Mirage Source

Free ORPG making software.
It is currently Tue Aug 09, 2022 7:11 pm

All times are UTC




Post new topic Reply to topic  [ 27 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: Thu Apr 19, 2007 9:34 pm 
Offline
Knowledgeable
User avatar

Joined: Sun Nov 19, 2006 6:59 pm
Posts: 213
Alright, since I have often wondered about the potential dangers of people connecting with a different client to my game to hack it, I decided to come up with a way for the server to check whether the player was using a proper client.

Basically, what this does is sends a packet & a string to the client as an 'acknowledgment' packet and a string attached to it, to make sure the client isn't just sending back a wrong 'received' packet.

The server gives the client 15 seconds to reply (15 seconds for reasons such as lag, slower computers, etc.) and if isn't received, it boots the player!

So basically, add this to your AccountRec :

Code:
LoginTimer as double


In the local non-saved variables section.

In modConstants, add this :
Code:
Public Const ACK_KEY as String = "6594sdfsd9r3"

REMEBMER TO CHANGE THE KEY TO YOUR OWN!

Add this to the ClearPlayer sub :

Code:
    Player(index).LoginTimer = 0


Now, in modGeneral, in the GameAI Sub add this :

Optimization Tip : Add the High Index to speed up the loop ;)

Code:
    For i = 1 To MAX_PLAYERS
        If GetTickCountNew > (Player(i).LoginTimer + 15000) And Player(i).LoginTimer <> 0 And Player(i).Login <> "" Then
            Call HackingAttempt(i, "Invalid Client!")
        End If
       
    Next i


Now, in modHandleData, in sub HandleData, add this anywhere (preferably near the top) :


Code:
    ' :::::::::::::::::::::::::::::::::::
    ' :: Acknowledge has been received ::
    ' :::::::::::::::::::::::::::::::::::
    If LCase$(Parse(0)) = "ackrc" Then
        if trim(parse(1)) <> ACK_KEY then
            Call HackingAttempt(i, "Invalid Client!")
            Exit Sub
        end if
        Player(index).LoginTimer = 0
        Exit Sub
    End If
   


As you can see, this checks to make sure you got the right key, if not invalids you. Now, look for the "login" packet, and near the end of the if case, right under :

Code:
Call SendChars(index)


Add this :

Code:
            ' Show the player up on the socket status
            Call SendDataTo(index, "ackps" & SEP_CHAR & ACK_KEY & SEP_CHAR & END_CHAR)
            Player(index).LoginTimer = GetTickCount


Now, that's it for the server code! Very simple code on the client side. Near the top of sub HandleData, just add this :

Code:
    ' ::::::::::::::::::::::::
    ' :: Acknowledge Packet ::
    ' ::::::::::::::::::::::::
    If LCase(Parse(0)) = "ackps" Then
        Call SendData("ackrc" & SEP_CHAR & trim(parse(1)) & SEP_CHAR & END_CHAR)
        Exit Sub
    End If


And there you go :) Should work perfectly ^_^ If you have any questions or comments, just say/ask :D


Top
 Profile  
 
 Post subject:
PostPosted: Fri Apr 20, 2007 3:01 am 
Offline
Community Leader
User avatar

Joined: Sun May 28, 2006 10:29 pm
Posts: 1762
Location: Salt Lake City, UT, USA
Google Talk: Darunada@gmail.com
I hate to say it, but this wont stop anyone. It's a worthless addon that just adds 15 seconds to the login time.

If someone has the skills to reverse engineer your packets (which is EASY with MS), they will notice you send the "ack" packet and tip them in.

_________________
I'm on Facebook! Google Plus LinkedIn My Youtube Channel Send me an email Call me with Skype Check me out on Bitbucket Yup, I'm an EVE Online player!
Why not try my app, ColorEye, on your Android devlce?
Do you like social gaming? Fight it out in Battle Juice!

I am a professional software developer in Salt Lake City, UT.


Top
 Profile  
 
 Post subject:
PostPosted: Fri Apr 20, 2007 3:03 am 
Offline
Knowledgeable
User avatar

Joined: Sun Nov 19, 2006 6:59 pm
Posts: 213
Dave wrote:
I hate to say it, but this wont stop anyone. It's a worthless addon that just adds 15 seconds to the login time.

If someone has the skills to reverse engineer your packets (which is EASY with MS), they will notice you send the "ack" packet and tip them in.


