Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A2S_INFO Will be changed by Valve soon #331

Open
BrutalCSkakan opened this issue Nov 17, 2020 · 16 comments
Open

A2S_INFO Will be changed by Valve soon #331

BrutalCSkakan opened this issue Nov 17, 2020 · 16 comments
Labels
Compatibility protocol changed

Comments

@BrutalCSkakan
Copy link

https://steamcommunity.com/discussions/forum/14/2989789048633291344/

Could you get this change ready?
We are depending on this lib (the Java version), so we hope that you or someone else with the knowledge could do the appropriate changes for this.
@koraktor
Copy link
Owner

Thanks for the heads-up.

Development has been pretty dormant in the recent years, but this some kind of change I‘ll really try to implement in a timely fashion.

@koraktor
Copy link
Owner

I‘m planning to bring this to both the “current” development version and the 1.3.x branches.

koraktor added a commit to koraktor/steam-condenser-java that referenced this issue Nov 19, 2020
@koraktor
Introduce server query padding
275bab4 
For compatibility with security patches to future game servers versions
this adds a 1200 byte padding to all requests packets as defined in the
following HLDS mailing list post:

https://www.mail-archive.com/[email protected]/msg01194.html

See koraktor/steam-condenser#331
koraktor added a commit to koraktor/steam-condenser-java that referenced this issue Nov 19, 2020
@koraktor
Introduce server query padding
e03cdf6 
For compatibility with security patches to future game servers versions
this adds a 1200 byte padding to all requests packets as defined in the
following HLDS mailing list post:

https://www.mail-archive.com/[email protected]/msg01194.html

See koraktor/steam-condenser#331
@koraktor
Copy link
Owner

@BrutalCSkakan I already added patches to the Java repository. Please feel free to test.

koraktor added a commit to koraktor/steam-condenser-ruby that referenced this issue Nov 21, 2020
@koraktor
Introduce server query padding
dacf220 
For compatibility with security patches to future game servers versions
this adds a 1200 byte padding to all requests packets as defined in the
following HLDS mailing list post:

https://www.mail-archive.com/[email protected]/msg01194.html

See koraktor/steam-condenser#331
koraktor added a commit to koraktor/steam-condenser-ruby that referenced this issue Nov 21, 2020
@koraktor
Introduce server query padding
ec4dfcc 
For compatibility with security patches to future game servers versions
this adds a 1200 byte padding to all requests packets as defined in the
following HLDS mailing list post:

https://www.mail-archive.com/[email protected]/msg01194.html

See koraktor/steam-condenser#331
koraktor added a commit to koraktor/steam-condenser-php that referenced this issue Nov 22, 2020
@koraktor
Introduce server query padding
acc2382 
For compatibility with security patches to future game servers versions
this adds a 1200 byte padding to all requests packets as defined in the
following HLDS mailing list post:

https://www.mail-archive.com/[email protected]/msg01194.html

See koraktor/steam-condenser#331
koraktor added a commit to koraktor/steam-condenser-php that referenced this issue Nov 22, 2020
@koraktor
Introduce server query padding
9e26560 
For compatibility with security patches to future game servers versions
this adds a 1200 byte padding to all requests packets as defined in the
following HLDS mailing list post:

https://www.mail-archive.com/[email protected]/msg01194.html

See koraktor/steam-condenser#331
@BrutalCSkakan
Copy link
Author

Hello! I will test the Java version as soon as I can.
Just for info, they just released a public beta for this:

A steam client beta has been released:

https://steamcommunity.com/groups/SteamClientBeta/announcements/detail/2896341257765264787

It understands how to respond if the server issues a challenge in response to an A2S_INFO request. Importantly because of the existing filtering environment servers run in, the client will behave EXACTLY as it did before, until the server replies in the new method. (https://twitter.com/ZPostFacto/status/1334700095221104640)

The protocol is now as follows:

· Client will send the exact A2S_INFO packet that it has always sent, no more, no less.

· A new server will reply with a challenge, using the same S2C_CHALLENGE packet that’s used for the A2S_PLAYERS and A2S_RULES packets. (Indeed, if a client is quick enough, it can use the same challenge for multiple requests.)

