• Check out the results of the Techtree Contest #19!
  • Listen to a special audio message from Bill Roper to the Hive Workshop community (Bill is a former Vice President of Blizzard Entertainment, Producer, Designer, Musician, Voice Actor) 🔗Click here to hear his message!
  • Read Evilhog's interview with Gregory Alper, the original composer of the music for WarCraft: Orcs & Humans 🔗Click here to read the full interview.
  • Create a void inspired texture for Warcraft 3 and enter Hive's 34th Texturing Contest: Void! Click here to enter!
  • The Hive's 22nd Icon Contest: Creep Abilities is now concluded, time to vote for your favourite set of icons! Click here to vote!

New Warcraft III security exploit...

Status
Not open for further replies.

Dr Super Good

Dr Super Good

Dr Super Good

Spell Reviewer
Level 65
Joined
Jan 18, 2005
Messages
27,345
Many of us remember the great type casting problem a while ago where people were able to use Warcraft III as a means to infect computers with harmful software. Blizzard fortunately was able to stop the bug on BattleNet and eventually patched it.

However another equally bad exploit has been discovered, this time permitting Warcraft III to execute some form of scripting language via the Preload native. This can be used to get the game to download files from the internet and place them in dangerous folders (like windows or startup folders). The end result is another means for evil people to infect your computer with dangerous software. Although this method is less direct, it still permits Warcraft III maps to act as trojans to infect your computer.

The exploit apparently is the result of the Preload statement's mechanics. The native works by the use of a scripting language being passed to it but relies on the compiler to spot abuse and terminate the map load. However (like with the previous exploit) you can trick the compiler into thinking that its use is perfectly valid and so permit the compilation of the script with potentially horrible results.

It is advisable to not play any map from a source you do not trust. Avoid downloading maps from BattleNet or playing on bots you do not trust. A trojen map can even take the apparent form of one you already have and can download and run the exploit code before the lobby even loads. Remember that both single player and multiplayer maps are susceptible to this.

Be aware that freshly submitted maps to the Warcraft III map section on this site may also be trojens and if you spot such a map please report it to a map moderator or administrator as soon as possible so it can be removed.
 
Isn't it still funny, how some people have fun, to hack a computer with a warcraft 3 map or something of warcraft 3?

Let's see how fast blizzard will take care of it and after they did, lets wait if someone found a new way to hack a computer with a map =)

So care what you downloading and more from where you downloading and thanks that you post it on hive, but make it in the news section for (maybe) a better effect!
 
Don't you just love Jesus4Lyf? He comes up with the best things ever
Sylvia.gif
 
Naa, the exploit uses simlar principles to the type casting bug in that it tricks the compiler to permit something that should be invalid by inserting extra code which is valid.

He probably picked up that the Preload statement opperates in that way by reverse engineering the game and seeing that it just is a wraper for a script compiler/executor.

Combining the two would give you an instant exploit like this. However I do congratulate him over this due to the amount of time that it takes to find this sort of thing (reverse engineering and creating an example map is not the easiest things to do).
 
Actually you can do what you want, if it is a program or a game or a system for your computer. If some people have fun with hacking and want hack someone or something, they can do it, anyway if it's designed more safety or not.

So I bet that some people come up and try to hack ScII ( When a new program comes out, all say "more safety" "better security" , then the next 2 weeks you head "Program was hacked ... a big hole in the security and so on )

So it's on the user, if the user stay safe, it's hard that something happen.
 
Dr Super Good said:
Anti virus software might be able to help remove them but you will still get infected in the first place until they recognize that sort of virus (which can take weeks).
Click to expand...

I've found Norton to be very very good, and worth the money. Because well I probably shouldn't say this on THW, but the money spent on Norton usually exceeds its worth depending on how much shit you pirate.

I got hacked one day, a major hack that completely nuked me, it took Norton an hour to get rid of all of the viruses, but by the time Norton was done my computer was running at full speed again.
 
Dr Super Good said:
Anti virus software might be able to help remove them but you will still get infected in the first place until they recognize that sort of virus (which can take weeks).
Click to expand...

Hmmm... and other security stuff won't work?