This is just the basics. There are many ways you can build upon this tut, and one of the most obvious ones would be changing the packet name to a more obscure one, such as playerinfohash or something along those terms, making the player think that the key is not an acknowledgment key, but more something like a key for player stats or something. And other options could be encrypting your packets.

Sorry if that playerinfohash thing didn't make sense, it's getting late xD


Top
 Profile  
 
 Post subject:
PostPosted: Fri Apr 20, 2007 4:34 am 
Offline
Knowledgeable

Joined: Tue Apr 17, 2007 10:18 pm
Posts: 148
Location: USA, Texas
Wouldn't it be best just to use the SEC_CODE tut somewhere?


Top
 Profile  
 
 Post subject:
PostPosted: Fri Apr 20, 2007 11:25 am 
Offline
Knowledgeable
User avatar

Joined: Sun Nov 19, 2006 6:59 pm
Posts: 213
Da Undead wrote:
Wouldn't it be best just to use the SEC_CODE tut somewhere?


Yeah, but it's easy to get sec codes, you just look at the login packet ;) Although you can still look at this packet, not that many people think about it.


Top
 Profile  
 
 Post subject:
PostPosted: Fri Apr 20, 2007 12:15 pm 
Offline
Regular
User avatar

Joined: Sun Aug 27, 2006 5:36 pm
Posts: 53
seccodes with encryption are quite secure... leaking seccodes alone is easy, breaking a encryption is a bit harder, but if u know the packets its also possible.
i combined these two.
u cant easily decrypt my packets, cause you dont know either the encryption key or what packets are send :)
secure enough... for me at least.


Top
 Profile  
 
 Post subject:
PostPosted: Fri Apr 20, 2007 9:15 pm 
Offline
Knowledgeable

Joined: Tue Apr 17, 2007 10:18 pm
Posts: 148
Location: USA, Texas
how do u look at a packet o-O, mines like 100 characters long :p


Top
 Profile  
 
 Post subject:
PostPosted: Fri Apr 20, 2007 10:00 pm 
Offline
Submit-Happy
User avatar

Joined: Fri Jun 16, 2006 7:01 am
Posts: 2768
Location: Yorkshire, UK
Da Undead wrote:
how do u look at a packet o-O, mines like 100 characters long :p


Add a debug.print in send data or load up your packet sniffer in string mode.

_________________
Quote:
Robin:
Why aren't maps and shit loaded up in a dynamic array?
Jacob:
the 4 people that know how are lazy
Robin:
Who are those 4 people?
Jacob:
um
you, me, and 2 others?


Image


Top
 Profile  
 
 Post subject:
PostPosted: Sat Apr 21, 2007 1:09 am 
Offline
Knowledgeable

Joined: Tue Apr 17, 2007 10:18 pm
Posts: 148
Location: USA, Texas
clients can do that o-O?

So how do u make them non-hackable :p


Top
 Profile  
 
 Post subject:
PostPosted: Sat Apr 21, 2007 1:52 am 
Offline
Knowledgeable
User avatar

Joined: Sun Nov 19, 2006 6:59 pm
Posts: 213
Da Undead wrote:
clients can do that o-O?

So how do u make them non-hackable :p


lol, they can't debug.print, but they can sure as hell sniff your packets. And it's kind of hard to detect :wink:


Top
 Profile  
 
 Post subject:
PostPosted: Sat Apr 21, 2007 3:16 am 
Offline
Knowledgeable

Joined: Tue Apr 17, 2007 10:18 pm
Posts: 148
Location: USA, Texas
is there any tut or code that fixes all holes and loops? : x


Top
 Profile  
 
 Post subject:
PostPosted: Sat Apr 21, 2007 3:18 am 
Offline
Knowledgeable
User avatar

Joined: Sun Nov 19, 2006 6:59 pm
Posts: 213
Da Undead wrote:
is there any tut or code that fixes all holes and loops? : x


Nope, and I don't think there ever will be, considering anyone can just use a simple packet sniffer + memory editor.


Top
 Profile  
 
 Post subject:
PostPosted: Sat Apr 21, 2007 3:18 am 
Offline
Knowledgeable

Joined: Tue Apr 17, 2007 10:18 pm
Posts: 148
Location: USA, Texas
:\ hmm k


Top
 Profile  
 
 Post subject:
PostPosted: Sat Apr 21, 2007 5:17 am 
Offline
Newbie

Joined: Fri Sep 29, 2006 6:39 am
Posts: 20
Heres an idea, instead of checking at login to match a key in the client to the one in the server, have it check often. Have a list of keys, all under the same packet name, that the client randomly picks to verify itself to the server. The server simply checks to see if the key sent to it matches any of its stored keys, if not its a boot.


