[req]more Client Protection

juggalo2 · Post by **juggalo2** » Tue Apr 25, 2006 2:02 pm

sokol wrote: And that help with what?

EDIT:
I try do something without help if i get problems i call help

stop most of the noob hackers

i knwo when i did it in my server with soem otehre thinsg with out cleint source and such noboady coudl hack

Scale · Post by **Scale** » Tue Apr 25, 2006 2:33 pm

sokol wrote: I think about something in search.dll what check client code what u put to it and if something is wrong just crash hb or no connect to server.
Btw. You guys heard about Nprotect? - its work? -.-

The best way is sango's way add allot of lame check routines place em randomly in your code, when i gets hacked add some more and keep it going untill the hacker gets bored.

In the sources add a code to open its on process and let is check the bytes off hacks:

if byte is 75 go on if eb fucked up the process or make it exit stuff like that.

Drajwer · Post by **Drajwer** » Tue Apr 25, 2006 3:00 pm

binary, nope. Its easy to decode packets and make own client.

snoopy81 · Post by **snoopy81** » Tue Apr 25, 2006 4:41 pm

binary, nope. Its easy to decode packets and make own client.

It's easy, maybe but not for everybody.
Unless some talented hacker want's to hack your server, most hacker's skill is limited to download and use files designed by others. Even many of them aren't able to find changed Port or servername.

Drajwer · Post by **Drajwer** » Tue Apr 25, 2006 4:59 pm

Indeed, but if you wanna make big server you should use client source and login server sources...

RageIlluminati · Post by **RageIlluminati** » Tue Apr 25, 2006 7:05 pm

if we could have MLserver and WLserver sources.. we could make whatever anti-hacks...

diuuude · Post by **diuuude** » Tue Apr 25, 2006 7:26 pm

Not really... It will allow us to fix some exploit issues but won't give us any way to fix hax.

Hax are mainly Client sided and the only way to prevent hax is to move client side checking structures to server.

An exemple is the beholder hack : To fix it, you must not send any longer the invisible players datas to the other clients, or beholder hack will always be possible.

snoopy81 · Post by **snoopy81** » Tue Apr 25, 2006 7:45 pm

An exemple is the beholder hack : To fix it, you must not send any longer the invisible players datas to the other clients, or beholder hack will always be possible.

Easyer way:
Change the way the "Invi" info is sent to client, and the way the client uses it.
Not an absolute anti-hack, but a fairlly good one. (only a really skilled hacker would be able to reverse that and design a Beholder hack.)
That's the way currentlly used on Equilibrium Project (using a modified Siementec client) and as a result, the Neck of Beholder is functionning very well, or GM can see all invi as Translucid, or nobody can see invied GMs, or Executors(3rd city) can see each other when invi.

Of course, designing that by hacking compiled client is not that easy.... but using 351 C++ sources, it's really easy to design your own system, providing a fearlly good security ....

sokol · Post by **sokol** » Tue Apr 25, 2006 8:01 pm

Easyer way:
Change the way the "Invi" info is sent to client, and the way the client uses it.
Not an absolute anti-hack, but a fairlly good one. (only a really skilled hacker would be able to reverse that and design a Beholder hack.)
That's the way currentlly used on Equilibrium Project (using a modified Siementec client) and as a result, the Neck of Beholder is functionning very well, or GM can see all invi as Translucid, or nobody can see invied GMs, or Executors(3rd city) can see each other when invi.

Of course, designing that by hacking compiled client is not that easy.... but using 351 C++ sources, it's really easy to design your own system, providing a fearlly good security ....

Im gonna try it =D

striker2 · Post by **striker2** » Wed Apr 26, 2006 2:35 pm

Scale wrote:
sokol wrote: I think about something in search.dll what check client code what u put to it and if something is wrong just crash hb or no connect to server.
Btw. You guys heard about Nprotect? - its work? -.-
The best way is sango's way add allot of lame check routines place em randomly in your code, when i gets hacked add some more and keep it going untill the hacker gets bored.

In the sources add a code to open its on process and let is check the bytes off hacks:

if byte is 75 go on if eb fucked up the process or make it exit stuff like that.

<span style='color:red'>I love sucking Sango's balls !
w w w . n e t b a l l s u c k e r s l o r d s . n e t</span>

sokol · Post by **sokol** » Wed Apr 26, 2006 3:39 pm

I love sucking Sango's balls !

we know =]

marleythe9 · Post by **marleythe9** » Sat Apr 29, 2006 2:26 am

another way for protecting your charcter files, would be to block your WLserver port, WLserver dosnt need to be on a public port, just local, if you block that then they cant use your WLserver aginst u.

the hack kinda sounds like WLserver hack. basicly. but WLserver deals with Caracter files.

Cleroth · Post by **Cleroth** » Sat Apr 29, 2006 9:22 am

RageIlluminati wrote: port can e detected by portscanners...

Port scanning is illegal.

sokol · Post by **sokol** » Sat Apr 29, 2006 9:27 am

Port scanning is illegal.

In Poland no one care about it

naatten · Post by **naatten** » Tue Jun 06, 2006 3:26 pm

guess who "teh wanan tahst"