mIRC Home    About    Download    Register    News    Help

Print Thread
Page 1 of 2 1 2
#61750 25/11/03 10:58 AM
Joined: Jun 2003
Posts: 19
H
Hjorten Offline OP
Pikka bird
OP Offline
Pikka bird
H
Joined: Jun 2003
Posts: 19
I'm currently working on a script that lets people change their version reply,
and I have some questions I'd like to get answered.

1. Would you use a script that let you choose which version reply you had?
2. Do you think making this kinda script is wrong towards Khaled?

#61751 25/11/03 11:25 AM
Joined: Dec 2002
Posts: 349
S
Fjord artisan
Offline
Fjord artisan
S
Joined: Dec 2002
Posts: 349
1. Perhaps, but I wouldn't be replying with "1337 5kr!p7 v1337 (c) Skip" or anything. See below.

2. It depends how it is used - In light of revamped efforts to exploit mirc (hardly call it exploiting really, just being a royal pain in the a..) a good use of a version changer would be to either suppress your mirc version or mislead attackers into thinking your running a certain mirc version (to catch/deter mass attacks or make you less of an appealling target).

I wouldn't use it to pretend I don't run mIRC, advertise my script or blind others with my drug induced choice of colours - thats just preference. I don't see how it takes anything away from Khaled and his hard work -- It's his hard work that allows us to do stuff like this in the first place. If I ignored all ctcps, including versions (which I do), would I still be doing something wrong towards Khaled?

Just my 2 cents anyhow...

#61752 25/11/03 11:36 AM
Joined: Dec 2002
Posts: 177
K
Vogon poet
Offline
Vogon poet
K
Joined: Dec 2002
Posts: 177
The author of mIRC deserves credit for the work he has done. If you don't want mIRC to show in the version reply, uninstall it and use something else. It is against the license agreement (illegal) to remove the version reply. If you feel the need to stroke your ego, add a script reply




#61753 25/11/03 12:07 PM
Joined: Jun 2003
Posts: 19
H
Hjorten Offline OP
Pikka bird
OP Offline
Pikka bird
H
Joined: Jun 2003
Posts: 19
When I'm done with the first public release of the script it will contain my current version reply list, which includes replies from many different IRC clients, no made up ones. Even older version replies of mIRC.

Your second answer made me think a bit, no one has never told me anything like that concerning the script. And I guess you're right.

#61754 25/11/03 12:17 PM
Joined: Jun 2003
Posts: 19
H
Hjorten Offline OP
Pikka bird
OP Offline
Pikka bird
H
Joined: Jun 2003
Posts: 19
Hmm, I thought only hexediting the exe-file was illegal. If the things you say are true then maybe Khaled should have a talk with the creators of NoName Script since it removes the version reply. However it will say which version of mIRC it is using but it still alters it. I do agree with the fact that Khaled deserves credit but I don't wish to be exploited by users who thinks it is fun to crash clients. Sure, I could install another IRC client but I don't want to because I like mIRC a lot.

#61755 25/11/03 04:07 PM
Joined: Dec 2002
Posts: 2,962
S
Hoopy frood
Offline
Hoopy frood
S
Joined: Dec 2002
Posts: 2,962
Quote:
I do agree with the fact that Khaled deserves credit but I don't wish to be exploited by users who thinks it is fun to crash clients.

- Why not use of the many scripts posted here that fix the DCC exploit (which I assume is what you're referring to) or just upgrade to 6.12 which isn't affected? Besides, I haven't once seen someone do a CTCP version before trying that exploit, they just do it and see who disappears.


Spelling mistakes, grammatical errors, and stupid comments are intentional.
#61756 25/11/03 04:55 PM
Joined: Jan 2003
Posts: 3,012
Hoopy frood
Offline
Hoopy frood
Joined: Jan 2003
Posts: 3,012
I can second that.. Versioning users is like a heads up "Hey, im going to exploit you. Quick, write my name down and take it to #opers".


