Quote:Original post by Bru
i thought of an idea of having those files also in the server side, and when the client tries to connect, force the client to randomly check some bytes(their data and location in the file) in some files, and send it to the server to check if these bytes have the same data and are in the same location in the file. it's a little costy if you have alot of files. if might not work if the files are slightly modified, but only way to pass it i can think of is reverse engineering the client.
what do you think about it?
Reverse engineering a client is easy-ish, since you control its environment anyway.
If you mean the client to refuse running if the server's answer is negative, then it's very easy to circumvent: just disassemble the executable and change the jump instruction.
If you mean the server to refuse the connection if the client notifies it that the files have changed, I can see two easy way to work around that. Either hack the client to always tell the server that the files haven't changed, or just hack the client (again) to make the check against the original files, while using the modified files during the actual playing of the game. That would work with checksums as well (just record the checksums of the original files and send that instead of the current checksums).
It's also possible to simply reverse-engineer the protocol and to write a small application proxy that'll sit between the application and the server, thus avoiding the need to disassemble the client altogether. DLL injection can also be used to override some functions.
Really, there's no way to protect that data.