Oh boy. I sorta dropped Wc3 after that point due to my worries in relation to thisā¦ it appears as though there may have been new information I was unaware ofā¦
Again, I will not provide a direct link.
This data is new to me, despite the 3 year tag since it was posted - I will review it and edit out what is needed - but I thought Iād post it copied directly (without a link or anything) since I didnāt see any exact JASS codeā¦
"The exploit is CONFIRMED! Patch 1.27 is vulnerable to arbitrary code execution!!!
So, I just found a way to typecast values again in the Patch 1.26. With this trick I can perform a I2C and execute raw JASS bytecode, which in turn allows me to read and write memory from the game process, allowing me to execute arbitrary machine code from inside a map!
I thought the release of patch 1.27 only about 3 weeks after I discovered the exploit, was an indication that they were going to fix it. But they didnāt, they didnāt modify anything in the JASS VM from patch 1.26. I didnāt have to change anything in my code, I just ran it in the new patch, and it worked.
This thread discusses not only the exploit, but also the possibility of developing an unofficial community-driven custom patch for Warcraft. This patch would not only fix the security issue, but could also introduce many new features into the game. With time, we could even implement everything in the [thread=257163]1.27 wish list[/thread] by ourselves.
Now, before saying that such a thing would be impossible, impractical, or would not work, please read all posts under this thread, especially my [post=2792981]latest post[/post]. Here follows my original post, before I had finished the exploit:
A brief history of Warcraft
In the pre-historic days of pre-1.20 Warcraft, some unknown guy found the marvelous āReturn Bugā thing - the ability to typecast values from one type into another with no restrictions.
Quickly everyone learned about it, and started using it to store things at gamecache. This gave origin to a whole new generation of map making - modders were able to do things that were never thought to be possible.
By that time, everything was wonderful. Every big map started using this thing, everyone was happy, and so was Blizzard - after all, itās not every day that a major bug in your product becomes itās most valuable feature.
Then around the time of 1.23 patch, the Warcraft community was stunned by some (russian?) guy, that found a very dangerous exploit: through the use of I2C, that guy managed to execute arbitrary machine code from inside a map.
Suddenly the world came down in an instant. This thing violates every known principle of computer security. By that time the Warcraft community was much bigger than it is now. People were used to join and play custom maps they never seen before. So, hackers started to make maps that infect the playerās computers with viruses as soon as they join the game. Adding to the fact that most users run Warcraft as Administrator, this allowed them to easily take control of their machines.
So, things couldnāt stay as they were. Blizzard was forced to do something as quick as possible. But this exploit was based on the famous āReturn Bugā, the most valuable thing they have. Every popular map was using it, DotA was using it, so how could they solve this security problem without breaking every map?
As we all know, they came out with a very clever solution. They removed the ability to typecast values, and gave us Hashtables in exchange. Map makers quickly adapted, and everything was good again.
Until nowā¦
The present state of Warcraft III
Warcraft III is now an ancient game. People donāt play it anymore - the size of its community now is exponentially smaller than it has been some day.
Blizzard doesnāt seem to support the game anymore. The last patch was released 5 years ago. Blizzardās main source of profit is Starcraft II - they donāt make money from Warcraft anymore.
There are rumors that they could release a new patch. To be honest, Iām very skeptical about this. Some guy pointed that their site is anouncing job positions for development of āclassic gamesā, where WC3 is included. One can assume that no development is being made on WC3 while those job positions are still vacant.
As you can see, things have changed. They are not as they used to be in the times of 1.23. By that time they were able to quickly fix the major security issue. But will they do it now?
What if I told you that I just found a way to do I2C in the 1.26 patch?
The future, and the possibilities
Ok, so what happens if people with intentions not as good as mine become aware of this thing? Either Blizzard will release a quick fix. Or they will simply not care! And what happens if they choose to do that? Will the game definitely die?
Iāve been thinking, why do we need Blizzard to do everything for us? Just look at the amount of things that people are requesting in the [thread=257163]1.27 wish list[/thread]. Iām pretty sure many people in the community are capable of implementing some of those things by themselves, so what do we need Blizzard for?
We could easiliy create a community-driven unofficial patch for warcraft. To add all the features we have always dreamed about. It could be made open-source, so that everyone could contribute. And look, we already have Sharpcraft as a start point.
But no one uses Sharpcraft natives in map making. Why? I know, itās because it requires the end user to install custom stuff in their computer, as opposed to just join a map and have it automatically downloaded.
But what if every Warcraft player in the world had Sharpcraft installed? What if it was so popular, that nobody would install one without the other? Think about Firefox and Greasemonkey. Browser scripts have become so popular, that itās no crime if they require Greasemonkey to be installed.
Of course, Sharpcraft doesnāt have that much popularity. The average Warcraft player doesnāt even know that it exists. But I see a way that this could change: if the game is now unsafe, and hackers start to put viruses on maps, people will start looking for a solution.
And if Blizzard doesnāt provide that solution, we can. I could easily fix that bug myself, and then Sharpcraft (or w/e the community custom patch would be called) will become very popular. Every ānewbie tutorialā you find in the internet, teaching noobs how to ādownload and install Warcraftā, will also teach them how to install the custom patch, to āmake the game saferā.
Obviously this patch will do much more than just a security fix. With time, we could implement everything in the 1.27 wish list, without waiting for Blizzardās good will. We will end up with a very powerful game engine, that will have complete support for all the existent resources, but will be also completely free from the current Warcraft III limitations.
What I will be doing now is research a bit more on the I2C thing. I will examine the old 1.23 exploit, try to figure how it works, and if it can be reproduced in 1.26. If I fail to do that, I will conclude that I2C is safe to use, and I will make it public.
If I succeed in executing arbirary code,I have succeeded, the exploit is REAL!!! Iād like to hear your opinion on what should I do with this knowledge. If this was in another time, I would simply report the vulnerability to Blizzard. But I donāt have faith that they will do anything about it.
What do you think? A custom community-driven patch for Warcraft is viable?
Last edited: Mar 15, 2016
leandrotp, Feb 28, 2016"