FAKE PLAYERS BUG
Proof-of-concepts for the fake players bug that affects almost all the multiplayer games (and not only them).
Note that disabling the outgoing ICMP packets on the own system is suggested for testing the fake players bug (the Windows firewall already does this by default, so there is nothing to touch)
read here if you don't know how to use my stuff and tips for their recompiling

The executables in the ZIP downloads are protected by password: aluigi

---

• Generic TCP Fake Players DoS 0.2.2a (tcpfp)
  basic tool which creates multiple simultaneous connections to a specific host and port, something similar to a simple "for(;;) connect();" supports also some options for adapting it to specific types of servers through the sending of custom data (-f option).
  it's interesting to notice that various programs which accept TCP connections suffer of some negative effects caused by their stressing through this simple tool.
  
  

  ---

• Unreal engine basic client and Fake Players DoS 0.2.8 (unrealfp)
  interesting project about a basic client for sending custom commands to the servers of almost any game based on Unreal engine 1, 2 and 3:
  - America's Army
  - America's Army 3
  - Dead Man's Hand
  - Brothers in Arms
  - Deus Ex
  - Frontline: Fuel of War
  - Land of the dead
  - Magic: The Gathering - Battlegrounds
  - Men of Valor
  - Mobile Forces
  - Pariah
  - Postal 2
  - Raven Shield
  - Red Orchestra
  - Red Orchestra 2
  - Rune
  - Start Wars: Republic Commando
  - SWAT 4
  - The Wheel of Time
  - Tribes Vengeance
  - Turning Point - Fall of Liberty
  - Unreal 1
  - Unreal II XMP
  - Unreal Tournament
  - Unreal Tournament 2003
  - Unreal Tournament 2004
  - Unreal Tournament 3
  - Warpath
  - X-Com Enforcer
  - XIII
  - many others
  - does not work with Klingon Honor Guard and probably other old games while others just crash completely due to their bugged netcode.
  Notes:
  - depending by the version of the engine, it can test passworded servers without knowing the keyword.
  - with the games based on the Unreal 3 engine and where is possible to use the JOINSPLIT command (Unreal Tournament 3, America's Army 3 and so on), it's enough to specify such command for testing the filling of the entire server slots using only one player: unrealfp -1 -x 2 -s JOINSPLIT 1 64 -l "ui_bink_master?Name=player?team=0?Face=0" 127.0.0.1 7777
  
  
• Torque game engine Fake Players DoS 0.1 (torquefp)
  
  
• C4 Engine Fake Players DoS 0.1 (c4fp)
  
  
• TrackMania Forever Fake Players DoS 0.1 (trackmaniafp)
  only a basic reference code for the protocol.
  
  
• Star Wars Battlefront 1 and 2 Fake Players DoS 0.4 (swbfp)
  compatible with both SWBF2 and SWBF (requires the -o option).
  
  
• Halo Fake Players DoS 0.2.1b (halofp)
  can test passworded server without knowing the keyword
  
  
• Sniper Elite Fake Players DoS 0.1 (sniperelfp)
  
  
• Sword of the Stars Fake Players DoS 0.1 (swordotsfp)
  
  
• S.T.A.L.K.E.R. Fake Players DoS 0.1a (stalkerfp)
  supports both normal and invisible (-i) fake players.
  works with both Shadow of Chernobyl and Clear Sky.
  
  
• Crysis invisible Fake Players DoS 0.1 (crysisfp)
  can test passworded server without knowing the keyword.
  
  
• Flashchat Fake Players DoS 0.1.2c (flashchatz)
  experimental tester for Flashchat (a Flash based chat).
  
  
• Armed Assault Fake Players DoS 0.1.1 (armafp)
  works perfectly in LAN but probably requires something like authorization for testing the internet servers.
  for both ArmA and ArmA2.
  
  
• Multi Theft Auto Fake Players DoS 0.1 (mtafp)
  can test passworded server without knowing the keyword.
  
  
• Battlefield 2/2142 invisible Fake Players DoS 0.1.1 (bf2fp)
  compatible with all the Battlefield 2 family (bf2, bf2142).
  