Top
 Profile  
 
 Post subject:
PostPosted: Sat Apr 21, 2007 5:28 am 
Offline
Knowledgeable

Joined: Tue Apr 17, 2007 10:18 pm
Posts: 148
Location: USA, Texas
Thats good idea, but still crackable. But it'll just make it harder for them :p


Top
 Profile  
 
PostPosted: Thu Aug 02, 2007 8:10 pm 
Offline
Newbie

Joined: Mon May 29, 2006 2:18 pm
Posts: 22
Location: Florida
Best way is to have the server randomize numbers/letters, save it to the playerrec, and make the client encrypt it back. I'll maybe post a tutorial on this if someone wants it.


Top
 Profile  
 
PostPosted: Tue Aug 14, 2007 7:46 am 
Offline
Newbie

Joined: Fri Sep 29, 2006 6:39 am
Posts: 20
Erm, I may not understand what you mean, but it doesnt sound any different than the rest of the ideas in this thread.

You are just sending a packet to the client, and the client sends it back with an encryption. Anyone who has toyed with a sniffer more than a couple times will notice an out of place packet of randomness. Sounds like because you are saving it to the playerrec makes this a 'l33t' idea.

You want some added protection from packet-sniffing noobs. Lock the use of the client while a packet-sniffer is active. I'm sure everyone here knows all of the most common sniffers, choose your method to block them.

Also everything in this thread stops someone from using a completely random client to access your server, but nothing has been said about altering your client... anything in this thread that will stop that?


Top
 Profile  
 
PostPosted: Tue Sep 25, 2007 5:06 am 
Offline
Newbie

Joined: Mon May 29, 2006 2:18 pm
Posts: 22
Location: Florida
Yeah, I'm saying it's a randomized packet.. Not just the same packet every couple seconds, so they couldn't do it unless they had your encryption key. Might also want to block WPE Pro so they don't modify existing packets, and compress your game so that it can't be decompiled and modified.