· Now, a client will send a A2S_INFO with the challenge appended. Also: DO NOT ASSUME THAT ANY EXTRA BYTES AFTER THE CHALLENGE ARE INVALID. This is reserved for future expansion to the protocol! There are some more protocol changes in development right now designed to have the client obtain more information from the master server, thus reducing the amount of information that must come from the server. Those improvements won’t be possible if assumptions are made about packet sizes!

I’ll post again when there are server binaries available that can opt into the new behavior, fixing the reflection attack vulnerability. You will not want to opt in until all clients you care about are speaking the new protocol. For steam clients, that will probably at least a couple of weeks.

@SniperNoob95
Copy link

SniperNoob95 commented Sep 18, 2021
edited
Loading

Hey, just wondering if you were able to add this to the java code and release it? The change from Valve went out yesterday and as expected this is breaking functionality. Would be hugely appreciated if you would be able to release a new version with the fix. :)

@SniperNoob95
Copy link

If you're not ready to release these changes on maven, could you explain how I could go about compiling/using the beta code in a project that currently utilizes the released maven version? @koraktor @BrutalCSkakan

@BrutalCSkakan
Copy link
Author

Hello!
This is now live on Steam servers, are you able to release the new version? Currently, the current version is totally broken anyway.

@koraktor
Copy link
Owner

Did you test the Java patch mentioned earlier?

@BrutalCSkakan
Copy link
Author

It looks like I get data, and my system is working as before.

@BrutalCSkakan
Copy link
Author

I take it back, it looked like it would work.. But it doesn't.

I get alot of these:
image

and these:
image

@BrutalCSkakan
Copy link
Author

And I take it back once again, I wasn't aware that the change was on a seperate branch. I am not receiving any errors now.

This could probably be pushed to master.

koraktor added a commit to koraktor/steam-condenser-java that referenced this issue Dec 12, 2021
@koraktor
Introduce server query padding
60fe96f 
For compatibility with security patches to future game servers versions
this adds a 1200 byte padding to all requests packets as defined in the
following HLDS mailing list post:

https://www.mail-archive.com/[email protected]/msg01194.html

See koraktor/steam-condenser#331
@SniperNoob95
Copy link

Has this been pushed to master yet?

@koraktor
Copy link
Owner

koraktor commented Jan 6, 2022

For Java, didn’t had time to test the other implementations.

The code is available in the query-padding branches.

@SniperNoob95
Copy link

Seems like @BrutalCSkakan tested it successfully and the current version is broken anyway. Probably safe to just push it?

@SniperNoob95
Copy link

Seems like @BrutalCSkakan tested it successfully and the current version is broken anyway. Probably safe to just push it?

Anyone able to do this?

@fpaezf
Copy link

fpaezf commented Dec 11, 2023

Hello! I will test the Java version as soon as I can. Just for info, they just released a public beta for this:

A steam client beta has been released:

https://steamcommunity.com/groups/SteamClientBeta/announcements/detail/2896341257765264787

It understands how to respond if the server issues a challenge in response to an A2S_INFO request. Importantly because of the existing filtering environment servers run in, the client will behave EXACTLY as it did before, until the server replies in the new method. (https://twitter.com/ZPostFacto/status/1334700095221104640)

The protocol is now as follows:

· Client will send the exact A2S_INFO packet that it has always sent, no more, no less.

· A new server will reply with a challenge, using the same S2C_CHALLENGE packet that’s used for the A2S_PLAYERS and A2S_RULES packets. (Indeed, if a client is quick enough, it can use the same challenge for multiple requests.)

· Now, a client will send a A2S_INFO with the challenge appended. Also: DO NOT ASSUME THAT ANY EXTRA BYTES AFTER THE CHALLENGE ARE INVALID. This is reserved for future expansion to the protocol! There are some more protocol changes in development right now designed to have the client obtain more information from the master server, thus reducing the amount of information that must come from the server. Those improvements won’t be possible if assumptions are made about packet sizes!

I’ll post again when there are server binaries available that can opt into the new behavior, fixing the reflection attack vulnerability. You will not want to opt in until all clients you care about are speaking the new protocol. For steam clients, that will probably at least a couple of weeks.

Not works on cs2, i only receive hostname

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Compatibility protocol changed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@koraktor @BrutalCSkakan @fpaezf @SniperNoob95