  
• Battlefield 1942 invisible Fake Players DoS 0.1.3 (bf1942fp)
  compatible with all the Battlefield 1942 family (1942, vietnam, sw, r2r and demo).
  
  
• Live for Speed Fake Players DoS 0.2.3 (lfsfp)
  
  
• Half-Life fake players bug (no auth) 0.3.2 (hlfill)
  works only with servers without authentication (WON/Steam) and implements the testing of all the hlfreeze/hl-headnut/csdos/Born_to_be_pig vulnerabilities.
  try using "-p 1 -r steam" or "-p 4 -r valve" or "-p 2 -r 00000000000000000000000000000000" (substituiting that hash with your valid Steam "raw" hash) for Steam and Valve authenticated servers or directly the -x option for testing all the bugs (the manual testing is preferred).
  
  
• Kaillera Fake Players DoS 0.1 (kaillerafp)
  
  
• SA:MP invisible Fake Players DoS 0.1.12 (sampfp)
  compatible with all the server versions till version 0.3.7-R2.
  
  
• GGM (GoE GTA III Multiplayer) Fake Players DoS 0.1 (ggmfp)
  
  
• Skulltag Fake Players DoS 0.1.4 (skulltagfp)
  
  
• OpenTTD Fake Players DoS 0.1 (openttdfp)
  
  
• Legacy Doom Fake Players DoS 0.1 (legacyfp)
  causes also the freezing of the players and the subsequent termination of the server 1.42.
  
  
• ZDoom Fake Players DoS 0.1 (zdoomfp)
  
  
• Zdaemon Fake Players DoS 0.1.3a (zdaemonfp)
  due to the default limit in the server (when the tester was created this limit/fix didn't exist) which doesn't allow more than 2 players from the same IP this tool is autolimited to 2 fake players each 26 seconds.
  
  
• csDoom Fake Players DoS 0.1 (csdoomfp)
  
  
• Globulation 2 Fake Players DoS 0.1 (glob2fp)
  causes also a crash of the servers <= Alpha19.
  
  
• LBreakout2 Fake Players DoS 0.1 (lbreak2fp)
  
  
• Enet library Fake Players DoS 0.1 (enetfp)
  should be compatible with all the games which use the Enet library like the Cube and Sauerbraten engines.
  
  
• LieroX Fake players DoS 0.1 (lieroxfp)
  
  
• TetriNET Fake Players DoS 0.1 (tetrinetfp)
  
  
• Scorched 3D Fake Players DoS 0.1a (scorchfp)
  
  
• Battle Carry Fake Players DoS 0.1a (bcarryfp)
  
  
• FlatFrag Fake Players DoS 0.1a (flatfragfp)
  
  
• Darkplaces engine (Nexuiz) invisible Fake Players DoS 0.1a (darkpfp)
  compatible with the games that use Darkplaces engine like Nexuiz and with small modifications also with the Quake 1 games.
  Other games on which could work
  Other engines on which could work
  
  
• Chris Moneymaker's World Poker Championship Fake Players DoS 0.1 (chmpokfp)
  
  
• NetPanzer Fake Players DoS 0.1 (netpanzfp)
  
  
• Stronghold 2 Fake Players DoS 0.1a (strong2fp)
  
  
• Dark Vengeance Fake Players DoS 0.1 (darkvfp)
  
  
• Breed: Homecoming LAN Fake Players DoS 0.1a (breedfp)
  doesn't work with online servers.
  
  
• Roger Wilco Fake Players DoS 0.1 (wilcofp)
  
  
• Mtp-Target Fake Players DoS 0.1 (mtpfp)
  
  
• Orbz Fake Players DoS 0.1a (orbzfp)
  no support for passworded servers.
  
  
• Terminator 3 War of the Machines (LAN) Fake Players DoS 0.2 (t3wmfp)
  should work only with local servers due to the online cd-key problem but has not been deeply tested.
  
  
• Warrior Kings Battles Fake Players DoS 0.1a (wkbfp)
  
  
• War Times Fake Players DoS 0.1 (wartimesfp)
  
  
• Lords of the Realm III Fake Players DoS 0.1 (lotr3fp)
  
  
• Empire Earth 2 Fake Players DoS 0.1a (ee2fp)
  
  
• Warhammer 40,000 Dawn of War LAN Invisible Fake Players DoS 0.1a (dowfp)
  works only with LAN servers.
  
