Server Help

[Smong]

If anyone comes across any bugs in the client/server or wants to submit a feature request they can now do so at: http://tracker.sscentral.com/index.php

If you have any old ideas please add them. It would save me a load of time going through old threads and backup CD's.

Note: This isn't an official tracker.

[Doc Flabby]

are we close to being able to get the client updated???
_________________
Rediscover online gaming. Get Subspace | STF The future...prehaps

[CypherJF]

Great initative Smong! About time we got something like this going.
_________________
Performance is often the art of cheating carefully. - James Gosling

[Smong]

@Flabby
The official client, I don't know.

[Doc Flabby]

I havnt given up trying to hack the official client. First step im trying to do is work out how the exe is packed and unpack it....I might never work t out but at least its getting me to learn some assembly Challenges are always fun.

i have managed to attach a debugger to the continuum process without continuum detecting it and exiting (as in i can play the game with a debugger attached, i have only done this in my own zone obviously dont want an SSC ban!) - i donno if that would help with the ball friction thing or whatever lol.

I can pm you how i did this and some long and boring debug traces/disassemblies i dont understand. I should think with these files and the information on how to attach a debugger it would be possible for someone competent at assembly and such like to reverse egineer the continuum encrptytion. if trusted people want (ie people like minegoboom or similar im not gonna make anything i do "public" i dont want to damange the game, or in otherwords assist in creating another twister....). I just want to try to help the community to contine to develop the game and fix some of the bugs...

[Smong]

How would reversing the encryption let you develop the game?

If you are going to develop the client you should create a new encryption. That way if anything goes wrong we can still fall back to a relatively secure and uncompromised cont38.

BTW ball friction is and has always been in subspace.exe, I found most of the relative routines but got bored halfway through decoding them.

[Doc Flabby]

thats a good point.

What we really need then is to start work on SubSpace 2

new server (or modified asss) and client would be needed.

In order to develop and opensorce client ( however the client will not be licenced under GPL but a different licence for a number of reasons), which would be the prefered way,

Why is opensource prefered, Look at continuum. No one can develop it further now prittk has abandoned it.

The new server would need to track greens,the number of items,position and status of each ship. The server willl only send information on ships you can see. The client will send its resolution to the server when you connect. So if you try to cheat and play at a higher res that allowed it wont help as you wont see any of the enermy, as the server wont sent you the information.

To futher protect the client the offical realiease will encrpyted with a public key (this will not be secret). The data/code required to play continuum will be encryped with this key. Connecting to a server which will contain the offical private key will do a key exchange with the client and run special code on the client to ensure the exe has not been modified. this check can of cource be disabled but this section of code i suggest will be closed source. Bascially if you modify the client you wont be able to connect to any of the main servers only dev or your own servers with they key security disabled.

subspace 2 needs a secure design such that cheating is not possible or/and is very easy to detect by the server. The server can be 100% trusted with regards to gameplay(not passwords but i suggest maybe the players passwords should be encryped with something a lil stronger) TASpring (an open source multiplayer online game) exists in a situation where the server and client both cannot be trusted, yet cheating is very difficult. Its easier to secure continuum so i dont see why it will be a problem. It would however require some heavy modifcation of the server. Basically this would be creating a whole new game.

However backwards compatibiliy is desired in that lvl and lvz should be the same, the work done to extend them. Maps should be downloaded over HTTP to be more efficent.

[Dr Brain]

Flabby, there is one glaring problem with your proposal: lag. If the client knows nothing, then it's going to have to ask the server for simple little things like current position and speed (and if it doesn't, then there is room for cheating).
_________________
Hyperspace Owner

Smong> so long as 99% deaths feel lame it will always be hyperspace to me

[Doc Flabby]

[Dr Brain]

And if there is a slight descrepency? If the client has been hacked to allow the player to go through corner tiles? Would the server really be able to tell the difference between a player that lags a little but still went around and a player that's hacking? The answer is not if you care about smoothness on the client.

You don't even have to go as extreme as wall hacking, you just need to have a client that gives itself a 1% or 2% speed boost to have the whole system collapse.

I wasn't even going to bring load up, but yes, it is an issue. A zone like TW would be impossible with your scheme.

I'm not trying to discourage you, I'm just letting you know WHY cont is closed source. These are the reasons, and they aren't trivial made up reasons either.

[Smong]

Are you going to start making this flabby?

[Doc Flabby]

[Cerium]

Theres already another game thats very similar to SS that IS open source, and they have a number of problems with cheaters who modify the client.

A cheat-proof version of this game would be entirely server-side and laggy as all hell. Every toggle-ability would have to be done server-side, as would damage calculation and position/weapon checks.

Sure, its possible to do all of this; but it means retiring dialup players and requiring very optimized code and a hefty server.
_________________
There are 7 user(s) ignoring me right now.

[Doc Flabby]

i disagree it wouldnt all have to be done server side.

Its about striking a balance. I want people with 56k and pentinums still be able to play. The idea is not to prevent cheating, but to make it easy to detect. People will always cheat.

Something that seems to have been lost in what i said ealier is that an optional check would be created that would enable the server to verify the exe was an "offical" realease and not a modified version. This would be similar to how microsoft can digitally sign binaries to indicate they have not been modified and are orignal from microsoft.

The way i would imagain this would work work there would be a secure key exchange bascially this means the server would give the client a random 256bit code which is combined with a hash of the exe and any dll files. the client would then have to encrypt this code using the servers public key. Only the servers private key can decrypt this. It is decrypted by the server and the random 256bit code known to the server is removed. It then compared the hash of the exe and dll to the hash it is expecting. If they are not the same client is not allowed to connect. The important thing would be to keep the servers private key secret. But of course it would be easy to change the servers key if it was comprimised.

Bascailly im talking about having an open source client that has the same if not higher barrier to hacking it that continuum has, but the best difference is that its open source so it can still be modified.

I do think a few more things should be done server side especially greens.

[Smong]

You know I could use a modified client to run the security checks on legitimate binaries.

Without checking my facts:
I think the way windows driver signing works is MS hashes the driver and encrypts the hash with is private key. Then the OS decrypts the hash with the public key and compares it to a hash of the driver it makes itself. Same applies for X509/SSL/Public key certificates.

To bypass public key certificates you just have to find the one if statement in the assembly listing which decides what to do with hash mismatches.

BTW Doc Flabby, you seem new to the forum scene. I suggest reading this thread at SFN, it will probably answer some stuff and you can make a new thread with new questions:
http://forums.sscentral.com/index.php?showtopic=84

[CypherJF]

Can someone confirm/deny that Infantry used a non-linear memory model for storing data to fight off memory hacks? I thought I read it used a quadratic to scramble the locations where the data is stored client-side.

[Cerium]

That doesnt do a whole lot once you get a program like cheat-engine. It just means re-searching for the values rather than conveniently saving them. You'd have to do something like scramble the value in memory so you can't use CE or similar to sniff out common values.

[Doc Flabby]

[Dr Brain]

And what's to stop a hacked version from keeping an official copy around to hash?