Half-life "born to be pig" exploit

maraakate · Post by **maraakate** » Sat May 09, 2015 7:20 pm

Hello, I know this is an older exploit but I am curious as to what caused it. Was the name being sent over a specific internal string in the game, some sort of buffer overflow with the name being longer, etc?

aluigi · Post by **aluigi** » Sat May 09, 2015 7:37 pm

http://aluigi.org/adv/csdos.txt

maraakate · Post by **maraakate** » Sun May 10, 2015 1:25 am

Ah yes, I've come across similar issues getting stuck in Info_ValueForKey loops in Daikatana. Thanks! One interesting one in particular (and may exist in Quake 2) is if the key is longer than 64 chars (the MAX_INFO_KEY value) then it is truncated and you can set null names, model names, etc. Depending on later checks in the userinfo changed code it can crash servers.

aluigi · Post by **aluigi** » Sun May 10, 2015 4:04 pm

Eh, the good old times

maraakate · Post by **maraakate** » Sun May 10, 2015 7:04 pm

In the Daikatana 1.3 project I've been working on with a few other people your tools have been great at finding potential flaws like this.

ZenHAX

Half-life "born to be pig" exploit

Half-life "born to be pig" exploit

Re: Half-life "born to be pig" exploit

Re: Half-life "born to be pig" exploit

Re: Half-life "born to be pig" exploit

Re: Half-life "born to be pig" exploit