Jump to content
  • Sign Up
  • 0
skempertush

How secure will my server be?

Asked by skempertush

Question

9 answers to this question

Recommended Posts

  • 0

Vy Low    11

Vy Low
Posted

Hi,

 

If I enable PacketObfuscation, MD5 Hash, SecureGRF, Embedded Data.ini

Will my server still have exploits? What are those and how to prevent them?

just host your site/server to non shared hosting and everything will be just fine

Share this post

Link to post
Share on other sites
  • 0

Litro    45

Litro
Posted

Q: Still have exploits ?

A: Yes

 

Q: What are those and how to prevent them?

A: a loot to put it in detail

 

some of them is:

1. Packet Hack, since you set packet obfuscation you could avoid it and the way to make it avail again is to tamper the client but you have set the MD5 Hash check for the client at least for minimum standart you have it already

2. Sprite edit (0 delay) it was headache if you didn't have a game guard to check the integrity of grf file

3. Macro, Bot, Visual Bot

 

Point 2 and 3 for now you only can have a game guard to prevent it but even you have it no 100% guarante it will protect perfectly since there is always way found to fool the guard and worse it was the how to fool the guard is available in the net for free.

Share this post

Link to post
Share on other sites
  • 0

Garr    117

Garr
Posted (edited)

Well, actually, since he'll use password protected GRF and embedded data.ini he should be safe from 0delay grf as long as a) he doesn't release his grf without pass and B) he doubles proper animation files inside his grf.

 

Packet Obfuscation will make it way harder to WPE spam packets, and MD5 hash will prevent people from diffing your client further. I'd say get some more protection to prevent bots/macros, and you're pretty good to go.

Edited by Garr

Share this post

Link to post
Share on other sites
  • 0

skempertush    0

skempertush
Posted

Q: Still have exploits ?

A: Yes

 

Q: What are those and how to prevent them?

A: a loot to put it in detail

 

some of them is:

1. Packet Hack, since you set packet obfuscation you could avoid it and the way to make it avail again is to tamper the client but you have set the MD5 Hash check for the client at least for minimum standart you have it already

2. Sprite edit (0 delay) it was headache if you didn't have a game guard to check the integrity of grf file

3. Macro, Bot, Visual Bot

 

Point 2 and 3 for now you only can have a game guard to prevent it but even you have it no 100% guarante it will protect perfectly since there is always way found to fool the guard and worse it was the how to fool the guard is available in the net for free.

VisualBot, can it by-pass the botcheck script?

 

Correct me if I'm wrong but. 0delaysprite.grf is still just a regular sprite, the only difference is it has NoAnimation for delay. Since MyServerGRF is secured, why not I get those WithAnimation sprites to MyServerGRF so regardless of what they would do to their data.grf it will still have it's animation because the first to read is MyServerGRF. My problem is what are those sprites....

 

Well, actually, since he'll use password protected GRF and embedded data.ini he should be safe from 0delay grf as long as a) he doesn't release his grf without pass and B) he doubles proper animation files inside his grf.

 

Packet Obfuscation will make it way harder to WPE spam packets, and MD5 hash will prevent people from diffing your client further. I'd say get some more protection to prevent bots/macros, and you're pretty good to go.

I'm also thinking about getting those WithDelaySprites on my SecuredGRF. My problem is what are those sprites...

Share this post

Link to post
Share on other sites
  • 0

Litro    45

Litro
Posted

VisualBot, can it by-pass the botcheck script?

 

i never have visual bot, but i think visual bot can't do it againts script check,

 

Correct me if I'm wrong but. 0delaysprite.grf is still just a regular sprite, the only difference is it has NoAnimation for delay. Since MyServerGRF is secured, why not I get those WithAnimation sprites to MyServerGRF so regardless of what they would do to their data.grf it will still have it's animation because the first to read is MyServerGRF. My problem is what are those sprites....

I'm also thinking about getting those WithDelaySprites on my SecuredGRF. My problem is what are those sprites...

 

even you embed data.ini into your exe those way just can fool average cheater or leecher, but from what my experience from 130 player i have 15 of them can see through it

 

this is the work around with out integrity check if the player can tell the priority of grfs he can just merge (oh yes the secureed grf is not to get extracted data but you can still merge / add file in to it) the edited sprite on the 1st grf not data grf (data.grf & rdata.grf always come last), so it will come back to check the integrity of grfs file, yes ? open patcher -> clikc start game -> compare the grf to the server if match open the exe, if not dont open it don't give the player notice about it let them think the exe was failed because their file

Share this post

Link to post
Share on other sites
  • 0

skempertush    0

skempertush
Posted

 

VisualBot, can it by-pass the botcheck script?

 

i never have visual bot, but i think visual bot can't do it againts script check,

 

>Correct me if I'm wrong but. 0delaysprite.grf is still just a regular sprite, the only difference is it has NoAnimation for delay. Since MyServerGRF is secured, why not I get those WithAnimation sprites to MyServerGRF so regardless of what they would do to their data.grf it will still have it's animation because the first to read is MyServerGRF. My problem is what are those sprites....

I'm also thinking about getting those WithDelaySprites on my SecuredGRF. My problem is what are those sprites...

 

even you embed data.ini into your exe those way just can fool average cheater or leecher, but from what my experience from 130 player i have 15 of them can see through it

 

this is the work around with out integrity check if the player can tell the priority of grfs he can just merge (oh yes the secureed grf is not to get extracted data but you can still merge / add file in to it) the edited sprite on the 1st grf not data grf (data.grf & rdata.grf always come last), so it will come back to check the integrity of grfs file, yes ? open patcher -> clikc start game -> compare the grf to the server if match open the exe, if not dont open it don't give the player notice about it let them think the exe was failed because their file

 

How do I integrity check on patcher?

Share this post

Link to post
Share on other sites
  • 0

Litro    45

Litro
Posted (edited)

no patcher have a feature like that for now, the only way available is using game guard

 

OOT there is a launcher that will just (didn't have compare feature) make a file and listing all md5 files in current folder, i hope some one can make it for free release

Edited by Litro

Share this post

Link to post
Share on other sites
  • 0

skempertush    0

skempertush
Posted

no patcher have a feature like that for now, the only way available is using game guard

 

OOT there is a launcher that will just (didn't have compare feature) make a file and listing all md5 files in current folder, i hope some one can make it for free release

I saw the file... Yeah it will be useful if he released the source, so we can hardcode the MD5.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Go To Question Listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept