June 23, 2011

Host Problems

Filed under: Uncategorized — Omega @ 11:40 pm

We are currently having problems with our website and I’m trying to fix it.¬†For now I’ll fall back to this old blog to keep you updated.

Within a week everything should be up as normal. Hopefully a lot faster though.

November 8, 2009

Updates for 1.09

Filed under: Uncategorized — Omega @ 1:46 pm

The version changer has been updated to work with the new 1.09 update.

Click here to download. It works for both PC and CE. More information about the version changer can be found here.

Edit: For those who want to use the sightjacker, download the old 1.08 executables here. Put those in your halo folder (make a backup of the files first) and overwrite the new executables  1.09 executables. You will run 1.08 halo and can use the Sightjacker. Then use version changer to change to 1.09. Sightjacker will be updated in the future, this is only a work-around.

October 6, 2009


Filed under: Uncategorized — Omega @ 12:09 am

Gandanur is the name of the server tool that I’m making. Some may be familiar with the old name: imega.

It was planned that today a selected number of servers would be running a beta version. However I have stumbled on a problem that slowed things down. So I have a new plan. Within a few days I will announce the servers that are running the beta version, however these servers won’t include all functionality until the problem is fixed.

Once I have finished Gandanur the servers will be updated with full functionality. It will then undergo testing and all bugs will be fixed. Once I consider the program to be stable enough it will be released to the public. I also still need to write a user guide for all the new commands. But to make sure you don’t have to wait such an awfully long time you’ll soon be able to play on servers that run the beta version!

The long wait is coming to an end.

July 16, 2009

Updated Version Changer

Filed under: Uncategorized — Omega @ 7:04 pm

The version changer for halo has been updated. It fixes a bug where it messed up the menu and the overall graphics of halo. You can download it here.

It now consists of two files: strings.dll and versionchanger.dll. Both of these files have to be copied to your halo directory (overwrite the old strings.dll). The functionality is exactly the same as the previous version.

PS: Project iMega is not death.

August 14, 2008

Rcon stealer

Filed under: Uncategorized — Omega @ 2:05 pm

In the past there have been many fake screenshot, videos and programs of so called rcon stealers. All of these are fake and don’t work.

A real rcon stealer is nearly impossible to make. You can only make this if you found a bug/exploit that would allow you to execute your own code on the server (like a buffer overflow). But a bug like this has never been found in the halo server. So it’s impossible to get the rcon password in a few seconds. There is however a second method to find the rcon password: bruteforce it.

The halo server is not protected against bruteforce attacks. So this is possible to make. The downside is that this can take a long time (read: extremely long). If you want to try all possible passwords with only lowercase letters, you already have 217,180,147,158 possible combinations. Let’s say you design a decent algorithm that can test 1000 passwords each second. This is already fast, considering we’re doing this over the internet. But it would still take more than 6 years to test all possible combinations. If you also include numbers and uppercase letters, this would be even more: 225,387,915,461,472 combinations, taking more than 7147 years if we could try 1000 passwords each second. So praticly this method also isn’t usefull.

To demonstrate this I made a quick program. It tries all the passwords with only lowercase letters. It send a rcon command to the server and waits for a reply. If the server says the password was invalid, we try the next one. Repeat untill password found or all combinations have been tried. I tested this on my own server against a very weak password.

Server and client are running on the same computer, so the connection is very fast. Yet it still takes 191 seconds to crack it. And it’s a very weak password since it only uses lower case letters and isn’t long. It tried a total of 2886 combinations, resulting in around 15 attempts each second. The weak point in the current algorithm is that it waits untill the server replies. To increase the speed you could send multiple attempts at the same time, then wait for the results, send multiple attempts again, etc. Once you have a positive match you know the password was in one of these attempts. Try each of these attemps again and you have your password.

Next post on this will include this updated algorithm, and the results of it. But for now it seems your rcon passwords are safe.

Blog at WordPress.com.