Mirage Source http://web.miragesource.net/forums/ |
|
Server Sends Check To Client Tutorial http://web.miragesource.net/forums/viewtopic.php?f=210&t=1696 |
Page 1 of 2 |
Author: | JokeofWeek [ Thu Apr 19, 2007 9:34 pm ] |
Post subject: | Server Sends Check To Client Tutorial |
Alright, since I have often wondered about the potential dangers of people connecting with a different client to my game to hack it, I decided to come up with a way for the server to check whether the player was using a proper client. Basically, what this does is sends a packet & a string to the client as an 'acknowledgment' packet and a string attached to it, to make sure the client isn't just sending back a wrong 'received' packet. The server gives the client 15 seconds to reply (15 seconds for reasons such as lag, slower computers, etc.) and if isn't received, it boots the player! So basically, add this to your AccountRec : Code: LoginTimer as double In the local non-saved variables section. In modConstants, add this : Code: Public Const ACK_KEY as String = "6594sdfsd9r3" REMEBMER TO CHANGE THE KEY TO YOUR OWN! Add this to the ClearPlayer sub : Code: Player(index).LoginTimer = 0 Now, in modGeneral, in the GameAI Sub add this : Optimization Tip : Add the High Index to speed up the loop ;) Code: For i = 1 To MAX_PLAYERS If GetTickCountNew > (Player(i).LoginTimer + 15000) And Player(i).LoginTimer <> 0 And Player(i).Login <> "" Then Call HackingAttempt(i, "Invalid Client!") End If Next i Now, in modHandleData, in sub HandleData, add this anywhere (preferably near the top) : Code: ' ::::::::::::::::::::::::::::::::::: ' :: Acknowledge has been received :: ' ::::::::::::::::::::::::::::::::::: If LCase$(Parse(0)) = "ackrc" Then if trim(parse(1)) <> ACK_KEY then Call HackingAttempt(i, "Invalid Client!") Exit Sub end if Player(index).LoginTimer = 0 Exit Sub End If As you can see, this checks to make sure you got the right key, if not invalids you. Now, look for the "login" packet, and near the end of the if case, right under : Code: Call SendChars(index) Add this : Code: ' Show the player up on the socket status Call SendDataTo(index, "ackps" & SEP_CHAR & ACK_KEY & SEP_CHAR & END_CHAR) Player(index).LoginTimer = GetTickCount Now, that's it for the server code! Very simple code on the client side. Near the top of sub HandleData, just add this : Code: ' ::::::::::::::::::::::::
' :: Acknowledge Packet :: ' :::::::::::::::::::::::: If LCase(Parse(0)) = "ackps" Then Call SendData("ackrc" & SEP_CHAR & trim(parse(1)) & SEP_CHAR & END_CHAR) Exit Sub End If And there you go Should work perfectly ^_^ If you have any questions or comments, just say/ask |
Author: | Lea [ Fri Apr 20, 2007 3:01 am ] |
Post subject: | |
I hate to say it, but this wont stop anyone. It's a worthless addon that just adds 15 seconds to the login time. If someone has the skills to reverse engineer your packets (which is EASY with MS), they will notice you send the "ack" packet and tip them in. |
Author: | JokeofWeek [ Fri Apr 20, 2007 3:03 am ] |
Post subject: | |
Dave wrote: I hate to say it, but this wont stop anyone. It's a worthless addon that just adds 15 seconds to the login time.
If someone has the skills to reverse engineer your packets (which is EASY with MS), they will notice you send the "ack" packet and tip them in. This is just the basics. There are many ways you can build upon this tut, and one of the most obvious ones would be changing the packet name to a more obscure one, such as playerinfohash or something along those terms, making the player think that the key is not an acknowledgment key, but more something like a key for player stats or something. And other options could be encrypting your packets. Sorry if that playerinfohash thing didn't make sense, it's getting late xD |
Author: | Da Undead [ Fri Apr 20, 2007 4:34 am ] |
Post subject: | |
Wouldn't it be best just to use the SEC_CODE tut somewhere? |
Author: | JokeofWeek [ Fri Apr 20, 2007 11:25 am ] |
Post subject: | |
Da Undead wrote: Wouldn't it be best just to use the SEC_CODE tut somewhere?
