[Force]

Liberty Unleashed 0.1 Update

Updates to Liberty Unleashed 0.1 have been released, they will be automatically applied the next time you restart your server browser, the following changes include:

• Fixed the server checking for updates every 84000 milliseconds (Changed to 12 hours)
• Reset health and weapons on reconnect
• Fixed a crash related to vehicle alpha channels
• Fixed a buffer overflow
• Fixed the spawnscreen spamming spawned packets on reconnect
• Made the crashed packet send as soon as the exception handler displays
• Cleaned up a lot of memory on disconnect (helps fix reconnect bugs)
• Fixed sirens and locked states of vehicles being incorrectly set on initial connect and reconnect
• Fixed dying if /reconnecting while in a vehicle
• Fixed a crash in the client when removing radar markers
• Fixed a crash when starting/stopping bad timers
• Fixed a crash relating to not enough memory for audio objects
• Fixed editboxes stealing focus from other GUI objects
• Fixed the password being displayed in editboxes when clicking off and back on to editboxes
• Fixed a crash with the BF injection when repairing a vehicle out of streaming range of other players then other players trying to enter it
• Fixed some bugs with handling data
• Changed the invalid nick character to ?
• Fixed being able to load client scripts when you shouldn't be (now shouts about checksum mismatch)
• Fixed BF Injection crash (again)

The update requires the new client (which the browser should download) and a new server for any server hosters.

[GuenosNoLife]

Yeah, great Update!

[ZX_Lost_Soul]

Glad to see that LU alive and updtying

But images/sounds don't downloading after update. And there is a crash when you join the server at first time.

Can you fix a little bug, please? Cyrillic lowercase letter (letter code: -1) don't works in the game chat and messages, it moves cursor left instead of typing letter. That is upsets Russian players very much(

p.s. And can you tell me, please, how to bind "chat open" on the Enter key instead of T? I can't find it in the Wiki...

[Mido_Pop]

What About Fixing Remove Objects When I Type /Reconnect ? 

[sasha19323]

Look at "Mess about server". Guess who?

[ZX_Lost_Soul]

Don't you think to add a secure key to all your server functions?

Code: [Select]

function blablabla(nam, val, key) {
if(key!="a54u34bj3") return;
...
}
And call like this:

Code: [Select]

blablabla("winner", 5, "a54u34bj3");
It will protect from custom client scripts hacks. Also you can use a classes. If you don't do it - it will be unsafe and hackable anyway

[sasha19323]

Don't you think to add a secure key to all your server functions?

Code: [Select]

function blablabla(nam, val, key) {
if(key!="a54u34bj3") return;
...
}
And call like this:

Code: [Select]

blablabla("winner", 5, "a54u34bj3");
It will protect from custom client scripts hacks. Also you can use a classes. If you don't do it - it will be unsafe and hackable anyway

Nice idea, but you can't add something like that to function "Message". Even if you can and you call some function via client script I can see your key and use.

I thought about the security and all ways to secure the server and I realize that all this ways can't secure the server except one - randomize Lu.DLL memory addresses.

[ZX_Lost_Soul]

Nice idea, but you can't add something like that to function "Message". Even if you can and you call some function via client script I can see it.

PM

*Using 0.1.0.12 an waiting for 0.1.0.14 onjoin crash fix*

[Nihau]

Nice idea, but you can't add something like that to function "Message". Even if you can and you call some function via client script I can see your key and use.

Are we talking about compiled scripts?  If so, what about this code

Code: [Select]

alphabet letters:
a <- ["a","b","c","d"];
A <- ["A","B","C","D"]; //in case if you need large words
local name_encrypted = a[0] +[1] +[2] +[3]; // SIMPLE EXAMPLE
local path_encrypted=  a[blah] + a[blah] + a[blah]+ a[blah]+ a[blah]+ a[blah];

CallServerFunc(path_encrypted ,name_encrypted , Localplayer, int params );

I've used that in 2011 year, when i started development of my server ( current state - *finished* ).

Anything can be encrypted , anywhere.

[sasha19323]

Nice idea, but you can't add something like that to function "Message". Even if you can and you call some function via client script I can see your key and use.

Are we talking about compiled scripts?  If so, what about this code

Code: [Select]

alphabet letters:
a <- ["a","b","c","d"];
A <- ["A","B","C","D"]; //in case if you need large words
local name_encrypted = a[0] +[1] +[2] +[3]; // SIMPLE EXAMPLE
local path_encrypted=  a[blah] + a[blah] + a[blah]+ a[blah]+ a[blah]+ a[blah];

CallServerFunc(path_encrypted ,name_encrypted , Localplayer, int params );

I've used that in 2011 year, when i started development of my server ( current state - *finished* ).

Anything can be encrypted , anywhere.

And var's name can be encrypted, really? Turn on the server with some special key addicted function  which will message random string and i'll try to call it.

[Nihau]

And var's name can be encrypted, really? Turn on the server with some special key addicted function  which will message random string and i'll try to call it.

As far as i remember:

Variables names (both global and local).
Custom function names
LU functions names

This can't be encrypted.

But if you can retrieve data from  variables, then this is big security hole for Liberty Unleashed.

[Nihau]

TO LU DEV TEAM:

I suggest
1. For client script part - save it each time you connect to the server to the RAM ( Read only memory).
2. Create RAM protection.

Ask your colleagues from MTA how they done protection against various tools that can work with memory.

[sasha19323]

Another way to make this flaw not so powerful is disable calling LU functions via client, just custom functions to call.

[sasha19323]

Ask your colleagues from MTA how they done protection against various tools that can work with memory.

As I remember VCMP 0.4 have same protection.

[Nihau]

Ask your colleagues from MTA how they done protection against various tools that can work with memory.

As I remember VCMP 0.4 have same protection.

Yes, but very primitive. Current protection in MTA  maybe  one of the best, but i can't say for sure.

PS, After such discussions i feel hungry for new knowledge, i want  learn n code on C , C++