| Author | Message | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|  MMO Protect against packet sniffers
Ok so I am helping a friend of mine who is in the making of an mmorpg as of right now. he was able to hide sensitive data to packet sniffers. there is this one thing that we can not figure out. when recording the packets for dropping an item (receiv/receivfrom only) a player can sniff those packets and send them continuously to spam the server causing it to crash. we have tried debugging the server but to no avail have we figured a way to solve the issue. what can we do to go about stopping sniffers entirely so no data gets through if possible?
|
| Re: MMO Protect against packet sniffers
Eww you should have some limitation for the maximum packets a player could send in a specific time. --- Remember when is not an organization nor a fucking group , it's simply an idea that we believe in and live for. The priority of Remember when should come before oxygen , as oxygen is cosmetic even life itself is cosmetic,that's why offer our worthless lives to The "Remember when"
|
| Re: MMO Protect against packet sniffers
The basic way to defend against packet replaying is to put a sequence marker in each packet, and have the server ignore packets that aren't in sequence. That can easily be defeated by even WPE which has the option to increment a byte for each send. If you used pretty much any kind of stream
encryption for your communication, sequence would be enforced implicitly and be resistant to simple programs like WPE. Ideally though you want your server to not break regardless of what's being sent to it. All your attempts to defend against packet tampering will be defeated at some point, assuming you attract enough players. Not only do you have to fix the reason for your server crashing because of all the items being dropped, you should also ideally limit the rate at which inputs from players are processed (only dropping one item every 100ms might be considered a reasonable rate).
|
| Re: MMO Protect against packet sniffers
Sausage posted: (11th Apr 2016, 07:22 am) Sausage is on the money here, you should always assume that whatever "protection" you have is already broken. Ultimately, things that smack down WPE and other basic programs are just basic deterrents for amateurs, critical game mechanics should be protected by internal logical constructs rather than brutish methods like reading people's processes and banning them for having programs open. Focus on the root problem, not the symptoms. In other words, assume that any old fuck can flood your server with packets whenever they want to, regardless of how god-awful your *game guard* is. Then, plan appropriately (Patching up crash bugs and exploits that could be abused by a flood of packets, for instance), rather than trying to stop the flood from happening in the first place. --- Want to learn to pixel? Pixelsource.org
|
| Re: MMO Protect against packet sniffers
At least game guards work against hacks leechers . It would be perfect to stop trainers and any released tool. 99% of popular mmorpga got it that's why I said if your game is worth it then have it if not it would be useless because you won't be attack by a leecher. --- Remember when is not an organization nor a fucking group , it's simply an idea that we believe in and live for. The priority of Remember when should come before oxygen , as oxygen is cosmetic even life itself is cosmetic,that's why offer our worthless lives to The "Remember when"
|
| Re: MMO Protect against packet sniffers
Thank you all for your help. This game is not a small time MMORPG. It is already well known by people and is in its closed alpha stage as of now. I know packet sniffers will always find a way but as of now I at least would like to find a way to take care of the spamming packets issue. So will game guard at least protect against the spamming of packets? how exactly does game guard work? the more information I have about ways we can prevent packet sniffing the better that way I can inform him of the different measures he may take. once again I greatly appreciate everyone help and will relay this info to my friend and see if it helps him.
|
| Re: MMO Protect against packet sniffers
firon posted: (13th Apr 2016, 02:58 am) You guys should hire a professional guy for example : Weedindeed. Here's the conclusion of the former replies : 1-Spamming packets whatever they are should not crash your server whatever these packets are or how fast they are being sent or how many times they were sent.(Fix this bug) 2-People should not be able to flood packets , they should be disconnected once they sent a maximum number of packets per a specific time. plus you shouldn't expect people to send a login packet when they are already logged in! 3-If people at anytime figured your encryption method they should not do any harm to your server if everything were handled correctly from the server side.If it happened that would leave you with something called "Bots".They are various techniques to deal with bots.. 4-The purpose of game guards to stop hacks users not creators actually, A game guard should monitor the action of starting a process or using certain winapi functions like key input or move mouse etc, it should also prevent reading/writing the memory of your game process. The User should be disconnected From Both The Server And The Client when his game guard become disabled(closed or modified ..etc) The important part is to disconnect the user from the server side because it's easy to fake the client. Here's something i found on the internet : --------------------------------------------------------------------------------------- The server sends out four DWORDs to the game client at random intervals (index, value1, value2, value3). The game client takes these values and sends them to GameMon.des (the process of GameGuard) through a pipe. GameMon.des then takes these values and runs them through an algorithm and sends them back to the game through the same pipe. After this is done, the game then sends the new values to the server. The server checks the values to make sure they are the correct response to the values it had originally sent the game client. If so, this process is repeated after a given time. However, if the game client sends the wrong values or doesn't send any at all, the server will disconnect the client because evidently, GameGuard was not running on the client. --- Remember when is not an organization nor a fucking group , it's simply an idea that we believe in and live for. The priority of Remember when should come before oxygen , as oxygen is cosmetic even life itself is cosmetic,that's why offer our worthless lives to The "Remember when"
|
| Re: MMO Protect against packet sniffers
What kind of advice is that? Hey kids, lets add something like, idk, a rootkit to your game client so that no one can hack it. Well first of all, GameGuard has already had its share of exploits. Really what needs to happen is the server must be designed to accept inputs at near-human intervals, and there should be some event sequence counters in place to ensure that the client isn't misbehaving against the server expectations. GameGuard and other shitware of the like are more likely to cause problems for the end-user's play experience or just overall machine performance when running, not to mention it too can be beat, not to further mention a few mmo companies that were convinced by the GameGuard hoax have actually dropped it, not to even further mention end users hate it because it runs in the background on their PC, invisibly, regardless of game closing, forever, even after game uninstall. GameGuard = GameGarbage that nobody fucking wants on their machine. Edit: I found you a whole discussion thread on why GameGuard is so shitty here.
|
| Re: MMO Protect against packet sniffers
I m the first to oppose 3rd parties shit but since he's doing a serious project not an eoserv punk that will end hacking people with his game, it's ok then...plus it was the last advice to give out. --- Remember when is not an organization nor a fucking group , it's simply an idea that we believe in and live for. The priority of Remember when should come before oxygen , as oxygen is cosmetic even life itself is cosmetic,that's why offer our worthless lives to The "Remember when"
|
| Re: MMO Protect against packet sniffers
Same rules apply to any game using online communication protocols, regardless if it is EOSERV or homebrew nonsense. I guess it doesn't matter though because in the last 7 years this community has generated zero server/client built from scratch games. That said, if one did have the know how to
put together such a project I am pretty sure they could figure out how to enforce a few rules to make hacks fairly pointless. As far as something running in the background that just turns shit off at random on my machine because some game development team can't write a better backend program,
fuck that.
|
| Re: MMO Protect against packet sniffers
"a player can sniff those packets and send them continuously to spam the server causing it to crash. we have tried debugging the server but to no avail have we figured a way to solve the issue." The reason this is the only way is because once you put your game client on another person's computer, the state can no longer be known 100%. The end user could have done ANYTHING to the game client, and his operating system can be affecting the game's environment in any way. If a professional
wants to 100% hack your game, they will figure out how to make it seem like they haven't hacked the game, on their computer's side. Because quite frankly your game client runs inside a program on the person's computer. The person could have modified that program in any way. You never ever
know. --- I not hacker “Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid.†- Albert Einstein : Really Great Quote Ramy! |
