#######################################################################

Title:  Simple and generic way for fixing the Quake 3 engine
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
web:    aluigi.org

#######################################################################

1) Introduction
2) Quake 3 engine message kick (generic)
3) Soldier of Fortune 1.03 /ignore crash
4) If something doesn't work


#######################################################################

===============
1) Introduction
===============


What I explain here is the simplest way for removing bugs from the
games that use the Quake 3 engine and generally others too.
The key is that if the command that causes the bug doesn't exist the
program is no longer vulnerable.
Sure it is not a great method and not a real patch but it's simple,
doesn't require skill and it must be applied ONLY to the servers so
clients have no problems with unaccepted modified files.

The advisories to which this document is referred are the following:

  http://aluigi.org/adv/q3msgboom-adv.txt
  http://aluigi.org/adv/sof2ignore-adv.txt

This must be considered only a lame and stupid work-around that can be
made by anyone without difficults and on any supported operating
system, if you want to really fix a problem you need to have the source
code or the SDK of the bugged game and modify it as explained in the
related advisories.


#######################################################################

========================================
2) Quake 3 engine message kick (generic)
========================================


This is a generic step-by-step so you must know a bit your game before
applying it but if you own a server this is normal for you.

If your base folder contains some *game.dll files (like Return to
Castle Wolfenstein for example) you need only to open the game dll
(NOT cgame) with a hex editor and:
- search for the command you want to disable checking that there is a
  byte 00 at its beginning and end, something like the following:
    00 76 73 61 79 00    .vsay.
- place a byte 00 where is located the first letter of the command like
  the 'v' for vsay and vsay_team or 's' for say

If there are no *game.dll files do the following:

- enter in the base folder
- open the pk3 file that contains the vm folder and is used when you
  launch the game.
  Usually the pk3 file is ever that with the most recent date or the
  highest number (like update103.pk3 or pak8.pk3) and you can see what
  of your pk3 files contain the needed folder simply searching for vm\
- extract the *game.qvm file (note that it is contained in a folder
  called vm needed later). Usually you have 2 files that have this
  end of name, a *cgame.qvm and a *game.qvm. You need the second one.
  For example in Quake 3 we have cgame.qvm and qagame.qvm, the second
  one is that we need
- open the extracted file with a hex editor
- search for the command you want to disable checking that there is a
  byte 00 at its beginning and end, something like the following:
    00 76 73 61 79 00    .vsay.
- place a byte 00 where is located the first letter of the command like
  the 'v' for vsay and vsay_team or 's' for say
- create a backup copy of the pk3 file adding the .old extension to it
  like pak8.pk3.old
- add the modified vm\*game.qvm file to the pk3 file overwriting the
  original one contained in it.
  You can also avoid this and the previous step creating a new zip with
  a higher number like pak9.pk3 or update_104.pk3 or update_fix.pk3
  This second solution is highly suggest if clients need to download
  the file from your server since it is very small!
- attention, the file must be added with its vm folder, so vm\*game.qvm
  and not *game.qvm

If you use a mod you must do the same steps but using the pk3 file of
each mod you want to fix.


#######################################################################

========================================
3) Soldier of Fortune 1.03 /ignore crash
========================================


- open the file base\update103.pk3 (base\update102.pk3 for the Linux
  dedicated server) with a program that handles the zip files
- exctract the file sof2mp_game.qvm (note that it is contained in a
  folder called vm needed later)
- open the extracted file with a hex editor
- search for the command ignore checking that there is a byte 00 at its
  beginning and end, something like the following:
    00 69 67 6e 6f 72 65 00    .ignore.
  the right offset should be 0x7415c or 0x74124 on Linux
- place a byte 00 where is located the 'i' of ignore
- now you have 2 choices:
  - zip the vm\sof2mp_game.qvm file in a new file called update_fix.pk3
    This solution is highly suggest if clients need to download the
    file from your server since it is very small!
  - add the vm\sof2mp_game.qvm file to update103.pk3 overwriting the
    original file.
    in this case create a backup copy of the update103.pk3 BEFORE doing
    this operation and call it update103.pk3.old.
- attention, the file must be added with its vm folder, so
  vm\sof2mp_game.qvm and not sof2mp_game.qvm

If you use a mod you must do the same steps but using the pk3 file of
each mod you want to fix.


#######################################################################

============================
4) If something doesn't work
============================


In this case means you have fixed one of the vm files but not that used
by your game or mod.
In fact if you use a mod (like OSP) you need to modify the vm game file
located in its pk3 archive.
So my suggestion is: verify your server EVER after having patched it
with the provided proof-of-concept (like q3msgboom.cfg and /ignore
123456789).
If the command is still active you need to modify another game file.
If the command is no longer recognized by the server means it is ok.


#######################################################################