Adjustment need for existing PHP script.
EA games has introduced a new gamespy protocol with a challenge.
These changes revert the changes that have been made to the query protocol yesterday. The surprising thing is, that EA/GameSpy has the control over the individual game servers, so they can determine how they are reacting to a status query.
The old GameSpy query as used in BF2 prior to patch v1.3 was pretty simple: client sends a query request, game server responds with the status info. Nevertheless, this method was very vulnerable to be exploited for DDoS attacks by UDP spoofing. A hacker could send a status query request to a game server with a faked sender IP address of a server he wants to attack. This made the game server send the status info to the victim server instead back to the original sender. What makes this attack so effective is, that the initial query is very short (10 Bytes), but the response rather big (several hundred bytes). So a hacker can cause big traffic, tho he has to "invest" much less traffic on his end, and use it to "overload" a victim server: DoS - denial of service.
With BF2 patch v1.3 EA/GameSpy introduced a "challenge" method. A status query now worked like this: client sends a request for a "challenge key" to the game server. The game server responds with this key - a unsigned 4 byte integer number (like 12345678). The client now has to convert this number into a 4 byte sequence and send it back to the server in addition to the actual status query. Now the game server responds with the status info. This has the advantage, that the game server verifies the sender IP address, and therefor its no longer possible to fake a wrong sender IP.
Today with the "2:00 PST changes", EA/GameSpy have reverted their changes made with the patch yesterday. The (rebooted) game servers now only respond with "0" to a challenge key query, and send normal status info again, on good old status queries.
You can get a copy of our script at our site squery com
We just need a small addition so our clients can use this script again.
This may be an ongoing project.