exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

crysislog.txt

crysislog.txt
Posted Jun 16, 2008
Authored by Luigi Auriemma | Site aluigi.org

Crysis versions 1.21 and below suffer from an information disclosure vulnerability.

tags | advisory, info disclosure
SHA-256 | 3f1ae2ce1c1f1f6a77617fb7cad5138ddc00b4a18fe3d7b84fe64601770236b3

crysislog.txt

Change Mirror Download

#######################################################################

Luigi Auriemma

Application: Crysis
http://www.ea.com/crysis/home.jsp
Versions: <= 1.21 (1.1.1.6156 showed as gamever)
Platforms: Windows
Bug: informations disclosure
Exploitation: remote versus both clients and servers
Date: 15 Jun 2008
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
web: aluigi.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


Crysis is a recent FPS game developed by Crytek (http://www.crytek.com)
and released at November 2007.
This game is well known for being a "computer killer" due to its high
hardware requirements but also for having various problems with
cheaters.


#######################################################################

======
2) Bug
======


Crysis is affected by a strange design error which consists in
appending various internal network informations in its disconnect and
error packets.

For example, if we send a keyexchange packet (0x8c) without having sent
the previous join packet (0x07) the server will reply with a
disconnect packet (0x08) containing a "KeyExchange1 with no connection"
error message followed by usually 16 lines of internal logs which
include various real-time informations like IP addresses, nicknames and
status of the clients (which so can be disconnected through spoofed
disconnect packets), details about PunkBuster like paths, screenshosts,
bans, checks and GUIDs of the players, status of the Gamespy SDK
(stats, failed cdkey checks, communication with the master server and
so on) and other plus or less sensitive informations.

Naturally this problem affects both servers and clients so is possible
to see also the real-time network logs of any client which is playing
on a server since both the IP and the port are visible in its logs in
some moments.


#######################################################################

===========
3) The Code
===========


http://aluigi.org/poc/crysislog.zip


#######################################################################

======
4) Fix
======


No fix


#######################################################################


---
Luigi Auriemma
http://aluigi.org
Login or Register to add favorites

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close