BCDC++ Detector

Corayzon · 07 July, 2004, 05:52:42

hey all,

here is a little detector for the faking bcdc clients.
Note: that this is detected from the multiple sends of the myinfo string

tFloodCounters = {["myinfo"] = {}}

dMyInfoFloodKickTime = 60
sMyInfoFloodReason = "Dont MyINFO flood the hub!"

function Main()
	frmHub:EnableFullData(1)
	SetTimer(1000 * 1)
	StartTimer()
end

function DataArrival(tUser, sData)
	if strsub(sData, 1, 7) == "$MyINFO" and not tUser.bOperator then
		countMyInfoFlood(tUser, sData)
	end
end

function OnTimer()
	tFloodCounters.myinfo = {}
end

function countMyInfoFlood(tUser, sData)
	tFloodCounters.myinfo[tUser.sName] = tFloodCounters.myinfo[tUser.sName] or 0
	tFloodCounters.myinfo[tUser.sName] = tFloodCounters.myinfo[tUser.sName] + 1
	if tFloodCounters.myinfo[tUser.sName] >= 2 then
		if dMyInfoFloodKickTime == -1 then
			tUser:SendData("*** You were banned because bcdc clients are not allowed on this server!")
			tUser:Ban()
			tUser:Disconnect()
			SendToAll("*** " .. tUser.sName .. " was banned because bcdc clients are not allowed here!")
			return 1
		else
			tUser:SendData("*** You were banned because bcdc clients are not allowed on this server!")
			tUser:TimeBan(dMyInfoFloodKickTime)
			tUser:Disconnect()
			SendToAll("*** " .. tUser.sName .. " was kicked because bcdc clients are not allowed here!")
			return 1
		end
	end
end

noza

Sedulus · 07 July, 2004, 14:46:12

MyINFO is sent twice by regular DC++ as well..

client/NmdcHub.cpp NmdcHub::onLine(): cmd == "$Hello"

                       if(state == STATE_HELLO) {
                                state = STATE_CONNECTED;
                                updateCounts(false);

                                version();
                                getNickList();
                                myInfo();
                        }

client/NmdcHub.cpp NmdcHub::onLine(): cmd == "$OpList"

                       // Special...to avoid op's complaining that their count is not correctly
                        // updated when they log in (they'll be counted as registered first...)
                        myInfo();

Corayzon · 08 July, 2004, 01:35:40

nicly spotted Sedulus,

But when the second myinfo is sent because the users name was recieved in OpList:- It dont matter because it doesnt kick operators.

Operator not being kicked over double send with BCDC client

Corayzon - $Version 1,0091
Corayzon - $GetNickList
Corayzon - $MyINFO $ALL Corayzon <++ V:0.401,M:P,H:0/1/0,S:1>$ $Cable$$41629895$
Corayzon - $GetINFO -OM-Tribe- Corayzon
Corayzon - $GetINFO -Op-Chat- Corayzon
Corayzon - $GetINFO Corayzon Corayzon
Corayzon - $MyINFO $ALL Corayzon <++ V:0.401,M:P,H:0/0/1,S:1>$ $Cable$$41629895$

BCDC client being kicked because he is not an operator

 - $ValidateNick Matt 
Matt - $Version 1,0091 
Matt - $GetNickList 
Matt - $MyINFO $ALL Matt <++ V:0.401,M:P,H:1/1/1,S:2>$ $Cable$dfsgdsfgsd@dfhgsdgs$162348716$ 
Welcome to PtokaX 
Matt - $GetINFO -OM-Tribe- Matt 
Matt - $GetINFO -Op-Chat- Matt 
Matt - $GetINFO Corayzon Matt 
Matt - $GetINFO sdgsd Matt 
Matt - $GetINFO Matt Matt 
Matt - $MyINFO $ALL Matt <++ V:0.401,M:P,H:1/1/1,S:2>$ $Cable$dfsgdsfgsd@dfhgsdgs$162348716$ 
*** You were banned because bcdc clients are not allowed on this server! 
*** Disconnected

So you will find that it does do its proper job still =]

noza

Odin · 08 July, 2004, 03:08:33

The only "cheeting" option i know of in BCDC++ is the abillity to hide the upload speed limiter in this clients tag (emulate DC++)
One reason to use BCDC++ could be the speed limiter...but there are other possible reasons (support lua script...)
If this script really kick none other than BCDC++, could U build in a check:
If tag show speed limiter, accept, else kick...?

Corayzon · 08 July, 2004, 06:54:41

yo Odin,

hmm.. sounds like ur bc dont have tag faking =]

i use it for testing on mi scripts.

and um...

QuoteIf this script really kick none other than BCDC++, could U build in a check

what if the client hasnt got the bandwidth limiter enabled?

but yea i could do ;)

Corayzon · 08 July, 2004, 11:06:56

hey all,

a MyINFO string is built like so:-

$MyINFO $ALL  $ $$$$|

most common clients have tags which are at the end of the property and are build like so:-

< V:,M:,H://,S:>

when a dc client connects and asks for the nicklist, it also sends a myinfo string. in the myinfo string,
the tag hub count settings are implemented on asUser or asReg based on if a password was sent.

when a dc client gets the OpList back and finds its username in it, the client resends the myinfo
string with the asOp hubcount setting implemented.

example:
Corayzon -> $GetNickList|
Corayzon -> $MyINFO $ALL Corayzon <++ V:0.401,M:P,H:1/0/0,S:2>$ $Cable$$0$|
Corayzon <- $OpList Corayzon$$|
Corayzon <- $NickList Corayzon$$|
Corayzon -> $MyINFO $ALL Corayzon <++ V:0.401,M:P,H:0/0/1,S:2>$ $Cable$$0$|

noza

Sedulus · 08 July, 2004, 12:32:23

hrm.. crap
you are correct :)

BCDC++ lacks this statement in NmdcHub::myInfo()

       if(minf != lastMyInfo) {
                send(minf);
                lastMyInfo = minf;
        }

fixed in svn463
(for up-to-date bcdc++ binaries, see http://wza.digitalbrains.com/DC/BCDCpp/releases/ )

Corayzon · 09 July, 2004, 02:16:54

yo Sedulus,

"hrm.. crap
you are correct :) "

-> lolz

One other thing to think about is that dc++ will resend the same myinfo string when u go into settings, dont
edit anything and then click ok.

So in the end the best way to check is, ...

Have a timer that counts a minute and. Now when a user loggs in they send 2 of the same string strait
off. and every minute they send another one. neways...

set a timer for a min and 10 secs, start it when the user connects and sends a double myinfo. Now if
another one is sent within the next min and 10 secs. you can allmost be sure that they are using a
bcdc++ client

noza

HaArD · 09 July, 2004, 08:07:22

The redundant $MyINFO sent by DC++ when you went into the Settings should be fixed now:

-- 0.402 2004-06-27 --
* Fixed unnecessary $MyINFO being sent out

Corayzon · 09 July, 2004, 09:38:57

yo HaArD,

That makes life easy for the processor on that detector :D

i wish someone would fix up some stuff in ptokax for me that quick.

*** doing simple dc detector with new thoughts soon (will kick old dc clients on myinfo resend! :P)

noza

Corayzon · 09 July, 2004, 14:03:41

allrighty, ...

i been playing around abit with bcdc and dc to see the differences and ive just about found the little
message which tells me 'killme ... killme' (this is just an expression and doesnt mean i dont dislike bcdc!)

and to the point, the best way to pick up bcdc is to take the following notes, ...

- bcdc sends its myinfo string when $OpList is received with any username\\'s in it. (it wont respond to '$OpList |')

- bcdc sends its myinfo string EVERY 61 seconds

so one of the smartest ways is to send something like '$OpList |' to the entire hub
every 10-20 mins and every user that responds to that in say 10 seconds with a duplicate $MyINFO string
is surly using bcdc

from here you can even have a table 'tBcUsers' to store the shifty clients real indentity for something like a
user information dialog

well yea, thats just about it

PtokaX forum

News:

BCDC++ Detector

Corayzon

Sedulus

Corayzon

Odin

Corayzon

Corayzon

Sedulus

Corayzon

HaArD

Corayzon

Corayzon