunately I got to know the tool in sad circumstances, some of my shard players used it. Could you explain how exactly can it intercept POL packets?
hmm... only screenshots in the rar... btw, i think this tool can't hook anything but local packet stream between your client and the server
it's impossibile that it can hook ("spoof") other clients' packets.
however, to crash nearby client it can exploit some kind of client bug, i remember years ago there was something like this, it used strange speech colours to crash other clients
Author
Message
CWO
Joined: 04 Feb 2006 Posts: 691 Location: Chicago, IL USA
Posted: Tue Jan 02, 2007 7:33 am Post subject:
This sounds just like the person who said he can grab everyone's IP in UO and hack them very easily. In the end, it was all a bunch of BS thrown together by programs like EUO to put sysmessages in his journal looking like hes able to do it.
I know the tool works because I have heard so many complaints of people who actually get disconnected. The supposed 'ClientCrasher' has a function that allows it to track relogs, and then automagically kick the players, so that there's no chance for them to flee or anything really . It's not a bunch of EasyUO lines I bet.
Author
Message
CWO
Joined: 04 Feb 2006 Posts: 691 Location: Chicago, IL USA
Posted: Tue Jan 02, 2007 7:39 am Post subject:
well what client version do you use? This could be the same type of bug Bracco was talking about sending something that the other clients can see but cant process.
I'm using the latest version of the client. All of my players must have the latest one, otherwise they get disconnected by a verification script (client check packethook). I've checked injection's 'transparent' speach bug, and it's not it. Any ideas? Maybe the POL webserver makes it vulnerable?
Author
Message
CWO
Joined: 04 Feb 2006 Posts: 691 Location: Chicago, IL USA
Posted: Tue Jan 02, 2007 7:58 am Post subject:
client version checks can be worked around with injection itself.
disguise yourself as a normal player, or let some of the victims lend you his account... then play around with some kind of packetlogging enabled, and when you get disconnected, look at what came to your client before disconnect
Once you get the log of the packet, post it here. It is probably possible to hook the offending packet and deal with it in a way that doesn't crash clients. Crashing a client is Very easy to do if you are the server. ANY malformed packet, almost, will cause the client to stop responding.
This is one example of why I wanted a uo client of my own Muad. I am not sure how to hook into the real UO client's connection and send things so it would be easier to make my own client and try to crash everyone else.
It's probably a chat-type packet. It would have to be something that a client could send that the server would process and then send to another client or group of clients.
Author
Message
CWO
Joined: 04 Feb 2006 Posts: 691 Location: Chicago, IL USA
Posted: Tue Jan 02, 2007 10:55 pm Post subject:
This could also be a good reason to be able to start the internal core logging textcmd on someone other than your own char.
I tried to catch some of those packets with razor packed logging but it's hard because sudenly everybody stopped using clientcrasher.
Anyway i was looking for that tool and i couldn't find it. Today i'll try to get it from my shard players
. It's not a bunch of EasyUO lines I bet. 
