Warning: Avoid K3 mod and any Kill3r mods

[Dan2k3k4]

It has been brought to the attention of the community that a modder/mapper, Kill3r, creator of the K3 mod and various maps, inserted code into those maps and mod that would allow him to use rcon to log into a server running these items and take control. The mod also contained an aim bot. Here's a list of items Kill3r had his hand in:

Mods:

• K3
• Ion Cannon Mod
• Freeze Tag mod
• iBAS Beta 1.1 Mod
• UO Zombie Mod

Maps:

• Q3CTF3
• WAWA
• Maze1
• Backlot night
• Rat House

More information can be found at these locations:

InfinityWard Forums: http://www.infinityward.com/community/f ... ic=36639.0

RGN Forums: http://www.raidersmerciless.com/showthread.php?t=4554

CODUtility: http://www.codutility.com/index.php?fil ... ad_id=2441

PBBans.com: http://www.pbbans.com/mbi.php?action=5&ban_id=70504

[ Thanks to kyobanim for the message ]

[deano]

i just told all the people on my xfire about this ( my team m8 told me on clan forums)


But nice post m8

[helium]

Thanks for informing and spreading the word.

[Pedsdude]

Seen the CoDJumper chat forum recently?

[Drofder2004]

Thanks for the heads up, but Nightmare has already given us the news, of which I am still not totally convinced of the guy trying to be malicious, he did still create an awesome mod and only 2 potentially bad things found inside it...

brb, creating jump-bot to stick in mod...

[Marshall]

The mod gives him and only him (his GUID), to get rcon on any server running the mod.

It prints the password on his screen, and automatically sets him as the admin.

(You tell me if that is needed?) (He puts this in all of his mods)

Also, the aimbot thing, I don't really care. It's most likely for testing anyways.

(It sets the bot's angles to shoot at him (test weapons?))

brb, creating jump-bot to stick in mod...

Was that a joke? aha

[Dan2k3k4]

Since when have I ever read anything Peds? ahh well...

Apparently 1.2 of K3 doesn't have the rocn stealer/aimbot but still why would you ever add an rcon stealer... aimbots are not needed either, bots don't need to shoot you, you can shoot them and test the weapons, unless you need to test damage on your screen...

[atze<3]

the aimbot wasnt for testing only... he was able to active his aimbot via dvar (thats why he needed the rcon pw) and play with it on any server with his mod

edith: everyone who has his mod on his pc has an aimbot code there!
when pb will set this aimbot on their list someday u will get banned for it when u have his mod on ur pc

[Drofder2004]

the aimbot wasnt for testing only... he was able to active his aimbot via dvar (thats why he needed the rcon pw) and play with it on any server with his mod

edith: everyone who has his mod on his pc has an aimbot code there!
when pb will set this aimbot on their list someday u will get banned for it when u have his mod on ur pc

Word of advice, stop reading the RGN forums...

The coding to produce the 'aimbot' is simple mathematical commands which are BUILT IN to the games engine, infact the EXACT same commands are used in the CoDJumper mod to record angles and load your angles after saving. If you honestly think this could give you a chance of being banned by PB then, no more mods for you.

There are many things I question about this 'event'.

What was -7- (the guy who decompiled the .ff) doing inside the files in the first place?

The code was 100% undetectable, so I am lead to believe someone may have been snooping for bad reasons...
RGN claim it is illegal to 'steal' rcon passwords, but is it not also illegal to decompile somebody elses software without permission of the author. The only people who should be allowed to do so is IW, who legally own the mod.

How does having the RCON password become a security issue? (RCON = Remote 'Console')
The argument is this: "With RCOn he would be able to turn on his Aim-bot via CVAR's".
Ok, value argument, but, if he was able to tell the mod to detect his presence on a server [bwhy wouldn't he just tell the server to turn on the dvar without requiring rcon passwords?[/b]

The argument is majorly flawed. I will say again, what I feel is that Kill3R was stupid for not removing this before release, but imho, I do not think he intended to do anything malicious.

Until there is proof that his code was designed for him to shoot others and not bots to shoot him, I shall stay under this impression.

[atze<3]

i see

[JDogg]

I aggree with Drof, no one even let him speak out, everyone just banned him and removed his mods. On the most recent episode of Bash and Slash Jock did interview him and he says it was for testing purposes etc
http://bash.podbean.com/2008/05/19/bash ... ill3r-app/

[Nightmare]

From what I read, they decompiled his FF file in his mod.

[Drofder2004]

A guy called " -7- " (or close to) was the person who decompiled it. He a very good modder and a very highly skilled one at that. Like I said, it is illegal for a police officer to go snooping without any evidence, so what was he doing inside his ff file as to our knowledge the "backdoor" was undetectable?

[Neon]

I think it's very unfare that he was banned from many things CoD related before having a chance to explain himself.

[Dan2k3k4]

A guy called " -7- " (or close to) was the person who decompiled it. He a very good modder and a very highly skilled one at that. Like I said, it is illegal for a police officer to go snooping without any evidence, so what was he doing inside his ff file as to our knowledge the "backdoor" was undetectable?

Kill3r posted a bunch of times stating that he had "secrets" in his mod, and "something that only he can use" and things like that, personally when I read those I wanted to find out what it was, just to be the first person who found it out... though I didn't know about decompiling etc. and wasn't really bothered - never downloaded the mod anyway...