Fix an exploit where players could steal the final hash of a login (!508) · Merge requests · STJr / SRB2

Merged James R. requested to merge netcode-exploits into next 5 years ago

Aug 17, 2019
- Include md5.h · 9c1fa867
  James R. authored 5 years ago
  
  9c1fa867
- Remove a printf · c1ba72ea
  James R. authored 5 years ago
  
  c1ba72ea
- Kart discrepancies · 19dd9a3c
  James R. authored 5 years ago
  
  19dd9a3c
Jul 15, 2019

Don't send login final hashes to everyone · 91502f14

James R. authored 5 years ago

Someone thought it was a good fucking idea to make logins NetXCmds. NetXCmds
are sent to everyone however. Thankfully logins are two passes. And the second
pass uses a salt based on the playernum. Therefore, in order to actually make
use of the final hash, you'd have to be the same playernum as who originally
sent it. Still a stupid exploit.

P.S. The netcode is LOL XD by VincyTM -Telos

91502f14

Fix an exploit where players could steal the final hash of a login

Merge request reports

Activity