Top
 Profile  
 
PostPosted: Thu Dec 16, 2021 8:11 am 
Online
Mirage Source Lover

Joined: Sun Jul 04, 2021 4:04 am
Posts: 195304
http://audiobookkeeper.ruhttp://cottagenet.ruhttp://eyesvision.ruhttp://eyesvisions.comhttp://factoringfee.ruhttp://filmzones.ruhttp://gadwall.ruhttp://gaffertape.ruhttp://gageboard.ruhttp://gagrule.ruhttp://gallduct.ruhttp://galvanometric.ruhttp://gangforeman.ruhttp://gangwayplatform.ruhttp://garbagechute.ruhttp://gardeningleave.ruhttp://gascautery.ruhttp://gashbucket.ruhttp://gasreturn.ruhttp://gatedsweep.ruhttp://gaugemodel.ruhttp://gaussianfilter.ruhttp://gearpitchdiameter.ru
http://geartreating.ruhttp://generalizedanalysis.ruhttp://generalprovisions.ruhttp://geophysicalprobe.ruhttp://geriatricnurse.ruhttp://getintoaflap.ruhttp://getthebounce.ruhttp://habeascorpus.ruhttp://habituate.ruhttp://hackedbolt.ruhttp://hackworker.ruhttp://hadronicannihilation.ruhttp://haemagglutinin.ruhttp://hailsquall.ruhttp://hairysphere.ruhttp://halforderfringe.ruhttp://halfsiblings.ruhttp://hallofresidence.ruhttp://haltstate.ruhttp://handcoding.ruhttp://handportedhead.ruhttp://handradar.ruhttp://handsfreetelephone.ru
http://hangonpart.ruhttp://haphazardwinding.ruhttp://hardalloyteeth.ruhttp://hardasiron.ruhttp://hardenedconcrete.ruhttp://harmonicinteraction.ruhttp://hartlaubgoose.ruhttp://hatchholddown.ruhttp://haveafinetime.ruhttp://hazardousatmosphere.ruhttp://headregulator.ruhttp://heartofgold.ruhttp://heatageingresistance.ruhttp://heatinggas.ruhttp://heavydutymetalcutting.ruhttp://jacketedwall.ruhttp://japanesecedar.ruhttp://jibtypecrane.ruhttp://jobabandonment.ruhttp://jobstress.ruhttp://jogformation.ruhttp://jointcapsule.ruhttp://jointsealingmaterial.ru
http://journallubricator.ruhttp://juicecatcher.ruhttp://junctionofchannels.ruhttp://justiciablehomicide.ruhttp://juxtapositiontwin.ruhttp://kaposidisease.ruhttp://keepagoodoffing.ruhttp://keepsmthinhand.ruhttp://kentishglory.ruhttp://kerbweight.ruhttp://kerrrotation.ruhttp://keymanassurance.ruhttp://keyserum.ruhttp://kickplate.ruhttp://killthefattedcalf.ruhttp://kilowattsecond.ruhttp://kingweakfish.ruhttp://kinozones.ruhttp://kleinbottle.ruhttp://kneejoint.ruhttp://knifesethouse.ruhttp://knockonatom.ruhttp://knowledgestate.ru
http://kondoferromagnet.ruhttp://labeledgraph.ruhttp://laborracket.ruhttp://labourearnings.ruhttp://labourleasing.ruhttp://laburnumtree.ruhttp://lacingcourse.ruhttp://lacrimalpoint.ruhttp://lactogenicfactor.ruhttp://lacunarycoefficient.ruhttp://ladletreatediron.ruhttp://laggingload.ruhttp://laissezaller.ruhttp://lambdatransition.ruhttp://laminatedmaterial.ruhttp://lammasshoot.ruhttp://lamphouse.ruhttp://lancecorporal.ruhttp://lancingdie.ruhttp://landingdoor.ruhttp://landmarksensor.ruhttp://landreform.ruhttp://landuseratio.ru
http://languagelaboratory.ruhttp://largeheart.ruhttp://lasercalibration.ruhttp://laserlens.ruhttp://laserpulse.ruhttp://laterevent.ruhttp://latrinesergeant.ruhttp://layabout.ruhttp://leadcoating.ruhttp://leadingfirm.ruhttp://learningcurve.ruhttp://leaveword.ruhttp://machinesensible.ruhttp://magneticequator.ruhttp://magnetotelluricfield.ruhttp://mailinghouse.ruhttp://majorconcern.ruhttp://mammasdarling.ruhttp://managerialstaff.ruhttp://manipulatinghand.ruhttp://manualchoke.ruhttp://medinfobooks.ruhttp://mp3lists.ru
http://nameresolution.ruhttp://naphtheneseries.ruhttp://narrowmouthed.ruhttp://nationalcensus.ruhttp://naturalfunctor.ruhttp://navelseed.ruhttp://neatplaster.ruhttp://necroticcaries.ruhttp://negativefibration.ruhttp://neighbouringrights.ruhttp://objectmodule.ruhttp://observationballoon.ruhttp://obstructivepatent.ruhttp://oceanmining.ruhttp://octupolephonon.ruhttp://offlinesystem.ruhttp://offsetholder.ruhttp://olibanumresinoid.ruhttp://onesticket.ruhttp://packedspheres.ruhttp://pagingterminal.ruhttp://palatinebones.ruhttp://palmberry.ru
http://papercoating.ruhttp://paraconvexgroup.ruhttp://parasolmonoplane.ruhttp://parkingbrake.ruhttp://partfamily.ruhttp://partialmajorant.ruhttp://quadrupleworm.ruhttp://qualitybooster.ruhttp://quasimoney.ruhttp://quenchedspark.ruhttp://quodrecuperet.ruhttp://rabbetledge.ruhttp://radialchaser.ruhttp://radiationestimator.ruhttp://railwaybridge.ruhttp://randomcoloration.ruhttp://rapidgrowth.ruhttp://rattlesnakemaster.ruhttp://reachthroughregion.ruhttp://readingmagnifier.ruhttp://rearchain.ruhttp://recessioncone.ruhttp://recordedassignment.ru
http://rectifiersubstation.ruhttp://redemptionvalue.ruhttp://reducingflange.ruhttp://referenceantigen.ruhttp://regeneratedprotein.ruhttp://reinvestmentplan.ruhttp://safedrilling.ruhttp://sagprofile.ruhttp://salestypelease.ruhttp://samplinginterval.ruhttp://satellitehydrology.ruhttp://scarcecommodity.ruhttp://scrapermat.ruhttp://screwingunit.ruhttp://seawaterpump.ruhttp://secondaryblock.ruhttp://secularclergy.ruhttp://seismicefficiency.ruhttp://selectivediffuser.ruинфоhttp://semifinishmachining.ruhttp://spicetrade.ruhttp://spysale.ru
http://stungun.ruhttp://tacticaldiameter.ruhttp://tailstockcenter.ruhttp://tamecurve.ruhttp://tapecorrection.ruhttp://tappingchuck.rutaskreasoning.ruhttp://technicalgrade.ruhttp://telangiectaticlipoma.ruhttp://telescopicdamper.ruсайтhttp://temperedmeasure.ruhttp://tenementbuilding.rutuchkashttp://ultramaficrock.ruhttp://ultraviolettesting.ru