  
• BZFlag Fake Players DoS 0.1.1 (bzflagfp)
  can test servers protected by password without knowing the keyword.
  
  
• Yager Fake Players DoS 0.1 (yagerfp)
  
  
• Race Driver 2 Fake Players DoS 0.1a (rd2fp)
  
  
• IGI 2: Covert Strike Fake Players DoS 0.1a (igi2fp)
  
  
• FunLabs games Fake Players DoS 0.1a (funlabsfp)
  this tool should work with all the games developed by FunLabs: 4X4 Off-road Adventure III, Cabela's Big Game Hunter 2004 Season, Cabela's Big Game Hunter 2005, Cabela's Deer Hunt 2005 Season, Cabela's Dangerous Hunts, Revolution, Secret Service - In harm's Way, Shadow Force: Razor Unit, US Most Wanted: Nowhere To Hide and possibly others.
  works partially also with servers protected by password without knowing the keyword.
  
  
• Chaser Fake Players DoS and clients disconnector 0.1a (chaserfp)
  can test servers protected by password without knowing the keyword.
  
  
• Ca3De Fake Players DoS 0.1a (ca3defp)
  
  
• Scrapland invisible Fake Players DoS 0.1a (scrapfp)
  
  
• Ventrilo Fake Players DoS and brute forcer 0.2.10 (ventrilofp)
  includes also some additional options for testing/stressing specific fields of the Ventrilo server and its attached clients like, for example, the continuous changing of the comment which in my local tests resulted in the freezing of the other clients.
  exists also a password guessing feature for testing the strongness or weakness of the admin and join password, anyway it's only a marginal and no longer in development feature because not related to the fake players bug.
  supports both the 2.x and 3.x versions of Ventrilo.
  
  
• Armagetron / Armagetron Advanced Fake Player DoS 0.1.1 (atronfp)
  
  
• nFusion engine Fake players DoS 0.1.1a (nfusionfp)
  compatible with Line of Sight Vietnam, Deadly Dozen 2 Pacific Theater, Elite Warriors Vietnam and other games that use the same engine.
  
  
• Tread Marks Fake Players DoS 0.1b (treadmarksfp)
  
  
• Gotcha Fake Players DoS 0.1a (gotchafp)
  
  
• Hot Wheels Stunt Track Challenge Fake Players DoS 0.1a (hotwheelsfp)
  
  
• Painkiller (LAN) infinite Fake Players DoS 0.2.2a (painkfp)
  works only with servers that don't use the online authorization (since should be required a valid online cd-key for each fake player). Supports any version from 1.00 until the latest 1.64.
  
  
• Savage Fake Players DoS 0.1.1 (savagefp)
  
  
• Far Cry Fake Players DoS 0.1a (farcryfp)
  very very simple tester, doesn't support servers protected by password.
  
  
• Codename Eagle Fake Players DoS 0.1a (codeaglefp)
  
  
• Il2-Sturmovik Fake Players DoS 0.1a (il2fp)
  works with any Il2 game like Forgotten Battles and Pacific Fighters and can test also servers protected by password without knowing the keyword.
  
  
• Soldner LAN Fake Players DoS 0.1a (soldnerfp)
  doesn't work with online servers.
  
  
• Neverwinter Nights special Fake Players DoS 0.1a (nwnfp)
  interesting solution which contains a special mode (-s) able to test internet servers without using cd-keys and servers protected by password without knowing the keyword.
  
  
• Serious engine fake player DoS 0.3a (ssfakep)
  should work with any game based on the Serious engine:
  - Serious Sam (FE and SE) <= 1.05
  - Carnivores: Cityscape
  - Alpha Black Zero
  - Nitro family
  - Serious Sam Second Encounter 1.07
  can test any password protected server without to know the keyword.
  causes a crash of the games that use the UDP protocol.
  
