GUID Spoofing Exposed... or Disposed.

  • Two Factor Authentication is now available on BeyondUnreal Forums. To configure it, visit your Profile and look for the "Two Step Verification" option on the left side. We can send codes via email (may be slower) or you can set up any TOTP Authenticator app on your phone (Authy, Google Authenticator, etc) to deliver codes. It is highly recommended that you configure this to keep your account safe.
Sir_Brizz

Sir_Brizz

Administrator
Staff member
Feb 3, 2000
26,020
83
48
Some of you may know that recently there has been a bit of an outcry about the possibility of spoofing GUIDs (the hash sent between you and the server to identify you) in order to get people that you don't like banned. There have been a couple posts about this on our forums, and some discussion about this on the UnrealAdmin page, but we've finally gotten something official on this from the ut2004servers mailing list provided by Epic.
You can not use the global id to spoof your way on to a server.
Furthermore you cannot spoof the global id without the cdkey.

You can post a global id without worrying it will be used
illegitimately.

Joe Wilcox
There you have it, folks. According to Joe Wilcox, spoofing GUIDs is not possible.
 
Nemephosis

Nemephosis

Earning my Infrequent Flier miles
Aug 10, 2000
7,711
3
38
According to Joe Wilcox, coloured usernames are exploits too. Small wonder people might not put much stock in what he says.
 
S

Shambler[sixpack]

New Member
May 3, 2001
564
0
0
Ireland
Visit site
Crap, I wish my computer was working so I could check the mailing list. (typing on my PSP)

Your GUID can't be used to spoof your key but your CD Key HASH can be used to spoof it.

AFAIK it works like this:
client[CD Key->*encoding*->CD Key HASH]->hash is sent to server->server[CD Key HASH->*encoding*->GUID]

Without going into more detail, the hash can be used to spoof someone elses CD Key.

So, careful what servers you join :/
 
S

Shambler[sixpack]

New Member
May 3, 2001
564
0
0
Ireland
Visit site
And also, modified clients are needed to exploit the hash's.

Can an admin permanently disable the VB light style for PSP users..the button to do it works but redirects me to the main forum page, when I change page it goes back.
Can't edit my posts with VB lite.
 
ShiningSquirrel

ShiningSquirrel

New Member
Sep 3, 2004
19
0
0
www.shiningsquirrel.com
I would not believe Joe Wilcox if he told me the sky was blue.
Remember, Joe is the same person who said one of the patches (think it was 3355) that was screwing up some of the servers was OUR fault because we did not test it enough on our live servers. He screwed up a patch, and tried to pawn the blame off on the members of the community for not testing it enough.

If you want proof Joe Wilcox is lying to us, read this thread.

http://www.unrealadmin.org/forums/showthread.php?t=14147
 
S

Shambler[sixpack]

New Member
May 3, 2001
564
0
0
Ireland
Visit site
No that was Steve Polge who backlashed at admins (plus they got it fixed in 3369 did they not) and ALL of the publically known workings of the CD Key system are 100% speculation.

I can easily refit my explanation above to suit what Joe says and the key harvesting.
CD Key->*encoding*->CD Key HASH ->game server
CD Key->*different encoding*->GUID->game server

So, no GUID spoofing happens but it's STILL possible to mimic different keys.
All Joe was saying was that it's safe to give your GUID out.
 
S

Shambler[sixpack]

New Member
May 3, 2001
564
0
0
Ireland
Visit site
Moreso I can sympathise with the position they're in...this is not an easy problem to fix.

It would most likely involve a major rewrite of the master server and game server code, which would at least double the master server CPU and bandwidth use.

Could easily take months, and they are trying to work on 2k7.
IMO it's better they spend time getting it right in 2k7 than wasting time fixing what they got wrong in 2k4. (same sentiments on cheat protection)
 
You must log in or register to reply here.
Top Bottom