How a 69 KB Photo Made TF2 Unplayable for 5 Days
Vložit
- čas přidán 26. 04. 2024
- / discord shocord - main hangout
/ discord 24/7 100 player tf2 server (+ map testing) (shounic trenches: 45.62.160.71:27015)
/ discord join future experiments
/ shounic patreon
channel project status
trello.com/b/L3B65jUX
random feedback
forms.gle/bkuGF6attQrRPc6o9
custom files (hud / crosshairs / hitsound / killsound / gfx cfg)
pastebin.com/raw/e32aG4nP
Music: BananaSlug / user-426347780
big thanks to:
gabe/sunflower, bakugo & ficool2 for their contributions to the video!
FAQ:
Q: How did you make that? What editing software do you use?
A: I use Adobe Photoshop, Premiere Pro & After Effects. Photoshop for image editing and thumbnails. Premiere Pro for compositing and After Effects for motion graphics (the fancy animations). - Hry
yes video on the gordon freeman patch next
gordon freeman in the flesh, or rather in the 2fort
what
the what
let’s goooo, I’m with the science team
thank you
The 20terabyte heavy photo is real..
warior is real
warrior is real 1324
the warrior
warrior dot png is real
“Warrior”
So basically a zip bomb
Basically a internet version of the blitz.
yes! actually, PNGs and ZIP files both use DEFLATE, designed by Phil Katz, for compression, so this is literally the exact same thing lol
Now i wonder what kind of old data exploits are applicable in this version of source
Valve sure are funny guys
Huh I hadn't thought about it like that, but yeah, that's exactly right
" The Pornography has already breached our defenses. "
"Listen up boy, or 200 petabytes of raw images of your mother will be the second worst thing to happen to you today"
How am I going to stop some big mean mother hubbard from tearing me a structurally superfluous new behind?
The answer? use his ram. And if that don't work, use more ram.
”Grass grows, birds fly, sun shines, and brotha? I crash people’s games.”
Pyro: (*Lagging noises*)
"One shudders to imagine what inhuman images lie behind those files…"
the phone number problem was such a good example
honestly shounic is great at explaining basic concepts just enough to get right context for the videos
im totally stealing that whenever i need to explain data compression
@@ktrn6713this and the minecraft inventory slot analogy for RAM were mindblowing
real, i always learn from the internet on new ways to explain complex concepts to people like how compression works
@@TheFinnish1 likewise
"What's that?"
"its the unmatched power of the Conscientious Objector, officer"
"WH-!"
"AH-!"
WARNING Connection problem auto disconnect in 10
HL2.exe is not responding
"What's that?"
"Pornography"
*angelic light sfx*
**Uncompresses image.**
**It says “you’re stimky.”**
**TF2 crashes.**
Stimky
How dare you call me *STIMKY*
People laughed at me when I said the Conscientious Objector was the best weapon in game... _look who's laughing now._
I love you StickMaster500
We will never doubt your words StickMaster500 😔 forgive us
how are you still alive???
They should add a giant ass stick for a all class melee reskin. cuz funny
What about the Crossing Guard
The phone number explanation was amazing and so accurate
Best layperson's explanation of file compression I've ever heard tbh
What the hell is the context of the gabe clip at the end LOL?
Can't remember 100% but the context was basically
> 2011
> Half-Life 3 still not released
> Me angry
> Call my homie to protest at Valve HQ
> 2manpeaceprotest.png
> They call the police
> ocrap.jpeg
> Turns out police are a huge TF2 fan, so he joins the protest
> Gabe appears
> Gabe calls them to enter Valve HQ and let them play Dota 2 beta
> Also, free pizza
It was a happy ending story except we still didn't get Half-Life 3
at this point it's probably AI
please we need to know @shounic
@@manitoba-op4jx It's not.
@@manitoba-op4jx AI isn't that good
2:24 The only thing deadlier than a full team of Sniper bots: Taking out a bugged sign.
ah yes, the reverse coconut
tunococ
.ti seod taht woc nedoow eht s'ti ,oN
I cant believe this misinformation is still spreading. The coconut can be removed from tf2 just fine, this rumor originated from a reddit post. The 2fort cow, however, does contain files so important to tf2 that every map must have one somewhere to work at all. This would be the reverse cow, not reverse coconut.
@@novaseer2 no cock?
@@jakestaheli8532 Now you have become the one to spread misinformation. The 2fort cow is nothing special, it just happens to be present within a 105MB file that TF2 needs - not for the cow, but likely some other critical info contained elsewhere within it. Please revise your shounic lore lest you fall victim to that which you swore to destroy.
>downloads 69 KB png
>look inside
>2 GB raw
> ItGetsBigger.PNG
It's crazy it took almost 2 decades for this to be discovered
This is basically a ZIP bomb and ZIP bombs are kind of a recent trend so it makes sense that this got found now.
