Gamespy cd-key validation system: "Cd-key in use" DoS
http://aluigi.org/adv/gskeyinu...http://aluigi.org/adv/gskeyinu... new video for a bug I found in the far May 2005 but still existent in many games since it's a design problem.In short a malicious server can keep in use the cdkeys of the players which join it, and this "cd-key in use" effect can be long FOREVER, also at distance of weeks, months or years from the capturing of the query.For example in this moment I have relaunched the same proof-of-concept of the video (with the same keys.txt) and now my cdkeys is newly in-use after almost 2 weeks from the video.The problem should affect all the games which use the Gamespy cdkey system like Halo and the Battlefield series.In this video I have used the game Gore 1.48 as example, which is not a great reference since the new patches remove the usage of cdkeys (in fact almost all the servers online don't keep your cdkey in use while playing) but was the most simple and fast example I had.The original video (h264 codec) is here: http://aluigi.org/videoweb:http://aluigi.orgforum:http://forum.aluigi.org
Channel: Entertainment Uploaded: November 30, 1999 at 12:00 am Author: aluigivideo
