[01.076.011] [DS] Exploit / Hacking

This is a screenshot from my dedicated server. This is a survival mode server. This screenshot was sent to me by one of the players using my server and was taken while I was not online.

Somehow, someone managed to "fling" this massive wall of armor at people to destroy everything in it's path.

It looks just like when someone imports an image into the game using the SEToolbox tool, but since saving is disabled on my server, I don't see how that is possible.

My server is hosted on ViLayer and only I have the username and password. No other log in attempts to my server's control panel were made other than by me.

I would be more than happy to provide a copy of the world, but I've looked at it and by the time I snagged a copy this "wall of death" (as my players are calling it) was probably already off the map. I would also want to PM a link to someone because it would contain the locations of everyone on the server and would open people up to attacks.

Status right now:

The map size is only 7mb, but the download is PAINFULLY slow. I'm talking 10% in 10 minutes slow.

I tried to use SE Maintenance Utility to clean the map up, to no effect.

 

Just FYI, I gave up and rolled a fresh map and "restarted" the server due to this incident.

 

Are you sure the player didnt build the wall from a blueprint and launch it using gravity or thrust?

 

Absolutely positive that was not the case, see this thread which links to screenshots from other servers where the same image file was used to create the "wall of death".

This is an exploit in the wild that's affected several servers and the server admins are buzzing about it.

https://forum.keenswh.com/threads/hacker-sighting.7357118/

 

I have captured a copy of the "ship" that was cheated into the map. Here are the stats as captured from SEToolbox on this thing:

Large Ship, Name: jimmies (corresponds to the meme referenced on other servers and the beacon that showed up on mine as well)
Desc: acros the vast and majstic expanse of space ad time te jimmies rstle softly
Mass 4 Million 3,467 cubes

Highlights:

54 Conveyor's 2 Merge blocks, 36 gyro's, 27 small reactors, 3099 light armor blocks, 1 small cargo, 13 large thrusters 232 small thrusters 1 cockpit 1 beacon and 1 control station

If Keen would be so kind as to provide me contact info via PM I will send you any data you need. I have all logs and files setup on a dropbox waiting.

BTW the thrusters are in French "Petit Propulseur 95" as are the reactors : Petit Réacteur 13

There is also more than 72 THOUSAND Uranium ingots

 

Hi,

I will check it, although I do not have the slightest idea what is wrong. Thank you for letting me know, though.

 

Phand,

The "what is wrong" part is that this is a survival server with copy paste turned off. There should be no way for someone to paste in an object or take over ownership of another players medbay.

Yet someone has found a way to do these things and is using that to disrupt people's servers

 

You should have an ID in the ship file from SEToolbox that can be matched with a player ID in the server files. From there you can determine which user created it as well. (Im not sure of the server setting file that has the Player ID - Player Name relation, but it shouldn't be hard to find).
If Keen can verify this exploit they can ban their account too.

 

You can find his Steam ID easilly.

Go to SANDBOX_0_0_0_.sbs and find the beacon by its name (or reactor or anything with computers from that ship) and copy the <Owner>XXXXXXX</Owner>, then go to Sandbox.sbc and search for that ID.
In section called <AllPlayersData> you will find his Steam name <DisplayName>XxXxXx</DisplayName> and his Steam ID <ClientId>XXXXXXXX</ClientId>

Would be nice to put here his ID, so admins can ban him preemptively.

 

As I understand the forum rules you are not allowed to do that.

 

Well, you should. If not to forums, at least in a PM you can. I don't want somebody like him on my server.

 

PM sent, please double check my searching

 

SteamID has been isolated and banned from my server. A PM with the world file, logs, and additional information has been sent to Phand.

 

Server has been re-attacked by multiple SteamID's using this.

I have no other choice now but to go to a whitelist.

 

Congrats, sounds like you have a popular server? Can you keep a daily backup?

 

Can I get these IDs pls? Want a preemtive ban. thanks.

 

^^THIS^^

Thanks.

 

would be nice to have some kind of public blacklist as a mod (with hidden IDs) so everyone could protect themselves from these jerks.

 

Well, I think you could make a mod, that would connect to your DB where those IDs would be stored, but you can not hide them. Maybe on the web, so users just dont see the list, but admin would see all IDs in server config.

 

I had this as well, it appears to be some kind of client side hack that enables the SHIFT-ALT-F12 (debug mode). This allows for all sorts of disasters, like copy paste, and we know you can fling ships by pasting while moving. So yeah, not great.

 

Well forum rules prevent us from sharing ID's or names of the people responsible for this. I pray that Keen has a fix going in for today's patch.

 

So what's the exploit/hack? This can be done, easily, in survival unless you've disabled projectors. Even then it can still be done, but requires more work.

 

While I agree the projector thing is also an exploit, this thread was confirmed hacking. They found a way to put the game into debug mode, and using that are able to copy paste etc.

 

As I was recently reminded and discovered, I can project in any ingots or components through the Refinery or Assembler outputs. This individual could easily project a couple of assemblers with tens of thousands of steel plates. If it's two people working on this, one can weld the wall while the other gathers resources through the projected assemblers.

 

Your correct and what you describe is an exploit. Several other server admin's and I have had offline discussions and "pow-wow's" and have found the proof in the logs and world files, and we even found one of the hacker's steam accounts with a screenshot showing the Debug info up.

This is confirmed "Hacking"

 

I think I just got nailed. I got a user reporting a troll face, then everything started exploding.

 

Dayum... If somebody really wants and is capable to do a mod that would get data from database and ban users, I am willing to make a simple web page, where users could report hackers, they would have to insert a log and screen, and then admins would check it and approve/or not the submission

 

I can write mods, but I agree with Keen. A ban list is just an invitation for abuse. I'd rather write a mod that catches the issue. This could be standard or SESE, I don't care. But does anyone know how they are doing this? IE, can they reproduce it?

 

Speaking of mods, I dont think any of you mentioned if you have mods running on your server. It could possibly be a hole opened by a mod.

 

I think we all have mods. Do we want to see what mods are common?