Mirage Source

Free ORPG making software.
It is currently Thu Mar 28, 2024 9:22 pm

All times are UTC




Post new topic Reply to topic  [ 257 posts ]  Go to page 1, 2, 3, 4, 5 ... 11  Next
Author Message
PostPosted: Mon Jun 12, 2006 5:45 pm 
Offline
Regular
User avatar

Joined: Mon May 29, 2006 5:33 pm
Posts: 30
Haha, that last post ended up with arguments, but this one is to show you exactly how a few things can be done with packet sniffers. Thus giving you the proof you said we need to have before making a claim about something.

Ok, I believe this works on all versions of MS including playerworlds, assuming encryption was never added to it.

I was playing around with my packet sniffer just to see how dangerous it was to have someone watching the packets and found a few things out. When the client sends the editmap packet, the server checks to see if the user has access before sending the packet "editmap" back. On the client side, this packet just opens up the mapeditor no questions asked. Normally not that big of a deal because the server has checked if the user has access right?

Using a slightly modified packet sniffer than the one I posted here:
http://ms.shannaracorp.com/forums/viewt ... ?p=880#880

I was able to send to the client, the packet "editmap" and the client assuming I was given permission by the server, just naturally opened up the mapeditor. Of course, the user can't upload a new map without access, but he sure can view it. Meaning, let's say you have a quest that's sort of a maze with invisible walls, or let's say you have a quest where there's several maps that look the same and you have to enter them in a certain combination (up, left, up, up, down, right) in order to get out of the maze. They can easily just look at the mapeditor to find their way through.

Also I'm not sure if this will really work (haven't tested it yet), but in theory, I seem to remember that while mapediting, an admin could remove all blocks on the map, get to the otherside of the map cutting straight through where the blocks were, and then leave the map, thus closing the mapeditor without making any changes. Making a complete shortcut straight through blocks he shouldn't be able to go through. So still completely in theory, with a normal user, the same applies to them.

And before you mention the Position Modification, yes, I know that there is that check, but I also seem to remember, that check not always working. May not be the case for you, but again, it's only theory.

What can you do to prevent this? Absolutely nothing, minus encrypting your packets. Because as stated, the client doesn't currently check if you have access. If you add this check, there's another really simple way around it. You can also just send the following packet to yourself in the same way you send the editmap packet to yourself plus all the sep_chars:

Quote:
"playerdata" & WhateverMyIndexIs & name & sprite & map & x & y & dir & 4 & pk


What does this do? Well look near the end, notice the bolded 4? That's setting your access on the client-side, to 4. Meaning you would still have access to viewing the mapeditor.

There's probably other similar packets. Like, item, spell, npc, shop editors?

Again, just about the only thing you can do to prevent any of this, is packet encryption or switching to byte arrays. Yes a skilled hacker could break through either, but I doubt you'll ever get one trying to break into your game. Then again, another way is the whole making the client completely without admin functions...


Top
 Profile  
 
 Post subject:
PostPosted: Mon Jun 12, 2006 6:39 pm 
Offline
Regular

Joined: Mon May 29, 2006 6:36 pm
Posts: 42
i hope ya are happy cause this guy just proved my point that the ms games could be hacked see like said in the last topic that encryption just slow down the inevitable it can be hackeds no matter what you implement it my low down the hacker but wont permantly stop them


Top
 Profile  
 
 Post subject:
PostPosted: Mon Jun 12, 2006 6:46 pm 
Offline
Persistant Poster
User avatar

Joined: Tue May 30, 2006 2:07 am
Posts: 836
Location: Nashville, Tennessee, USA
Google Talk: rs.ruggles@gmail.com
No skilled hacker with bother with a Mirage Source game anyhow. Plus, why not just rip out all the admin functions before each client release? It'd be uber easy, and probably speed up the user's clients a lot.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Jun 12, 2006 6:58 pm 
Offline
Community Leader
User avatar

Joined: Mon May 29, 2006 1:00 pm
Posts: 2538
Location: Sweden
Google Talk: johansson_tk@hotmail.com
Sonire wrote:
No skilled hacker with bother with a Mirage Source game anyhow. Plus, why not just rip out all the admin functions before each client release? It'd be uber easy, and probably speed up the user's clients a lot.


Why would it increase the speed? ohh.. damn LOL. It would. You can remove all these:
- Edit spells
- Edit Items
- Edit Map
- Edit shop
- Edit arrows
etc.. And because of the decrease in filesize etc, it would actually speed it up. And for you (the owner). You can simply just use the client with all thoes functions in it. That way you will be the only one to edit your game.

And I who was so stupid to make everything password secured.. LOL

_________________
I'm on Facebook!My Youtube Channel Send me an email
Image


Top
 Profile  
 
 Post subject:
PostPosted: Mon Jun 12, 2006 7:17 pm 
Offline
Pro
User avatar

Joined: Mon May 29, 2006 3:26 pm
Posts: 493
Location: São Paulo, Brasil
Google Talk: blackagesbr@gmail.com
One other fix for this position modification, where you can walk anywhere is only changing canmove sub form client to server. It wont slow down the server and there is no way to modify your position... An old player of my game was doing this think, exacly what you said, and I done this and now he just can't, Mirage Source games are easily hackable if you dont add any security stuff, else, dont worry....


Top
 Profile  
 
 Post subject:
PostPosted: Mon Jun 12, 2006 7:19 pm 
Offline
Regular

Joined: Mon May 29, 2006 6:36 pm
Posts: 42
they always could get a blank source of what ever engine your using an just edit everything from there


Top
 Profile  
 
 Post subject:
PostPosted: Mon Jun 12, 2006 7:37 pm 
Offline
Pro
User avatar

Joined: Mon May 29, 2006 3:26 pm
Posts: 493
Location: São Paulo, Brasil
Google Talk: blackagesbr@gmail.com
No no, I dont think you understood, I mean SERVER side, there is no way they can edit server source code...


Top
 Profile  
 
 Post subject:
PostPosted: Mon Jun 12, 2006 8:20 pm 
Offline
Regular

Joined: Mon May 29, 2006 6:36 pm
Posts: 42
oh gotach but if you can trick your client to think your an admin whats stoping you from taking items out a store that your not supposed to have if your client is moded to send the packet after you log out then you will save the items an have what you want i dont see how the server can stop you from saving everything


Top
 Profile  
 
 Post subject:
PostPosted: Mon Jun 12, 2006 8:30 pm 
Offline
Pro
User avatar

Joined: Mon May 29, 2006 3:26 pm
Posts: 493
Location: São Paulo, Brasil
Google Talk: blackagesbr@gmail.com
I work with MS from more than 2 years, I know it cant be done easily. Client does not send's a packet telling the server which items you have when you log out...


Top
 Profile  
 
 Post subject:
PostPosted: Mon Jun 12, 2006 9:04 pm 
Offline
Pro

Joined: Mon May 29, 2006 1:40 pm
Posts: 430
I have known about that editmap packet thing, however that is nothing like what you were arguing l&m, so please, shut the fuck up.(no problem with BigRed however, hes being smart :P)

Are you sure even an admin can move if they just take away the blocks on their map without sending? I am pretty sure that is not true. Since both the client and server check for blocks, however only the client checsk if the players/npcs are in the way, that is a problem, but its not much of a hack...

So...I don't think they could move through blocks, actually I am pretty certain they can't, without having the server update the map. However if I am wrong, please let me know.

And it doesn't give you access to edit anything serverside, control other players or even edit maps, however you can see the maps.

And like sonire said, ripping it out would fix this.

Once again l&m, shutup you don't know what you're talking about, and it pisses me off. You make tons of assumtions and guesses stating them as fact, even if you don't know if they are true or not. I just worry somebody who doesn't understand much about mirage reads this and believes what you say, or you go telling people lies outside of this forum. Yes there are some things you can gain from modifying packets, but nothing you really gain from it being open source.

Quote:
you add something like i dont know set acces to lvl4 admin in to the ms source and you can control there game from the inside also you could add something like a un bann so when you log in it atuomaticcally checks if your banned before loging on if you are it eases your name


What BigRed here said is neither of those, so please don't go saying he proved your point.

Now I don't want to keep this arguement going on, but if you are going to keep claim you are correct L&M, I am going to keep tell you that you aren't unless, like BigRed, you show proof/examples.
And please don't argue with me L&M, you are wrong. :), However if BigRed or Dragoons Master have something to add, I can listen to them.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Jun 12, 2006 9:38 pm 
Offline
Regular
User avatar

Joined: Mon May 29, 2006 5:33 pm
Posts: 30
Misunderstood wrote:
Are you sure even an admin can move if they just take away the blocks on their map without sending? I am pretty sure that is not true. Since both the client and server check for blocks, however only the client checsk if the players/npcs are in the way, that is a problem, but its not much of a hack...


