Prevent Hacking

[bolex17]

Here is the "extasis-hack" prevention method:
you have to have hgserver sources and be able to compile them,
then find this line:

case DEF_NOTIFY_SERVERCHANGE:

look a bit lower and you should see this:
*ip = (int)m_iLogServerPort;

change it to this (dont know if the () are necessary but just in case:

*ip = (int)(m_iLogServerPort+1);

then save&compile and you have th hgserver part finished

now what you need to do is change world-log-server address(usually 2500 or 2501)
to 2500 because WorldLogServerFilter_v2.exe listens to 2501
(feel free to modify it, just that i dont help with it)

now when the player changes hgserver in the game, the current hgserver he/she is in,
reports one port higher world-log-server port than it really is connected to thus
forwarding client to send its query "which ip&port is this map in" and there
comes this my program in handy, it tells it to the client and client happily
connects there, but when hgserver tries to register with this my program, it responds
that "you cant register, it failed" thus leading to hgserver registration (abrakadabra)

usage:
WLS_Filter.ini contains some little things that my program uses to
detect if the client's supplied account password is correct & character in question
really exists in the account(in this case it needs the world server's name as
account-character = testchar would be default but in case it is changed,
it comes account-character-WORLDSERVERNAME thus if my program doesnt know this
->it doesnt find the character in the account -> disconnects the client

WLS_Filter-Maps.txt contains the maps that this program "knows" are up, and this way
answers with right ip and port:

if game-server-mode = lan then the ip to which the client will be forwarded
will be taken from this: game-server-address = x.x.x.x
if game-server-mode = internet then the ip will betaken from here
game-server-external-address = x.x.x.x

these "config-files" will be updatet when the program is restarted, so if you
change something like ip, maps or such, you need to restart the program
and there is no need in which order the hb-server and this program is started,
you can start it, forget to start it and restart it in any time, only one thing
happens if this program is not running which is: player get cl or "connecting to host..."
when changing hgserver and when logs back in game, he is in the map where he/she should be

and Most important thing is to block 2500 port from outside, only your own ip can connect
with it, so no extasis-hack can be done (use firewall)

..well that should be it hope it works
it informs you if hgserver tries to register with it (tells the ip at the bottom of the window)

<a href='http://ruik.bizhat.com/' target='_blank'>http://ruik.bizhat.com/</a>
and there WorldLogServerFilter.zip
(if direct link, it said it wasnt allowed

second link as attachment

nice, goodjob. :blink:

[Cleroth]

wont work lol

i mean, wil work with noobs lol

[tommu00]

meaning: it doesnt work with noobs, only someone who knows
what he/she is doing, is able to make it work.

o well if you can read, that brings up the possibility of making it work as well

but if you are implying it wouldn't work: you are wrong, noob

ps. or would it be that you dont want it to work and give false statements
because you do want to keep up the hgserver-hacking ?

[marburg]

netstat -a | more

[Cleroth]

looooooooooooooooooool u know nothing about this dude
hg server hacking is old.... very old....

[Smashing]

doesnt matter how old something is as long as it works

[wannabee]

the susence is killing me, tell us tyteman, whats your big provention idea?

btw: i havn't logged onto kal for a while, it keeps crashing since the patch, i'll have to wait for the next one :S

[tyteman]

bleh i told a few people about it... it won't 100% block it.. but people like ice-t and cleroth may get around em... they key is.. figure out whats causing the hgservers to crash... fixing it... then make sure.. that your mlserver doesn't receive traffic.. and blah blah theres more but too lazy to type it again..

[pronoob]

Here is the "extasis-hack" prevention method:
you have to have hgserver sources and be able to compile them,
then find this line:

case DEF_NOTIFY_SERVERCHANGE:

look a bit lower and you should see this:
*ip = (int)m_iLogServerPort;

change it to this (dont know if the () are necessary but just in case:

*ip = (int)(m_iLogServerPort+1);

then save&compile and you have th hgserver part finished

now what you need to do is change world-log-server address(usually 2500 or 2501)
to 2500 because WorldLogServerFilter_v2.exe listens to 2501
(feel free to modify it, just that i dont help with it)

now when the player changes hgserver in the game, the current hgserver he/she is in,
reports one port higher world-log-server port than it really is connected to thus
forwarding client to send its query "which ip&port is this map in" and there
comes this my program in handy, it tells it to the client and client happily
connects there, but when hgserver tries to register with this my program, it responds
that "you cant register, it failed" thus leading to hgserver registration (abrakadabra)

usage:
WLS_Filter.ini contains some little things that my program uses to
detect if the client's supplied account password is correct & character in question
really exists in the account(in this case it needs the world server's name as
account-character = testchar would be default but in case it is changed,
it comes account-character-WORLDSERVERNAME thus if my program doesnt know this
->it doesnt find the character in the account -> disconnects the client

WLS_Filter-Maps.txt contains the maps that this program "knows" are up, and this way
answers with right ip and port:

if game-server-mode = lan then the ip to which the client will be forwarded
will be taken from this: game-server-address = x.x.x.x
if game-server-mode = internet then the ip will betaken from here
game-server-external-address = x.x.x.x

these "config-files" will be updatet when the program is restarted, so if you
change something like ip, maps or such, you need to restart the program
and there is no need in which order the hb-server and this program is started,
you can start it, forget to start it and restart it in any time, only one thing
happens if this program is not running which is: player get cl or "connecting to host..."
when changing hgserver and when logs back in game, he is in the map where he/she should be

and Most important thing is to block 2500 port from outside, only your own ip can connect
with it, so no extasis-hack can be done (use firewall)

..well that should be it hope it works
it informs you if hgserver tries to register with it (tells the ip at the bottom of the window)

<a href='http://ruik.bizhat.com/' target='_blank'>http://ruik.bizhat.com/</a>
and there WorldLogServerFilter.zip
(if direct link, it said it wasnt allowed

second link as attachment

this dont support multi host probably

[pertti1]

if u allow other hosters ip before blocking port 2500 multi hosting should work

[pronoob]

nah then i cant change map servers which sux big time

[China]

i dont need hack hgserver, just DDos it down..

[joek]

umm Ddos attacking a server isn't fun...hg hack is

[Lacroix]

I think another posibility to avoid characters edit (in case someone get connection) would be the encryptation of the charfiles. But I don't know if it can be done. There would be no way the edit characters. Even GM chars.

[snoopy81]

I think another posibility to avoid characters edit (in case someone get connection) would be the encryptation of the charfiles. But I don't know if it can be done. There would be no way the edit characters. Even GM chars.

If you're able to code encription routine in gserver, it'll a matters of few hours to code a text editor with same encoding routine included...

Nice idea, even if code could also be broken by talented hackers...