[IRA] Chopper

HWID is the same for multiple players

Recommended Posts

I don't know how or why this happened but my HWID is not unique to me.

On the stats page for C4S (which uses HWID to identify players), I have apparently played under 15 different names and used 18 different IP's.
I'm trying to become an admin on C4S but with my HWID not being unique, it is possible that these 15 other players will get the same privileges, so it was suggested I make a thread here about it.

The correct combinations are those which locate my IP in Ireland and have the name " [IRA] Chopper". I expect my IP to be different sometimes, given that IP's are dynamic but I have only connected from Ireland. It says the first connection to the server with my ID ending in " a2e26a21" was in Poland, I never use a VPN or proxy for COD4. It also shows connections from America, Turkey, the UK and India.

I can say I have a common combination of hardware [1] but even then, each component should have its own unique ID. PC isn't a pre-built, all parts are new other than the GPU. BIOS is on latest version, only changes made to it are for overclocking and VMs.

[1] Ryzen 5 2600X, PowerColor Red Devil RX 580 8GB, 16GB Corsair Vengeance 3000MHz with COD4 installed on an XPG 256GB M.2 SSD.

If you need any more information, just ask. Thanks :)

  • Like 1

Share this post


Link to post
Share on other sites

it's obviously a bad idea to use hwid as an authentication mechanism for admins as it only relies on the players machine and is prone to spoofing. because of that we are providing a steam based identification method, which should absolutely be used for something like adminship.

 

 

Share this post


Link to post
Share on other sites

Yeah. They are using regular GUID ones, which everyone knows easy to replicate every CDKEY nowdays on 1.7.

Share this post


Link to post
Share on other sites
On 10/4/2019 at 9:18 AM, [IRA] Chopper said:

I don't know how or why this happened but my HWID is not unique to me.

On the stats page for C4S (which uses HWID to identify players), I have apparently played under 15 different names and used 18 different IP's.
I'm trying to become an admin on C4S but with my HWID not being unique, it is possible that these 15 other players will get the same privileges, so it was suggested I make a thread here about it.

The correct combinations are those which locate my IP in Ireland and have the name " [IRA] Chopper". I expect my IP to be different sometimes, given that IP's are dynamic but I have only connected from Ireland. It says the first connection to the server with my ID ending in " a2e26a21" was in Poland, I never use a VPN or proxy for COD4. It also shows connections from America, Turkey, the UK and India.

I can say I have a common combination of hardware [1] but even then, each component should have its own unique ID. PC isn't a pre-built, all parts are new other than the GPU. BIOS is on latest version, only changes made to it are for overclocking and VMs.

[1] Ryzen 5 2600X, PowerColor Red Devil RX 580 8GB, 16GB Corsair Vengeance 3000MHz with COD4 installed on an XPG 256GB M.2 SSD.

If you need any more information, just ask. Thanks :)

yea man everytime I tried to play on a C4S server it just kicks me and says login to stats page ACP due to security reasons. It sucks man because I never even got to play on the servers...

Share this post


Link to post
Share on other sites
On 10/4/2019 at 8:43 PM, leiizko said:

Looking at their formats I'd say they aren't even using HWIDs, but rather regular old guids.

Yes seems like that. But it is just derived from the playerid. It is discouraged to use the playerid for anything else than onto the banlist. About server owners still doing that we can not help.

Can you please go in game, open console, enter  $ministatus and make a screenshot you send us?

In case $ministatus is blocked then visit another server.

Share this post


Link to post
Share on other sites
Posted (edited)
7 hours ago, Fraggy said:

Yes seems like that. But it is just derived from the playerid. It is discouraged to use the playerid for anything else than onto the banlist.

PlayerIDs and HWIDs are two completely separate things, correct? Could you expand a little on what the PlayerID is?

Edited by Anomaly

Share this post


Link to post
Share on other sites
1 hour ago, Anomaly said:

PlayerIDs and HWIDs are two completely separate things, correct? Could you expand a little on what the PlayerID is?

we only refer to the means of idenfication by playerid and identification by steamid. https://github.com/callofduty4x/CoD4x_Server/blob/master/plugins/function_declarations.h#L216-L217 as a plugin developer you can request both ids. the steamid will always allow you to uniquely identify a player by his steam account if available. the playerid does not have that guarantee, but it is very likely that the same holds true. in rare cases two different players can have the same playerid. 

Share this post


Link to post
Share on other sites
Posted (edited)

Players having the same P ID is not as rare as you might think, and I think this is an oversight on CoD4X's part. Thinking you got this covered by offering Steam auth is hardly a solution as a significant portion of the player base doesn't have Steam or don't want it running. Check $ministatus on any server that supports it and you can confirm this by looking at what percentage of the player base has Steam running in the background.

PS: I may be able offer so more insight on this problem, but it'd involve information on the HWID you may not want to have available for the general public (not anymore than it is already).

Edited by Anomaly

Share this post


Link to post
Share on other sites
Posted (edited)

Hey,
I seems to have a similar issues with a few different people with this guid 2310346615308413814. Seems to happen when people install the game on linux using steam proton.

Edited by st0rm

Share this post


Link to post
Share on other sites

Well we need to blacklist the knownduplicated playerids.

2 hours ago, Anomaly said:

PS: I may be able offer so more insight on this problem, but it'd involve information on the HWID you may not want to have available for the general public (not anymore than it is already).

Your insight will probably not help us too much. The authsystem is flawed. And I was aware about it from the start when I implemented it. I don't have any better solution. A better solution would require a device driver every player has to install. I doubt many are happy to do that, just to get identified on a gameserver. Also I don't wanna bother with creating device drivers either plus I would not get it signed anyway.

So I have no proper solution regarding using the computers hardware to identify someone. Having to deal with duplicated serial numbers makes the whole shit even harder.

Share this post


Link to post
Share on other sites

It rarely happends that I think it can be disregarded, besides you can always implement a 2-step or something on your server to avoid that small % fully, admins need to login with a unique pw to "verify" the guid and have admin powers, hence eliminating any trouble.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.