Antihack

[TGSlp]

Hey. I have a big problem.

I made a game with the 3.0 source. But now the problem. I can't share it because it's not safe.. i have a good fried who knows asm, packet analyzing etc. And i let him test his skills on my client. Result: He made a working Tradehack and more things. TCP is not safe i think. So what can i do? For sure i can pack the binary with themida or other packers but he can still edit packets and snd them to my server.

No idea how to make it mlre safe? Thanks :)

[lexkymbeth]

I thought this was secure with packets, the id's always change, checks are done server side…

Trade hack, what is that? Do more checks in the code would be my way of securing, like make sure everything is right before doing something...

If by trade hack you mean open up trade with another player this is not a hack its just replicating clicking the trade button O.o

[Richy420Rich]

Uh, the program (packets and all) are open sourced so no, it's not safe lol. You'd have to rename/reorder packet ids around before closed releases. Not sure why anyone would bother to hack an eclipse game though, it's more lame than game.

[lexkymbeth]

The packet ID is not the same as what you think, the packet sends the number in data to the client for what information it has, such as sending a message to the server (Lets say in the server the handler for messages is 1) the socket would be with data (1, "Message here") the server would then handle it as a message because of the first number. I think eclipse rejects wrong packet numbers (Not 100% right on this one?) so that it can not be manipulated unless stopped and edited before sending (Can't create/resend packets, they time out)

When the server sends to the client its not the same, you can send the same packet to the client, don't think its protected from there…?

If you change the numbers on the server of each handler someone could just figure out with the data that is sent to the server (The first long in the data)/

This is how I interpreted the networking from the code I could be wrong!

[ArchaicOokami]

EO uses byte data, which yeah can be grabbed but doesnt do much good to play with, and the use of the enums meens that if they try to get packet id's they are only numbers. Reordering the enum data in a closed source app(where no one else has ever seen your order) can ensure no body knows the exact packets ids. 

As far as trade hack and many other issues though, its not because of the network and they dont exactly need packet sniffers and hex editors to do the job. Eclipse Origins was built in a mannor that relys on the clients data to be sent honestly sometimes, which meens editing active data (which is data inside the actual app not the packets themselves) using something like cheat engine does have its ways of modifying some things which the client formats and sends on its own after tampering. About the relying on client to be honest, this is in such cases where the client can take a little of the work doing some math and checks(such as if theres a block in the way or not… i believe thats fixed but its an example) and then lets the client handle okay we cant move, or we can... and then the client after the check decides whether appropriate to send the packet. the server, trusts the client that it did its check and came up with the space is free then skips rechecking itself and then just moving the player. again thats an example of how it would work but as far as that specific exploit, i do believe since origins came around that security was fixed.

As for the tradehack, thats not exactly news, in fact its only because of security server sided like many things, where it either doesnt have a hack check(data being impossible values or a player not having the proper developer status to perform certain actions) as well as some unfinished code that ended up not performing updates on all participating players ends of what 1 player sends to the server allowing trickery... the tradehack there were a couple of fix tutorials so people couldnt scam and such like many things. Bugs even for the oldest editions of the engine sadly people still manage to find after all this time.

Again, making sure your server has the proper checks though is what makes or breaks the hackers ability to modify your game.