EOSERV Forum > Game Development > MMO Protect against packet sniffers
Page: << 1 >>
MMO Protect against packet sniffers
Author Message
Post #199753 MMO Protect against packet sniffers

Ok so I am helping a friend of mine who is in the making of an mmorpg as of right now. he was able to hide sensitive data to packet sniffers. there is this one thing that we can not figure out. when recording the packets for dropping an item (receiv/receivfrom only) a player can sniff those packets and send them continuously to spam the server causing it to crash. we have tried debugging the server but to no avail have we figured a way to solve the issue. what can we do to go about stopping sniffers entirely so no data gets through if possible?

7 years, 51 weeks ago
Post #199754 Re: MMO Protect against packet sniffers

Eww you should have some limitation for the maximum packets a player could send in a specific time.
This is not a way to prevent anyone from sniffing what he/she wants by just only protecting your game from dll injections.....
Anyone could find out what's he/she sending or receiving because it's their network adapter. 
If you are doing a real MMO with serious shit, use a game guard that would close the game when a player opens any hack tool.
It should does the following :
1-Know when a process is launched.
2-Scan the memory of this process for bad strings or anything to filter wpepro , wireshark..etc.
3-Send the fag straight to hell.

But this is not  a perfect way to stop professionals. this will only stop amateurs.
Pros will be able to get rid of your game guard easily , In the end you will need to fortify the server side[Nice encryption method]. 

---
Remember when is not an organization nor a fucking group , it's simply an idea that we believe in
and live for.
The priority of Remember when should come before oxygen , as oxygen is cosmetic even life itself is
cosmetic,that's why offer our worthless lives to The "Remember when"
7 years, 51 weeks ago
Post #199755 Re: MMO Protect against packet sniffers

The basic way to defend against packet replaying is to put a sequence marker in each packet, and have the server ignore packets that aren't in sequence. That can easily be defeated by even WPE which has the option to increment a byte for each send. If you used pretty much any kind of stream encryption for your communication, sequence would be enforced implicitly and be resistant to simple programs like WPE.

Ideally though you want your server to not break regardless of what's being sent to it. All your attempts to defend against packet tampering will be defeated at some point, assuming you attract enough players.

Not only do you have to fix the reason for your server crashing because of all the items being dropped, you should also ideally limit the rate at which inputs from players are processed (only dropping one item every 100ms might be considered a reasonable rate).

7 years, 51 weeks ago
Post #199756 Re: MMO Protect against packet sniffers
Sausage posted: (11th Apr 2016, 07:22 am)

The basic way to defend against packet replaying is to put a sequence marker in each packet, and have the server ignore packets that aren't in sequence. That can easily be defeated by even WPE which has the option to increment a byte for each send. If you used pretty much any kind of stream encryption for your communication, sequence would be enforced implicitly and be resistant to simple programs like WPE.

Ideally though you want your server to not break regardless of what's being sent to it. All your attempts to defend against packet tampering will be defeated at some point, assuming you attract enough players.

Not only do you have to fix the reason for your server crashing because of all the items being dropped, you should also ideally limit the rate at which inputs from players are processed (only dropping one item every 100ms might be considered a reasonable rate).


Sausage is on the money here, you should always assume that whatever "protection" you have is already broken. Ultimately, things that smack down WPE and other basic programs are just basic deterrents for amateurs, critical game mechanics should be protected by internal logical constructs rather than brutish methods like reading people's processes and banning them for having programs open.

Focus on the root problem, not the symptoms. In other words, assume that any old fuck can flood your server with packets whenever they want to, regardless of how god-awful your *game guard* is. Then, plan appropriately (Patching up crash bugs and exploits that could be abused by a flood of packets, for instance), rather than trying to stop the flood from happening in the first place.

---
Want to learn to pixel?
Pixelsource.org
7 years, 51 weeks ago
Post #199757 Re: MMO Protect against packet sniffers

At least game guards work against hacks leechers . It would be perfect to stop trainers and any released tool.

99% of popular mmorpga got it that's why I said if your game is worth it then have it if not it would be useless because you won't be attack by a leecher.

---
Remember when is not an organization nor a fucking group , it's simply an idea that we believe in
and live for.
The priority of Remember when should come before oxygen , as oxygen is cosmetic even life itself is
cosmetic,that's why offer our worthless lives to The "Remember when"
7 years, 51 weeks ago
Post #199759 Re: MMO Protect against packet sniffers

Thank you all for your help. This game is not a small time MMORPG. It is already well known by people and is in its closed alpha stage as of now. I know packet sniffers will always find a way but as of now I at least would like to  find a way to take care of the spamming packets issue. So will game guard at least protect against the spamming of packets? how exactly does game guard work? the more information I have about ways we can prevent packet sniffing the better that way I can inform him of the different measures he may take. once again I greatly appreciate everyone help and will relay this info to my friend and see if it helps him. 

7 years, 51 weeks ago
Post #199760 Re: MMO Protect against packet sniffers
firon posted: (13th Apr 2016, 02:58 am)

Thank you all for your help. This game is not a small time MMORPG. It is already well known by people and is in its closed alpha stage as of now. I know packet sniffers will always find a way but as of now I at least would like to  find a way to take care of the spamming packets issue. So will game guard at least protect against the spamming of packets? how exactly does game guard work? the more information I have about ways we can prevent packet sniffing the better that way I can inform him of the different measures he may take. once again I greatly appreciate everyone help and will relay this info to my friend and see if it helps him. 


