Skip to content
View in the app

A better way to browse. Learn more.
ResHax

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.
Help us keep the site running.

Some funny things on Steam lobbies

ZenHAX
in Zenhax

Featured Replies

  • Author
  • Localization

aluigi, posted Sat Aug 16, 2014 9:55 am (197)

I have just released a very simple tool called steamlobbylist:
http://aluigi.org/papers.htm#steamlobbylist

It simply gets the list of available matchmaking lobbies from a specific game (or range of game appids) you specify.
For example:
Code:
steamlobbylist 480                  # retrieves the lobbies used by SpaceWar (used by games in development and others)
steamlobbylist ""                   # all the games you have currently installed
steamlobbylist 400-500,4700,10-20   # range of appids


And it's funny to review the results of some games, moreover from a security point of view.


Europa Universalis IV
This recent game allows you to protect your server with a password, cool but the md5 hash of the password is posted publicly on the lobby as actual_password:
Code:
lobby 109775241373644680 - 456488840 393216 8 1
  actual_password: d4ac39237b6d9d0d43bb440babb2ded3
  desc: eu4
  mod: eu4
  name: Gen. Guderian
  password: 0
  status: STARTING
  version: EU4 v1.7.0 (f2a1)

lobby 109775241376111514 - 458955674 393216 8 1
  actual_password: e0f8c553a8db4e2f8885dcc68f03c1b4
  desc: eu4
  mod: eu4
  name: SMPL
  password: 1
  status: STARTING
  version: EU4 v1.3.2 (d7f1)

lobby 109775241375808481 - 458652641 393216 8 1
  actual_password: f6f3a32927465584dbb79b42300a2f63
  desc: eu4
  mod: eu4
  name: Ikgear
  password: 0
  status: STARTING
  version: EU4 v1.6.1.0 (d00f)



Football Manager 2014
Here the password is just in clear-text:
Code:
lobby 109775241375973828 - 458817988 393216 8 1
  all_selected_divisions: 755,0,0,757,0,0,765,1,0,769,1,0,771,1,0,772,0,0,776,1,0,784,0,0,788,2,0,790,0,0,791,0,0,793,0,0,796,1,0,798,0,0,799,0,0,800,0,0,1649,0,0,1651,0,0,
  ...
  name: Football Manager 2014
  name_substring_20: 1
  name_substring_201: 1
  name_substring_2014: 1
  name_substring_Fo: 1
  name_substring_Foo: 1
  name_substring_Foot: 1
  name_substring_Footb: 1
  name_substring_Footba: 1
  name_substring_Footbal: 1
  name_substring_Football: 1
  name_substring_Ma: 1
  name_substring_Man: 1
  name_substring_Mana: 1
  name_substring_Manag: 1
  name_substring_Manage: 1
  name_substring_Manager: 1
  network_version: 1401
  number_managers: 2
  num_selected_divisions: 25
  password: smile123

lobby 109775241376115600 - 458959760 393216 8 1
  all_selected_divisions: 765,0,0,776,0,0,788,0,0,796,0,0,
  ...
  name: Football Manager 2014
  ...
  password: kkk

lobby 109775241373668235 - 456512395 393216 8 1
  ...
  password: maradona

The other funny thing of this game is the name_substring_ parameter, as you can see from the first example it's splitted in multiple fields :)



Orion Dino Beatdown
Another example of clear-text password:
Code:
lobby 109775241376667652 - 459511812 393216 8 1
  Abilities: ENABLED
  Credits: 0
  CurrentPlayers: 3
  difficulty: HARD
  Dinos: ENABLED
  GameType: SURVIVAL
  Idle: DISABLED
  MapName: ARID-NIGHT
  maxplayers: 5
  Privacy: FRIENDS ONLY
  Revival: ENABLED
  ServerName: DinoDino123
  ServerPassword: colin
  Slomo: ENABLED
  Vehicles: ENABLED
  version: 17

lobby 109775241385667163 - 468511323 393216 8 1
  Abilities: ENABLED
  Credits: 1000
  CurrentPlayers: 1
  difficulty: MEDIUM
  Dinos: ENABLED
  gametype: SURVIVAL
  Idle: DISABLED
  MapName: RAUPI-NIGHT
  maxplayers: 5
  Privacy: FRIENDS ONLY
  Revival: ENABLED
  ServerName: misha and nick
  ServerPassword: password
  Slomo: ENABLED
  Vehicles: ENABLED
  version: 17



Sniper Elite V2
This game instead has an interesting bug, basically the Binary Blob field is a 64 bytes buffer without final NULL delimiter and so, when added to the lobby data, it takes also the subsequent memory.
Yeah a memory disclosure vulnerability:
Code:
lobby 109775241373676416 - 456520576 393216 8 1
  Attribute 0: 936
  Attribute 1: 6
  Attribute 2: 0
  Attribute 3: 12
  Attribute 4: 738715483
  Binary Blob: 19080102000000008fa75d1b758fbebf758fbebf758fbebf02642f00faffc025G???"~??????t???.???~@~??O}?
  description: fareeis
  FreePublicSlots: 6
  hidden: 0
  HostID: 0110000109b61c85
  HostName: fareeis
  LobbyType: 0
  maxplayers: 12
  NumPlayers: 6
  Passworded: 0
  PrivateSlots: 0

lobby 109775241387321262 - 470165422 393216 8 1
  ...
  Binary Blob: 000f01056400000000000000a30d0000758fbebf758fbebf758fbebffa1f1c00*,YV*,YV*,YV*,YV*,YV*,YV*,YV*,YV*,YV ,YV ,YV ,YV*,YV ,YV*,YV ,YV*,YV ,YV$k?C??
  ...

lobby 109775241386935981 - 469780141 393216 8 1
  ...
  Binary Blob: 14080105a00f0000df68321b758fbebf758fbebf758fbebf02642f00feffc025?.?=??>???@a?e?i???L??VE?a??s?=??>???@a?e?i???L??VE?a?ju=??>???@a?e?i???L??VE?a??A?E?
  ...



If you find other examples, feel free to post them here.
  • Author
  • Localization

BenCat07, posted Fri Jan 06, 2017 11:53 pm (19988)

Sounds Funny, now lets mess with TF2

Looks Like Half-Life based things don't show lobbies :c
Guest
This topic is now closed to further replies.
Go to topic listing

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.