Zugg Software :: View topic

Posted: Sun Jun 15, 2008 1:56 am

So, I was playing around on my MUD, and decided to do a line break on my clan channel to emulate that I had donated. Of course, this only works for people who have CMUD/zMUD, but thought it'd be fun, anyway.

The command?

ct Hmmm.&#269~;@GCLAN ANNOUNCEMENT: @YCharneus @Ghas donated @Y1,234 @Gquest points to the clan.

That should have returned:

You tell the clan: 'Hmm.
CLAN ANNOUNCEMENT: Charneus has donated 1,234 quest points to the clan. (all with appropriate colors).

However, it locked CMUD up so badly I had to end task on it. If I just do

ct Hmm. &#269~; @GBlah blah blah

It works without locking up. Any suggestions? :P

Charneus

Beginner Joined: 13 May 2008 Posts: 25

I am having a similar issue with variables that are invisible (not just hidden.) I think something must have gotten corrupt. Whenever I tried to write to the variables it would lock up completely. I had to recreate the "invisible" variables, get an error message, and then delete the newly created variable. Doing that flushed out the corrupt variable I couldn't see. Maybe your problem is similar since you have multiple variables in that clantalk message.

Posted: Sun Jun 15, 2008 3:56 am

Those aren't variables, actually. That's the way our colorcode is on Aardwolf. For instance, typing:

echo @RThis @Bis @Ga @Mtest.

It'd return:

This is a test.

I'm wondering, though, if CMUD is trying to view them as variables, though - I could try changing the @ special character to see if that solves it. It kind of sucks, though - if it works, that means I have to change all 300 triggers that use @ multiple times within my scripts...

Charneus

Posted: Sun Jun 15, 2008 12:59 pm

Actually, it wouldn't as long as the triggers and such aren't in the window you're changing the special character for (move the ones you can into a module). Each window and module has its own preferences, so the window could have a different variable character, and the module could have the default one.

Anyway, as long as you have your colour syntax entered in the preferences, it shouldn't be causing CMUD any problems. If it is, it's probably a bug.

Posted: Sun Jun 15, 2008 2:23 pm

I can confirm this bug, it is easy to replicate when you try to use that character code, if you turn parsing off and use & #269; instead of escaping the 269~; then it will work. Pretty sure this should be replicable using Charneus' above post if it's anything like the times I do it :P

Edit: PS Your forum converted my character codes :(

Posted: Sun Jun 15, 2008 6:22 pm

I put Charneus' string into an alias appended to a #SHOW command. While it did not bomb CMUD, it seems to confirm the suspicion that the script parser is interpreting the @'s as variable indicators. Using a blank session, I got this:

ct Hmmm.
ANNOUNCEMENT: donated ,234 points to the clan.

Notice how the output shows that the "variables" have been expanded.

EDIT: To prove the point, I put this into an alias:

Posted: Mon Jun 16, 2008 5:06 pm

Posted: Mon Jun 16, 2008 5:11 pm

Echo isn't an alias. Echo (mudside) sends the text directly to your screen (much like using #SAY, only this is a MUD command).

I can type echo @RThis @Bis @Ga @Mtest and have it show up on Aardwolf with no problem. It's when I do what I had originally posted that causes the problem.

Charneus

As a side note, while it does return the colors, it doesn't return the spaces, which is annoying in itself. If I want the spaces, I do have to escape the @ signs, which seems inconsistent to me. Either it should return the colors with spaces, or it shouldn't return anything at all. Putting it in quotes displays the colors with spaces, but also puts quotes around it.

Posted: Mon Jun 16, 2008 5:29 pm

OK, I think the problem is with your #269 control code. What is that supposed to do anyway? I use Aardwolf too and haven't run into any problems with coloring text, but I was nervous about putting in that control code and sending it to my clan-talk channel, so I'll need to know more about what you are trying to do here.

I confirmed the bug with the spaces and will add that to the bug list.

But as always, remember that instead of escaping every special character, you can also send a line verbatim to the MUD by starting the line with the ` line-escape character, or by enclosing the *entire* command in quotes, or by pressing Ctrl-R to toggle command line parsing off and on.

Posted: Mon Jun 16, 2008 5:58 pm

The #269 control code emulates a line break, turning

ct Hmmm.&#269~;blah blah blah

into

You tell the Clan: Hmmm.
blah blah blah

Usually, I do escape the whole line - just didn't think about it in this case. :P

Charneus

Posted: Mon Jun 16, 2008 6:59 pm

Hmm, that's kind of mean. I'm surprised the MUD passes that character since it would allow you to "trick" other players clients to thinking the text came from the server instead of a player.

Posted: Mon Jun 16, 2008 7:43 pm

I don't think it's the MUD passing the control code, but rather the client interpreting it as a control code. If someone is using a different client, then that someone will see &#269~; instead of a line break. *shrug* It makes for amusing conversations sometimes.

