http://revuln.com/files/ReVuln_Exploiti ... obbies.pdf
It's a paper about some vulnerabilities that affected the Steam lobbies used by many games like Counter Strike Global Offensive, Left for Dead 1 and 2, Borderlands 2, all the Codemasters games, Alien Swarm, Day Z and a lot of other games.
The effect is zero servers online, no multiplayer.
The attack is very easy to perform and quite silent, basically one single attacker can take down the multiplayer of all the affected games without particular bandwidth/network requirements.
All the bugs are now fixed but they were there for many years, the scary part is that they were extremely easy to find and exploit... just basic Steamworks programming.
Hope you will appreciate the reading.
Exploiting Steam Lobbies and Matchmaking
-
aluigi
- Site Admin
- Posts: 12984
- Joined: Wed Jul 30, 2014 9:32 pm
-
vegeta777
- Posts: 6
- Joined: Thu Aug 28, 2014 1:28 pm
Re: Exploiting Steam Lobbies and Matchmaking
Wonderful read, wow that was a heck of an exploit lol nice discovery mate!
i wonder what if it was discovered by another guy and released it the public it would've caused havoc.
PS:check ur PM"s xD...
i wonder what if it was discovered by another guy and released it the public it would've caused havoc.
PS:check ur PM"s xD...
-
aluigi
- Site Admin
- Posts: 12984
- Joined: Wed Jul 30, 2014 9:32 pm
Re: Exploiting Steam Lobbies and Matchmaking
Yeah, "havoc" is the perfect word to describe that situation 
What's more funny is that the code of the exploit is extremely simple, it simply uses the Steamworks API without malformed parameters, just the plain API.
What's more funny is that the code of the exploit is extremely simple, it simply uses the Steamworks API without malformed parameters, just the plain API.
-
aluigi
- Site Admin
- Posts: 12984
- Joined: Wed Jul 30, 2014 9:32 pm
Re: Exploiting Steam Lobbies and Matchmaking
An html version of the paper is available here:
https://revuln.blogspot.com/2018/12/exp ... s-and.html
https://revuln.blogspot.com/2018/12/exp ... s-and.html