![]() |
Server Sends Check To Client Tutorial - Printable Version +- Mirage Source (https://mirage-engine.uk/forums) +-- Forum: Mirage Source (Nostalgia) (https://mirage-engine.uk/forums/forumdisplay.php?fid=61) +--- Forum: Archive (2006-2011) (https://mirage-engine.uk/forums/forumdisplay.php?fid=18) +---- Forum: Resources (https://mirage-engine.uk/forums/forumdisplay.php?fid=49) +---- Thread: Server Sends Check To Client Tutorial (/showthread.php?tid=886) |
Server Sends Check To Client Tutorial - JokeofWeek - 19-04-2007 Alright, since I have often wondered about the potential dangers of people connecting with a different client to my game to hack it, I decided to come up with a way for the server to check whether the player was using a proper client. Basically, what this does is sends a packet & a string to the client as an 'acknowledgment' packet and a string attached to it, to make sure the client isn't just sending back a wrong 'received' packet. The server gives the client 15 seconds to reply (15 seconds for reasons such as lag, slower computers, etc.) and if isn't received, it boots the player! So basically, add this to your AccountRec : Code: LoginTimer as double In the local non-saved variables section. In modConstants, add this : Code: Public Const ACK_KEY as String = "6594sdfsd9r3" Add this to the ClearPlayer sub : Code: Player(index).LoginTimer = 0 Now, in modGeneral, in the GameAI Sub add this : Optimization Tip : Add the High Index to speed up the loop ![]() Code: For i = 1 To MAX_PLAYERS Now, in modHandleData, in sub HandleData, add this anywhere (preferably near the top) : Code: ' ::::::::::::::::::::::::::::::::::: As you can see, this checks to make sure you got the right key, if not invalids you. Now, look for the "login" packet, and near the end of the if case, right under : Code: Call SendChars(index) Add this : Code: ' Show the player up on the socket status Now, that's it for the server code! Very simple code on the client side. Near the top of sub HandleData, just add this : Code: ' :::::::::::::::::::::::: And there you go ![]() ![]() - JokeofWeek - 20-04-2007 Dave Wrote:I hate to say it, but this wont stop anyone. It's a worthless addon that just adds 15 seconds to the login time. This is just the basics. There are many ways you can build upon this tut, and one of the most obvious ones would be changing the packet name to a more obscure one, such as playerinfohash or something along those terms, making the player think that the key is not an acknowledgment key, but more something like a key for player stats or something. And other options could be encrypting your packets. Sorry if that playerinfohash thing didn't make sense, it's getting late xD - Da Undead - 20-04-2007 Wouldn't it be best just to use the SEC_CODE tut somewhere? - JokeofWeek - 20-04-2007 Da Undead Wrote:Wouldn't it be best just to use the SEC_CODE tut somewhere? Yeah, but it's easy to get sec codes, you just look at the login packet ![]() - Da Undead - 20-04-2007 how do u look at a packet o-O, mines like 100 characters long :p - Robin - 20-04-2007 Da Undead Wrote:how do u look at a packet o-O, mines like 100 characters long :p Add a debug.print in send data or load up your packet sniffer in string mode. - Da Undead - 21-04-2007 clients can do that o-O? So how do u make them non-hackable :p - JokeofWeek - 21-04-2007 Da Undead Wrote:clients can do that o-O? lol, they can't debug.print, but they can sure as hell sniff your packets. And it's kind of hard to detect :wink: - Da Undead - 21-04-2007 is there any tut or code that fixes all holes and loops? : x - JokeofWeek - 21-04-2007 Da Undead Wrote:is there any tut or code that fixes all holes and loops? : x Nope, and I don't think there ever will be, considering anyone can just use a simple packet sniffer + memory editor. - Da Undead - 21-04-2007 :\ hmm k - ShadowLife - 21-04-2007 Heres an idea, instead of checking at login to match a key in the client to the one in the server, have it check often. Have a list of keys, all under the same packet name, that the client randomly picks to verify itself to the server. The server simply checks to see if the key sent to it matches any of its stored keys, if not its a boot. - Da Undead - 21-04-2007 Thats good idea, but still crackable. But it'll just make it harder for them :p Re: Server Sends Check To Client Tutorial - Bradyok - 02-08-2007 Best way is to have the server randomize numbers/letters, save it to the playerrec, and make the client encrypt it back. I'll maybe post a tutorial on this if someone wants it. Re: Server Sends Check To Client Tutorial - ShadowLife - 14-08-2007 Erm, I may not understand what you mean, but it doesnt sound any different than the rest of the ideas in this thread. You are just sending a packet to the client, and the client sends it back with an encryption. Anyone who has toyed with a sniffer more than a couple times will notice an out of place packet of randomness. Sounds like because you are saving it to the playerrec makes this a 'l33t' idea. You want some added protection from packet-sniffing noobs. Lock the use of the client while a packet-sniffer is active. I'm sure everyone here knows all of the most common sniffers, choose your method to block them. Also everything in this thread stops someone from using a completely random client to access your server, but nothing has been said about altering your client... anything in this thread that will stop that? Re: Server Sends Check To Client Tutorial - Bradyok - 25-09-2007 Yeah, I'm saying it's a randomized packet.. Not just the same packet every couple seconds, so they couldn't do it unless they had your encryption key. Might also want to block WPE Pro so they don't modify existing packets, and compress your game so that it can't be decompiled and modified. |