Malicious Mod?



  • Ghosthree3Ghosthree3 Join Date: 2010-02-13 Member: 70557Members, Reinforced - Supporter
  • SebSeb Melbourne, AU Join Date: 2013-04-01 Member: 184576Members, Forum Moderators, NS2 Playtester, Squad Five Blue, Squad Five Silver, WC 2013 - Silver, Retired Community Developer
  • DC_DarklingDC_Darkling Join Date: 2003-07-10 Member: 18068Members, Constellation, Squad Five Blue, Squad Five Silver
    Whaaat? Enabling cheats enables any client to run any lua code?
    Which idiot assumed that was a superb idea?
  • Ghosthree3Ghosthree3 Join Date: 2010-02-13 Member: 70557Members, Reinforced - Supporter
  • turtsmcgurtturtsmcgurt Join Date: 2012-11-01 Member: 165456Members, Reinforced - Supporter
    SUPER_SARS wrote: »
    Ghosthree3 wrote: »
    Woah wait what. Why is MY steam ID mentioned in the code at line 143. B8amk5r.gif

    I'm not sure I'm ok with this, I'm not sure what it does or means yet, but I have a feeling this is going to bite me in the ass even though I didn't do anything.

    EDIT: Ok from what I can tell it either bans or unbans me from the server (there's also a TON of other IDs listed at the bottom so it does it for those as well?). Wish I knew code better so I could know exactly what is going on. Either way, not cool @Deco , this so doesn't end well for me.

    EDIT2: Ok no longer sure it has anything to do with bans. Someone help.

    EDIT3: No it's definitely about banning.

    But but.. it's an amazing piece of coding!

    yea it's an amazing piece of coding that I can't actually read, but trust me it's amazing other people said so!
  • ZEROibisZEROibis Join Date: 2009-10-30 Member: 69176Members, Constellation
    No having fun with sv_cheats. It is too much fun...
  • NordicNordic Long term camping in Kodiak Join Date: 2012-05-13 Member: 151995Members, NS2 Playtester, NS2 Map Tester, Reinforced - Supporter, Reinforced - Silver, Reinforced - Shadow
    I hear people talk about this mod even in game. No one I have talked to actually knows what it does? Can someone elaborate for the poor code illiterate peoples of ns2?
  • Ghosthree3Ghosthree3 Join Date: 2010-02-13 Member: 70557Members, Reinforced - Supporter
    Allows people in the know to change the state of the game on the fly. Can do basically anything, eg. replace all bullets with babblers.
  • FehaFeha Join Date: 2006-11-16 Member: 58633Members
    edited December 2013
    Fantastic piece of code, I like how it even has proper debugging support even for scripts failing on other clients. Seems to only be able of sending the error messages to one person at a time though, if I were to give a suggestion, it would be to make console_ls, or a concmd dedicated to hooking into debugging, fill a Set with clients that wants to receive the error messages, and then have _C be a table looped in output to get the clients instead. Maybe even make said list be used to differ between who makes what error, so that you can only listen to errors relevant to yourself.
    And why not make an in-game editor like luapad (read below) so its not only the owners of that gist that can play, but anyone on the server.
    Then all it lacks is tying into an admin mod, and I think many server admins would like to have it on their server, for trusted ppl to use.

    Honestly I dont think this piece of code is malicious, except for the fact that it seems to also unban the creator of the script.
    A script that lets anyone load Lua to a server and its players, as well as receive the error messages, is actually a good thing. Gmod has some similar mods, called luapad (useful, basically a glorified lua_run) and epoe (Enhanced Perception Of Errors).
    Although, putting said script on a server without the owners consent is not really ok, and this is regardless of what the script does imho. Since most ppl cant read code to make sure of what it did.

