There are many of those -.-snoopy81 wrote: I even found a feature sent by client not used server side !
Surprise
<img src='http://ic1.deviantart.com/fs11/i/2006/1 ... leroth.gif' border='0' alt='user posted image' />
Many sure:
The interresting ones (for me)
- I found,is that the client sends "sending time" along with many packets, and my server now, use this time for Hack Detection.
- Key is not used by server (CCNCheck message)
The interresting ones (for me)
- I found,is that the client sends "sending time" along with many packets, and my server now, use this time for Hack Detection.
- Key is not used by server (CCNCheck message)
_\_ _<br> / , \__/ . \ Admin of Equilibrium Project<br> II\ \___ . O<br> III \_/ \ _ / <a href='http://www.equiprojet.com' target='_blank'>http://www.equiprojet.com</a><br> II I¯I
Yes, that's why it's possible to cast hack in your server ^^- I found,is that the client sends "sending time" along with many packets, and my server now, use this time for Hack Detection.
<img src='http://ic1.deviantart.com/fs11/i/2006/1 ... leroth.gif' border='0' alt='user posted image' />
The big issue with server time, is that as the function is executed every 300ms, there can be more disturbence. But You can code some timing in the event loop, so timing is beter, but still subject to web's stranges Pings...QUOTE
- I found,is that the client sends "sending time" along with many packets, and my server now, use this time for Hack Detection.
Yes, that's why it's possible to cast hack in your server ^^
For CastHack detection, either you use reception time, but Lag often gives you false alarm; or client's time (subject to strange HB client's frames timing)...
Better use use both...
I meant, not at socket level, but at message processing time, the Key is sent to many functions but unused...QUOTE
Key is not used by server (CCNCheck message)
Why not? How would the server decrypt the packets then?
By checking with previous ones from same client, it's easy to detect a "Packet sender" attack...
_\_ _<br> / , \__/ . \ Admin of Equilibrium Project<br> II\ \___ . O<br> III \_/ \ _ / <a href='http://www.equiprojet.com' target='_blank'>http://www.equiprojet.com</a><br> II I¯I
Yea I don't know why the key is sent along with alot of functions once XSocket is done using it... but saying "Key is not used by server" is false information.
Before any noobs misinterprets the above;
Packets that are send by the server are often encrypted, especially in later versions. Packets send by the client are also often encrypted. The XSocket can encrypt and decrypt packets. The first byte of each Helbreath packet is the key used to decrypt that particular packet.
Before any noobs misinterprets the above;
Packets that are send by the server are often encrypted, especially in later versions. Packets send by the client are also often encrypted. The XSocket can encrypt and decrypt packets. The first byte of each Helbreath packet is the key used to decrypt that particular packet.
Good point here, my apologies.but saying "Key is not used by server" is false information...
Before any noobs misinterprets the above;
Another unused feature, as far as I know, 3.51 client (as 2.20 sources) may use a "Discount" client specific value, unused by both v2.20 and HBx3.51 sources...
I wiil try soon if correctlly working in client, to use it replace the charisma discount that doesn't fit my needs.
_\_ _<br> / , \__/ . \ Admin of Equilibrium Project<br> II\ \___ . O<br> III \_/ \ _ / <a href='http://www.equiprojet.com' target='_blank'>http://www.equiprojet.com</a><br> II I¯I