Oh, and I suggest putting a warning about this new exploit in the maps section before the... erm... Map Flu 2.0 will be cured.
Even better, we could recommend everyone to wash their hands after playing Dota and close down the site, commencing pandemic.
 
Dr Super Good said:
Anti virus software might be able to help remove them but you will still get infected in the first place until they recognize that sort of virus (which can take weeks).
Click to expand...

How do you know the infected files are RAT/Keylogger/Botnet?
It could be something that will just do much damage.

But if the attacker puts one of those 3, then it's pretty simple to get rid of :thumbs_up:
 
Dr. Boom said:
Actually you can do what you want, if it is a program or a game or a system for your computer. If some people have fun with hacking and want hack someone or something, they can do it, anyway if it's designed more safety or not.

So I bet that some people come up and try to hack ScII ( When a new program comes out, all say "more safety" "better security" , then the next 2 weeks you head "Program was hacked ... a big hole in the security and so on )

So it's on the user, if the user stay safe, it's hard that something happen.
Click to expand...

WC3 wasn't really "hacked" in this case...it's more like an exploitation of code that anyone who knows JASS can carry out. SC2 has nothing of the sort. (Then again, WC3 went like 8 years before this shit popped up)
 
Well I have been trying to get it made more publicly aware since halfway through November (when I found out about it as I nolonger play WC3). This trojen map exploit will work on every OS unless some security of the OS blocks WC3 from writing to the folder (might happen on vista and 7 but as people usually run as an adimistrator, largly not so).
 
Well then, Warcraft 3 is screwed.
Can't go too high in ladder because people have map-hacks and drop-hacks.
Can't play too much custom games because of the viruses/trojans.

It's goddamn ridiculous!
 
The positiv thing about this is, that it allows us to store a file on the local machine of a player in a multiplayermap. And to load data from that file again. That would allow us to have complex save/load systems for multiplayermaps. I tested it with a testmap Jesus4Lyf set up. It really created a folder in my wc3 directionary and put 2 *.txt files into it. After closing wc3 and restarting the map again I was able to load data from that files. I tested it in a singleplayer game in offline mode and hosting a game on Bnet. Worked for both. Only adjustment players have to make is to allow local files for wc3, which can be done via regedit. If blizzard simply removes that stuff without making gamecaches or something else multiplayer usable, I will feel really sad.
 
Dr Super Good said:
Thyrael, it is not that easy...

You have to syncronize the data between players otherwise everyone will just split.

Additionally this is very unsafe. Yes it can be used for good like the previous exploit but the ability for evil is extreem. You could delete whole games and windows files.
Click to expand...

Then let's convince Blizzard to restrict the usage to local, relative paths, instead of "fixing the issue".
 
Am I the only one who thinks that by alerting people of such an exploit, not to mention linking them to a place that has the necessary info on how to produce such an attack on others yourself is a bad idea?

I strongly believe that if people didn't advertise the fact that the return bug was potentially dangerous, we'd still have a large portion of older maps and nothing bad would have ever happened because of it. Even if something malicious occurred because of the return bug, if it hadn't been so wide spread info that there was even such potential I believe such occurences would have been rare.

So in my opinion by, by advertising this to everyone it only makes Battle.net that much more unsafe, and we'll probably get yet another patch that will break something that we used properly before.

Though admittedly now that this problem is public knowledge I wouldn't mind having it fixed, just not at the cost of breaking previous maps. >.>
 
Status
Not open for further replies.

Similar threads

Hoernchen
  • Locked
Dangerous Chat Exploit
Replies
17
Views
4K
Wolverabid
Wolverabid
AMarkov
[JASS] Preload Exploit system in Reforged
Replies
2
Views
1K
Maxou
Maxou
PurplePoot
  • Locked
New Hosted Project--Diablo III Warcraft
Replies
18
Views
5K
povivval
P
Dr Super Good
  • Locked
Warcraft 3 patch 1.21b
2 3 4
Replies
191
Views
54K
Rui
Rui
D
  • Locked
A Warcraft III map development tool set of Lua for vscode
Replies
3
Views
4K
zachhandley
zachhandley
Back
Top