Yeah, but it's easy to get sec codes, you just look at the login packet Although you can still look at this packet, not that many people think about it. |
Author: | one [ Fri Apr 20, 2007 12:15 pm ] |
Post subject: | |
seccodes with encryption are quite secure... leaking seccodes alone is easy, breaking a encryption is a bit harder, but if u know the packets its also possible. i combined these two. u cant easily decrypt my packets, cause you dont know either the encryption key or what packets are send secure enough... for me at least. |
Author: | Da Undead [ Fri Apr 20, 2007 9:15 pm ] |
Post subject: | |
how do u look at a packet o-O, mines like 100 characters long :p |
Author: | Robin [ Fri Apr 20, 2007 10:00 pm ] |
Post subject: | |
Da Undead wrote: how do u look at a packet o-O, mines like 100 characters long :p
Add a debug.print in send data or load up your packet sniffer in string mode. |
Author: | Da Undead [ Sat Apr 21, 2007 1:09 am ] |
Post subject: | |
clients can do that o-O? So how do u make them non-hackable :p |
Author: | JokeofWeek [ Sat Apr 21, 2007 1:52 am ] |
Post subject: | |
Da Undead wrote: clients can do that o-O?
So how do u make them non-hackable :p lol, they can't debug.print, but they can sure as hell sniff your packets. And it's kind of hard to detect |
Author: | Da Undead [ Sat Apr 21, 2007 3:16 am ] |
Post subject: | |
is there any tut or code that fixes all holes and loops? : x |
Author: | JokeofWeek [ Sat Apr 21, 2007 3:18 am ] |
Post subject: | |
Da Undead wrote: is there any tut or code that fixes all holes and loops? : x
Nope, and I don't think there ever will be, considering anyone can just use a simple packet sniffer + memory editor. |
Author: | Da Undead [ Sat Apr 21, 2007 3:18 am ] |
Post subject: | |
:\ hmm k |
Author: | ShadowLife [ Sat Apr 21, 2007 5:17 am ] |
Post subject: | |
Heres an idea, instead of checking at login to match a key in the client to the one in the server, have it check often. Have a list of keys, all under the same packet name, that the client randomly picks to verify itself to the server. The server simply checks to see if the key sent to it matches any of its stored keys, if not its a boot. |
Author: | Da Undead [ Sat Apr 21, 2007 5:28 am ] |
Post subject: | |
Thats good idea, but still crackable. But it'll just make it harder for them :p |
Author: | Bradyok [ Thu Aug 02, 2007 8:10 pm ] |
Post subject: | Re: Server Sends Check To Client Tutorial |
Best way is to have the server randomize numbers/letters, save it to the playerrec, and make the client encrypt it back. I'll maybe post a tutorial on this if someone wants it. |
Author: | ShadowLife [ Tue Aug 14, 2007 7:46 am ] |
Post subject: | Re: Server Sends Check To Client Tutorial |
Erm, I may not understand what you mean, but it doesnt sound any different than the rest of the ideas in this thread. You are just sending a packet to the client, and the client sends it back with an encryption. Anyone who has toyed with a sniffer more than a couple times will notice an out of place packet of randomness. Sounds like because you are saving it to the playerrec makes this a 'l33t' idea. You want some added protection from packet-sniffing noobs. Lock the use of the client while a packet-sniffer is active. I'm sure everyone here knows all of the most common sniffers, choose your method to block them. Also everything in this thread stops someone from using a completely random client to access your server, but nothing has been said about altering your client... anything in this thread that will stop that? |
Author: | Bradyok [ Tue Sep 25, 2007 5:06 am ] |
Post subject: | Re: Server Sends Check To Client Tutorial |
Yeah, I'm saying it's a randomized packet.. Not just the same packet every couple seconds, so they couldn't do it unless they had your encryption key. Might also want to block WPE Pro so they don't modify existing packets, and compress your game so that it can't be decompiled and modified. |
Page 1 of 2 | All times are UTC |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |