August 21, 2008

Halo Version Changer

Filed under: Projects — Tags: , , , , , , , , — Omega @ 2:27 pm

Important: This is an old post, for the least and up to date information go here.

Because of the recent 1.08 update for halo, many programs made for halo or haloce 1.08 no longer work. While it is possible to update all these programs, this could take a long time. And the people who made them could be inactive and never update their program at all. The easiest fix is to allow a 1.07 client to connect to a 1.08 server. This way you can still use your old programs, but play on the updated 1.08 servers. This is exactly what the Version Changer will do.

You download the version changer and overwrite the original strings.dll in your halo directory (make a backup of the old one!). Then simply start halo. If everything went good, you will see a small message when halo starts. You can now use the new version command in the halo console:

version: Displays the version of the executable (your real version) and the version you are playing on (the faked version).
version table: Displays all the versions you can switch to.
version 1.0x: Changes the version to 1.0x (for halopc).
version 1.0xCE: Changes the version to 1.0x (for haloce).

It will also disable the “checking for updates” message. Although you will still see this message, no actual check will happen. While it is possible to change between halopc and haloce versions, you will not be able to join any servers if you mix halopc and haloce. The versions 1.00/1.01/1.02 for halopc are not supported. Version Changer will not load if you use the executables of these versions. You also cannot join these versions from a newer client (halo will crash – protocol mismatch?). These versions (and halo trail) will not be supported in future releases, unless there are enough requests of users to also support these versions.

Attention Halo Custom Edition users: Make sure you always include the CE postfix when changing to a different version!

August 14, 2008

Rcon stealer

Filed under: Uncategorized — Omega @ 2:05 pm

In the past there have been many fake screenshot, videos and programs of so called rcon stealers. All of these are fake and don’t work.

A real rcon stealer is nearly impossible to make. You can only make this if you found a bug/exploit that would allow you to execute your own code on the server (like a buffer overflow). But a bug like this has never been found in the halo server. So it’s impossible to get the rcon password in a few seconds. There is however a second method to find the rcon password: bruteforce it.

The halo server is not protected against bruteforce attacks. So this is possible to make. The downside is that this can take a long time (read: extremely long). If you want to try all possible passwords with only lowercase letters, you already have 217,180,147,158 possible combinations. Let’s say you design a decent algorithm that can test 1000 passwords each second. This is already fast, considering we’re doing this over the internet. But it would still take more than 6 years to test all possible combinations. If you also include numbers and uppercase letters, this would be even more: 225,387,915,461,472 combinations, taking more than 7147 years if we could try 1000 passwords each second. So praticly this method also isn’t usefull.

To demonstrate this I made a quick program. It tries all the passwords with only lowercase letters. It send a rcon command to the server and waits for a reply. If the server says the password was invalid, we try the next one. Repeat untill password found or all combinations have been tried. I tested this on my own server against a very weak password.

Server and client are running on the same computer, so the connection is very fast. Yet it still takes 191 seconds to crack it. And it’s a very weak password since it only uses lower case letters and isn’t long. It tried a total of 2886 combinations, resulting in around 15 attempts each second. The weak point in the current algorithm is that it waits untill the server replies. To increase the speed you could send multiple attempts at the same time, then wait for the results, send multiple attempts again, etc. Once you have a positive match you know the password was in one of these attempts. Try each of these attemps again and you have your password.

Next post on this will include this updated algorithm, and the results of it. But for now it seems your rcon passwords are safe.

August 13, 2008

Future of iMega

Filed under: iMega, Projects — Tags: , , , , , — Omega @ 3:07 pm

It’s been a long time since there was an update on imega. And it’s been under development even longer. Time to clear things up.

Some of you may think that this project will never be finished. After all, I’m working on it for how long already? Two years? It depends what you call working. In that time I was mainly learning and exploring. But now it’s getting a bit more serious. The solution I have now will be very stable compared to the early designs. And it will be a lot easier to install. In the near future it might even be possible that users can make plug-ins for it.

But let’s talk about what is already done. The project is now under version control with bug tracking and all the fancy tools. Everything is now better organised. Hopefully this will result in a better program and faster release. So far the “core” of imega is almost finished. It works for Halo PC 104-108 and Halo CE 1.08 (other versions could work too, but have not been tested). I’m currently working on the admin module. After that the logger needs to be made. Then the core is almost finished. Once that is done, the map vote module will be made. And then it’s release time.

I’ll keep you updated when these sub tasks are finished.

Blog at WordPress.com.