mirror of https://github.com/diamante0018/MW3ServerFreezer.git synced 2025-04-18 19:22:53 +00:00

Go to file

dependabot[bot] d170746cbc

build(deps): bump deps/libtommath from 7f39a72 to 138309c

Bumps [deps/libtommath](https://github.com/libtom/libtommath) from `7f39a72` to `138309c`.
- [Release notes](https://github.com/libtom/libtommath/releases)
- [Commits](7f39a72cc2...138309cfdc)

---
updated-dependencies:
- dependency-name: deps/libtommath
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

2024-03-13 16:17:04 +00:00

.github

maint: major write up improvement. No functional changes

2024-01-25 13:26:30 +01:00

deps

build(deps): bump deps/libtommath from 7f39a72 to 138309c

2024-03-13 16:17:04 +00:00

src

fix(docs): document the correct function

2024-01-25 13:40:06 +01:00

tools

maint: major write up improvement. No functional changes

2024-01-25 13:26:30 +01:00

.clang-format

use protocol buffers to do something cool

2022-09-02 17:39:26 +02:00

.gitignore

Add files

2021-11-14 11:19:55 +00:00

.gitmodules

use protocol buffers to do something cool

2022-09-02 17:39:26 +02:00

generate.bat

Refactor

2022-03-22 23:41:36 +00:00

LICENSE

Create LICENSE

2021-11-14 18:32:42 +00:00

premake5.lua

use protocol buffers to do something cool

2022-09-02 17:39:26 +02:00

README.md

maint: major write up improvement. No functional changes

2024-01-25 13:26:30 +01:00

README.md

MW3ServerFreezer

Remastered MW3 Server Freezer for the 1.4:382 version of the game (client).

Disclaimer

This software has been created purely for the purposes of academic research. It is not intended to be used to attack other systems. Project maintainers are not responsible or liable for misuse of the software. Use responsibly.

Summary

This software is a proof of concept for a vulnerability that is patched. You can't harm anyone with it if you use it on Pluto (If you were to update the addresses for the 1.9 patch of the game). You also can't use this vulnerability on Tekno as it was fixed in 2021 (2.0.6 version of their client). If you think your server is vulnerable you should seek help in the appropriate discord server or forum of the client you use. The exploit is documented in exploit.cpp

Update

The original patch by the Tekno gods was done incorrectly.

The patch made by Discord user "Zero Bytes" made the Netchan_Process stub return -1 when suspicious packets were detected. The return value is completely non-sensical and allows for the execution of SV_PacketEvent to continue.

int __cdecl Netchan_Process_stub(netchan_t* a1, msg_t* a2)
{
  if ( a2->cursize <= 14 || !a2->data[14] )
    return Netchan_Process_Original(a1, a2);

  // Forces the bytes of the packet to remain within acceptable values
  a2->data[7] = 0;
  a2->data[14] = 0;
  // Returns wrong value. SV_PacketEvent is allowed to continue
  return -1;
}

Later revisions of the Tekno gods server DLL seem to have changed this behaviour and now the stub returns 0 when a suspicious packet is detected.

int __cdecl Netchan_Process_stub(netchan_t* a1, msg_t* a2)
{
  if ( a2->cursize <= 14 || !a2->data[14] )
    return Netchan_Process_Original(a1, a2);

  // Redundant operation
  a2->data[7] = 0;
  a2->data[14] = 0;
  // Returns correct value. SV_PacketEvent will return and it will not process the packet any further
  return 0;
}

Compile from source

Clone the Git repo. Do NOT download it as ZIP, that won't work.
Update the submodules and run premake5 vs2022 or simply use the delivered generate.bat.
Build via solution file in build\mw3-server-freezer.sln.

Commands

List of hard-coded key binds:

O Activate the exploit
L Undo the exploit
K Force disconnect from server (back to main menu)

Credits

QUADFOST posted the original exploit on a popular gaming forum. I wrote this software implementing the exploit.