Charneus

Posted: Mon Jun 16, 2008 9:11 pm

Hmm, very tricky. That's a wrap-around bug in the CMUD MXP entity handling routine. Where did you learn about this trick? I'll fix this in the next version because that's a very nasty hacker trick to mess up zMUD/CMUD users. Not much I can do about zMUD, but at least I can fix CMUD so that it doesn't respond to that.

The wrap around is that 269-256=13 so it is wrapping around the byte size and returning char(13), which is a CR character.

Adept Joined: 27 May 2008 Posts: 299

I think alot of people know about it... I did!

Enchanter Joined: 11 Feb 2003 Posts: 511 Location: USA

Yeah, but why use it? Humor? It can end up only being funny to the person who does it.

Adept Joined: 27 May 2008 Posts: 299

Depends on your audience and content of it. I've only used on private channels for humorous purposes.

Posted: Mon Jun 16, 2008 10:08 pm

Not sure how it could mess up zMUD/CMUD users, to be honest. There's not much you can with control codes except display them. I don't think you'd be able to, say, get someone to send you their password by sending control codes. And you're not going to be able to get a lot of people to delete their characters or whatnot by sending control codes, either.

I learned about that particular control code from another MUDder who showed it to me once. After that, I ran a loop to see what the other control codes were. I found it didn't start until 33. Meaning, Ascii control codes 1-32 are "lost," so to speak. I think that's the reason for the "wrap-around" in the entity handling routine. After it hits 288, it goes back to whatever 33 is. *shrug* Hate to see it go, and really don't see a reason for it to go, but if it's a bug you want fixed, I won't hold anything against you. :P

Charneus

Posted: Mon Jun 16, 2008 10:27 pm

The "problem" is that this enabled you to simulate a line that looks like it is from the MUD itself. In order to only trigger on MUD commands, many people put a ^ at the beginning of their trigger pattern to ensure that it is the first text on the line. Since all "chat" from the MUD usually has other text in front of it (like "Zugg tells you...") then you can usually be sure that you are triggering on MUD text.

So if you know what triggers the other player might have, you can "trick" their client into running the trigger. There is no valid reason to even do this unless you are just trying to cause someone trouble.

Sure, it probably won't get you someone's password or delete their character. But if they have some triggers that switch them into combat mode, or something like that, then you could trigger this and mess them up in the middle of a battle. For example, you could spoof the "The monster is dead" message, which might take them out of combat mode in their scripts.

Especially on MUDs where there are popular scripting packages, like Larkin's package. If you know that a bunch of people are using that CMUD package, then you might easily be able to find a way to exploit it.

Another example is that normally CMUD doesn't allow MSP sound downloading for "inline" MSP...the MSP command must start and end on it's own line to be considered "sent from the MUD" and cause a sound download. With your "trick", you could cause an MSP command to appear on it's own line, possibly triggering a download of a large file from some site. Again, it's not going to delete their character, but it would be highly annoying and could cause someone to die in combat, especially if being pkilled.

With MXP entities, CMUD was stripping anything less than char(32), but then it was just calling the Delphi chr(x) routine on the result, which could wrap around and still return a control code. Note that using this method you could also cause someone using CMUD to process an ESC code, like a VT100 code, which could also completely mess up their screen (like using VT100 scrolling regions).

Keep in mind that anyone who gets any "ideas" from this and decides to try it on a MUD can easily get themselves banned for life if someone complains to the MUD admins about it. This kind of thing is called an "exploit" and has no purpose other than causing trouble. Hopefully you understand more why this is a bad thing now.

To bad I don't have any way to recompile zMUD 7.21 anymore on Vista or else I would fix this in zMUD too. In fact, now that I know about this possible exploit, I'd never use zMUD instead of CMUD anymore.

Posted: Mon Jun 16, 2008 10:50 pm

Posted: Mon Jun 16, 2008 10:56 pm

*cry* I knew I shoulda kept this quieter when i found it :( There are a few others I'll let you know about when i re-discover them zugg, much nastier than just a new line. Beeping, clearing the buffer, etc

Posted: Mon Jun 16, 2008 11:07 pm

Most of them are covered under the wrap-around. It doesn't clear the buffer, by the way... just acts as a new page command. :P That is #268.

Charneus

Posted: Mon Jun 16, 2008 11:40 pm

Yep, none of the control characters will work in 2.28, including beep and the page command. All of those were the same wrap-around bug. Thanks for letting me know about this.

Everyone should also know that it's pretty easy for MUD admins to detect players who do this, so only do it at your own risk. I'd hate to see someone get banned for playing with stuff like this.

Posted: Tue Jun 17, 2008 12:03 am

Adept Joined: 27 May 2008 Posts: 299

This sounds like a good reason to release a 2.27a or something rather quickly... Which means all the other bug posts of moderate importance would get fixed too right? right? I need my (%w) at the start of a dbkey to work properly heh.

Posted: Tue Jun 17, 2008 4:45 pm

Yes, another release (2.28) is planned for this week.