New hack discovered, thought i'd give a heads up.

Ace of Spades
1

Basically me and Cow Norris were on the stormwind server:
This guy was talking about how he was hacking and I pointed it out to Cow and he said “He’s probably joking around”.
Oddly, the hacker asked me to start a votekick on him and I complied.
Next thing I know, as soon as I started my votekick he immediately canceled it.
With my suspicions still aware, I asked Cow if he was a trusted user. Cow said he wasn’t (His IP wasn’t trusted either)…

tl;dr Basically, someone has created an anti-votekick hack that allows them to cancel votekicks without be the votekicker or trusted. I imagine that it will go public soon.

2

Oh noes D: pretty useless though but still not good

3

It’s actually more dangerous than you think, especially to aloha in it’s current sate.
This hack can basically make guards/mods redundant.

4

They can still get someone to ban them.

5

Not possible.

Votekicks are handled server side.

6

saw it with my own eyes.

7

As I said, not possible. I could easily see it being an admin just trying to screw with you.

8

Nope. Cow Norris hosts the server, and the guy wasn’t trusted or an admin.

9

Mind showing logs of it?

10

<Nico 221> yes my hack is nice

(TO ADMINS) someone has admitted to hacking

<Nico 221> my hack is nice workiing

<Nico 221> votekick me pls

  • Nico 221 has a kill-death ratio of 3.75, headshot-death ratio of 3.35 (206 kills, 55 deaths, 184 headshot, 6 melee, 6 grenade).
  • KomradeFrosty started a votekick against player Nico 221. Reason: 221 he asked for it
  • Votekick for Nico 221 has ended. Cancelled
    <Nico 221> Ok hack works.

Do you have a trusted password Nico?
<Chuck Norris@Sw> nope.

11

I mean server logs. The logs in \feature_server\logs where it actually show’s if he typed the command. Also when did you last update pyspades.?

12

http://code.google.com/p/pyspades/source/browse/feature_server/scripts/votekick.py#85

He was either:

  1. You
  2. Logged in as admin
  3. Logged in as someone able to use /cancel
13

Are votekicks server sided? If so, there is some funny (or illegal if this is legit) business going on here.

14

Misinformed public is probably misinformed.

Votekicks aren’t able to be cancelled client-sided unless the person somehow has the access to the commands to cancel it.
Maybe his “hack” involved stealing someone’s admin/trusted password…which he then used to cancel the kicks.

15

So it wasn’t an aloha server? Mystery solved.

16

It was magic =O

17
  1. Nope
  2. Nope
  3. Nope

I don’t really understand the pyspades code though, could you break it down a bit for me?

hm… I never thought of it that way.

18

There is absolutely no way he could have possibly cancelled the votekick without being logged in PERIOD.

End of story.

19

As said before it must be serverside. but on the other hand surely hack clients must send something serverside for it to work.

20

Not to nit pick but to nit pick it would be possible IF the votekick script itself was broken and allowed any player to cancel a votekick. (It is possible just terribly unlikely.)