  
• Lithtech engine Fake Players DoS 0.3 (lithfp)
  can test servers protected by password without knowing the keyword
  compatible with almost any existent game based on the Lithtech engine and other can be added easily through their GUID at command-line:
  - Alien vs Predator 2
  - Blood 2
  - Contract Jack
  - F.E.A.R.
  - F.E.A.R. 2
  - Global Operations
  - Kiss Psycho Circus
  - Legends of Might and Magic
  - No one lives forever
  - No one lives forever 2
  - Purge Jihad
  - Sanity
  - Shogo
  - Tron 2.0
  - Lithtech 1.0
  - Lithtech 2.0/2
  - Lithtech 2.4
  - Lithtech Talon
  
  
• Kreed Fake Players DoS 0.1a (kreedfp)
  
  
• Gore Fake Players DoS 0.1a (gorefp)
  
  
• Codename: Outbreak (Venom) Invisible Fake Players DoS 0.1a (outbreakfp)
  
  
• Hired Team (Shine engine) Fake Players DoS 0.1a (hiredtfp)
  
  
• DirectPlay 8 Fake Players DoS 0.1.3 (dplay8fp)
  this is a fake players proof-of-concept which works with any game that use DirectPlay 8.
  that version of DirectPlay is used by various games (DirectX 8/9, the older use DirectPlay 7) which can be easily recognized by the dpnsvr.exe process and/or the UDP port 6073 in listening mode when the server is running.
  it uses some files (called join_files) needed for each specific game because, except some of them, many games use some particulars parameters in the join packet which sometimes change even between different game versions.
  read the text file inside for all the needed information, details and examples.
  latest dp8games package: 30 Aug 2005
  example of games which use the DirectPlay 8 protocol: Age of Wonders Shadow Magic, Bandits, Besieger, Dangerous Waters, Deer Hunter 2004 and 2005, Dungeon Siege 1 and 2, DXQuake 3, FairStrike, Freelancer, G.I. Combat Episode I, Gekkeiju, Giants: Citizen Kabuto, Hidden " Dangerous 2 / SS, Homeworld 2, Il rosso e il nero, Jolt3D, Judge Dredd vs Death, Locomotion, Monopoly Tycoon, New World Order, No brakes 4x4 racing, O.R.B, Operation Blockade, Operation Flashpoint, Perimeter, Pro Bass Fishing 2003, Pro Rugby Manager 2004, Robot Arena 2, S.W.I.N.E., Sacrifice, Scorch an Island, SkyTracks, State of Emergency, Steel Tide, Supreme Ruler 2010, Trophy Hunter 2003, True Crime Streets of LA, Vietcong, Warlords Battlecry III, Warrior Kings, Wings of War, Condor, FSHost and more.
  
  
• DirectPlay 6/7 Fake Players 0.1 (dplay7fp)
  fake players tester for all the DirectPlay games (version 7 and below).
  If you don't know what games support this version of DirectPlay check if they open the ports 47624 and 2300, typical of this version of DirectPlay.
  
  
• Teamspeak Fake Players DoS 0.2.1 (tspeakfp)
  the code is enough commented and the tool supports also some options for testing/stressing specific parts of the application.
  
  
• Master of Orion III Fake Players DoS 0.1 (moo3fp)
  
  
• IronStorm fake players DoS 0.1a (istormfp)
  
  
• Doom 3 engine invisible fake players DoS 0.1.2 (doom3fp)
  at the moment it's compatible only with the following games based on the Doom 3 engine (id Tech 4):
  - Doom 3
  - Quake 4
  - future supported games here (only their checksums are required to use them)
  the tool needs to know a specific CRC which changes for each game so must be updated everytime a new game which uses the Doom 3 engine is released.
  supports also passwords and cd-key authorization, check the source code for more information.
  
  
• Celtic Kings LAN fake players DoS 0.1 (ckfakep)
  
  
• StarShatter Fake Players DoS 0.1a (sshatfp)
  fake players and server freeze/crash (<= 3.9.0 versions)
  
  
• Midnight Club 2 Fake Players DoS 0.1a (mc2fakep)
  tested only versus the demo version but I "think" it can test the full game too
  
  
• Battle Mages Fake players DoS 0.1 (battlemagfp)
  
  
• Avoyd Fake players DoS 0.1a (avoydfp)
  
  
• Team Factor Fake invisible players DoS 0.1a (tfactorfp)
  
  
• Red Faction (version 1.20 only) Fake players DoS 0.1.1a (redfacfp)
  works only with the 1.20 version that is the latest official version of the game.
  a version for the Worlwide demo 1.0 is available here.
  
