Bug 2566 - GUID = 0 exploit
Status: RESOLVED WONTFIX
Alias: None
Product: Call of Duty 2
Classification: Unclassified
Component: Dedicated Server
Version: unspecified
Hardware: PC FreeBSD
: P2 normal
Assignee: Ryan C. Gordon
QA Contact:
URL:
Depends on:
Blocks:
 
Reported: 2006-01-03 10:36 EST by Steven Hartland
Modified: 2006-01-04 16:08:35 EST
1 user (show)

See Also:


Description Steven Hartland 2006-01-03 10:36:32 EST 
Seems players have now got a hack which enables them to join with a GUID of 0
e.g.
map: mp_matmata
num score ping guid   name            lastmsg address               qport rate
--- ----- ---- ------ --------------- ------- --------------------- ----- -----
 26     3   46 271127 |AAA|^7Sneeck^1[LCP]^7      0 80.60.161.187:28960    2046 25000
 27     0   93      0 Moon^7gamers.com ^4Rocks! 409^7    100 82.131.242.227:28960   4454 25000
 28     0   75 494017 HANKS^7                50 86.129.52.2:28960      2737 25000 

Which is a problem in itself but worse is the fact they cant be banned:
banclient 27
Can't ban user, GUID is 0

This is obviously a special case in there to protect players with GUID 0 which due to this hack should be there.

I'd suggest instantly banning or dropping the client on connection if they try to use a GUID of 0.
Comment 1 Niels Steffens 2006-01-04 16:04:14 EST 
Not sure if I can post this here (since this is not a discussion forum). If not, delete it.

A GUID 0 is not a hack. Could be a flaw, but it's not a hack.

It has to do with the cod2 masterserver handing out the guid's. The whole GUID system isn't working to well. On my own server, I've had about 7 different GUID's (also including 0) while I am not cheating and not doing anything on purpose to change the GUID. I'm having problems with it also because I'm using an admin program (B3) which uses the GUID's to identify people. 

The GUID problems will all disappear when Punkbuster gets included.

Banning a GUID 0 will ban all people who accidentilly get a GUID 0 because the cod2 master server isn't working right at that moment. To my opinion, not desirable.
Comment 2 Ryan C. Gordon 2006-01-04 16:08:35 EST 
Pretty much what I was about to say...no fix planned, but hopefully we'll be enabling Punkbuster soon.

--ryan.