Jump to content
Tuts 4 You

Looking for a guy who can protect my program.


Kenny

Recommended Posts

Posted

Hi, i'm searching for someone good in protectors.

I have a MMORPG game and i want to protect codes, to block hacks etc..  All hacks it's injected via dll injection etc..

I will exlain more in private. I can pay for this, no problem. :)

Please move this topic intro a good section;

  • 5 months later...
Posted

Are you still looking for this? Have you looked for commercial protectors that bring security to MMORPGs with secure connections and such?

  • 4 months later...
Posted

Up, still search.

 

 

On 08.09.2016 at 10:37 PM, 0xNOP said:

Are you still looking for this? Have you looked for commercial protectors that bring security to MMORPGs with secure connections and such?

 

Posted

You are never going to stop hackers from messing with and manipulating your game. That is something you are going to really need to put your mindset to when working on your game and how you design it. It is extremely important that you understand what should and should not be handled by the server, and what should and should not be handled by the client. Ideally, you are going to basically want everything to be done on the server and the game client doing nothing but being a visual representation of the data being sent to it. Small checks and balances can happen in the client to help reduce stress on the server, but the server needs to be the master of data and computations that affect the game world. 

Here are some examples of what I mean:

Using Items / Skills

When the client attempts to use an item, it should be a request to the server asking 'can I use this item?'. The server should handle all validations on the request, the client should not have any say in the matter. When the client sends the "item use" request, the server should be validating multiple things, such as:

  • Does the player even have the item being requested for use?
  • Does the player meet all proper requirements to use the item? (Level, Class/Job restrictions, etc.)
  • Is the item locked or within a container that the item can be used from?

The server should then send a response if the player was able to use the item or not. At this point there could be a cooldown to prevent the item from being used again for a period of time. This is where you could have a limit in the client, a delay to prevent the client from spamming that same request again until the delay is gone in the client. However, it is important that if the delay is bypassed, that the validation is still happening entirely on the server to prevent the user from using the item more than once etc.

Selling Items To Vendors

A popular method of duplicating items or selling things more than once is using lag while selling items to a vendor. It is vital that your game client is validating the data being sent to the server when the player attempts to sell an item to the vendor. Keeping track of things such as by a slot index, item id (unique to the item itself in the players inventory), timestamps and such are all helpful in terms of preventing spam selling the same item. It is also important to have checks on the server to ensure things such as:

  • Does the player even have the item they are trying to sell?
  • Does the item being sold match what the server thinks is in the players inventory at the given slot?
  • Is the item even sellable?
  • Is the item locked in some manner from being sold, moved, etc out of the players inventory.

Skill Cooldowns

Another popular type of hack is hacking skill cooldowns and usage on Korean type of MMOs. There is often a huge lack of security in terms of validating the players attempt to use the skill. You need to be sure to check that the user has the skill, is able to use it at the current time (ie. restrictions in zone, area, level, race/class/job, etc.) as well as if other requirements are met, such as MP/HP costs, item requirements etc. 

Damage / Attacking Entities

The client should request to do something and have the server validate if its ok. The client should never be telling the server what to do without any checks in place. When a player attacks an enemy everything involving that attack request should be validated by the server.

  • Is the player close enough to hit the enemy? 
  • Is the target even able to be attacked?
  • Is the attack type being performed valid for the player?

Absolutely no calculations for damage or battle should be done on the client. The server should be performing all of the calculations for combat.

 

Overall your ideal situation is to create a protocol where the client requests to do things, and the server validates it and responds with yes/no type responses. There are situations where you will not be able to fully do this, such as movement. It is extremely intensive to sync every clients movement position in the world and ensure that they are not hacking/speed hacking/teleporting/warping etc. It is very resource intensive to do and is often where a lot of games do not have many restrictions. 

But it does not mean its impossible to detect or to prevent. You can (fairly easily) predict movement within your game world and determine if the players previous position is within a valid range of movement to their next location. You can also setup hidden zones on the server that can detect and check for large movement jumps or major adjustments in speed that are uncommon for your control system. 

 

One big thing to keep in mind as well is, for MMORPGs, is that people are mostly going to be botting. Replicating game play to do things over and over automatically is the biggest thing you are going to be dealing with. Targeted hacking such as trying to change HP/MP, gold amounts, items etc. are less common if the game is well programmed as those types of things are not going to be possible. You're going to have to keep an eye out for exploits, more or less due to shortcuts in code that cause unexpected results when something happens etc.

 

 

Ultimately, it is all depending on what you are trying to protect from and how things are coded in your game. If you want to go into specifics, I can ask more specific questions about your game and give you feedback based on it. But the bottom line is no matter how good of an anti-cheat you make/get, it will only be as good as the underlying code is to protect from things that get around it. Think of it as putting a bandaid over an open wound. You are not fixing the problem, but just putting a layer between the elements (in this case, hackers) and the problem. It is vital that your game is coded in a way it deters hacking from the start.

 

I hack MMOs for a living and have a pretty good amount of experience with a large amount of games both western and eastern from various countries. I've seen a vast amount of different ways developers try to protect from things as well as anti-cheat systems used to attempt to automatically detect cheaters. I code programs that do a various number of things from simple tasks such as automating key presses and monitoring in-game stats to use items like potions and such automatically, all the way to more in-depth hooks that take advantage of exploits, flaws in various systems, packet injection, etc. I am more than willing to share my knowledge if you have any questions. 

 

 

  • Like 4

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...