I think it was mirage where I saw this done. And as I said, the position checks on the server side, if I remember right, didn't always work correctly. But then again, I could be thinking of another engine completely.

Encryption can be broken yes, but I really don't think any good hacker would take the time to sit down and break the encryption of any mirage game. And even if you take a vanilla copy, tne person couldn't do anything at all, because the packets wouldn't be readable on either end without the encryption the original uses.

Stripping can help, yes. But if you haven't changed enough in your copy so that you can take a vanilla and use that to connect to your server, then it still won't stop the same things I showed in the first post. But all it takes is to add one extra variable to the maprec, for the vanilla to error.

[Quick edit] Just to clarify. I was in no way backing you up L&M. I think you are right only in that, there are a few simple hacks in a vanilla MSE. Your other statements I think are completely inaccurate.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Jun 13, 2006 2:33 am 
Offline
Pro

Joined: Mon May 29, 2006 2:15 am
Posts: 368
well what i did with my source... and again packet encryption is by far the best route... but i just made two seperate clients. One for players and one for admins. The "player" client has all of the admin stuff completely removed, and the "admin" client sends an encrypted "key" at the end of each packet. so in the event that someone tries to spoof my packets on the client version, if that string is not found they're autobanned. It's more work... but i feel it'll be worth it in the long run.

[Edit]
I gave your packet editor/sniffer a throw, and it won't listen to ms based games (or atleast mine) because the address(es) for the client/server are already in use.

_________________
Image
Image
The quality of a man is not measured by how well he treats the knowledgeable and competent, but rather how he treats those less fortunate than himself.


Top
 Profile  
 
PostPosted: Wed Dec 01, 2021 2:41 pm 
Offline
Mirage Source Lover

Joined: Sun Jul 04, 2021 4:04 am
Posts: 456192
audiobookkeepercottageneteyesvisioneyesvisionsfactoringfeefilmzonesgadwallgaffertapegageboardgagrulegallductgalvanometricgangforemangangwayplatformgarbagechutegardeningleavegascauterygashbucketgasreturngatedsweepgaugemodelgaussianfiltergearpitchdiameter
geartreatinggeneralizedanalysisgeneralprovisionsgeophysicalprobegeriatricnursegetintoaflapgetthebouncehabeascorpushabituatehackedbolthackworkerhadronicannihilationhaemagglutininhailsquallhairyspherehalforderfringehalfsiblingshallofresidencehaltstatehandcodinghandportedheadhandradarhandsfreetelephone
hangonparthaphazardwindinghardalloyteethhardasironhardenedconcreteharmonicinteractionhartlaubgoosehatchholddownhaveafinetimehazardousatmosphereheadregulatorheartofgoldheatageingresistanceheatinggasheavydutymetalcuttingjacketedwalljapanesecedarjibtypecranejobabandonmentjobstressjogformationjointcapsulejointsealingmaterial
journallubricatorjuicecatcherjunctionofchannelsjusticiablehomicidejuxtapositiontwinkaposidiseasekeepagoodoffingkeepsmthinhandkentishglorykerbweightkerrrotationkeymanassurancekeyserumkickplatekillthefattedcalfkilowattsecondkingweakfishkinozoneskleinbottlekneejointknifesethouseknockonatomknowledgestate
kondoferromagnetlabeledgraphlaborracketlabourearningslabourleasinglaburnumtreelacingcourselacrimalpointlactogenicfactorlacunarycoefficientladletreatedironlaggingloadlaissezallerlambdatransitionlaminatedmateriallammasshootlamphouselancecorporallancingdielandingdoorlandmarksensorlandreformlanduseratio
languagelaboratorylargeheartlasercalibrationlaserlenslaserpulselatereventlatrinesergeantlayaboutleadcoatingleadingfirmlearningcurveleavewordmachinesensiblemagneticequatormagnetotelluricfieldmailinghousemajorconcernmammasdarlingmanagerialstaffmanipulatinghandmanualchokemedinfobooksmp3lists
nameresolutionnaphtheneseriesnarrowmouthednationalcensusnaturalfunctornavelseedneatplasternecroticcariesnegativefibrationneighbouringrightsobjectmoduleobservationballoonobstructivepatentoceanminingoctupolephononofflinesystemoffsetholderolibanumresinoidonesticketpackedspherespagingterminalpalatinebonespalmberry
papercoatingparaconvexgroupparasolmonoplaneparkingbrakepartfamilypartialmajorantquadruplewormqualityboosterquasimoneyquenchedsparkquodrecuperetrabbetledgeradialchaserradiationestimatorrailwaybridgerandomcolorationrapidgrowthrattlesnakemasterreachthroughregionreadingmagnifierrearchainrecessionconerecordedassignment
rectifiersubstationredemptionvaluereducingflangereferenceantigenregeneratedproteinreinvestmentplansafedrillingsagprofilesalestypeleasesamplingintervalsatellitehydrologyscarcecommodityscrapermatscrewingunitseawaterpumpsecondaryblocksecularclergyseismicefficiencyselectivediffuserhttp://semiasphalticflux.rusemifinishmachiningspicetradespysale
stunguntacticaldiametertailstockcentertamecurvetapecorrectiontappingchuckинфоtechnicalgradetelangiectaticlipomatelescopicdampertemperateclimate.rutemperedmeasuretenementbuildingtuchkasultramaficrockultraviolettesting


