From ddb63bc5d29d97bebb96edf5226a4a66b528c42f Mon Sep 17 00:00:00 2001
From: ineed bots <ineedbots@pbot.org>
Date: Mon, 17 Apr 2023 19:56:32 -0600
Subject: [PATCH] Fix negativeAck exploit (crash DOS)

---
 src/client/component/patches.cpp | 20 ++++++++++++++++++--
 src/client/game/structs.hpp      | 12 ++++++++++--
 2 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/src/client/component/patches.cpp b/src/client/component/patches.cpp
index 0900b5a8..6a2b59e5 100644
--- a/src/client/component/patches.cpp
+++ b/src/client/component/patches.cpp
@@ -11,7 +11,20 @@
 namespace patches
 {
 	namespace
-	{
+	{
+		utils::hook::detour sv_executeclientmessages_hook;
+
+		void sv_executeclientmessages_stub(game::client_s* cl, game::msg_t* msg)
+		{
+			if (cl->reliableAcknowledge < 0)
+			{
+				cl->reliableAcknowledge = cl->reliableSequence;
+				return;
+			}
+
+			sv_executeclientmessages_hook.invoke<void>(cl, msg);
+		}
+
 		void script_errors_stub(const char* file, int line, unsigned int code, const char* fmt, ...)
 		{
 			char buffer[0x1000];
@@ -37,7 +50,10 @@ namespace patches
 			// Change 4 character name limit to 3 characters
 			utils::hook::set<uint8_t>(game::select(0x14224DA53, 0x140531143), 3);
 			utils::hook::set<uint8_t>(game::select(0x14224DBB4, 0x1405312A8), 3);
-			utils::hook::set<uint8_t>(game::select(0x14224DF8C, 0x1405316DC), 3);
+			utils::hook::set<uint8_t>(game::select(0x14224DF8C, 0x1405316DC), 3);
+
+			// make sure client's reliableAck are not negative
+			sv_executeclientmessages_hook.create(game::select(0x14224A460, 0x14052F840), sv_executeclientmessages_stub);
 
 			scheduler::once([]
 			{
diff --git a/src/client/game/structs.hpp b/src/client/game/structs.hpp
index 424c59ac..696a33c5 100644
--- a/src/client/game/structs.hpp
+++ b/src/client/game/structs.hpp
@@ -1583,15 +1583,23 @@ namespace game
 		int client_state;
 		char __pad0[0x28];
 		netadr_t address;
-		char __pad1[0x5588];
+		char gap_3C[20468];
+		int reliableSequence;
+		int reliableAcknowledge;
+		char gap_5038[4];
+		int messageAcknowledge;
+		char gap_5040[1416];
 		uint64_t xuid;
 		char __pad2[0xB5D84];
 		int guid;
 		char __pad3[0x8];
 		bool bIsTestClient;
-		char __pad4[0x29DAC];
+		char gap_BB361[3];
+		int serverId;
+		char gap_BB368[171432];
 	};
 
+
 #ifdef __cplusplus
 	static_assert(sizeof(client_s) == 0xE5110);