-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Move teeworlds control packets to own files
- Loading branch information
1 parent
60d2adf
commit 6540aab
Showing
3 changed files
with
65 additions
and
63 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
on_ctrl_msg_token: | ||
mov rax, [udp_recv_buf + 8] | ||
mov [peer_token], rax | ||
|
||
print s_got_peer_token | ||
mov rax, peer_token | ||
mov rdi, 4 | ||
call print_hexdump | ||
call print_newline | ||
|
||
call send_ctrl_msg_connect | ||
|
||
jmp on_ctrl_message_end | ||
|
||
on_ctrl_message: | ||
push_registers ; popped in on_ctrl_message_end | ||
|
||
print s_got_ctrl_msg | ||
|
||
xor rax, rax | ||
mov al, [udp_recv_buf + PACKET_HEADER_LEN] | ||
call print_uint32 | ||
|
||
cmp al, MSG_CTRL_TOKEN | ||
jz on_ctrl_msg_token | ||
|
||
print s_unknown_ctrl_msg | ||
call print_uint32 | ||
|
||
on_ctrl_message_end: | ||
pop_registers ; pushed in on_ctrl_message | ||
ret | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
send_ctrl_msg_connect: | ||
push rax | ||
|
||
packer_reset | ||
pack_byte MSG_CTRL_CONNECT | ||
pack_raw token, 4 | ||
|
||
; hack to send a bunch of bytes to pass the | ||
; anti reflection attack check | ||
; those bytes are not set here so their last used values will be sent | ||
; this should for the first connection be all zeros | ||
; which is exactly what we want | ||
; | ||
; for later connections it might leak contents of packets we sent before that | ||
; the server does not need null bytes it just cares about the size | ||
; but we as a client might leak information sent to one server to another | ||
; | ||
; imagine the following scenario | ||
; we send a rcon auth on server a filling the udp_send_buf with our rcon password | ||
; and then we connect to another server | ||
; where we send 512 bytes of the udp_send_buf which still holds the rcon password | ||
mov dword [udp_payload_index], 512 | ||
|
||
packer_print_size | ||
|
||
call send_packet | ||
|
||
pop rax | ||
ret | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters