Author Topic: Lat Trick Bot  (Read 46586 times)

Offline AHB

  • Grunt
  • ***
  • Posts: 50
    • View Profile
Re: Lat Trick Bot
« Reply #30 on: May 16, 2018, 10:53:55 AM »
I give up, if you guys want to waste your time "encrypting" IPs go ahead, just know it will take less time to defeat the "encryption" than it will to create it. You can't hide IPs AND also distribute them to each client for the program to use them to send UDP traffic to. So if its too big of a concern, then the project should be disbanded

But once again an IP address is not a security issue per se. If you have a remote code execution vulnerability exposed to the internet, you have already given your PC to anyone, there are bots scanning every minute for that, no need for your "secret" IP address to be exposed in an obscure game in order for that to become a problem for you.

DoS is a potential issue I suppose, and yes I remember being stuck in pball games for days, each player with 1/1HP footman, and people had small internet connections then, it was easy to boot them off lol. I dont think its that easy anymore

But like I said, if you want to collect the IP of every war2 player, just host GoW for 2 weeks and auto collect each person who joins. Or post something outrageous in the forum with a link that collects IP each time someone clicks it. The list goes on and on.

Its not a major security concern to give IPs of each player (however there is no need to include username with the IP, so that way you can prevent anyone from targeting others)
« Last Edit: May 16, 2018, 10:56:54 AM by AHB »

Offline AHB

  • Grunt
  • ***
  • Posts: 50
    • View Profile
Re: Lat Trick Bot
« Reply #31 on: May 16, 2018, 11:00:48 AM »
I'm pretty busy, like everyone else of course, but I hope I can get some time in the next few weeks to test my PoC. I have to setup 2 windows machines at different locations and get a consumer grade router for the host location with the more common NAT type. Then I can send UDP traffic using the Python snippet of code from one PC to the other and see if the port pops open

I really think we can make this work for most NATs!

It will be a huge accomplishment for us if we can (at least partially) solve a problem thats haunted the game for 20+ years
« Last Edit: May 16, 2018, 11:03:29 AM by AHB »

Offline AHB

  • Grunt
  • ***
  • Posts: 50
    • View Profile
Re: Lat Trick Bot
« Reply #32 on: May 16, 2018, 08:17:50 PM »
I found a tutorial for fixing PS4 on pfSense NAT, and after I did that now my games dont lag anymore  :thumbsup:

Now I can also start working on my PoC testing

Offline AHB

  • Grunt
  • ***
  • Posts: 50
    • View Profile
Re: Lat Trick Bot
« Reply #33 on: May 16, 2018, 08:53:41 PM »
@iL @tupac @Igognito

oh shit it works!!!!!

UDP hole punching for the win, check this out for proof (notice "your port is closed", but abcde joined my game):

https://ibb.co/hAiOrJ


Here is my simple PoC code in Python (will be updated as we work out next steps)

import socket
import time

# Target host is IP of player you want to be able to join your game
target_host = "1.1.1.1"
target_port = 6112

# create a socket object
client = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
client.bind(('0.0.0.0', 6112))

# send some data
while True:
   client.sendto("AAABBBCCC",(target_host, target_port))
   time.sleep(1)
   print "Sent some data"


Offline Delete mine too

  • Death Knight
  • *********
  • Posts: 2652
  • http://meatspin.com
    • View Profile
    • http://meatspin.com
Re: Lat Trick Bot
« Reply #34 on: May 16, 2018, 09:58:49 PM »
@iL @tupac @Igognito

oh shit it works!!!!!

UDP hole punching for the win, check this out for proof (notice "your port is closed", but abcde joined my game):

https://ibb.co/hAiOrJ


Here is my simple PoC code in Python (will be updated as we work out next steps)

import socket
import time

# Target host is IP of player you want to be able to join your game
target_host = "1.1.1.1"
target_port = 6112

# create a socket object
client = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
client.bind(('0.0.0.0', 6112))

# send some data
while True:
   client.sendto("AAABBBCCC",(target_host, target_port))
   time.sleep(1)
   print "Sent some data"


LOL archer just fucking owned hosting. GG no re!

Offline Delete mine too

  • Death Knight
  • *********
  • Posts: 2652
  • http://meatspin.com
    • View Profile
    • http://meatspin.com
Re: Lat Trick Bot
« Reply #35 on: May 16, 2018, 10:02:04 PM »
No point in encrypting the IP address... anyone can sniff it while hosting or joining a game.
Not for those who just idle in chat with no games playing.

BTW, if you join the game, can anybody get your ip not being joined to that game?
You can get the hosts Ip even if you didn't join the game. That's how I got blids IP LOL! One of the old bot I used allows you to see the IP of the host without joining I don't even have to sniff it.

Offline iL

  • Administrator
  • Ogre Mage
  • *****
  • Posts: 1653
    • View Profile
Re: Lat Trick Bot
« Reply #36 on: May 17, 2018, 06:51:35 AM »
oh shit it works!!!!!
Good job! Did you start that script after start the game or before it? I mean, if you start the game it uses that UDP socket, will your script be able to use the same socket on the same computer when it's being already used?

I'll try to start such tests when i have time for that, still too busy last evenings...


I really think we can make this work for most NATs!
Most likely we can. I'm just not sure about symmetric nat, maybe that will work for it also, not sure. But for others - should work fine.

You can get the hosts Ip even if you didn't join the game. That's how I got blids IP LOL! One of the old bot I used allows you to see the IP of the host without joining I don't even have to sniff it.
Sure, i see, you don't need to join the game to know IP of the host. And what about IPs of those who join? I should join the game to know their IPs or what?
That inter-player connections is another big and interesting part to understanding. Who is the host (or the main player), who becomes the main when host leaves the game, etc. Maybe we can change that default behavior? That's offtopic here, but also could be interesting questions for future research.
Need help to translate War2Combat to German, French, Italian, Polish or another language: http://forum.war2.ru/index.php/topic,4728.0.html
Please, contact me if you are interested in that.

Offline AHB

  • Grunt
  • ***
  • Posts: 50
    • View Profile
Re: Lat Trick Bot
« Reply #37 on: May 17, 2018, 08:38:45 AM »
@iL

Yes it works while the game is running, even though it "binds" to the same port. I was wondering the same things - how could two programs bind to one port? but works just fine. I would bet it wouldn't be able to receive data back on that port since it is in use by war2, but we don't need it to receive anyway, only send

I will put up a fake JSON page at war2.info with the info I would need from the server, and begin programming the next steps:

Here is how the program will work

1. Download list of player IPs and ports from HTTP/JSON at war2.ru
2. Request from STUN server to determine external IP, NAT Type
3. Use external IP from STUN request to determine which player I am in the HTTP/JSON list from step 1
4. Bind UDP source to my War2 port # which was discovered in step 3 (this could be 6112, 6113 or whatever, PvPGN will know and tell me)
5. Ping server.war2.ru, backup.war2.ru, server.war2.me, backup.war2.me to get IPs of all servers (will use this to send UDP traffic to them to so that players dont get "port closed" message)
6. Send HTTP/POST to war2.ru with my NAT type, this way we can record and track the percentage of players with "fixable" NAT versus percentage with symmetric NAT
7. If NAT type does not equal symmetric, tthen begin sending periodic UDP traffic to all players in a never ending (until program quits) loop.
8. Periodically will need to refresh the list of IPs in step #1 also

thats it
« Last Edit: May 17, 2018, 08:48:35 AM by AHB »

Offline iL

  • Administrator
  • Ogre Mage
  • *****
  • Posts: 1653
    • View Profile
Re: Lat Trick Bot
« Reply #38 on: May 17, 2018, 09:05:15 AM »
thats it
Looks reasonable.
I small moment: you can get you war2 port as Game Data Port registry parameter (is an integer value). So you don't need stun for that, only for collecting statistics for future.
Need help to translate War2Combat to German, French, Italian, Polish or another language: http://forum.war2.ru/index.php/topic,4728.0.html
Please, contact me if you are interested in that.

Offline Igognito

  • Axe Thrower
  • ****
  • Posts: 406
    • View Profile
Re: Lat Trick Bot
« Reply #39 on: May 17, 2018, 09:21:41 AM »
@AHB, Great Work!

Offline AHB

  • Grunt
  • ***
  • Posts: 50
    • View Profile
Re: Lat Trick Bot
« Reply #40 on: May 17, 2018, 12:17:07 PM »
Ok here is the whole entire thing:

Overview:
- Python client (to be compiled and started with War2Combat)
- PHP and MySQL to save NAT stats (nat_stats.php)
- JSON sample of player IP listing (player_ips.php)

Some Notes:
- nat_stats.php only saves one stat per IP address, and never updates it (unless the row is deleted, then it would update)
- All MySQL queries are sanitized using PDO to bind params
- The python client checks STUN and if it gets symmetric, it quits. Else it will download IPs from website and then send UDP to each of them from its game port which it gets from registry. After blasting every IP with a small UDP packet, it waits 10 seconds then repeats


@iL its up to you now!

Install Instructions:

1. Setup player_ips.php (see source below)
- You will have to populate it with real player IPs, preferably in the format that I gave so that we don't have to change the Python code
- Also, you should have it output all server IPs as well - server.war2.ru, backup that way the server will not send the "port closed" message

2. Create MySQL table for nat_stats.php (see source below)
- I gave you the SQL to run to create the table

3. Add nat_stats.php to war2.ru server (source below)
- You will need to update the username, password, and database name, everything else should be good

4. Update Python script and change the 2 links to war2.info, replace with war2.ru

5.Compile the Python to EXE:
- Download Python 2.7 https://www.python.org/downloads/
- Install pip (package manager) https://pip.pypa.io/en/stable/installing/
- Install libraries used:
- C:\Python27\Scripts\pip.exe install requests
- C:\Python27\Scripts\pip.exe install pystun
- C:\Python27\Scripts\pip.exe install json
- C:\Python27\Scripts\pip.exe install time
- C:\Python27\Scripts\pip.exe install _winreg
- C:\Python27\Scripts\pip.exe install socket
- (some of these might have already shipped with Python, I forget)
- C:\Python27\Scripts\pip.exe install pyinstaller
Compile to EXE:
- C:\Python27\python.exe udp_hole_punch.py
- EXE will be saved to dist/udp_hole_punch/udp_hole_punch.exe

6. Add new Python EXE to War2Combat and ship the update

7. Profit
- Hosting fixed :D
Python UDP hole punch client -- this can be compiled to EXE and started with War2Combat:

import _winreg
import stun
import requests
import socket
import time
import json

def get_war2_port():
    # Open the key and return the handle object
    hKey = _winreg.OpenKey(_winreg.HKEY_CURRENT_USER, "Software\Battle.net\Configuration")
    # Read the value
    try:
      result = _winreg.QueryValueEx(hKey, "Game Data Port")
    # If not found, set to default
    except Exception as e:
      print e
      result = [6112]
    # Return port
    return result[0]

war2_port = get_war2_port()
nat_type, external_ip, external_port = stun.get_ip_info("0.0.0.0", war2_port)
req = requests.get('https://war2.info/nat_stats.php?nat_type=' + str(nat_type))

if nat_type != "Sytmmetric NAT":
  while True:
    time.sleep(10)
    req = requests.get('https://war2.info/player_ips.php')
    json_obj = json.loads(req.content)
    player_ip_list = json_obj["player_ips"]
    print player_ip_list
    for player_ip in player_ip_list:
      # Target host is IP of player you want to be able to join your game
      target_host = player_ip

      # create a socket object
      client = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
      client.bind(('0.0.0.0', war2_port))

      # send some data
      client.sendto("For the Alliance", (target_host, war2_port))
      print "Sent data to " + str(player_ip) + " on port " + str(war2_port)




player_ips.php

<?php
// iL, you will have to populate this with actual player IPs for each page load
echo '{"player_ips": ["1.1.1.1", "2.2.2.2", "3.3.3.3"]}';
?>



Create nat_stats table for nat_stats.php, run this SQL:

CREATE TABLE nat_stats (
id INT(11) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
ip_address VARCHAR(30) NOT NULL,
nat_type VARCHAR(30) NOT NULL
)




nat_stats.php source:




<?php
$ip_address = $_SERVER['REMOTE_ADDR'];
$nat_type = $_GET["nat_type"];

$servername = "localhost";
$username = "user";
$password = "pass!";
$dbname = "db";

try {
    $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    $stmt = $conn->prepare("SELECT * FROM nat_stats WHERE ip_address = :ip_address");
    $stmt->bindParam(':ip_address', $ip_address);
    $stmt->execute();

    // set the resulting array to associative
    $result = $stmt->setFetchMode(PDO::FETCH_ASSOC);
    $row = $stmt->fetch();
    $previous_nat_type = $row["nat_type"];
}
catch(PDOException $e) {
    echo "Error: " . $e->getMessage();
}
$conn = null;

