I just took a peek into Chop Shop FFA, and almost gagged. I checked gamename, it was basejka_pushfix, OK there.

But inside it looked awfully ridiculous. I'm pretty sure this can't be done by screwing with hilts either.

One old regular, Jen, had a staff. She was doing spontaneous pullstabs (Without the pull), canceling it into some spin, cancelling that into red kata , then canceling the red kata IN MID SPIN into another pullstab or some other screwed up move. Oh, and she could do the dual saber barrier, again with a staff. I'm fairly certain that can't be a hilt, as no hilt can make you do specials in the middle of a kata...

Some singler also did a spin, but nothing beyond that.

P.S>: i kicked their asses left, right, and sideways despite all of this bull.

As far as I know basejka_pushfix only does something to Push, and none of this has happened at CS before to my knowledge.

Can somebody tell me what the hell is going on?

Should ask Amidala what else (if anything) is running on her server...


Perhaps there is some exploit out there, who knows?

But if it's another one of these admin mod backdoors, that would explain it.


I use pushfix too, and I've never seen anything like that, BUT, that doesn't rule out the possibility...

More info is needed.

The reason I didn't ask Ami was because I didn't think she would intentioanlly add something like that. So i assumed it was some kind of exploit.

It is a kind of exploit, it has something to do with entering numbers in the console, as they were throwing chats around about numbers and saber attacks. There's also another trick, that they walk on their head, and another where they permenantly leave saber trails in a map. I've heard putting to many permenant saber trails could crash the server.

I'm not sure if I've seen it in any server other in Chop Shop, I think I did though.

I've asked around, and the responses I got were:

I did it with magic.
'Cuz I'm special.
Go away.


I hope I can find out what's going on here...

VERY VERY odd. Altho doing that would make you the ultimate god player.

nah that makes you the ultimate nOOb player

those moves are debug melee/saber moves -you can do them from 10-250

Yeah, doing a saber barrier with a single saber or staff is suicide. I've killed this person constantly doing a barrier with a staff, simply by doing a staff butterfly on them, when with two sabers, going in there without the lunge is suicide.

http://home.comcast.net/~awb1989/shot0002.jpg)

Unfortunately, a few members of a clan that frequent my CTF server have been reading the source code and discovered a bunch of debug moves, exploits, and hacks and have been "sharing" their information. It allows them to make huge saber trails that cause the server to grind to a halt or crash, they can do Alora spin moves, staff butterfly with dual sabers, very strange saber throws, and a weird move where they go upside down and hit people on the feet but with very high damage. This broke out a couple of days ago and the hacks will soon be common knowledge. Here is a related thread with screenshots (they are not censored for language on that board, as a warning to the sensitive):

http://www.firetrill.com/forums/viewtopic.php?t=1874)

I have been spending all weekend dealing with this, but it is only the beginning. I banned all of the members of that clan temporarily and they have promised to stop using the hacks, but it is too late, Pandora's box has been opened. They were telling other people about them and it will spread like a virus. In addition, they are doing a lot of debug moves similar to debugthrow, but I don't want to give away some of the commands.

This happened on what was essentially a basejka server (basejka_pushfix) and it is all client-side. I have been forced to install an admin mod (first JA Reloaded, next JA Plus Mod because it disabled some of the debug moves) and recruit subadmins (yes, an admin mod and admins on Chop Shop, that's how bad it is) to try and control it, but it probably won't be enough.

Here is some of the email I've been getting:

I am writing you to ask you to put an end to all the exploits that are
currently being used on the CTF server you have. I love this server, my
absolute favorite of the bunch, but it is growing very annoying and tiresome
to have other players that are out seeking to destroy the enjoyment of the
game for others, using exploits to give them an advantage, and in some
cases, just simply to annoy the players. I would like to have all the saber
exploits be removed (or prevented) and any other exploit including the
hold-and-throw move. People are using these moves to ruin the other players
gaming experience, and to just increase their own ego. If it is no possible
to remove these exploits from the server, or at least prevent them, I am
asking you to make a rule of no exploits allowed. Thank you for taking the
time to read this.

...I think you have a real problem on your hands with this server at this time. I log on now and no matter when it is someone is using some type of saber exploit or doing some toss that kills people.

