Correct Client for Server

[William]

Introduction
This is very basic, what it will do is upon login. It will send a code with that packet checking if that code is the same on the client as on the server. The code can be as long as you wish it to be.

Do not use the same security code as on this example.

Client Side
Find:

Code:

Sub SendLogin(ByVal Name As String, ByVal Password As String)
Dim Packet As String

    Packet = "login" & SEP_CHAR & Trim(Name) & SEP_CHAR & Trim(Password) & SEP_CHAR & App.Major & SEP_CHAR & App.Minor & SEP_CHAR & App.Revision & SEP_CHAR & END_CHAR
    Call SendData(Packet)
End Sub

Then add this part to it:

Code:

& SEP_CHAR & "code35FO36F"

So it eventually look like this:

Code:

Sub SendLogin(ByVal Name As String, ByVal Password As String)
Dim Packet As String

    Packet = "login" & SEP_CHAR & Trim(Name) & SEP_CHAR & Trim(Password) & SEP_CHAR & App.Major & SEP_CHAR & App.Minor & SEP_CHAR & App.Revision & SEP_CHAR & "code35FO36F" & SEP_CHAR & END_CHAR
    Call SendData(Packet)
End Sub

Server Side
Inside:

Code:

' ::::::::::::::::::
    ' :: Login packet ::
    ' ::::::::::::::::::
    If LCase(Parse(0)) = "login" Then

Just below:

Code:

If IsMultiAccounts(Name) Then
   Call AlertMsg(Index, "Multiple account logins is not authorized.")
   Exit Sub
End If

Add:

Code:

If Trim$(Parse$(6))  "code35FO36F" Then
  Call AlertMsg(Index, "Your client do not match the servers security code.")
  Exit Sub
End If

Yes I know it's very basic. But it's always something.

[Robin]

Still, people can just sniff it in plain text and see that a little bit has been added at the end and then add it to a blank ms.

[William]

As I said, it will give a little bit security And by adding the XOR Encryption a little bit more security is added on top of that.

[Joost]

I'd let the server send a string to client, instead of the other way around. It's harder to edit incoming than outcoming packets, I think.

[William]

I'd let the server send a string to client, instead of the other way around. It's harder to edit incoming than outcoming packets, I think.

Might be, I dont have any knowledge when it comes to snipping up packets. Why not have it both ways then. With different codes. So if the client code is correct, like this example. It send one back again Kinda useless actually since if the first check is correct, the client is correct.. but still.

[Robin]

Kinda useless actually since if the first check is correct, the client is correct.. but still.

Erm, no it's not

[William]

Joost, didnt write that.. I did, and whats the meaning on making it check first if the client is correct for the server. And after that check if the server is correct for the client =/

[Robin]

No, we check if the client is right for the server, then check if the client is right for the server, but using a server packet instead

Also, that quote messed up and I don't know why o.o

[El_Dindonnier]

Thanks you, it's work perfectly :wink:

[William]

Of course it works

[Tosuxo]

sorry for the 6-month bump, but I have some pretty good ideas for improvement:

if you used a code generator such as:
((version * subversion / revision) * day * week / month) / variable
(random * / + etc)
variable is sent by the server on attempt at login, the server stores the outcome it should receive back, and if the number from the client is different then it kicks them


obviously use a different combination for each version and revision of your game so the script kiddies really have to work to get their number, and since the variable is random from the server it just gives them more problems... if you make it take more than 1 minute's work then they'll get bored and move on normally


what you think? obviously I haven't put the code in here 'cos it's only a theory I have at the moment

of course there's a slight flaw, with the date possibly being different in different places, but you can see where i'm coming from, maybe just the full version number should be used?

[William]

Or you could just add XOR Encryption or another simple encryption to the actual key.