    Must say I learnt a lot by reading this code, such as "select('#', ...)" and the fact that ns2 can do HTTP requests now! Thanks to OP for posting it here for us to see, and kudos to the creator for creating it.
  • Ghosthree3Ghosthree3 Join Date: 2010-02-13 Member: 70557Members, Reinforced - Supporter
    It's not a mod made by a group of people, one guy made it to see what he could do, it's not meant to be for fun lol. So random people aren't meant to even know it exists, let alone use it.
  • |DFA| Havoc|DFA| Havoc Join Date: 2009-08-07 Member: 68375Members, Reinforced - Shadow
    edited December 2013
    Completely disgusted by most of the responses in this thread. Apparently it's okay to hack a server as long as you use really clever code to do it? I have no words for that.

    We wiped the server and rebuilt it from scratch, issued a warning to have people delete any code downloaded to their clients, and we added every steamID in the mod's code to our ban list on principle.

    Between this and the behavior of vets on our rookie only servers, I think Haps and I are both about ready to walk away from this community now.
  • Ghosthree3Ghosthree3 Join Date: 2010-02-13 Member: 70557Members, Reinforced - Supporter
    edited December 2013
    We were impressed he did it and exposed a flaw in the game that needs to be fixed. We weren't impressed by the use of a mod to maliciously harm servers (I don't believe he even uses the mod, just wanted to see if it could be done. Besides a few times to test if it was working, e.g. that video). Also clients do not need to delete it, it can do them no harm unless they manually enable it or join a server with it installed. Also you didn't need to wipe your server, the least you needed to do was simply take it out of the list of mods in the mapcycle.json file, if you're really paranoid then delete the specific mod folder (or all mod folders if you can't find it) for it. You don't need to have the game wiped, the game files are unmodified (server config files may be though). It's just like any other mod, the difference is it was added to your mod cycle without your consent, just remove it.

    Kind of pissed off you banned every ID in that list, I happen to be one of those IDs even though I've had zero involvement with this mod, never even been on a server that had it installed and didn't know of its existence until very recently (long after my ID was put in that list). The creator just grabbed a random bunch of IDs he had to use to obscure the important ones and mine happened to be one of the ones he grabbed. Not cool.
  • |DFA| Havoc|DFA| Havoc Join Date: 2009-08-07 Member: 68375Members, Reinforced - Shadow
    I'll make sure your ID gets removed from our list, Ghost.
  • Ghosthree3Ghosthree3 Join Date: 2010-02-13 Member: 70557Members, Reinforced - Supporter
    Thank you. Expect that some other people may also wonder why they're banned, I happen to know that the list of IDs just contain random people that do play NS2, that don't even know NS2 exists. He grabbed about 10 IDs off the hive I believe.
  • |DFA| Havoc|DFA| Havoc Join Date: 2009-08-07 Member: 68375Members, Reinforced - Shadow
    Deco wrote: »
    Sorry, Havoc & co', for not providing information earlier on how to remove the mod. Also kinda regret abusing your trust. Know that despite my misdirection, my intentions weren't sinister (pseudo-character-reference on not being sinister (scroll down to Changelog – SDK):

    However, I'm not sorry for installing the mod on ~15 servers and messing around... it was bloody fun, and the majority of players enjoyed the break from routine :)

    All the mod does it provide me with an avenue to mod your server live, allowing me to do silly things like make lerks breath fire, onos shrink to 30% size, allow marines to use xenocide (marineocide?), etc.
    No information was stolen, no system or game files were modified (I'm not sure how to, after that exploit was fixed), only config files (and the state of the current game, ofc).

    The majority of the IDs in the list are from random NS2 players (select from If you want to ban me, here's my ID: 42331421 .

    By the way, I can keep the original promise that convince you to enable cheats, if you want :)
    Playing as a babbler is bloody fun :D

    Ah, so you're not a complete wretch after all. Would be nice if that had been your first response instead of 'no comment'. All the same, I think we'll keep you on the list and probably never turn sv_cheats on again.
Sign In or Register to comment.