...I am mad cause people just sit on the server trying to ruin others fun with their cheats. it makes me sick to no end is there a way to stop this??????!!!

...You have people that come to your server with the idea that it is okay to do these saber exploits etc. there reasoning is it is "Fun". To me anything that causes lag intentionally is detrimental to your server in the end. The thing these guys forget is that there is other folks to consider here they are not the only ones to consider here.

Unless the mod makers or Raven deals with this it will kill or disfigure this game for good.

Yet another reason to not release the source code.

At least I can beat the **** Jen pulled.. But you say it's WORSE? Oh my sweet Lord..

damn i'm sorry amidala :( i hope everything works out in the end about this situation

A few questions....

Amidala, does having your server "pure" block any of these exploits?

Also, have you sent this information to the Raven guys that view this forum (emorog, ChangKhan[RAVEN], KISS Army)? At least they will be made aware of the problem, and maybe they can ask LucasArts to let them do another patch... (if the bugs are that serious, who knows) or post work-around or something.


Finally, would turning off debugmelee (or any other cvar) stop these exploits from being used on a server?


As far as using admin mods, I have no wish to start using them if I can help it, but if this info is sent to (or already being used by) Xmod2 or OJP, then I wouldn't mind using those if it meant safety from such exploits.

Time is of the essence... good luck!

PS: PM me with anything that might help out a fellow admin...

Originally posted by Kurgan
A few questions....

Amidala, does having your server "pure" block any of these exploits?

Also, have you sent this information to the Raven guys that view this forum (emorog, ChangKhan[RAVEN], KISS Army)? At least they will be made aware of the problem, and maybe they can ask LucasArts to let them do another patch... (if the bugs are that serious, who knows) or post work-around or something.


Finally, would turning off debugmelee (or any other cvar) stop these exploits from being used on a server?


As far as using admin mods, I have no wish to start using them if I can help it, but if this info is sent to (or already being used by) Xmod2 or OJP, then I wouldn't mind using those if it meant safety from such exploits.

Time is of the essence... good luck!

PS: PM me with anything that might help out a fellow admin...
Pure servers only prevent clients using .pk3 files that are not on the server or identical to the ones on the server from connecting, so that should not make any difference. These are console commands that have been bound to keys, no .pk3 files have been altered.

I haven't contacted Mike Gummelt but I will when I have time (maybe you could direct him to this thread). I think this is a very serious issue because these exploits are so easy to do and so radically alter saber combat. Remember all those single-player moves that Alora and Tavion and Reborn Masters did, as well as every multiplayer stance, style, kata, and special attack? And maybe also some things that are in the game (like the saber-staff in JK2) but were not made available because they were too buggy, powerful, or unfinished. Now imagine ALL of them are available to any player ALL of the time, whether they have single, dual, or staff sabers. Oh, and they don't use any Force either, so you can spam them non-stop.

debugmelee is off on my CTF server, but it still happened. This stuff makes debugmelee look like child's play.

I know slider disabled debugthrow, debugknockmedown, and maybe some others in JA Plus Mod, hopefully including these. These are also debug commands.

Now the only thing that is a ray of hope is that it doesn't appear to work on every server. Is it only Linux servers? I saw the source code for basejka_pushfix, it is very simple and I can't believe it enabled this stuff, but maybe truly basejka is immune (probably not). JA Reloaded Mod 1.2 is not immune because it has continued with that.

I actually totally shut down the server, "reset" it, and did a restart to see if that would stop it but it didn't. I have the server closed right now until I can get the new mod online and get my subadmins up to speed.

I am pretty sure this is just the beginning of something big. I don't think it will stay limited to my servers because of the basic nature of it. This information will spread very quickly. I checked my logs a few hours ago and saw that someone entered the command in the console but forgot the "/", so it was broadcast as chat.

Remember, you saw it here first. The end is near.

All of those debug saber moves debug whatever commands are blocked in JAR 1.4 which i hope to have done very soon, RL and that college thing equals little time, sorry for the deay :/

Originally posted by [nWo] Filth
whine whine whine. let the noobs have their fun 2. you aren't the only people with the right to play.

