####################################################################### Luigi Auriemma Application: Live for Speed http://www.lfs.net Versions: <= S2 Z13 Platforms: Windows Bug: forced restart of the match Exploitation: remote, versus server (in-game) Date: 23 Aug 2009 Author: Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org ####################################################################### 1) Introduction 2) Bug 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== Live for Speed (LFS) is one of the most known and cool car racing simulators available and allows to do a lot of things: races, autocross, drifting, drag races, demolition derby, knock out and more. ####################################################################### ====== 2) Bug ====== A fast sequence of at least two join packets causes some problems internally at the server and after some seconds it becomes unplayable and automatically restarts the match: Avoiding buffer overflow BLANK : OVERFLOW - host > HOST : Emergency Restart Host will restart in 3 seconds in the meantime all the other players in the server are disconnected immediately when the packets are sent. ####################################################################### =========== 3) The Code =========== http://aluigi.org/poc/lfsreset.zip - download proxocket: http://aluigi.org/mytoolz.htm#proxocket - copy ws2_32.dll and the myproxocket.dll of the PoC in the same folder where is located the game executable of the client - start the client and join the server to test For testing any LAN demo/S1/S2 server it's enough to use lfsfp with the option -5: http://aluigi.org/fakep/lfsfp.zip ####################################################################### ====== 4) Fix ====== No fix. #######################################################################