You guys should hire a professional guy for example : Weedindeed.

Here's the conclusion of the former replies :
1-Spamming packets whatever they are should not crash your server whatever these packets are or how fast they are being sent or how many times they were sent.(Fix this bug)
2-People should not be able to flood packets , they should be disconnected once they sent a maximum number of packets per a specific time.
plus you shouldn't expect people to send a login packet when they are already logged in!
3-If people at anytime figured your encryption method they should not do any harm to your server if everything were handled correctly from the server side.If it happened that  would leave you with something called "Bots".They are various techniques to deal with bots..
4-The purpose of game guards to stop hacks users not creators actually, 

A game guard should monitor the action of starting a process or using certain winapi functions like key input or move mouse etc, it should also prevent reading/writing the memory of your game process.

The User should be disconnected From Both The Server And The Client when his game guard become disabled(closed or modified ..etc)
The important part is to disconnect the user from the server side because it's easy to fake the client.
Here's something i found on the internet :
---------------------------------------------------------------------------------------

The server sends out four DWORDs to the game client at

random intervals (index, value1, value2, value3). The game

client takes these values and sends them to GameMon.des (the

process of GameGuard) through a pipe.

GameMon.des then takes these values and runs them through

an algorithm and sends them back to the game through the

same pipe. After this is done, the game then sends the new

values to the server.

The server checks the values to make sure they are the correct

response to the values it had originally sent the game client. If

so, this process is repeated after a given time.

However, if the game client sends the wrong values or doesn't

send any at all, the server will disconnect the client because

evidently, GameGuard was not running on the client.

-------------------------------------------------------------------------------------------

therefore your GameGuard should be packed tightly to protect your algorithm.



---
Remember when is not an organization nor a fucking group , it's simply an idea that we believe in
and live for.
The priority of Remember when should come before oxygen , as oxygen is cosmetic even life itself is
cosmetic,that's why offer our worthless lives to The "Remember when"
7 years, 51 weeks ago
Post #199761 Re: MMO Protect against packet sniffers

What kind of advice is that? Hey kids, lets add something like, idk, a rootkit to your game client so that no one can hack it. Well first of all, GameGuard has already had its share of exploits. Really what needs to happen is the server must be designed to accept inputs at near-human intervals, and there should be some event sequence counters in place to ensure that the client isn't misbehaving against the server expectations.

GameGuard and other shitware of the like are more likely to cause problems for the end-user's play experience or just overall machine performance when running, not to mention it too can be beat, not to further mention a few mmo companies that were convinced by the GameGuard hoax have actually dropped it, not to even further mention end users hate it because it runs in the background on their PC, invisibly, regardless of game closing, forever, even after game uninstall.

GameGuard = GameGarbage that nobody fucking wants on their machine.


Edit: I found you a whole discussion thread on why GameGuard is so shitty here.

7 years, 51 weeks ago
Post #199762 Re: MMO Protect against packet sniffers

I m the first to oppose 3rd parties shit but since he's doing a serious project not an eoserv punk that will end hacking people with his game, it's ok then...plus it was the last advice to give out.

The same poison used to kill is also used to make the antidote that cures.

---
Remember when is not an organization nor a fucking group , it's simply an idea that we believe in
and live for.
The priority of Remember when should come before oxygen , as oxygen is cosmetic even life itself is
cosmetic,that's why offer our worthless lives to The "Remember when"
7 years, 51 weeks ago
Post #199763 Re: MMO Protect against packet sniffers

Same rules apply to any game using online communication protocols, regardless if it is EOSERV or homebrew nonsense. I guess it doesn't matter though because in the last 7 years this community has generated zero server/client built from scratch games. That said, if one did have the know how to put together such a project I am pretty sure they could figure out how to enforce a few rules to make hacks fairly pointless. As far as something running in the background that just turns shit off at random on my machine because some game development team can't write a better backend program, fuck that.

7 years, 51 weeks ago
Post #199765 Re: MMO Protect against packet sniffers

"a player can sniff those packets and send them continuously to spam the server causing it to crash. we have tried debugging the server but to no avail have we figured a way to solve the issue."

Debugging the server? Are you guys even the programmers of the server? Are you using some "server builder" and have little real programming experience?

The only way to protect yourself against packet sniffers is programming smart on the server end. Don't program just so that it works, program considering all the possible kinds of input that can be received, and make it so that only the input which is expected, is then accepted as valid. Keep any settings you need in config class files, so that you can edit them if you change the way your game client sends input to the server.


The reason this is the only way is because once you put your game client on another person's computer, the state can no longer be known 100%. The end user could have done ANYTHING to the game client, and his operating system can be affecting the game's environment in any way. If a professional wants to 100% hack your game, they will figure out how to make it seem like they haven't hacked the game, on their computer's side. Because quite frankly your game client runs inside a program on the person's computer. The person could have modified that program in any way. You never ever know.

---
I not hacker

“Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its
whole life believing that it is stupid.” - Albert Einstein : Really Great Quote Ramy!
7 years, 50 weeks ago
Page: << 1 >>

EOSERV Forum > Game Development > MMO Protect against packet sniffers