[ASM stuff] GM Commands.

[chiefioso]

Well, I have been digging into planetside.exe quite deeply; I have discovered a test in there for all GM commands. I am trying to execute some, but there is some quite interesting **** int here.

Drop a breakpoint on planetside+0047876C and then type /zlock.

You may possibly need to have some other stuff to make this work, but here are the commands i've found:

/zlock
/zcommand
/setbaseresources

and several others like this. I am wondering if some of them are not protected from being called server side? Judging by the track record of SOE, I am guessing at least one command goes unchecked.

I'll keep you posted.

Edit: Holy ****. Got something: Check out the attachments. This is the /paintball command, it adds text to places. It's not serverside protected. I am looking for other commands that are similar

Edit:

Digging through the code, and some of the messages. This was definitely accomplished through manipulation of the netcode. The game has the ability to mount weapons of any kind on any person with a given offset; all of this exists or at least relates to planetside+0095CAF0
Very possible, and unfixed. They do almost no serverside checking.


Edit again:
It turns out certain commands each have their own checking systems on whether or not access will be granted. I think it is bitwise, so, you could give certain people a certain "level" of security. I am working on reverse engineering the individual functions, and hope to find a general way of bypassing all security on chat commadns and GM stuff. There is no server side code stopping me.

[joltting]

There is a bit more to it, then simply changing a few commands. A good example is finding the player structure. Once there you can change the CR and BR of your character. How ever though, no one else would be able to see it.

[chiefioso]

Quote:

Originally Posted by joltting

There is a bit more to it, then simply changing a few commands. A good example is finding the player structure. Once there you can change the CR and BR of your character. How ever though, no one else would be able to see it.

Yes, all of that is serverside information. However, from my initial gatherings, some (most?) of the GM commands do not invoke a serverside check on account level.

I did a test with the /paintball GM command and everyone else could see my changes to the server. This was in the same routine "area" as the other GM commands, so I would like to think it is processed on the server in the same area as other commands also. So, that being said, I can execute GM commands on the server.

[joltting]

That paintball command is nothing more then client side. No one else can see what you write to the map. Every time you use that command a text file is created in your planetside directory. No command you input goes to the server that allows others to see it. A prime example of this is when you take all the conditional jumps and allow them to bypass all the functions that prevent you from using GM commands. The server will stop you.

SOE does check input commands. Especially GM commands.

[Laughing_Man]

Californika is a genius. I'm glad he semi-taught me how to manipulate server packets. To pretty much get the same effect that he managed to get in that youtube video.


Hey Joltting, how goes it?

[chiefioso]

Quote:

Originally Posted by joltting

That paintball command is nothing more then client side. No one else can see what you write to the map. Every time you use that command a text file is created in your planetside directory. No command you input goes to the server that allows others to see it. A prime example of this is when you take all the conditional jumps and allow them to bypass all the functions that prevent you from using GM commands. The server will stop you.

SOE does check input commands. Especially GM commands.

Are you certain about this? I had asked several other parties to verify that it was serverside; several independents said they had saw the text.