R4P3 Client Crash/Anti-Crash [3.0.19.0]

dedmen · Apr 22, 2016

This plugin provides a hotfix addressing a recently discovered vulnerability affecting TeamSpeak3 Client version 3.0.19.0
It also provides a PoC Utility to exploit the vulnerability!

Only use it on your own Server for test purposes!
R4P3.NET wont take responsibility for damage caused.

R4P3_Crasher_3_0_19.ts3_plugin

This doesnt prevent crash if the String is still in the Chatlogs!

Credits go to the exploit's original authors!... and also

Derp: Plugin Development
Kaptan647: Plugin Development

-R4P3-DevTeam // Dedmen

scuterfrog · Apr 22, 2016

Hi, can you add a Hotkey?

What ever, I like this plugin!
All works really fine! Trustworthy crash code blocking and sending.

dedmen · Apr 22, 2016

We dont really want people to just Mass crash anyone out of fun. Thats not the intention.. So.. No.. no Hotkey.

scuterfrog · Apr 22, 2016

dedmen said:
We dont really want people to just Mass crash anyone out of fun. Thats not the intention.. So.. No.. no Hotkey.

Oh thats right

But the problem already exist :/ At the gommehd.net teamspeak 3 Server it feels like there are any second ~5 time outs.
That's scary to see :/
So when I think about it, then is your decision in my opinion is good.

But I'm also not been entirely innocent

bait · Apr 22, 2016

works perfectly, very good work

IMAGIN8 · Apr 22, 2016

Great. This should be added to VIP section, since its only one
[3.0.19.0] crasher.

dedmen · Apr 23, 2016

IMAGIN8 said:
Great. This should be added to VIP section, since its only one
[3.0.19.0] crasher.

We didnt do that because the Chat message to crash people is already publicly available. The only difference is that people without this need to copy-paste the message.

Agusanz · Apr 23, 2016

Good job..
mmm looks like you still crash when someone keeps telling you the crash string, it works fine the first 20 times, but after a while you will crash anyways..
and if you try to pm some people for example "ty." you will crash when you open the chat windows

Edit: yeah.. my server got fucked up with this bug and this doesn't works properly, sometimes it protects me but many many MANY times it fails.. just downgrade to 3.0.18.2

dedmen said:
We dont really want people to just Mass crash anyone out of fun. Thats not the intention.. So.. No.. no Hotkey.

Cool story.

Derp · Apr 23, 2016

Agusanz said:
Good job..
mmm looks like you still crash when someone keeps telling you the crash string, it works fine the first 20 times, but after a while you will crash anyways..
and if you try to pm some people for example "ty." you will crash when you open the chat windows

Edit: yeah.. my server got fucked up with this bug and this doesn't works properly, sometimes it protects me but many many MANY times it fails.. just downgrade to 3.0.18.2

Cool story.

Will have that fixed on the next version (should come out pretty soon)! Thank you

Agusanz · Apr 23, 2016

Derp said:
Will have that fixed on the next version (should come out pretty soon)! Thank you

About the "ty." example.. i meant the nickname, not the text message.. i dont know if you understood me correctly. i tried to pm some guys and i crashed few times because of that.. i tried later with another identity and yeah.. "ty." fy." i crashed every time trying to open the Private message tab

Derp · Apr 23, 2016

Agusanz said:
About the "ty." example.. i meant the nickname, not the text message.. i dont know if you understood me correctly. i tried to pm some guys and i crashed few times because of that.. i tried later with another identity and yeah.. "ty." fy." i crashed every time trying to open the Private message tab

Well, yesterday's release was a bit "On the Fly", and we didn't have time to go through everything. However, we will try to reproduce this issue and will release a quick fix addressing the it (and also will remove the unneeded channel crash function )

Ramadi · Apr 23, 2016

if someone put the code in the Channel Description
i'll crash anyway - why is that ? and i cant delete the channel even untill i use YaTQA

Derp · Apr 23, 2016

Ramadi said:
if someone put the code in the Channel Description
i'll crash anyway - why is that ? and i cant delete the channel even untill i use YaTQA

Thank you!

On todo

Agusanz · Apr 23, 2016

Ramadi said:
if someone put the code in the Channel Description
i'll crash anyway - why is that ? and i cant delete the channel even untill i use YaTQA

someone just discovered how the "unsupported characters" bug works xD

Don't even try to rename ur server name to that character.. you will have a bad time.

markusmarkusz · Apr 23, 2016

TeamSpeak will release a Hotfix.

http://forum.teamspeak.com/threads/124487-Users-can-crash-all-per-crash
But I think there will be enough time to crash some clients

dedmen · Apr 23, 2016

Agusanz said:
Good job..
mmm looks like you still crash when someone keeps telling you the crash string, it works fine the first 20 times, but after a while you will crash anyways..
and if you try to pm some people for example "ty." you will crash when you open the chat windows

Both bugs are not reproducible. We just tried sending a few dozen crash strings and all of them were caught like it should be. And i just made two clients named "ty." and "fy." and tried to crash eachother.. nothing.. Opening the PM tab and sending PMs also didnt do anything bad. But i only tested 32-bit are you on 64-bit? although both plugins are the same code so there should be no difference

dedmen · Apr 23, 2016

Ramadi said:
if someone put the code in the Channel Description
i'll crash anyway - why is that ? and i cant delete the channel even untill i use YaTQA

That is because the crash occurs when trying to display that character. We cant easily edit the Channel Description On the Fly from the plugin. So we cant prevent it from showing.

scuterfrog · Apr 23, 2016

Lol with this Plugin you can crash channels without have to be in it lool

Agusanz · Apr 23, 2016

dedmen said:
Both bugs are not reproducible. We just tried sending a few dozen crash strings and all of them were caught like it should be. And i just made two clients named "ty." and "fy." and tried to crash eachother.. nothing.. Opening the PM tab and sending PMs also didnt do anything bad. But i only tested 32-bit are you on 64-bit? although both plugins are the same code so there should be no difference

yes, im on 64bits.. are you on r4p3 teamspeak?

edit: i just tried to do it on r4p3 teamspeak and i didn't crash. i tried it again on my server and i crash.. what the fuck... if you want to check it out i can send you the dns name
edit2: i tried on my test teamspeak and i did crash.. what the fuck x2

fast_root · Apr 23, 2016

My error, don't work for me .

---------------------------
Microsoft Visual C++ Runtime Library
---------------------------
Assertion failed!

Program: ...ogram Files\TeamSpeak 3 Client\ts3client_win64.exe
File: main.cpp
Line: 206

Expression: n == sz

For information on how your program can cause an assertion
failure, see the Visual C++ documentation on asserts

(Press Retry to debug the application - JIT must be enabled)

R4P3 Client Crash/Anti-Crash [3.0.19.0]

dedmen

scuterfrog

Member

dedmen

scuterfrog

Member

bait

Member

IMAGIN8

Member

dedmen

Agusanz

Active Member

Derp

Agusanz

Active Member

Derp

Ramadi

Member

Derp

Agusanz

Active Member

markusmarkusz

Active Member

dedmen

dedmen

scuterfrog

Member

Agusanz

Active Member

fast_root

Member