Spoofing Rednet Computer Ids

When using Rednet on multiplayer servers where the wireless range has been increased to some ridiculous amount, checking the sender's ID may seem like a fool proof way to authenticate messages, but it really isn't. As it turns out, it's very easy to spoof the sender's ID on Rednet, as I will explain. In many ways, the Rednet API is just a wrapper for other API. For example, rednet.receive() just does

local e, p1, p2, p3, p4, p5 = os.pullEvent( "rednet_message" )

and returns p1, p2, and p3.
The problem with this lies in the rednet.send() function; rednet.send() uses the Peripheral API to actually send messages

peripheral.call( sSide, "transmit", nRecipient, os.getComputerID(), sMessage )

Looking at this function call, we can tell the function just calls os.getComputerID() when sending the message to get the sender's ID. This means we can easily change the fourth parameter to any ID, and the ID of the sender would be spoofed when received

peripheral.call( sSide, "transmit", nRecipient, 1337, sMessage )

or even broadcast the message

peripheral.call( sSide, "transmit", 65535, 1337, sMessage )

Just make sure you open the modem on the side first

rednet.open( sSide )

tl;dr?
Don't rely on the sender's ID to authenticate your Rednet messages in multiplayer environments.

tuogex, on 03 November 2013 - 10:47 PM said:

tl;dr?
Don't rely on the sender's ID to authenticate your Rednet messages in multiplayer environments.

Unless you're using a version of ComputerCraft before the modem api existed as there was no way to change the ID back then.

theoriginalbit, on 04 November 2013 - 12:33 AM said:

Unless you're using a version of ComputerCraft before the modem api existed as there was no way to change the ID back then.

Yes, it was even possible then :ph34r:/>

sens, on 04 November 2013 - 06:24 AM said:

theoriginalbit, on 04 November 2013 - 12:33 AM said:

Unless you're using a version of ComputerCraft before the modem api existed as there was no way to change the ID back then.

Yes, it was even possible then :ph34r:/>

Oh? Do share how exactly did you accomplished such thing? Sounds interesting (if not outdated)

Will the moderators allow it?

Not malicious!

If memory serves me, it was accomplished by overriding os.computerID() in a top-level coroutine hook.

sens, on 04 November 2013 - 06:50 AM said:

Will the moderators allow it?

Not malicious!

If memory serves me, it was accomplished by overriding os.computerID() in a top-level coroutine hook.

Oh!!! Didn't think about that. Will need to remember that for future. It could be used to do many other nice (and not so nice) things too.

He's wrong.

Lyqyd, on 04 November 2013 - 11:09 AM said:

He's wrong.

Ok.. Oh well it sounded probable. Well back to normal i guess.

Someone will just have to install an old version of Minecraft and test it :)/>
Unfortunately it won't be me at this time.

local os.getComputerID = function()
    return 5 --#or any number you want
end
rednet.broadcast("My ID has been spoofed")

It's way easy to trick rednet, because you cannot prevent someone from overwriting their computer ID.

thats an interesting exploit you found

ETHANATOR360, on 05 November 2013 - 09:01 PM said:

thats an interesting exploit you found

Its not really an exploit. Its more just knowing how it the new system works, not really anything groundbreaking.

sens, on 04 November 2013 - 11:23 AM said:

Someone will just have to install an old version of Minecraft and test it :)/>
Unfortunately it won't be me at this time.

No, you're simply wrong. Using the pre-channels-update modems, there is no way to spoof or otherwise misrepresent your computer's ID.

Lyqyd, on 07 November 2013 - 01:24 AM said:

No, you're simply wrong. Using the pre-channels-update modems, there is no way to spoof or otherwise misrepresent your computer's ID.

Actually, using any version of the rednet api(at least, since i've been a member) you can spoof your ID with the method I posted earlier.

Sigh. Over the wireless modems prior to channels, the rednet API does not invoke os.computerID(). Over bundled cable, yes, but it is not used at all over modems. Did you ever successfully use that to spoof rednet pre-channels? There's nothing in the Lua to suggest that it would be possible, and I highly doubt the Java side would use a Lua function when setting the ID of the sender for the event.

Lyqyd, on 07 November 2013 - 01:24 AM said:

sens, on 04 November 2013 - 11:23 AM said:

Someone will just have to install an old version of Minecraft and test it :)/>
Unfortunately it won't be me at this time.

No, you're simply wrong. Using the pre-channels-update modems, there is no way to spoof or otherwise misrepresent your computer's ID.

Certainly wouldn't be the first time I'm wrong, but that is the method I recall from… er… winter 2012 maybe. The community I played with then has gone its separate way and I have no copies of our programs. Since I will be on the road for the next few weeks (no opportunity for Minecraft), I'll leave it to you clever people to find the answer.
Cheerio!

Lyqyd, on 07 November 2013 - 05:02 PM said:

Over bundled cable, yes, but it is not used at all over modems. Did you ever successfully use that to spoof rednet pre-channels?

It was rednet pre-channels, but I can't remember whether it was over bundled cables or wireless.

Lyqyd, on 07 November 2013 - 05:02 PM said:

Sigh. Over the wireless modems prior to channels, the rednet API does not invoke os.computerID(). Over bundled cable, yes, but it is not used at all over modems. Did you ever successfully use that to spoof rednet pre-channels? There's nothing in the Lua to suggest that it would be possible, and I highly doubt the Java side would use a Lua function when setting the ID of the sender for the event.

I was talking about pre-channels(I always called them frequencies since that's what they're referred to as in the wiki) yes. I think I was mistaken as to what you were saying before.

You were mistaken!

Cloudy, on 13 November 2013 - 09:32 AM said:

You were mistaken!

It does occur from time to time.