Redit 65 Posted November 2, 2024 Share Posted November 2, 2024 What is the exploit? In CPythonLauncher::RunMemoryTextFile a string is used to compile c_pcFileData, so the exploit starts here: "exec(compile(" Hackers can easily search for the string in memory & compile scripts using the memory adress of c_pcFileData This looks like an intentional backdoor left by one of the game devs or maybe even the leaker of the files "Rain" Why? It's hard to believe anyone would trouble to concatenate so many strings instead of just using Py_CompileString If you pay attention the rest of the code is fine and uses the python api instead of some weird shells Seems like there are still many exploits in m2 Hope you learned something new today, now here is the fix you paid for: //ScriptLib/PythonLauncher.cpp search for: This is the hidden content, please Sign In or Sign Up //replace with this: This is the hidden content, please Sign In or Sign Up 5 2 1 1 Quote Link to comment Share on other sites More sharing options...
xrhstos000 67 Posted November 2, 2024 Share Posted November 2, 2024 hmmm Quote Link to comment Share on other sites More sharing options...
muczor 0 Posted November 2, 2024 Share Posted November 2, 2024 ty Quote Link to comment Share on other sites More sharing options...
hesap123a 0 Posted November 3, 2024 Share Posted November 3, 2024 thy Quote Link to comment Share on other sites More sharing options...
testo 10 Posted November 3, 2024 Share Posted November 3, 2024 ty Quote Link to comment Share on other sites More sharing options...
Riot0x0 1 Posted November 5, 2024 Share Posted November 5, 2024 ty Quote Link to comment Share on other sites More sharing options...
Andrew 0 Posted November 12, 2024 Share Posted November 12, 2024 ty Quote Link to comment Share on other sites More sharing options...
STH 0 Posted November 16, 2024 Share Posted November 16, 2024 ty Quote Link to comment Share on other sites More sharing options...
AlexG 0 Posted November 19, 2024 Share Posted November 19, 2024 ty Quote Link to comment Share on other sites More sharing options...
macacoloko 0 Posted November 23, 2024 Share Posted November 23, 2024 hmm Quote Link to comment Share on other sites More sharing options...
ScriptMan 2 Posted November 23, 2024 Share Posted November 23, 2024 On 2024. 11. 02. at 1:55, Redit said: Mi a kizsákmányolás? A CPythonLauncher::RunMemoryTextFile-ban egy karakterláncot használnak a c_pcFileData fordítására, így az exploit itt kezdődik: "exec(compile(" A hackerek könnyen megkereshetik a karakterláncot a memóriában és lefordíthatják a szkripteket a c_pcFileData memóriacímével Ez úgy néz ki, mint egy szándékos hátsó ajtó valamelyik játékfejlesztőtől, vagy akár a "Rain" fájlok kiszivárogtatójától Miért? Nehéz elhinni, hogy bárkinek gondot okozna ennyi karakterlánc összefűzése a Py_CompileString használata helyett. Ha odafigyel a kód többi része rendben van, és a python api-t használja néhány furcsa shell helyett Úgy tűnik, még mindig sok exploit van az m2-ben. Remélem, ma tanultál valami újat, most itt van a javítás, amiért fizettél: //ScriptLib/PythonLauncher.cpp keresése: Rejtett tartalom A rejtett tartalom megtekintéséhez válaszoljon erre a témára. //cseréld erre: Rejtett tartalom A rejtett tartalom megtekintéséhez válaszoljon erre a témára. Hmmmm Quote Link to comment Share on other sites More sharing options...
Eziox21 0 Posted November 24, 2024 Share Posted November 24, 2024 ty Quote Link to comment Share on other sites More sharing options...
Premium Alsonfo23 0 Posted November 29, 2024 Premium Share Posted November 29, 2024 ty Quote Link to comment Share on other sites More sharing options...
mostix 0 Posted November 29, 2024 Share Posted November 29, 2024 ty Quote Link to comment Share on other sites More sharing options...
Sapphire5008 0 Posted November 30, 2024 Share Posted November 30, 2024 thx Quote Link to comment Share on other sites More sharing options...
Cherry102 0 Posted December 20, 2024 Share Posted December 20, 2024 thx Quote Link to comment Share on other sites More sharing options...
Alondark 0 Posted December 23, 2024 Share Posted December 23, 2024 ty br Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.