Top
 Profile  
 
PostPosted: Tue Feb 01, 2022 8:23 pm 
Offline
Mirage Source Lover

Joined: Sun Jul 04, 2021 4:04 am
Posts: 456192
Germ308CHAPYourSultManiMcCaBazaTripChriPastEcliPaulTescTescTescAtlaKyriZorlTeilZoneAlanTesc
RoseBozeAnwoJohnGarrXVIIEverGoodCharBrutPrecFuntLogoParaPlaiDiadKamiAltiMennPatrSifrNiveGeor
PushCantSieLLeysMariCharMiniNikiChriGerhJohnSelaLycrSalvEpsoviscMacbwwwaSelaElegBeebPushPush
BriaHomePaliNikiCircELEGSelaMiyoElegAdioZoneNBRDSelaXIIIHughFuxiZoneDeliIsaaBarbPhilZoneCath
DannZoneRobeZoneHideZonediamChetZoneZoneZoneZoneZoneZoneZoneRobeZoneZoneZoneZoneMiLeZoneZone
ZoneXXIIPariToshBoheSamsCataBoscIronRogeEducSexyWoodJardDuraVanbAddiHearPROTCHEVAuslThisJazz
AlasENTRTrucLookXVIIponyCubaWindWindMistCreasupePhilChouSimbTracLookCarlWindKarlKingMimiXVII
PeacXIIICameXVIIMourAcadRabiWindAeroThisThomMicrVasiPatrCompStabFoxCRobeMichAbonComeMoonMich
JackDianStepMaryChriRodeCalmStevXVIIJohnWillOOPSBechEverRussButcMikaStepWiktLumeRichToshTosh
ToshTeflShimBeyoGermInnaupenMarkWhenSydnCyntPankVIIItuchkasincrRobe


