New crash exploit part IV (17.04.2016)

New crash exploit part IV (17.04.2016)

Postby Grabbi » Sun Apr 17, 2016 1:07 pm

Hi everyone,

since easter 2016 we face a new troll using an exploit crashing servers.

Each time on maps with SDKFZ222 or subs the troll joins server,
prepares console for crash command [xxx.con]
and starts playing till he gets "kicked/banned" or even liberately executes the command.

Result: Server has encountered a problem and must be ended [Popup Msg in Windows Server over remote desktop, so there s NO "couldn t connect to server console" etc. message]

He changes IP over Socks5 Proxy each time he joins.
He changes KEYHASH each time he joins.

This is going on now for over a month.

Therefore we prepared wireshark and logged gameport 14567 upd

Server Settings: Windows Server 2012 / latest BF1942 Server.exe from Tuia [1.612 /128 slots]

Yesterday we could record the troll crashing the server and we hope this Wireshark logs can help to create a server fix to prevent trolls from crashing the remaining battlefiled servers for fun.

KarolPopiolek 2d115a5e168a98c87bfc18963470abb4 [unknown]

IP is server in the Netherlands:

Wireshark Recording Troll crashing server:

rar file contains:

Wireshark protocoll [complete server communication], so you might need latest

Troll informations:
KarolPopiolek 2d115a5e168a98c87bfc18963470abb4 [unknown]

and Wireshark Filter Protocoll [troll -server communication]

Hope you can help us to find a server fix, because ppl stop playing over time when this continues.

Best regards


PS: Only solution we have atm is to set Server under Password, and just give it to those we know well for years.
User avatar
Posts: 32
Joined: Wed Aug 03, 2011 3:37 pm
Location: Netherlands & Germany

Re: New crash exploit part IV (17.04.2016)

Postby arivi » Thu Sep 21, 2017 7:39 am

Is there any new solution for this exploit? księgowa Jelenia Góra
Last edited by arivi on Fri Dec 15, 2017 9:47 am, edited 1 time in total.
Posts: 2
Joined: Wed Sep 20, 2017 9:47 am

Re: New crash exploit part IV (17.04.2016)

Postby russ » Sun Oct 29, 2017 8:14 am

There aren't any weird packets coming from that client, are you sure it isn't a crash caused by something on the query port?
Posts: 61
Joined: Sun Oct 29, 2017 8:12 am

Return to Battlefield server and client

Who is online

Users browsing this forum: No registered users and 3 guests