-KingTomato
#61757 25/11/03 05:13 PM
Joined: Jun 2003
Posts: 19
H
Hjorten Offline OP
Pikka bird
OP Offline
Pikka bird
H
Joined: Jun 2003
Posts: 19
I'm still using 6.03 because I dislike a few things with 6.12 and I have ignored all DCC's to avoid being exploited. Before I saw how to protect myself against the DCC exploit I was versioned by different users on a few networks and luckily my version reply wasn't mIRC so they did not crash my client, some of my friends did however get crashed because their reply was 6.1 and below.

#61758 25/11/03 05:26 PM
Joined: Feb 2003
Posts: 3,432
S
Hoopy frood
Offline
Hoopy frood
S
Joined: Feb 2003
Posts: 3,432
Quote:

Why not use of the many scripts posted here that fix the DCC exploit

Tell me where you find a fix for that?? a fix, not like a whole script as it is on www.mircscripts.org .. the addon that are there that says fix the DCC bug is huge, i cant say if it fix it or not, i wont install a addon that add's allot of other stuff to mirc.. and i think many with me just ignore that addon(fix). and no, it's not right to force people to upgrade, and thats what happen now, every one that dont want to be exploited have to upgrade, and if that fix on mircscripts work, then i as many other scripters have to sheck so it's compatible with my script, and that takes allot of time, and if it work ok, then i have to relese a new version of my script that also takes time and bandwith for me when everyone using it DL it again.. i would like to see a update for the old mirc users that still have 6.03, but that wont happen frown


if ($me != tired) { return } | else { echo -a Get a pot of coffee now $+($me,.) }
#61759 25/11/03 07:56 PM
Joined: Dec 2002
Posts: 2,962
S
Hoopy frood
Offline
Hoopy frood
S
Joined: Dec 2002
Posts: 2,962
Nobody's forcing you to upgrade. You can choose either to a) upgrade, b) use a version with the exploit and ignore all DCC's with /ignore -wd *, or c) downgrade to a version which isn't affected by the exploit. If you don't want to ignore DCC's well I'm afraid that's too bad. You could always look at whatever script you're referring to and try to see the specific code which fixes the exploit, or you could code DCCs in via sockets. Or even better, ignoring all DCC's finally gives people a reason to stop using DCC altogether and use a real file transfer protocol.


Spelling mistakes, grammatical errors, and stupid comments are intentional.
#61760 25/11/03 09:08 PM
Joined: Jun 2003
Posts: 195
N
Vogon poet
Offline
Vogon poet
N
Joined: Jun 2003
Posts: 195
i would like to see a update for the old mirc users that still have 6.03, but that wont happen.

what you fail to realize here is lets say khaled does release an updated 6.03. You still have to download it. theres no difference then just downloading the 6.12. In fact there is indeed an updated fix of 6.03 its called 6.12.

You wouldnt have to do anything the user of your script can simply download the new version and copy mirc.exe over to it.

We have seen scads of posts and threads complaining about a "fixed 6.03" but they do little else other than complain. typically posts read as if the poster has some hostile intent. "either do it or ill stop using mirc". even if everyone who has complained about this were to stop using mirc altogethor i doubt it would hurt mIRC's user base.

Im not trying to be offensive but when the only new posts you see in a week is about something that most likely isnt going to happen and has had _several_ new threads created for it one becomes dishearted.

I didnt notice if there alread y is one but perhaps a sticky on the subjetc may help (maybe not)


Have Fun smile
#61761 25/11/03 09:16 PM
Joined: Dec 2002
Posts: 1,527
_
Hoopy frood
Offline
Hoopy frood
_
Joined: Dec 2002
Posts: 1,527
karen it is not against the license agreement to change the version reply thru scripting methods, it is however illegal to alter the mirc exe, which by now we all now doesnt function if altered, if khaled was so worried about version reply not being able to be altered thru scriptable methods he woulnt have added debug -i which consequently i was against the idea, but seeing as he stuck it in there anyways hey i will alter it and share it with anyone who asks how to alter, just because it can be done, alot of ppl knew it could just by adding that protested it and still it gotta added, its my way of saying TOLD YA SO. I think maybe u should spend less time reading whats legal and whats not and really examine the real question at hand here. personally, i modify my version, simply put, i dont like mirc 6.1x series i use 6.03 i alter it so im less of a target, with that said. if ppl want to do the same so be it, khaled can not stop ppl from doing something he himself put in the mirc scripting ability. no one to blame but HIMSELF.