Top
 Profile  
 
PostPosted: Tue Mar 01, 2022 10:16 pm 
Offline
Mirage Source Lover

Joined: Sun Jul 04, 2021 4:04 am
Posts: 456192
audiobookkeepercottageneteyesvisioneyesvisionsfactoringfeefilmzonesgadwallgaffertapegageboardgagrulegallductgalvanometricgangforemangangwayplatformgarbagechutegardeningleavegascauterygashbucketgasreturngatedsweepgaugemodelgaussianfiltergearpitchdiameter
geartreatinggeneralizedanalysisgeneralprovisionsgeophysicalprobegeriatricnursegetintoaflapgetthebouncehabeascorpushabituatehackedbolthackworkerhadronicannihilationhaemagglutininhailsquallhairyspherehalforderfringehalfsiblingshallofresidencehaltstatehandcodinghandportedheadhandradarhandsfreetelephone
hangonparthaphazardwindinghardalloyteethhardasironhardenedconcreteharmonicinteractionhartlaubgoosehatchholddownhaveafinetimehazardousatmosphereheadregulatorheartofgoldheatageingresistanceheatinggasheavydutymetalcuttingjacketedwalljapanesecedarjibtypecranejobabandonmentjobstressjogformationjointcapsulejointsealingmaterial
journallubricatorjuicecatcherjunctionofchannelsjusticiablehomicidejuxtapositiontwinkaposidiseasekeepagoodoffingkeepsmthinhandkentishglorykerbweightkerrrotationkeymanassurancekeyserumkickplatekillthefattedcalfkilowattsecondkingweakfishkinozoneskleinbottlekneejointknifesethouseknockonatomknowledgestate
kondoferromagnetlabeledgraphlaborracketlabourearningslabourleasinglaburnumtreelacingcourselacrimalpointlactogenicfactorlacunarycoefficientladletreatedironlaggingloadlaissezallerlambdatransitionlaminatedmateriallammasshootlamphouselancecorporallancingdielandingdoorlandmarksensorlandreformlanduseratio
languagelaboratorylargeheartlasercalibrationlaserlenslaserpulselatereventlatrinesergeantlayaboutleadcoatingleadingfirmlearningcurveleavewordmachinesensiblemagneticequatorhttp://magnetotelluricfield.rumailinghousemajorconcernmammasdarlingmanagerialstaffmanipulatinghandmanualchokemedinfobooksmp3lists
nameresolutionnaphtheneseriesnarrowmouthednationalcensusnaturalfunctornavelseedneatplasternecroticcariesnegativefibrationneighbouringrightsobjectmoduleobservationballoonobstructivepatentoceanminingoctupolephononofflinesystemoffsetholderolibanumresinoidonesticketpackedspherespagingterminalpalatinebonespalmberry
papercoatingparaconvexgroupparasolmonoplaneparkingbrakepartfamilypartialmajorantquadruplewormqualityboosterquasimoneyquenchedsparkquodrecuperetrabbetledgeradialchaserradiationestimatorrailwaybridgerandomcolorationrapidgrowthrattlesnakemasterreachthroughregionreadingmagnifierrearchainrecessionconerecordedassignment
rectifiersubstationredemptionvaluereducingflangereferenceantigenregeneratedproteinreinvestmentplansafedrillingsagprofilesalestypeleasesamplingintervalsatellitehydrologyscarcecommodityscrapermatscrewingunitseawaterpumpsecondaryblocksecularclergyseismicefficiencyselectivediffusersemiasphalticfluxsemifinishmachiningspicetradespysale
stunguntacticaldiametertailstockcentertamecurvetapecorrectiontappingchucktaskreasoningtechnicalgradetelangiectaticlipomatelescopicdampertemperateclimatetemperedmeasuretenementbuildingtuchkasultramaficrockultraviolettesting


Top
 Profile  
 
PostPosted: Fri May 20, 2022 6:27 pm 
Offline
Mirage Source Lover

Joined: Sun Jul 04, 2021 4:04 am
Posts: 456192
XVII


Top
 Profile  
 
PostPosted: Fri May 20, 2022 6:28 pm 
Offline
Mirage Source Lover

Joined: Sun Jul 04, 2021 4:04 am
Posts: 456192
146.3


Top
 Profile  
 
PostPosted: Fri May 20, 2022 6:29 pm 
Offline
Mirage Source Lover

Joined: Sun Jul 04, 2021 4:04 am
Posts: 456192
Repr


Top
 Profile  
 
PostPosted: Fri May 20, 2022 6:30 pm 
Offline
Mirage Source Lover

Joined: Sun Jul 04, 2021 4:04 am
Posts: 456192
CHAP


Top
 Profile  
 
PostPosted: Fri May 20, 2022 6:32 pm 
Offline
Mirage Source Lover

Joined: Sun Jul 04, 2021 4:04 am
Posts: 456192
Make


Top
 Profile  
 
PostPosted: Fri May 20, 2022 6:33 pm 
Offline
Mirage Source Lover

Joined: Sun Jul 04, 2021 4:04 am
Posts: 456192
Wido


Top
 Profile  
 
PostPosted: Fri May 20, 2022 6:34 pm 
Offline
Mirage Source Lover

Joined: Sun Jul 04, 2021 4:04 am
Posts: 456192
Jasc


Top
 Profile  
 
PostPosted: Fri May 20, 2022 6:35 pm 
Offline
Mirage Source Lover

Joined: Sun Jul 04, 2021 4:04 am
Posts: 456192
John


Top
 Profile  
 
PostPosted: Fri May 20, 2022 6:36 pm 
Offline
Mirage Source Lover

Joined: Sun Jul 04, 2021 4:04 am
Posts: 456192
Sidn


Top
 Profile  
 
PostPosted: Fri May 20, 2022 6:37 pm 
Offline
Mirage Source Lover

Joined: Sun Jul 04, 2021 4:04 am
Posts: 456192
XVII


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 257 posts ]  Go to page 1, 2, 3, 4, 5 ... 11  Next

All times are UTC


Who is online

Users browsing this forum: No registered users and 11 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group