Questions

**KLS** · #1 07-14-2008, 07:46 PM

Problem with that is the variable would be easy to work around for anyone competent enough to modify the client. Simply connect with the client you want to replicate to your own server see what version it sends to the server and put that secret version in a new version of your client: tada it now has replicated the secret key.

If you add a little basic encryption it makes it harder but not impossible to replicate.

Code:

client-> RequestConnection -> server 
server -> Reply (Including secret key for this connection) -> client
*figure out patches and stuff* if it's a SC patch then:
server -> Challenge -> client
client -> ChallengeReply: SecureHash(SecureHash(variable) + SecretKey)) -> server
server compares clients version to it's own internal hashed version and if they don't match disconnects.

That's pretty basic right there but would probably be enough. Would be harder to get the variable but not impossible because well the binary is in the hands of the enemy and he can simply decompile it to see what the key is, or they could potentially brute force it as well.

I think simple things like server side checks to see if players can do this or do that when they attempt to do something will cover most cases. Collision is the only real problem as it would be difficult to detect serverside. You could put a check in the movement code to see if someone is under the world and track how often it happens, if it happens a lot odds are there's a problem with your zone or someone is cheating. That wouldn't cover all cases though as there would be situations where people would be able to travel through small walls undetected.

One thing that might be an option is using a plugin type system for the various parts of the client, for example network is handled by a network.dll and ui is handled by ui.dll and various core mechanics handled by core.dll etc etc etc, would allow the release and modification of most the client while still keeping sensitive things tucked away in the main binary. Not sure how well that would work with your code though.

chuckltn73 · #2 07-14-2008, 07:56 PM

Brilliant, KLS My compliments.

I agree completely, although I should have been a bit more clear, serverside check of the variables table, in other words the values would have to mach whats stored in the database. If it doesnt well then the client is automaticly kicked from the server.

One option for preventing decompilation is obfuscating it after compilation, but that would have to be something the serverOp does when he or she compiles the client.

I think if someone obfuscates their binary, modularizes the client as kls suggests, and also adds encryption it would probably be as secure as possible.

In truth since simpleclient comes with clearlogin, all the checks could be on via the loginserver with some simple modification. As for the cheating checks perhaps incorperating alot of the MQ additions to the recent servers would do the trick on alot of that, atleast untill SC is compatible with the most recent netcode if ever.

chuckltn73 · #3 07-15-2008, 05:10 PM

A follow up:

the reason I said do these checks loginserver side is because, the ClearLogin is a small app and easy to edit, therefore it would be a small matter to enhance it with these sorts of changes, and would keep the emu server code basicly stock, so it would cut down on the editing the serverOp needs to do in order to get it up and running

chuckltn73 · #4 07-15-2008, 07:52 PM

any chance of getting the right click look around working? would makle life alot simpler

Darkriderone · #5 07-16-2008, 01:56 AM

Well I have been interested in SC for some time, because it gives me a chance to design a world thats not based on Sony, doesn't require Eqclient in anyway and I don't have to make a copy eqserver 1001 of servers already out there.

I was joyed to be able to make new zones for people to explore, new mobs for people to see, there were enough really good eq-based servers out there. With SC I could have my own updater for files, and released new zones.

But in the end I respect Wind for the work and effort he has done with SC, I'm hoping to pitch in with help adding or pointing fixes or tweaks, and if he would like it to remain closed-source I'm willing to back him on that.

*wisper in wind's ear* opensource, opensource, opensource...

Sorry I'm no soultry siren...

chuckltn73 · #6 07-16-2008, 02:05 AM

I completely agree, it is his project so in the end its his call, I personally hope the source is shared, but if not well thats his decision. As I understand it he does WANT to release it but is concerned about the cheating aspect, but I think alot of good ideas for combatting that particular issue have been shared so now we just got to wait for his word on it.

On a side note, guilds are a bit buggy with it but work with 0.6.0-dr2,Merchants dont seem to want to sell me anything on my server though, I get a message saying that item is only for display blah blah...

Other then that though aside from some small bugs/annoyances it works great. I for one am excited to see what kinds of new versions people would come up with if the source was opened.

Oh and hopefully *Crosses fingers* I should have a clearlogin with mysql authentication ready soon I am just having a few issues getting it to talk to mysql properly

chuckltn73 · #7 07-16-2008, 02:07 AM

OH btw for anyone interested I have posted a link to a 0.6.0-dr2 setup of the server with database and the latest SC in the download links thread it works fine thusfar