Her server her rules.

I to play there and noticed the expliots but I simply thought that the players were using custom hilts since it is possible to use them on Chopshop.(models dont show but custom moves/stats still work). As for the the perminant trails I have never seen these ingame before.

Originally posted by [nWo] Filth
whine whine whine. let the noobs have their fun 2. you aren't the only people with the right to play. This is not good christian behaviour!

dude shut up if you don't have anything positive to say about the situation.

I ran into that myself on the first night I played (last thursday). since it appears that Amidala doesnt want the actual coding to be posted i wont, but I can say it really knocked me down a few levels as I thought it was a commonly accepted practice and was the norm. Im glad to see it isnt.

what I do remember is that one player in particular "binded" this particular command to particular keys and, when it was said in chat, the discusion turned into people giving the command out and many people trying it out...including myself. I had also made the comment about how this was really kinda pathetic that anyone can own another player simply by binding a series of keys (with attack numbers) that seemed virtually undefeatable.

anyway, reading this thread has encouraged me to head over to chop shop again to find some enjoyment. btw, amidala, on Thursday night I was in your FFA when I recieved a connection problem. when I logged back in the FFA server was no longer in my list. was I banned from that server for some reason or was it due to server problems?

thanks

Originally posted by Cercueil

anyway, reading this thread has encouraged me to head over to chop shop again to find some enjoyment. btw, amidala, on Thursday night I was in your FFA when I recieved a connection problem. when I logged back in the FFA server was no longer in my list. was I banned from that server for some reason or was it due to server problems?

thanks

It probably just crashed. Both servers are currently closed until I can get the new mods installed.

Could you tell us just HOW they did this, as to the console commands? We might be able to figure out an easy way to stop it if we knew just what they were doing.





(That, and I've always wanted aloras spin move, despite how underpowered it is.)

Originally posted by AIVAS
Could you tell us just HOW they did this, as to the console commands? We might be able to figure out an easy way to stop it if we knew just what they were doing.





(That, and I've always wanted aloras spin move, despite how underpowered it is.)

Open your console (shift and ~) and type /disco or /qui for cool saber hacks.

Originally posted by Amidala from Chop Shop
Open your console (shift and ~) and type /disco or /qui for cool saber hacks.

lol....*keeps quiet* ;)

Originally posted by Amidala from Chop Shop
Open your console (shift and ~) and type /disco or /qui for cool saber hacks.

Very funny. I'm serious about stopping them though. If we knew what the commands were, it would probably be a lot easier. As for the people you tell abusing them, the only one I'd probably use would be Aloras, just for the look of it, despite the fact that you can't move several seconds after doing it.

Spend time on any busy server and keep your eyes and ears open. I expect 99% of the players in this game will be doing these hacks by the end of the week, but I'm certainly not going to help spread this disease. The more noobish someone is, the more they think they are "cool". Who cares if the server crashes?

Originally posted by Amidala from Chop Shop
Spend time on any busy server and keep your eyes and ears open. I expect 99% of the players in this game will be doing these hacks by the end of the week, but I'm certainly not going to help spread this disease. The more noobish someone is, the more they think they are "cool". Who cares if the server crashes?

*sigh* You could have pmed me, but ok, I'll see if I can find anything on the official ja+ server, if that ain't busy, nothing is. If I want to find a way to stop it, I need to find out how they're doing it.

Originally posted by [nWo] Filth
whine whine whine. let the noobs have their fun 2. you aren't the only people with the right to play. This is not good christian behaviour!

N00b, shut the **** up. This is a certified exploit/hack that can ruin gameplay and ultimately the game, and you're telling them to just play it as it is? Again, I repeat my advice: shut the **** up, asshat.

until I read this thread I was contemplating just not worrying about MP games as I thought it was the norm. It does screw up gameplay and leads to a crappy environment to play in.

granted, i think i died due to falling more than strange saber strikes, but still....

Originally posted by [nWo] Filth
whine whine whine. let the noobs have their fun 2. you aren't the only people with the right to play. This is not good christian behaviour!

Shut the **** up noob.

No need to start flaming here guys.

[nWo] Filth since you've made it your purpose to be a troll since you signed up, consider this your warning!


Hopefully the mod makers and developers can work together on a solution to fix this.

If you must discuss the "secret commands" don't post them here, but relay via PM.

As was said, if these commands stayed secret this long, maybe a little discreteness can help prevent them becoming too popular until a solution is found.

It's odd that these commands are usable by non admins though...

Well, good news and bad news:

JA Plus Mod 2.0 appears to block most or all of the debug moves, so kudos to slider. I guess it's a good thing his mod is so widespread, it will slow down spreading of the hacks.

The bad news is that if a server is running a mod that doesn't specifically block the debug moves, it is vulnerable. My disruption instagib server, which doesn't even have lightsabers, is vulnerable. I'll have to read the log later to see if they made lightsabers appear where there aren't supposed to be any, but they were talking on my other CTF server about how the hacks worked on my disruption server.

Originally posted by [nWo] Filth
And btw. JKA MULTIPLAYER SUX!! DONT WASTE YOUR MONEY ON IT!!

...

Good for you. :indif:

Maybe if you were a bit more specific as to WHY you hate JA (other than "it sux"), I wouldn't give you such a hard time (as would many other forum members). I don't mind what people think as long as they give arguable and insightful reasons as to why they think that way.

But enough of getting off topic.

It's too bad that this is happening to JA. This is why game companies are reluctant to release a game's source code in the first place. Some smart@$$ always tries to find ways to wreck the game. Take Delta Force 2 for example. On the official servers, you have people flying and shooting off an unlimited supply of grenades at a ridiculously high rate of fire. What's worse, they move so erratically that it's well nigh impossible to kill them. It really ruins the game.

Hopefully it will never become that bad for JA. Still, it is worrisome.

Sigh, anyway back to the real discussion... where are Master Hex and RazorAce?

http://gphan.com/pics/albums/omghi2u/pwnedduck_001.jpg)

Indeed.

Now back to the matter at hand...

you notice how you can view ips if you're a moderator or admin?


*waves bye*

The debug moves problem is caused by the mod maker in question not building his .dll's properly. If you forget to make Final builds and instead make Debug builds, then all kinds of debug commands get left in - commands which are only meant to be avaliable duing test time and never were meant to end up on 'proper' servers :/

Sounds like certain mod makers realised this later rather than sooner - and hence their earlier releases were full of Debug stuff...

And unfortunately, I know of no way to disable any of these debug commands if Debug builds have been made. The developers would not have needed any way to disable these commands, since they were only 'suppost' to be avaliable for testing purposes in the first place...

So in short - players aren't doing anything clever to 'hack' these servers -they are taking advantage of a gaping wide hole of opportunity inadvertantly (but - gotta be said - noobishly) left open by the mod maker in question...

My servers were running basejka_pushfix and disruption. The exploits continued under JAR 1.2 but are pretty much stopped under JA Plus 2.0. And Orion2486 says that JA Reloaded 1.4 will have those exploits blocked.

Are you saying that basejka_pushfix, disruption, and JAR 1.2 were not built as Final versions, and plain basejka should be OK because it isn't running a mod?

Actually I think chosen had been playing around with the debug commands and left the debug check uncommented or something, but its now cvar restricted in 1.4

ok, so ja+ and jr are going to block them. what about omni and x mod? does anyone know about those?

If Xmod2 and OJP block them then I'm fine. I just don't want to be forced to use an ampunish friendly admin mod. ; p

But, interesting point if you say it's a MOD problem and not a basejka problem.

Pushfix is nice, but it only fixes one annoying bug, better to have that than to have exploits like this I guess.

Somebody should make a new linux compile that fixes that (if it's the case).

XMod and OJP never had debug problems. They're some of the few mods done right. :)

Cool. If that's "all it is" we should spread the word among mod makers and admins. Once that's cleard up and the popular mods are fixed, then it should be out in the open.

JA+ Mod block all debug cmds and cheat cmd since the beginning of the mod

it is even one of the main things i did when i begun with JA+

Are you sure slider?
I thought I had heard that you could activate them on certain early versions of admin mods (And I was quite sure JA+ was specifically mentioned).

And if I'm reading what people are saying - it sounds like it's still going on, apperently with several mods - including your own...

If I'm wrong about this, I apologise. But that's what i'm getting from reading these posts...

perhaps it was the case on the first version 1.0 or 1.1
but i corrected it very quickly

it makes a long time it is corrected

i just took a look on all the cmds that you can use in JA+

and absoluty are blocked

if you know a cmd that is not blocked tell me i will see if you are right

but i am nearly sure you are wrong
but perhaps i missed some debug cmds in all this code

so tell me the cmds?

Slider,

This was my point though.

If you just make Final builds, you wouldn't have to try and find all these debug commands. They get taken out automatically

Try doing a quick search for:

#ifdef _DEBUG

See all that stuff coming up? THat's all the stuff your adding to your builds which shouldn't be there in the first place.
Not only are you adding commands and cvars which shouldn't be there, your also adding loads of unnessesary test code and debug trace stuff which will be eating up a few unnessesary cycles here and there (not much granted - but still, your mod is running slower as a result...)

You don't release debug builds man - seriously! Debug builds are for testing and (funnily enough) debugging - your not suppost to use them on 'real' servers. This is very basic stuff...

btw - the reason this didn't happen in JO is because we had the .qvm compiler avaliable. THis automatically makes 'release' builds, stripping out all the debug stuff.
(Or at least the default configuration of the .bat files used made release builds. Not sure if it's possible to set them up to make debug builds. But anyway - that's a side issue. THe point was it didn't take any brain power to make sure your compiling release builds in JO - whereas it does in JA. Well, not that much tbh. But you at least need to switch configs on your compiler...)

hehe
i am not a novice

i already checked all of that

and all my version are relaeased in FINAL_BUILD

i was only saying that perghaps there are cmds that i didn't see and that are not in IFNDEF FINAL_BUILD block ir IDFED _DEGUG blocks

but i just took all the cmds one by one to be sure, and normally except if i missed some of them
all those cmds are not compiled in the mod

and all my version are relaeased in FINAL_BUILD


OK - good.
...but you also removed the _DEBUG pre-processor define right?! If you didn't do that, your builds are still chock-full of debug code...

No-one has ever triggered a debug command in my mod - EVER. And I've never had to go hunting down these commands in code either.
You wanna know why? Because my mod doesn't have debug code in it...

of course the _debug flag is not in the release versions

Ahh -I think I see your problem slider.

I've just downloaded v2.0_fixed of your mod, and the windows .dll looks to be the right size (Debug builds are a LOT bigger than Final builds - about twice the size)...

....but your linux .so file is way too big to not be a debug build.
It's nearly 2MB's!! It should actually be around half the size if it was a proper final build - 0.7 MB or so...

So looks like your windows build is ok, but your linux build is DEFINELTY debug.

Do you build the linux files yourself?

no it is not debug

the _debug flag is not set

if it is debug it would spam the games.log with debug message

check it
and you will see
there is not _debug message

the flags used in windows version are the same as the flag in mu linux makefile execpt several differences due the difference betweend the 2 OS

i think the difference of sizze is due to the fact the instrution in linux OS is totally differenct from the windows one

i use the last versions of GCC and it compiles of the code for i586

if you think that the _degug code is compile in the linux version try to execute cmds that appear only in _degug blocks or find debug message in the games.log for example damage saber, or move trace debug.....

you will see they do not appear

perhaps if i had used ICC it would given the same size as in windows dll...
but i doubt of it because the official basejka linux .so file is about 2Mo and was compiled by raven itself
so it is the same size as mine
and they used ICC
so i don't really see the need of using ICC when you have a free programm as GCC
iCC is not free, and i have not money to spend in that

i think the difference of sizze is due to the fact the instrution in linux OS is totally differenct from the windows one


Heh -whatever you say...

So you obviously think it's sheer co-incidence it's only certain mods that have (ever) had this problem then?!


Well - I tried guys. If you wanna keep using JA+, expect to find some more interesting little 'features' in the linux version...

...call it a hunch if you will ;)

..just out of pure morbid curiosity though - please mention one example of a debug command that Raven let 'slip' into their final builds which you have subsequently had to 'fix'...


Obviously send in a PM rather than post in the open here...