Interview: Thilo Schulz, EF 1.37 Patch Author, IOQ3 Maintainer

Thilo Schulz is quite a busy fellow. Thilo is credited along with Ludwig Nussel in finding an exploit in the Quake 3 engine that prompted ID Software to release the 1.32c update. He is also the man who brought us the Elite Force 1.37 Patch and he is a maintainer of the highly popular IOQ3 project. A project that aims to the Quake 3 Engine source code and build upon upon it, by fixing the various bugs and adding new features to the game engine.

The Beer Garden had a chance to shoot him a few questions about the EF 1.37 Patch as well as his part in the IOQ3 project.

Q: There was an Elite Force ‘1.3 patch’ started some time ago by Grand Negas. It was a highly anticipated relase in the Elite Force community, after many delays it was put on the backburner and enventually released without much fanfare. How is what you are doing different from the 1.3 patch Grand Negas set out to do?

Thilo: Grand Nagus’ patch is a completely different approach to improving EliteForce. I am modifying the engine, the exe file that actually runs EliteForce. Grand Nagus’ modifications were only in the game code but not the engine itself. He was adding new game modes, items and a few nice game options. This is not my goal. I am not planning on changing the gameplay of EliteForce in any way. My goal is to improve EliteForce on the technical side and fix security relevant flaws. Note that you should still be able to run Grand Nagus’ mod with my engine, though.

Q: How long have you been working on the EF Patch.

Thilo: I started work in October 2005.

Q: I’ve heard some players who have been playing Elite Force since it came out 6 years ago, say “Why should I update?”. What is your response to them? What is a compelling reason for players to update the engine.

– Nicer graphics (sharper textures, higher detailed explosion effects, better flare effect), don’t expect EF to look miraculously as good as Doom3, though.
– OpenAL sound support (being used in most current 3d game titles),
– A couple of security relevant flaws were fixed,
– HTTP download support for new maps

Additionally, there are many nice features like AVI video capture, Ogg Vorbis sound file support and upcoming .png file support in future releases for modders. Bear in mind that most of these improvements were not done by myself but resulted from the usage of the ioquake3 codebase where a couple of coders besides me have added their input and are still doing so.

Q: You’ve also spent some time updating the qvm’s to get up to par with the updated engine. What are some of the new features.

Thilo: The ui part has Thomas Sahling’s LCARS patch integrated. Then there is an ingame menu now adding ignore functions so you can ignore chat messages from abusive players. Furthermore, server admins will find several bugs fixed that probably have been bugging them for some time, like bots not being able to join password protected servers. A list of all changes can be found here:

Q: While the whole project of reverse engineering Elite Force seems massive, what was the most challenging part of the project.

Thilo: I actually did not need to reverse engineer the original game. For the most part, the information needed was contained in the freely available source code for the QVMs released ages ago already. One has to consider that EliteForce basically is the Quake3 engine stuck at point release 1.17. So I had to adapt the Quake3 sources to make the engine compatible with the QVM files as delivered in Raven’s official patch 1.2. The biggest challenge were the additional features that were obviously added by Ravensoft to the engine that never existed in id’s version of Quake3. I had to recode these features so that various things the game code is triggering like adding certain rendering primitives to the scene work like in the original. Sometimes I was starting the original game and looking at the 3D scene with r_showtris enabled to see how exactly stuff was rendered and trying to mimic it as closely as possible, but often names used in the original game code were my only clue what these features really do.

Q: I understand you run a master server for the EF community. This is great considering when the EF master server goes down it is down for days at a time. Tell us a bit more about the master server your running.

Thilo: That is correct. The master server I am running is reachable via the address:

It is a slightly modified version of dpmaster that returns the server list in an EliteForce compatible format.

Q: How can your average player take advantage of utilizing your master server.

Thilo: He needs to set one of the sv_master* variables, like sv_master3 to “” and select “Internet3” in the ingame menu for searching servers, which is default on new installations of the game where no previous config exists, by the way. Or add the address to their favorite server browser program they’re using.

Q: How can server admins take advantage of it (your master server)?
Thilo: Same as for the players: they need to set one of the sv_master variables to the master server address.

Q: The IOQ3 project ( is one of the more notable projects dealing with the Quake 3 engine since ID Software released it under the GPL. What is your involvement in the IOQ3 project.

Thilo: I am a maintainer there and fixing bugs when I find them or if they get reported and I have the knowledge and time to do it. I also create the Linux installer for ioquake3.

Q: You are credited along with Ludwig Nussel in finding an exploit in the Quake 3 engine that prompted ID Software to release the 1.32c update. What was so serious about this exploit to prompt ID Software to release a new patch after all this time?

Thilo: The security exploit basically made it possible for any player to download security sensitive files from a server that allows autodownloading, like the server configuration file containing the rcon password or even worse:
system files like /etc/passwd in Linux. Naturally, the server from my release is not affected anymore but there are still many EliteForce servers out there who have sv_allowdownload set to 1 and are vulnerable!

Q: Did you approach ID Software about this problem? What prompted them to release a patch?

Thilo: Ludwig Nussel, who is another maintainer for ioquake3, contacted the key persons at id software. He was originally the one who got the idea that this bug exists after I fixed a bug related to autodownloading that I found when I was working on EliteForce. Then shortly after our finding of the bug, another serious security flaw, this time on the client side, was found and published at It enables malicious servers to execute arbitrary code on players that are unfortunate enough to join.They released the patch because there are still many Quake3 players who needed punkbuster support which will never be included in Open Source releases due to licensing issues.

Q: What other projects are you involved with?

Thilo: Firstly, I am writing for an IRC Services package, named KickServices but I didn’t find time to continue development for as much as a year as I got started with this Elite Force project. Secondly, I am creating the Linux installers for the World of Padman modification and run a server for their game.

Q: Do you write code professionally?

Thilo: No. I study electrical engineering and information technology in my third year at the University of Stuttgart.

Q: Do you have any plans or inspiration to embark on a stand along game project of your own in the future?

Thilo: No, and I do not think this will ever happen.

More info on The IOQ3 Project can be found here:

You can find ports for all OS platforms on Thilo’s EF Patch site is here:

Download 1.37 EF Patch For Windows (Beer Garden)

About Shafe

Brian Shaffer is a veteran programmer, programming professionally since 1991. His first gaming computer was a Commodore Vic-20 in the 80s. Shafe founded The Beer Garden on October 23, 2004 and continues to run and maintain it along with several members of the gaming community.