D3m0nnet.com
#61762 25/11/03 09:45 PM
Joined: Dec 2002
Posts: 1,922
O
Hoopy frood
Offline
Hoopy frood
O
Joined: Dec 2002
Posts: 1,922
The "long" script you are talking about can be found here:
http://www.erler.org/Olathe/exploit%20fix.mrc

Now if you are a v6-6.03 user and you only want to reject the exploit, simply type /ignore -wd * once and put this line in the remote:
  • On *:notice:dcc & *:?:.ignore -xu10 $nick
That's it. If you are happy with it you can stop reading here.

-

If you are a channel operator who needs to be able to detect the exploiter and kick him, you must get mIRC v6.1+ (where the -i switch of /debug is supported) and put this piece of code in the remote:
  • On *:logon:*:{
    .debug -i nul xploit
    }

    alias xploit {
    if $regex($1,/^<- :[/b](\S+)!\S+@\S+ privmsg (\S+) :\x01dcc (?:send|resume|accept) +\S*"(?:\S* ){35}/i) {
    echo 4 -at > Possible DCC Exploit by $regml(1) on $regml(2)
    }
    }
$regml(1) represents the exploiter's nick, and $regml(2) is the target (you or a channel). Use these identifiers in further commands you may want to add, for example: /ban -k $regml(2) $regml(1) 2 <kick msg>.

#61763 25/11/03 11:02 PM
Joined: Dec 2002
Posts: 2,962
S
Hoopy frood
Offline
Hoopy frood
S
Joined: Dec 2002
Posts: 2,962
Quote:
its my way of saying TOLD YA SO

- Told who so? As you said, Khaled would most likely have already been aware of the possibilities of /debug -i.

Quote:
hey i will alter it and share it with anyone who asks how to alter, just because it can be done

- So you think just because something can be done that makes it morally OK? mIRC can be used for free for an unlimited amount of time, does that mean that you go around showing off to your friends that you haven't registered mIRC because of that? mIRC scripting can be used to flood networks and launch computer attacks of various types. mIRC scripting can be used to create trojans and play havoc with people's systems. Does that mean you find it perfectly acceptable to do these things simply because they're possible?


Spelling mistakes, grammatical errors, and stupid comments are intentional.
#61764 25/11/03 11:07 PM
Joined: Dec 2002
Posts: 1,527
_
Hoopy frood
Offline
Hoopy frood
_
Joined: Dec 2002
Posts: 1,527
well then lets just say if khaled is aware it can be used for such uses, and the license agreement DOES NOT say anything about altering version replies using scripting methods, IM STILL RIGHT, it isnt morally wrong its just not what khaled wants u to do, well last i checked khaled was not my father, i do not have to listen to his wishes, and as for all the other BS u mentioned, it doesnt apply to me, i dont use mirc for those stupid reasons or ways, altho with someone who immediatly jumps on that lil bandwagon everytime something is brought up id have to question your motives.


D3m0nnet.com
#61765 25/11/03 11:21 PM
Joined: Dec 2002
Posts: 2,962
S
Hoopy frood
Offline
Hoopy frood
S
Joined: Dec 2002
Posts: 2,962
I guess it depends on how loose your morals are. Personally I think not giving the author of something due credit is *wrong*, so yes, in my book and probably most other people in the world's it is morally wrong.

Quote:
dont use mirc for those stupid reasons or ways

- Personally I can't see any real difference between those 'stupid ways' and changing the CTCP version reply.


Quote:
altho with someone who immediatly jumps on that lil bandwagon everytime something is brought up id have to question your motives.

- Which bandwagon would that be? And what motives are you questioning? If I just said that I'm against changing the CTCP reply and then compared it to making trojans in mIRC how can that be taken to mean that I have some sinister motive?