EDIT: I get it, ZIP bombs were a thing for a long time. It is still possible that the last time they were trending is what prompted someone to look into TF2.
One shudders to imagine whats behind those spaghetti codes...
@@klad2860 "Every weird bug I don't understand is Source spaghetti".
@@klad2860this isn't a bug or "source spaghetti" is simply an oversight since it wasn't known it could happen
you goober
@@NicknineTheEagle Bro zip bombs have been around since the fucking 90s.
1:50 PFFT. DAM.
Compression :D
beavers when they see a running water stream:
"...it realizes it and dies" literally me
CZcams froze for me exactly when the sign was first pulled out. It took me a few seconds to realize it WASN'T part of a joke.
RED: What's the next step in your master plan?
BLU: Crashing this server, "Pulls out comically large decal", WITH NO SURVIVERS!!!
NGL, the ability of shounic to explain concepts so simply is insane. The 64bit vs 32bit difference and the phone number explanations are genius.
the phone number problem is such a good example because that's not too far from how DEFLATE works in actual PNGs
Honestly, its surprising that it took, what, basically a decade for this to be found?
I mean, in principle its so simple, its honestly surprising it never was found even by accident before.
Like some Timmy thinking it would be funny to put a massive black PNG on his objector or something.
I would guess the need for hacks to upload images larger than 128x128 was what made this take so long to be exploited.
Kinda discourages experimentation for most people.
Sometimes simplicity is the recipe to make hard things to discover
Tf2 has a lot of nuances, so the fact that no one tried this before now is almost impossible. Source spaghetti must have just discouraged people from trying to find something like this, despite this being so simple and irrelevant to source spaghetti.
I like how you idiot proof your explanations. Really good example with the ten 1's thing
Nope I still didn't understand anything.
@@valetc6479 The raw version is more elaborate than the png version, aka the data in the png version is condensed all into one simplified action rather than multiple actions that are performed in succession, that's how i think of it.
@@valetc6479I take it as pngs thinking of multiple pixels of same colour as a single stretched pixel
@@valetc6479they use an extremely compressible image, which the .png extension will compress, fitting it in Steam’s 69kb limit. TF2 ignores the image’s compressibility and just reads exactly what it is, which for these images that caused crashes might just be a really really big image, or something. The image is too big for the data TF2 is allowed to use on your computer, and the game crashes.
I went to vocational college for a while where we had IT related subjects. When we had the topic of compression they used the same example and it conveys the principle behind compression in a really simple manner
It doesn't affect sprays because sprays have to be VTF in the first place, and they get converted locally when you import them. It's only the custom decal items that use the PNG->RAW pipeline.
2:02 What. Just what. I had no idea compression saves so much space.
TBF most of the time you aren’t using mono colored images.
its an extreme example
also compression doesn't "compress data" per say but rather decreses the ineficency of the unrefined version
Example: in a photo alot of pixels next to other pixels will naturally be the same color so you can just say "the same as before" when compressing alot but if you were to basicly randomise all the pixel colours then that photo would reach maximum data usage , and would be imposible to further compress.
its kinda like that whole trying to find infinite energy thing, every time you think you can compress more data to less you realise: the older data was inheritly inefficent or the action of compressing adds too much data to actually make the difference
Edit: typo cam -> can (damn turkish outocorrect, cam=glass in turkish)
What I ment in the last sentence was this: ımagine you can send a photo by each pixel having 15 diffrent colours So you have 15 things you can send. Now if you use a compressing algorithm then the 15 possiblities will become 16 with the "the same as before" command. if you are using a 4bit system you can either 1: use the extra space in the 4bits (2^4=16, 16-15=1) to carry extra data for an extra pixel (in this case. if you are efficent you can use 15×4bits to transmit 16 pixels or you can reserve one of those for the same as before thing.
you cant do both since specifying which one you are doing for each pixel will cost valuable data, and if you do the math you will realise on avarage the refined version (assuming randomised data) will be of either the same or less efficency than the raw data one
I know the comments were long im just tryna improve my English skills,
This is what being turkish does to a mf
it's not compression being a miracle, but .bmp being fucking a fucking awful file format
it stores the data of every single pixel, whereas .png says "this one looks close enough to the one before, just make it the same color)
just wanted to say, the description you gave of the “ten ones” phone number for png vs. raw data is the best layman’s description of image compression I’ve ever heard. I’m gonna be using that. bravo
The fact that the file size limit for the sign is The Funny Number just.. can't be a coincidence. I refuse to believe the Valve employee who did that didn't once think about that.
