+- Mirage Source (https://mirage-engine.uk/forums)
+-- Forum: Mirage Source (Nostalgia) (https://mirage-engine.uk/forums/forumdisplay.php?fid=61)
+--- Forum: Archive (2006-2011) (https://mirage-engine.uk/forums/forumdisplay.php?fid=18)
+---- Forum: Source Code Development (https://mirage-engine.uk/forums/forumdisplay.php?fid=51)
+----- Forum: Mirage Source 4 (Visual Basic 6) (https://mirage-engine.uk/forums/forumdisplay.php?fid=44)
+----- Thread: MS4 MySQL With Registry Key-Based Banning (/showthread.php?tid=2802)
MS4 MySQL With Registry Key-Based Banning - ExoShox - 15-05-2009
REGISTRY BANNING SYSTEM
Ok, since I saw Nemisis's idea for HD Serial banning, and i wanted to work with the Registry for MS, I began to create a Registry Key-Based Banning System.
Here is how it works:
First Time Run on that Computer:
Client.exe is run.
Client initializes TCP.
Client Reads a certain Keypath and then if it does exist it asks the server for a key
Server Recieves Request
Server Generates a Key
Server Checks in the DB to see if this Key is in use by another person
If not in use it sends the key to the client
The client then writes the key to the key path
Person goes in game
After First Time Run:
Client.exe is Run.
Client initializes TCP.
Client reads key.
Client sends key to server.
Server checks if the key is banned.
If banned the client shuts down
If not banned the client proceeds in-game
With this way of banning, the person must FIND and DELETE the key (note there is a backup if they manage to find it), they cannot mask their ip, make a new account or anything. They are 100% banned unless they reformat their computer or go on another Windows Installation or find the key and all its copies.
EVERYONE MUST CHANGE THE KEYPATH (this will be defined in modConstants) TO A DIFFERENT KEY PATH OR THIS WILL CAUSE PROBLEMS BETWEEN GAMES
Hopefully when i get the system done and 100% working then i will figure out a way to negate the between game problem as i might just have part of the path be the game name or server ip
Hopefully, because i dont think this has been done on ANY other game before, that this will force even experienced hackers to think a lot to break through. Also if Nemisis gets a working HD Serial ban then i will intergrate that in as well to make it even harder for hackers (no matter how you ban there is always a loophole)
after i get everything working so it also wont collide between games, i will convert it to MySQL-less MS4
Re: MS4 MySQL With Registry Key-Based Banning - Jack - 15-05-2009
I think having a Hardware ban would probably be better, but this is a nice idea but the only downflaw is that if you intercept the packet then you wont get banned. But with hardware bans it would be much better due to the fact that it would be harder to get yourself unbanned but probably would be more effective, but they probably could still scan for the packet thats being sent, So all in all most bans can be packet intercepted >.>. But i say the safest option would be hardware bans instead of Keys, and also with the keys it would slow the client and server down due to the fact of sending alot of packets for just 1 key, and yet the hardware ban would be just a packet which would ban there hardware for a certain amount of time and also save alot of stress on the server compared to the Key ban. That is my few amount of points. I may be wrong but thats what i think.
Hardware Ban over Key ban =)
Re: MS4 MySQL With Registry Key-Based Banning - ExoShox - 16-05-2009
the ban has backups. a hacker can intercept the packet but it wont matter. the server will have a keyban and ip ban together. When a player starts the client for the first time, it registers an IP and a Key, so if a player bypasses an IP ban the Key still bans them, and if they bypasss the key ban the IP bans them. if they manage to intercept the packet and mask their ip, they still have the problem of the server wont auth you for login and/or registration without the packet. if they CHANGE the packet, it will still keep them out, because the client then has to receive an auth packet from the server or it still wont load. i dont see how they could mimic the server's packet, do you? either way youll still have account bans, and i am also adding email bans so if they register with the same email again, it wont work, and i doubt anyone would try to hack one of our games and repeat the same steps EVERY SINGLE TIME (put emphasis, i would be plain annoying) if they could ACTUALLY bypass all the bans. I am STILL going to add the HDS ban to add extra precaution.
Re: MS4 MySQL With Registry Key-Based Banning - Jack - 16-05-2009
Ok, I like the idea tell me when its completed i want to try this =)
Re: MS4 MySQL With Registry Key-Based Banning - ExoShox - 17-05-2009
mmk. im testing it right now (ive been busy, programming monopoly for class extra credit is spanish ii and a HUGE Pre-AP World G project which leads up to next years AP World History Project) hopefully i have it done and working.
Re: MS4 MySQL With Registry Key-Based Banning - Toast - 09-07-2009
Couldn't you catch the packet being sent from the client to have a clean key?
Re: MS4 MySQL With Registry Key-Based Banning - unknown - 09-07-2009
This isn't much better than an ip ban because the key is easily manipulated... ip's are harder to change than registry keys. Really all you have to do to beat it is clear out the key, & the backup and use a proxy.
Lea Wrote:obscurity is not securityExactly.
Re: MS4 MySQL With Registry Key-Based Banning - Matt - 10-07-2009
What you could do, is randomly generate a specific key to each account and make it save it to the account and the registry key, that way, if they clear it out, the server will check for that key and it won't be there, so it will reban them.
There are ways to make this work properly.
Re: MS4 MySQL With Registry Key-Based Banning - Joost - 10-07-2009
Banning never works on smart people. Add a level 10 limit to global talking, and get some mods. If I use VMWare(virtual windows) + a proper proxy, g/l banning me.