Spelling mistakes, grammatical errors, and stupid comments are intentional.
#61766 25/11/03 11:39 PM
Joined: Jun 2003
Posts: 195
N
Vogon poet
Offline
Vogon poet
N
Joined: Jun 2003
Posts: 195
i think in this case your comparing apples to oranges. In the example of a virus or trojan those are harmfull situations. Altering the version reply doesnt harm anyone.

I personally dont agree with it as I find it morally challenging as well but there is indeed a useful application for it. For users who wish to remain with 6.03 they can make it appear as tho they have 6.12 installed. Some channels even kick/ban users who arent running the exploit free version.

I suppose morals is in the eye of the user in this case.


Have Fun smile
#61767 26/11/03 01:46 AM
Joined: Apr 2003
Posts: 85
K
Babel fish
Offline
Babel fish
K
Joined: Apr 2003
Posts: 85
by typing: /ignore -t *!*@* it ignores ALL CTCP requests. This does NOT block DCC.

IMO CTCP is an old and WAY outdated protocol to start with that has no real function in todays IRC world. I've been blocking CTCP for years and life is good!


--

katsklaw
Rather experienced Admin
Rather experienced mIRC Scripter
Amateur C Coder
#61768 26/11/03 03:00 PM
Joined: Feb 2003
Posts: 3,432
S
Hoopy frood
Offline
Hoopy frood
S
Joined: Feb 2003
Posts: 3,432
Yes you are forced to upgrade.. or ignore DCC's, and if it took Khaled 1 year to make the changes in mirc.exe, then how long wouldent it take for a scripter that made a script that working fine with all fetures in the prev versions of mirc ? i have been working on my scirpt for 5 years now, and i will keep on woking with it, but many people dont like the look of the new mirc, and im one of them so i wouldent upgrade just to get the patch, it would take to long time for me to rewrite everything so it's compatible with the new version.. and i dont want any new mirc user to see that anoying screen popup every time they start mirc and that they should register, you have 1 month free "test period", and my script is in many ways much easyer to use then mirc by it self, the reson i know this is that every time somthing happens a dialog pops up that explains what happened and why, and i have a day time job so cant spend top much time rewrite every dialog and every code to make it 100% compatible with the new mirc version, thats why i want to see a fix for the DCC exploit with the old mirc.exe file (6.03), i guess somone else will find a way to make a patch for 6.03 so i wait untill that one is out, but it would be much easyer for Khaled to fix it, and if he did then no one had to hack hes code and try to solve the problem "I wont even try, but i know about people trying".. and i dont aprove to it, but they answered me when i asked WHY.. "we want to be secure with the old version, and will keep on working on it untill the problem is solved".. and i think the best would be that mirc stays on www.mirc.com , but people will be able to download fixes on other pages too soon..

Note:
I dont suport them in any way, just telling.. so dont shot the messanger wink


if ($me != tired) { return } | else { echo -a Get a pot of coffee now $+($me,.) }
#61769 26/11/03 06:16 PM
Joined: Jun 2003
Posts: 195
N
Vogon poet
Offline
Vogon poet
N
Joined: Jun 2003
Posts: 195
you speak of tho the entire scripting language has been radically replaced by something else. What could possibly have changed that forces you to redevelop your entire script? every dialog every window every alias .. If your relying on the undocumented things then thats just poor programming.

A year to fix it? You could write an entire full featured script, delete it,do it again 6 times in a year. Ive seen large scale applications go from a twinkle to a beta in than time.

Its a scripting language not an OS or some other large scale program. It wont save the world. It wont make you rich. It cant even run without mirc.exe . Scripting was meant to be fun. A way for people to spend time learning. If you have to rewrite a few alias for the next build boo hoo.

As for the registration dialog _everyone_ should register. You, the users of your script, everyone. Otherwise dont use it. khaled has been real easy going about registeration over the years and its what 20 bucks? You mean to tell me that in the "year" it takes you to rewrite your script you cant float the man a freakin 20? Your using his app. imo no difference than stealing it.


Have Fun smile
Page 1 of 2 1 2

Link Copied to Clipboard