File sizes can be weird, due to the fact that binary doesn't go in 1000s like normal metric, but in 1024s. Maybe it's actually like 68,000 bytes and change, and is just rounded up as 69 KB for ease of reading. Honestly, I'm more interested as to why they can't just slap PNGs directly onto the signs instead of decompressing them.
@@ultravioletcombat5933 The image has to be decompressed in order for the GPU to use it as a texture. The GPU has to be able to "jump around" the image and read whatever pixels it wants in any arbitrary order, which would be far too complicated to do by seeking back and forth in a compressed data stream (you can't just jump a fixed number of bytes to get to the desired pixel), so it needs you to decompress the image beforehand and hand it the raw array of pixel values.
It's just coincidence the dumb meme of the intercourse number is just a recent stupidity
@@B.L.U.S People have been making 69 jokes before you were a twinkle in your dad's eye
@@B.L.U.S Nah, it's always been slang for a specific "position". It's just recently that it's been memeified.
I love your explanations for the technical concepts in your videos (e.g: compression)!
They're very helpful to understand easily what is going on.
1:30 This is some nice explanation of the Run-Length Encoding(RLE)
Long story short is we can't have nice customisible things because people will find ways to break the game and/or show graphic images of gore and porn
They managed to fit caseoh's forehead in a Conscientious Objector
fun fact someone paid 680 keys for an "animated objector"
What a scam considering in practice anyone can just make one.
Why don't they just put an animated png on an objector, are they stupid?
Did they really? That's gotta be either world's smartest scammer or the world's dumbest trader
Typical brain dead tf2 player
How??
I am surprised this was not a thing until now. Sounds like the simplest way of crashing, that could have been though of since day one of custom signs addition.
Such an interesting title as someone who’s just kind of been in the background in the TF community I’m gonna have to see this
That is the best explanation i've ever heard for compression and how relational databases work in general.
This issue was so bad that even Delfy was saying that Valve needed to fix it as soon as possible. XD
The troll face not smiling..
@@Legenduckymf said 👿
Well yeah. Just crashing a server isn't funny.
Loved your compression example!
I want to say that, as someone with very limited knowledge on tech and how games work, I think your way of explaining stuff is so great! It makes it easy for someone like me to properly understand what has happened. Like the phone explanation I was like "ooooohhh that makes sense"
Yo that explanation between png and raw is so applicable across so many mediums I don't think you understand 😂 awesome video
As soon as I heard the format in question was PNG, I thought "Ah! A ZIP bomb!"
PNG and ZIP both use the same compression algorithm. PNG just applies some reversible filters to the image data first to make it compress better.
That was the best way of describing compression. Ever.
Thank you.
Not only is this incredibly well explained but the gabe bit at the end was absolutely hilarious and so fitting
your analogy on how compression works is actually pretty accurate.
_its mine now_
One of the best explanations of raw vs compressed I’ve seen
GORONDON FROMEN
fromage .
la formagr
Thank you Shou I love Shounic videos
Ironically, the old 32-bit build was a massive help for catching this bug since it turned a mundane oversight into a crash.
Good thing TF2 shipped a 64bit build! Should be tons of memory available for that 2GiB now.
I think you might be my favorite tf2 content creator
This is a well known attack vector (there is also a tiny png with an absurd res in the SecLists repo) but the magic is trying to use it in tf2 and working around the various limitations. I love this stuff and it drives me.
I feel like shounic would be a really good teacher if that was his job
I like that for a time you could enter a server with a functional memetic hazard all ready to go. Go full Perseus.
1:20 "You wouldn't say one, ten times."
Yes I very much would. I would be insufferable.
The weird thing is many English speakers do the "compression" thing even when there's no compression factor, e.g. double-oh-seven for 007 instead of oh-oh-seven. Meanwhile, service announcements in English in Europe will read 0000 as zero-zero-zero-zero.
That exploit is really really really cruel my Bois!
you don't need to even create a valid PNG for this bug btw you can just hex edit a 1KB PNG to make it think its infinitely sized and tf2 will crash. btw this works on the 64 bit version as well. you also failed to mention that bots werent affected by this crash.
Fun fact: until the release of Windows 10 21H2, all versions of Windows 8, 8.1 and 10 were susceptible to the exact same bug when copy-pasting an extremely horizontally large png from one place to another.
It tries to unroll the png into a bitmap in memory to allow the destination to convert it into another format if it wants to, but if the image unrolls too large, it writes the clipboard buffer out-of-bounds.
We even determined that you could interfere with other process memory that way, so it was given a CVE and patched in a week. Windows 8, 8.1 and 10 are no longer vulnerable to it.
I discovered this after making a meme by stitching together large images of regional indicators (the white letters on a blue background) approximately 250k pixels wide and pasting it into Discord. Instant bluescreen, every time.
