Hello all! I was advised to share this here.
First some observations:
- Ban on username (regular PvPGN ban) cannot be bypassed (to my knowledge)
- Logging in on another username results in a kick with the following message in gproxy.log file: "You were kicked from server by warden/admin"
- Logging in without using the launcher does not result in a kick
It was a little tricky to find out why it happens as i could not test it myself (one would need to get banned, naturally).
I decided to inspect the traffic and this is what i found:
When logging in through the launcher a lot more information is sent to the server. On the screenshot you can see a PvPGN private message sent to "w3-warden" containing a strange very long hash (i was unable to identify it). The preceding "!8u" must be an indicator for the receiver. There are 5 packets containing such messages with the following indicators: !8u, !8i, !8m, !8b, !8t. My assumption is that these are identifiers of the logging players and the "kick by
warden" is a kick by the very same
w3-warden the logging player "reports" to. This way, if your identifier is in the banlist, you are kicked after the logon using the regular PvPGN kick mechanics.
Considering the "you were kicked" message appearing in the gproxy.log file and the fact that gproxy.exe process is running during the transmission, i assumed that the gproxy program is handling these messages.
I inspected the gproxy.exe file and found out that it is packed by UPX.
I unpacked it and looked for the "w3-warden" string.
I replaced the "/w" command with a random symbol which is not a valid command. This returns an "invalid command" message received in the next packet.
I think it is safe to assume that the banlist check will be bypassed, as your identifiers are not sent to "w3-warden" now.
Clearly, there are multiple ways to achieve it, such as filtering the sent packets or modifying the memory of the running gproxy.exe process. I suppose, you can experiment with changing these identifiers too. They are probably hardware IDs, as in many other multiplayer games.
In short:
- Unpack your gproxy.exe from Eurobattle folder, for example, using https://upx.github.io/
- Open it in any hex editor and find the "w3-warden" string (make sure it is preceded by /w) and replace either "/w" or "w3-warden" parts so that the /w command is not executed or the message is sent to a non existent recipient. You might need to change it in multiple places of the file to be sure. Be careful to not change the size of the file, replace byte by byte only!
I hope this was helpful!