I'm having a lazy moment and I have to write an essay so I'm hoping that somebody more knowing in this area can help me out.
I'm wondering how the mechanics of the Rcon system works for Quake 3 and its derivitive games.
Does the server code load the contents of the file that defines the rcon password into a temporary memory to compare against what a person inputs when they try to do something along the lines of
/rcon password = bleh
or how does that work?
If this is the case wouldn't it be hypothetically possible to write a program to connect to a Q3 based game, execute the /rcon password command in the console and during the compare snatch the temporary memory that holds the actual password so now the client has rcon access?
I haven't ventured over to the networking and rcon code yet and I'm hoping that somebody can give me a basic rundown of how rcon works.
Thanks!
Mechanics of Rcon
/rcon simply sends a message to the server, containing the an identifier to say its an rcon message, the rcon password, and whatever you wanted to type on the console. On receiving an rcon message, the server will check the rcon password, not the client.
Since the test is done on the server, it'd have to already be compromised to be able to do any kind of memory sniffing approach, so thats no use.
See CL_Rcon_f() for the client end, and SVC_RemoteCommand for the server end.
Like you say, you're lazy, since thats easy to find with a quick find in files "rcon"
(btw, the password is permiently in memory, its just a cvar)
Since the test is done on the server, it'd have to already be compromised to be able to do any kind of memory sniffing approach, so thats no use.
See CL_Rcon_f() for the client end, and SVC_RemoteCommand for the server end.
Like you say, you're lazy, since thats easy to find with a quick find in files "rcon"
(btw, the password is permiently in memory, its just a cvar)
-
Silicone_Milk
- Posts: 2237
- Joined: Sat Mar 12, 2005 10:49 pm
Thanks Anthony.
I'm going to take a deeper look into how rcon works.
About the password being a cvar... yes, I vaguely remember that and I actually hadn't thought of it at all. I've been so busy lately working with web servers that I had it in my head Q3 stored the password in a file and looked it up from there :icon32:
I'm going to take a deeper look into how rcon works.
About the password being a cvar... yes, I vaguely remember that and I actually hadn't thought of it at all. I've been so busy lately working with web servers that I had it in my head Q3 stored the password in a file and looked it up from there :icon32:
-
Silicone_Milk
- Posts: 2237
- Joined: Sat Mar 12, 2005 10:49 pm
Well I started work on a windows shell-esque program that opens a UDP socket to a CoD server of choice and then attempts to run commands as if it were a normal game client.
The point being that I would be able to admin my server without actually needing to have the game client so I could carry rcon in my pocket on a usb drive and run it from any windows machine.
The current obstacle I'm working on is mimicing the packet format and encryption/decryption for transfer through the socket.
The server is accepting my connection but terminates it immediately because the packets I'm sending it are raw data and not in the format it wants to see it.
I know I dont have to register as a player to be able to have access to the server's rcon but I thought about it and was wondering, wouldn't it be possible to have my shell just occupy a player slot in the server of my choice (or multiple servers if I ran multiple instances of the program) and reserve it for me so I always have a spot on the server to play whenever I want?
With that reasoning wouldn't it be possible then to lock the server down by reserving every player slot?
That would be an interesting :icon1: :icon17:
The point being that I would be able to admin my server without actually needing to have the game client so I could carry rcon in my pocket on a usb drive and run it from any windows machine.
The current obstacle I'm working on is mimicing the packet format and encryption/decryption for transfer through the socket.
The server is accepting my connection but terminates it immediately because the packets I'm sending it are raw data and not in the format it wants to see it.
I know I dont have to register as a player to be able to have access to the server's rcon but I thought about it and was wondering, wouldn't it be possible to have my shell just occupy a player slot in the server of my choice (or multiple servers if I ran multiple instances of the program) and reserve it for me so I always have a spot on the server to play whenever I want?
With that reasoning wouldn't it be possible then to lock the server down by reserving every player slot?
That would be an interesting :icon1: :icon17:
-
^misantropia^
- Posts: 4022
- Joined: Sat Mar 12, 2005 6:24 pm
ftp://ftp.idsoftware.com/idstuff/quake3/docs/server.txt 
- for all your rcon needs
On a side note, emulating an entire client just to hog a slot would be an exercise in pointlessness. That's what sv_privateclients is for, after all.
- for all your rcon needsOn a side note, emulating an entire client just to hog a slot would be an exercise in pointlessness. That's what sv_privateclients is for, after all.
-
Silicone_Milk
- Posts: 2237
- Joined: Sat Mar 12, 2005 10:49 pm
Unfortunately the link doesnt work for me. I get a 404 error.
The client emulation idea was meant for servers that aren't my own. Since I wouldn't have access to sv_privateclients the "client" would be a happy solution to keeping a spot for myself on another server.
Although when it comes to ethics that wouldn't be very fair for others.
The client emulation idea was meant for servers that aren't my own. Since I wouldn't have access to sv_privateclients the "client" would be a happy solution to keeping a spot for myself on another server.
Although when it comes to ethics that wouldn't be very fair for others.