We called the exploit "bluebomb", because blue was the dominant color in the program. There's a 10 line C file to reproduce the error, instantly crashing any vulnerable Windows system upon executon. Good times.
Somehow this reminds me of Borderlands. There used to be a mod where you could "down" your entire team by using a "health* perk that was modded to the most negative number the game could handle. It would instantly incapacitate the other 3 players and you could just sit there and laugh at them. Freezing the entire game seems pretty fun as well.
I like how shounic uses understandable metaphors for us mere mortals to comprehend
thank you for the great video!
No gaben don't let him pull out the sign!
I want to know where you got Gaben’s monologue at the end from
Having a whole servers breakdown issues because of a picture is so much a typically TF2 problem I'm not even surprised the slightest
the homestuck update
Thank you for explaining it well
ahh just noticed it was you who made the 64bits TF2 video explanation, GG, subscribed
I think it came before April 13, as it happened to me on the 10th, I have screenshots of a disrupted (god forbid) 2fort match.
This is now the official TF2 Wiki and the visuals, just so neat and I can understand quickly
best gabe newell ending clip yet
Im someone that explains science as a living.
Ive been watching you for a while and im consistently impressed by how good you are at explaining things both visually and verbally to an audience with reasonably low understanding of computer topics (like me).
Nice work man
thanks :)
Me when my hungry objector eats all of my ram.
Great, I had an un-decaled conscientious objector for the memes and now I can't use it or else people will think I'm trying to crash the server. 10/10
I like the fact that i completely missed this because i was working on projects in a roblox game
huh, I do remember my game randomly crashing on me 3 times in a single day with that exact reason of "out of memory space. texture settings may be set too high", and it might've been the 13th... good to know it wasn't my PC deciding to kick the bucket
1:16 shounic wtf????? this is the best way you described something for non-techy people. wow.
oh so it was just a PNG decompression exploit. sick. how the fuck did no one think of this until now
the load bearing coconut is needed
"I have become raw. Destroyer of servers"
The sight of sprays gave me an idea: what if we added workshop-made sprays that were allowed by valve on any server?
That spray is the best thing ever.
On another note - are you planning on doing some performance testing of the 100 player server now with 64-bit?
As soon as I saw that the resizing was client-size I figured about where it was going.
So what they did is made a scp foundation memetic kill agent in tf2, never thought this is how it's done
This was a fun week
"realizes it can't and dies"
Basically how compression works🔥
for 5 days in a game with flamethrowers and rocket launchers the most powerful weapon was a literal piece of wood with a weird image on it
sounds fitting for TF2
Love your videos
What is the story behind that gaben quote at the end
Probably the people that protested outside of Valve HQ for Episode 3 to be released.
Have you ever considered doing a video about that time where people found a way to inject code into the spraypaint images that would randomly VAC ban people on the server? Always wondered how that worked. It was years ago though.
sounds made up.
it's always fun when a tf2 exploit gets found on your birthday
happy birthday!
It’s the coconut, isn’t it
honoured to have a game breaking bug drop on my birthday
valve conscientiously objected to the bug
you can go even further by modifying the height and width data in header with a hex editing tool to trick the computer into thinking the image has much larger dimensions than it does
you can go up to the 16bit limit and have it under a kilobyte. a 65536x65536 24bit image would take 12GB in ram
(i dont remember how exactly it was for pngs but that's how it works for gifs and ive actually made some before)
PNGs support up to 2,147,483,648 not the 16 bit limit
timeless flawless masterpiece they said
1:50 BMP files can be compressed with various methods (source: did a computer science project on parsing them)
As a note, if TF2 had PAE (Physical Address Extension) enabled, it would be able to use more than 4 GB of RAM. 64-bit OSes don't need this enabled on an OS-level, since they already can use more than 4 GB of RAM. So it's up to the individual programs to do it.
PAE cannot be applied directly by single user processes, it's meant for 32-bit system kernels using more than ~4 GiB of memory and was not implemented in this way on Windows anyhow. To do what you suggest, 32-bit TF2 would at the very least need multiple processes.
Minor correction: it looks like downloading the image from akamai in fact gives you a jpeg named .png. Why? No idea! But opening it in a hex editor or in Firefox reveals that it is in JFIF format. Still a decompression bomb though
What's even cooler, Windows Defender marks the 64250x64250 image as a severe threat and blocks the download
UPD: found text inside, but nothing else readable - so it is not as straightforward as a JS polyglot JPEG probably. If someone could explain what this means, that would be awesome!
its the warrior
If Valve added a toggle in the settings to turn off decals, so many sign-related problems would instantly be solved.
Honestly, I'm surprised Valve ever allowed us to upload custom, uncensored images into the game.
we got tf2 cognitohazards before gta 6