  
• Etherlords 2 Fake players DoS 0.1.1a (eth2fp)
  
  
• Ratbag's engine Fake players DoS 0.1.1 (ratbagfp)
  supports all the games written by Ratbag, a list is available here.
  
  
• Big Scale Racing <= 1.04h Fake players DoS and crasher/freezer 0.1 (bsrfpcrash)
  
  
• Worms Armageddon (LAN) Fake invisible players DoS and match freeze (wormsafp)
  works only with LAN servers and has been tested only with version 3.0.5.0beta2 of the game.
  
  
• Quake 2 engine Fake players DoS 0.3.1a (quake2fp)
  compatible with all the games based on the Quake 2 (id Tech 2) engine:
  - Quake 2
  - SiN
  - Heretic 2
  - Kingpin
  - Daikatana (the server crashes after a single player if "modelname" is not set)
  - Soldier of Fortune doesn't seem supported or at least not online
  - Code Red: Alien Arena
  - Alien Arena 2006 GE
  - R1Q2 - R1CHs Enhanced Quake II
  - other games
  - other engines
  the tool contains some interesting options for choosing the nicknames to use and moreover to send a sequence of custom commands to the server for each fake player.
  
  
• Medal of Honor (AA, SH and BT) Fake players DoS 0.2.1a (mohaafill)
  proof-of-concept specific for the Medal of Honor games: Allied Assault, Spearhead and Breakthrough.
  the only requirement is for the last two games (SH and BT) where is required a valid online cd-key to test an internet server due to the usage of online authentication.
  is possible to use custom player names through the editing of the mohaafill.ini file located in the same folder.
  
  
• Speed Challenge Fake players DoS 0.2 (scfakep)
  
  
• Need for Speed Porsche 2000 Fake players DoS 0.1a (porschefp)
  
  
• Toca Race Driver 1 Fake and unkickable players DoS 0.3.1 (rdfakep)
  
  
• 4x4 evolution Fake players DoS 0.1a (4x4evofp)
  support for password protected servers is NOT implemented.
  
  
• Haegemonia Fake players DoS 0.1a (haegfp)
  
  
• Tzar <= 1.10 fake players bug and remote crash 0.1 (tzarff)
  causes also a strange crash of the server.
  
  
• Need for Speed: Hot Pursuit 2 Fake players DoS 0.2a (nfshp2fp)
  supports both 240 and 242 versions.
  
  
• Ghost Recon engine Fake players DoS 0.3 (grfakep)
  works versus any game based on this engine.
  
  
• Quake 3 engine fake players DoS 0.4.4e (q3fill)
  compatible with any game based on the Quake 3 engine (id Tech 3), like:
  - Call of Duty 1, UO, 2 and 4 (5/waw is supported if is supplied the correct server hash with -d)
  - Quake III Arena
  - Return to Castle Wolfenstein
  - Soldier of Fortune II: Double Helix
  - Star Trek Voyager: Elite Force
  - Star Trek: Elite Force II
  - Star Wars Jedi Knight II: Jedi Outcast
  - Star Wars Jedi Knight: Jedi Academy
  - Wolfenstein: Enemy Territory (2.60 too but requires a bit of practice, use -B ? for the info)
  - others
  the tool can be also used to test the so called "q3unban" bug automatically, which allows a client on a banned IP address to join the server.
  exists also a support for servers which require online authentication (like a valid online cdkey) but only Quake 3 Arena has been supported and tested.
  
  
• Tribes 1 (Starsiege) fake players DoS 0.1a (tribes1fake)
  
  
• Medieval Total War 1.1 fake players DoS 0.1 (mtwfakep)
  

• An introduction to the Fake players bug 0.1.1 and italian version
  old document I wrote many years ago which is mainly an explanation of the first version of hlfill, available only for hystorical reasons.