// If we have never seen this IP before, save it in the database
if (isset($previous_nat_type)) {
    echo "NAT Type already saved for this IP";
} else {
    $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
    $stmt = $conn->prepare("INSERT INTO nat_stats(ip_address, nat_type)
    VALUES(:ip_address, :nat_type)");
    $stmt->bindParam(':ip_address', $ip_address);
    $stmt->bindParam(':nat_type', $nat_type);
    $stmt->execute();
    $conn = null;
    echo "Saved NAT Type";
}

?>
« Last Edit: May 17, 2018, 01:53:41 PM by AHB »

Offline AHB

  • Grunt
  • ***
  • Posts: 50
    • View Profile
Re: Lat Trick Bot
« Reply #41 on: May 17, 2018, 02:53:53 PM »
Scaling up and Memory usage:

I tested memory consumption with doing this if there were 10,000 players online, and it was fine --

About 1MB memory usage (+12MB which is the Python interpreter, so 13MB), and 0-5% CPU.

Network traffic also is tiny since its just a little UDP packet with 3 words in it.

The only problem was I got an IOError which crashed it, due to printing that many times to the console, so we want to remove the "print" statements before shipping this which fixed the error

But from my testing I think this will work for our tiny server as well as larger pvpgn servers with thousands of players.
« Last Edit: May 17, 2018, 02:56:32 PM by AHB »

Offline Lambchops

  • Ogre Mage
  • ********
  • Posts: 1541
    • View Profile
Re: Lat Trick Bot
« Reply #42 on: May 18, 2018, 09:23:13 AM »
This all seems pretty complicated, I kind of scanned it.

If you want to do it with this kind of "mass spamming" approach you need 2 things.

1) Server side you need some simple server that will supply a list of currently connected ip addresses:game ports. Nothing else.

2) Client side for the hosting player only, you need some code that gets this list from the server, then sends out a packet or two to every ip address on the list using their game port.

That is all.
its gooder to hax hard and NEVER get caught!

Offline AHB

  • Grunt
  • ***
  • Posts: 50
    • View Profile
Re: Lat Trick Bot
« Reply #43 on: May 18, 2018, 09:31:57 AM »
@Lambchops

uhhh yeah thats exactly what it does actually lol! ... its not too complicated

3 parts:

1. Python client (runs on client machine who wants to host) - downloads list of IPs and sends UDP traffic to them

you dont need to know the port the other players have for their war2 client, all that matters is that you source the traffic from your own war2 port. This creates an entry in your router that will allow that other players IP to communicate back to you on your war2 port

2. player_ips.php - provides player IPs to Python client
3. nat_stats.php - this is for us to track what types of NAT people are behind because the Python client doesnt work for Symmetric NAT so we are curious to see how many people are actually behind an unfixable Symmetric NAT
« Last Edit: May 18, 2018, 09:38:44 AM by AHB »

Offline Lambchops

  • Ogre Mage
  • ********
  • Posts: 1541
    • View Profile
Re: Lat Trick Bot
« Reply #44 on: May 18, 2018, 12:19:50 PM »
@Lambchops

uhhh yeah thats exactly what it does actually lol! ... its not too complicated

3 parts:

1. Python client (runs on client machine who wants to host) - downloads list of IPs and sends UDP traffic to them

you dont need to know the port the other players have for their war2 client, all that matters is that you source the traffic from your own war2 port. This creates an entry in your router that will allow that other players IP to communicate back to you on your war2 port

2. player_ips.php - provides player IPs to Python client
3. nat_stats.php - this is for us to track what types of NAT people are behind because the Python client doesnt work for Symmetric NAT so we are curious to see how many people are actually behind an unfixable Symmetric NAT

Ok. Cool.

IDK how any language could not accomplish such a simple task.

I'm quite sure it could be done in python, its a very robust language, perhaps not with the library you want to use. Why not just do it with networking primatives?. This task does not require any fancy network programming at all... also I cant imagine why you would want to use python there are a lot of better options.

I presume you are talking about a complied executable? Personally I do not wish to install python on my machine to run scripts, and most certainly would NOT be running anything that allowed you to collect stats because you are curious behind my firewall. Sorry, but no thank you.
its gooder to hax hard and NEVER get caught!