Archived

This topic is now archived and is closed to further replies.

How's this for a hard-to-hack scheme?

This topic is 5586 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

The server compiles new client executables all the time. These executables only differ from each other in how they communicate with the server. And maybe by some redundant code so that each executable has different file size. When the player (client) logs on, the server sends him the client executable. Now the server expects the player to communicate with it by using that executable''s specific communication codes. So the player can''t use any hacked executables, because they''d communicate with the server differently. To hack this, one would need to edit every new executable one gets from the server. Or maybe there are some other loopholes in this scheme; that''s for you to fiqure out

Share this post


Link to post
Share on other sites
Not sure, but I don''t think that it differs if it''s a serial, key, executable, or a car. The same principles apply, just a bit more complicated.

Your scheme would just be a sort of encryption. What does the client need to do to persuade the server to give it the exe? I guess it''s there the big hole would be. Otherwise, it''s pretty much as plain SSL where both parties agree on an encryption scheme/key which they (en|de)crypt the data with, after authentication taken place.

Though, I must say it sounds interesting (I like that sort of stuff too ), but I''m afraid you just would overload the server''s processing power compiling and it''s bandwidth pushing execs.

Share this post


Link to post
Share on other sites
Well, if I were playing the game I''d hate to have to download a new program every time I go to play. That would be such a pain. You could send a dll file though. The problem with that though is that the program could intercept the dll and read what''s inside to look for the new codes. But an executable would be better because the new codes could be anywhere in the executable and it would be very difficult to find them. Overall it''s a good idea. You just need to keep most of the game-processing code external from the sent executable. And the sent executable should be very small (ie 100-kb).

---
My Site-My Tetris Clone w/Source
Come join us on IRC in #directxdev @ irc.afternet.org

Share this post


Link to post
Share on other sites
It would, I think, be much safer to use the entire exe (or dll) as an encryption key instead. Let''s have a file size of, say, 100 kb, that would give us some 819,600 bits encryption. Wrap that around a few layers and we got ourself a real hardie

Share this post


Link to post
Share on other sites
I think, you don''t need send executable code, only part of them.

For example send dll with new crypt/encrypt functions and keys.
You can change everytime crypting mechanism is server and it''s send to client and in comunicated protocols put some holes for checking new code.

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
quote:
Original post by Ramsess
I think, you don''t need send executable code, only part of them.

For example send dll with new crypt/encrypt functions and keys.
You can change everytime crypting mechanism is server and it''s send to client and in comunicated protocols put some holes for checking new code.




Still easy to hack the client app, though. Who cares if network communications are secure if the client''s sending bogus info in the first place?

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
Couldn''t someone just figure out how to hack one EXE and distribute that to anyone else who wants to use it?

Share this post


Link to post
Share on other sites
quote:
Original post by Anonymous Poster
Still easy to hack the client app, though. Who cares if network communications are secure if the client''s sending bogus info in the first place?


Every client application can be hacked It''s not hard if you know debugers like softice.

In my practice I get from app. some function code and use it''s code for my programs. (but it''s was only hoby read some crypted data

If evolve my ideas ... one way is everytime changed network protocol and client need download simly function for handle/parsing new protocol.

Share this post


Link to post
Share on other sites
quote:
Original post by Anonymous Poster
Couldn''t someone just figure out how to hack one EXE and distribute that to anyone else who wants to use it?


It''s not hard if your know system programming.
Read docs in hackers site

First exam is hack shared programs which want serial key like WinZip.

But be careful, some programs has protection wich switch to debug your debuger, or use internal timers for antidebug.




Share this post


Link to post
Share on other sites
quote:
Original post by CWizard
What does the client need to do to persuade the server to give it the exe? I guess it's there the big hole would be.

Huh? The client just says "I wanna log on" with some common communication protocol. This phase doesn't need to be crypted in any way. Then the server sends the exe, client runs it and the server expects the client to reply with the communication codes enbedded in the exe.
quote:
Original post by Anonymous Poster
Couldn't someone just figure out how to hack one EXE and distribute that to anyone else who wants to use it?

As I said in the first post "So the player can't use any hacked executables, because they'd communicate with the server differently."
So I think that can't be done. A single hacked EXE is useless.
quote:
Original post by Ramsess
Every client application can be hacked It's not hard if you know debugers like softice.
But AP was right with what he said to you. The point of sending the whole exe is that it doesn't communicate with anything external that *can* be hacked safely. It's a single block of info that needs to be hacked every time you get it from the server. And I don't think your average gamer will start hacking a game with softice every time he connects to a server
quote:
Original post by Beer Hunter
What about the clients who connect to a cracked server?
True.. Those server could send exes that contain viruses or something equally bad. Maybe this scheme would only work for a game with one, trusted central server.

[edited by - civguy on August 30, 2002 3:17:56 AM]

Share this post


Link to post
Share on other sites
You can always hack it.. all you have to do is write an application that intercepts the exe, and modifies bits of code that DON''T change.. i mean. the communication protocol might be diffrent. but the rest of the exe is basically the same.. al you have to do is to search for a unique bit of code where it does something you want to alter. this is sent trough the communication protocol sure, but still it''s altered before this happens. it''s basically as hard as cracking any game. just needs a little more advancec app to do so. so it comes down to that this is still rather useless... still a good idea, but you can''t have infinite diffrent client exes (not even when you add ''random'' data because you can simply skip those parts... and you can''t paste that random data in the middle of the exe.. only at the end)

Share this post


Link to post
Share on other sites
quote:
Original post by The Eternal
You can always hack it..
I know, that''s why the topic wasn''t "impossible-to-hack scheme"
quote:
all you have to do is write an application that intercepts the exe, and modifies bits of code that DON''T change..
You''re right :/.. An application that automatically seeks the parts that don''t change and inserts the hacks there. That wouldn''t even be too hard to make for a moderately experienced hacker.

But I got an improvement idea: when the server compiles the exe, it could add some no-op code randomly throughout the whole exe. It would make the exe run maybe 50% slower though, and one would need to make a new compiler specially designed for this purpose . But then there wouldn''t be any kind of easy generic patterns for the hacker to seek. It would be *very* hard to hack I think...
quote:
so it comes down to that this is still rather useless...
Nah, I wouldn''t be so hasty in saying that this kind of protection schemes are useless. The more complex it is to make a cheat in a game, the less willing hackers are to do it.
quote:
and you can''t paste that random data in the middle of the exe.. only at the end
Why not? The exes are compiled after all.

Share this post


Link to post
Share on other sites
quote:
Original post by civguy
The more complex it is to make a cheat in a game, the less willing hackers are to do it.



There will always be hackers willing to do it - the harder you make it the more they will relish the challenge

However, if your aim is to prevent "joe-average" from being able to cheat/hack at the game then that''s no bad target.

The main focus there would be the prevention of tools for hacking/cheating - if you can force it so there is no way a hacker can write a program and distribute it to do a certain hack, then joe-average is stuffed because they don''t have the skillset to do the advanced hacking on the fly, by hand.

-Mezz

Share this post


Link to post
Share on other sites
The one problem I see with this is that people can still hack their graphics library files and create wallhacks and aimbots. Hacking network communications is the old way of doing things. Now hackers just create shims that intercept graphic function calls.

Share this post


Link to post
Share on other sites