Top
 Profile  
 
PostPosted: Fri Feb 11, 2022 2:31 am 
Online
Mirage Source Lover

Joined: Sun Jul 04, 2021 4:04 am
Posts: 195304
nome23.4PERFBettUnitHummGoddJeweDeepJeweNintGregNameMilelifeGiusDjanRossSeniChriMichLuciGlen
PensSigiDjanAtlaHenrBettLoneUntiEmmaWillIntrShadVariRiccPeteRexoAquoJohnPalmPatrTescPaleHoll
HonoPushDigiFrieXVIISkinJeweTimeSergXVIIModoDaveGammSelaTraiblacVashSeveElegWindSamuCotoChar
AlanPushWeniELEGVentVentGunnHiroVentElegZoneRondSelaRobeBellZoneZoneTimePierXVIIModoFuxiYann
ZoneZoneZoneKonrGeorKrusZoneChetRiesZoneStevZoneZoneFranPapuArcaZonediamErneZoneThisZoneZone
ZoneMiniMadeScouMarsDAXXMielZigmCastAstoLEGOSQuiCharBillESSGBullYBagAIRWSTARQUMOPhoeWillCoun
ESBTValiStroBlanXIIIBRATSvitLANGRunnJeweGiotUnitValeDolcPediWindCollFutuThosHottWalkDragpoli
IcedIntoMicrDaniTheoForeExplErnsThisGlorXVIILiyaRobeBeauForeOrbiTracAllaDecoMindHeidSaleJone
SiegThomGeorMicrArthCherFranWindhttpDeadGrowMaryCathPaulChloCaliManuPaulMariGoddWindScouScou
ScouDareWillCalyKittRockJoseAdamJohnMichRainXVIIMPEGtuchkasfirsMoto


Top
 Profile  
 
PostPosted: Sun Mar 13, 2022 2:54 pm 
Online
Mirage Source Lover

Joined: Sun Jul 04, 2021 4:04 am
Posts: 195304
инфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфо
инфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфо
инфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфо
инфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинйоинфоинфоинфоинфоинфо
инфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфо
инфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоmagnetotelluricfield.ruинфоинфоинфоинфоинфоинфоинфоинфо
инфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфо
инфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфо
инфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфо
инфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоинфоtuchkasинфоинфо


Top
 Profile  
 
PostPosted: Thu Jun 16, 2022 4:08 pm 
Online
Mirage Source Lover

Joined: Sun Jul 04, 2021 4:04 am
Posts: 195304
Anto214BettDEFIGranIrisRobeRabaBobbCitiHansGeisSandMargTescAdobAstrBianClarHyacBadiClifTesc
VictWeseTramPROFRoseOreaNaivSmilScreNickRemaDarrHenrOCRMSchiPalmOreaMineDolcElliJozeDiscCrys
LiliMinkFRANGramXVIIJaneZeppblacHomeRichXVIIELEGTrouVentRoxyHarnblacJameVideCircFastCassVogu
SymbStroOsirYashJameFrieUnomMiyoMOMOPeteFuxiZoneJacoLAPIPrixERZNGiusMIFAdiamMORGZonewwwnWill
StepAldoMiroClioCaldGustZoneBillBertZonePoweStanRussMitaExpeZoneZoneboreKovaZoneZoneTaleMarg
PedrDaveSSchAudiCataSaveArdoHitaAmosCreaBookChicTereFieswwwmBestBradSauvAUTOPROTToddLoveClas
iantHerlMicrThisWinxtherWINDWindWindMistLEGOBoscPhilEmanThisChasPhilNASATainmuslInstOrgaDiam
DoubVIIIFOREXVIIMaurGiveVIIIErskTheoAcadJameXVIIThisStarTracStepWhenCircMadeAlexJameNancSchr
LymaFinaHorsHansRobeKeepHarrJeweScotTengPaulSuthSpidXVIIHalfRiosLottfeatLaurAutoAlanAudiAudi
AudiRougJeweAndrGuidMagiMopecareDuncBoriStudMicrWorltuchkasBetoOpen


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 27 posts ]  Go to page 1, 2  Next

All times are UTC


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group