Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Nuke code can be bruteforced #8049

Open
ghost opened this issue Mar 21, 2023 · 11 comments
Open

Nuke code can be bruteforced #8049

ghost opened this issue Mar 21, 2023 · 11 comments

Comments

@ghost
Copy link

ghost commented Mar 21, 2023

If someone knows 4/6 of the nuke code they can guess the final two in less than a minute in some cases. Inputting should incur a slight sanity loss to negate this because guessing nuke codes is scary. If they know 2/6 it takes roughly 20-30 minutes to guess, only a few minutes if the first two digits are low. Guessing the entire code would probably be impossible.

@ghost
Copy link
Author

ghost commented Mar 21, 2023

Someone nuked by guessing the code

@assortedbeads
Copy link
Contributor

If they've gotten 4/6 codes I reckon they've already put considerable effort into blowing up the ship, so if they brute force it let them

@thevandie
Copy link
Contributor

Let em brute force it lol

@ghost
Copy link
Author

ghost commented Mar 22, 2023

A topic limit should be introduced regardless, if not specifically a way of stopping people from brute forcing the nuke code. Lots of ways to lag/crash the server by spamming topics.

@MLGTASTICa
Copy link
Contributor

Bullshit , we have topic limited.

@ghost
Copy link
Author

ghost commented Mar 24, 2023

Bullshit , we have topic limited.

You do not.

@MLGTASTICa
Copy link
Contributor

Bullshit , we have topic limited.

You do not.

Prove it

@ghost
Copy link
Author

ghost commented Mar 24, 2023

Bullshit , we have topic limited.

You do not.

Prove it

`/client/Topic(href, href_list, hsrc)
if(!usr || usr != mob) //stops us calling Topic for somebody else's client. Also helps prevent usr=null
return

//search the href for script injection
if( findtext(href,"<script",1,0) )
	log_world("Attempted use of scripts within a topic call, by [src]")
	message_admins("Attempted use of scripts within a topic call, by [src]")
	//del(usr)
	return

// asset_cache
var/asset_cache_job
if(href_list["asset_cache_confirm_arrival"])
	asset_cache_job = asset_cache_confirm_arrival(href_list["asset_cache_confirm_arrival"])
	if (!asset_cache_job)
		return

// Tgui Topic middleware
if(tgui_Topic(href_list))
	return
// if(href_list["reload_tguipanel"])
// 	nuke_chat()
// if(href_list["reload_statbrowser"])
// 	src << browse(file('html/statbrowser.html'), "window=statbrowser")
// Log all hrefs
if(config && config.log_hrefs && href_logfile)
	DIRECT_OUTPUT(href_logfile, "<small>[time2text(world.timeofday,"hh:mm")]</small>[src] (usr:[usr]\[[COORD(usr)]\]) : [hsrc ? "[hsrc] " : ""][href]")

//byond bug ID:2256651
if (asset_cache_job && (asset_cache_job in completed_asset_jobs))
	to_chat(src, span_danger("An error has been detected in how your client is receiving resources. Attempting to correct.... (If you keep seeing these messages you might want to close byond and reconnect)"))
	src << browse("...", "window=asset_cache_browser")
	return
if (href_list["asset_cache_preload_data"])
	asset_cache_preload_data(href_list["asset_cache_preload_data"])
	return

//Admin PM
if(href_list["priv_msg"])
	var/client/C = locate(href_list["priv_msg"])
	if(ismob(C)) 		//Old stuff can feed-in mobs instead of clients
		var/mob/M = C
		C = M.client
	// its a fucking ckey
	if(istext(C))
		C = directory[C]

	cmd_admin_pm(C,null)
	return

if(href_list["irc_msg"])
	if(!holder && received_irc_pm < world.time - 6000) //Worse they can do is spam IRC for 10 minutes
		to_chat(usr, SPAN_WARNING("You are no longer able to use this, it's been more then 10 minutes since an admin on IRC has responded to you"))
		return
	if(mute_irc)
		to_chat(usr, "<span class='warning'You cannot use this as your client has been muted from sending messages to the admins on IRC</span>")
		return
	cmd_admin_irc_pm(href_list["irc_msg"])
	return

switch(href_list["_src_"])
	if("holder")
		hsrc = holder
	if("usr")
		hsrc = mob
	if("prefs")
		return prefs.process_link(usr,href_list)
	if("vars")
		return view_var_Topic(href,href_list,hsrc)
	if("chat")
		return chatOutput.Topic(href, href_list)

switch(href_list["action"])
	if("openLink")
		src << link(href_list["link"])
if (hsrc)
	var/datum/real_src = hsrc
	if(QDELETED(real_src))
		return

//fun fact: Topic() acts like a verb and is executed at the end of the tick like other verbs. So we have to queue it if the server is
//overloaded
if(hsrc && hsrc != holder && DEFAULT_TRY_QUEUE_VERB(VERB_CALLBACK(src, PROC_REF(_Topic), hsrc, href, href_list)))
	return
..() //redirect to hsrc.Topic()

`
I also wrote a very shitty python program recently to try and bruteforce the nuke code, never hit any form of topic limit like you would on TG(~50 topic calls per minute)

@Iglpigl
Copy link
Contributor

Iglpigl commented Mar 24, 2023

My dude average eris players aren't writing python programs to brute force the nuke.

@ghost
Copy link
Author

ghost commented Mar 24, 2023

My dude average eris players aren't writing python programs to brute force the nuke.

That's like saying the average tarkov player doesn't cheat so you don't need to fix vulnerabilities. (There has even been multiple paid hack clients.)There are hundreds of videos on YouTube of people griefing SS13 servers. ~100 topic calls per minute would allow players to brute force the code within reason while stopping outright cheating from taking place.

@MLGTASTICa
Copy link
Contributor

MLGTASTICa commented Mar 24, 2023

its a shame that if they dont know any number of the code , it'd take them optimistically 5000 minutes(considering they're only doing 50 topic calls per minute) to guess the code , considering theres 500k possibilities and testing all of them would take 11000 minutes
I also like to see actions , not words , so post a video of it and i might as well look into fixing it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants