Server Help Forum Index Server Help
Community forums for Subgame, ASSS, and bots
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   StatisticsStatistics   RegisterRegister 
 ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin (SSL) 

Server Help | ASSS Wiki (0) | Shanky.com
Open source client-server security

 
Post new topic   Reply to topic Printable version
 View previous topic  something wierd in c++ Post :: Post What is DWORD?  View next topic  
Author Message
k0zy
Server Help Squatter


Gender:Gender:Male
Joined: Jan 11 2003
Posts: 571
Location: Germany
Offline

PostPosted: Sat Aug 09, 2008 5:02 am    Post subject: Open source client-server security Reply to topic Reply with quote

Okay, I know this has been discussed a million times here now without any outcome.

Anyways, I'm coding a game that can be played over the internet.
The game will go open-source once it's playable.

If the server and the client are entirely open-source, how do I keep modified clients from connecting?

I thought about asymmetric encryption, would that solve the problem?
(I don't plan to protect it against a man-in-the-middle-attack)

If asymmetric encryption is the solution, how would I best hide the private key of the client in the binary distribution?

For those interested, I already have the boiler-plate code done.
I'm using SDL, Box2D for physics (that already works, it's fun ^^) and ENet for networking stuff.
_________________
It's a shark! Oh my god! Unbelievable!
Back to top
View users profile Send private message Add User to Ignore List
Doc Flabby
Server Help Squatter


Joined: Feb 26 2006
Posts: 636
Offline

PostPosted: Sat Aug 09, 2008 7:06 am    Post subject: Reply to topic Reply with quote

There isnt really any solution. Apart from to run the simulation entirely on the server and have dumb clients, but that tends to suck for lag.

All you can do it make it difficult. Closed source games have the same problem, and tend to get hacked just as easily...

On solution that works pretty well is in TASpring http://spring.clan-sy.com/ (a RTS based on Total Annhilation) it runs the simulation on all the clients which means if one client deviates from allowed behaviour the other client will be able to detect it...

Another solution is to use a closed source part of the game for internet games. This will probably get hacked and have to be continually updated as hackers get smarter (much like continuum)

You could use asymmetric encryption to verify the integrity of the EXE, the server could request a hash of the exe from client, and this could be transmitted using encryption, which means it would be undetectable over the wire. It wouldn't stop the code being changed however to give the correct answer which is why you would still need the closed source module.

Really your best hope is to have a good set of banning tools for the server and allow players to vote off people who are cheating.
_________________
Rediscover online gaming. Get Subspace | STF The future...prehaps
Back to top
View users profile Send private message Add User to Ignore List
k0zy
Server Help Squatter


Gender:Gender:Male
Joined: Jan 11 2003
Posts: 571
Location: Germany
Offline

PostPosted: Sat Aug 09, 2008 8:23 am    Post subject: Reply to topic Reply with quote

Yah, the closed-source module is definitely an option.

How did Cont for example hide it's encryption key in the binary?

If I chose a diffrent key for the encryption in a official binary distribution, change it between versions and hide it someway. It would be fine, wouldn't it?

Modified clients wouldn't know the key and couldn't connect...

I plan having banning and kicking available in the game. icon_smile.gif
Back to top
View users profile Send private message Add User to Ignore List
grazzhoppa
Novice


Joined: Jan 03 2007
Posts: 29
Offline

PostPosted: Sat Aug 09, 2008 6:59 pm    Post subject: Reply to topic Reply with quote

When the online game Quake went open source, the lead programmer proposed the same thing you've come up with: a closed source module that does all the communication between client and server with an encrypted protocol. This was almost 9 years ago:
http://www.bluesnews.com/cgi-bin/finger.pl?id=1&time=19991226003141
Back to top
View users profile Send private message Add User to Ignore List
Bak
?ls -s
0 in


Age:24
Gender:Gender:Male
Joined: Jun 11 2004
Posts: 1826
Location: USA
Offline

PostPosted: Sun Aug 10, 2008 5:16 pm    Post subject: Reply to topic Reply with quote

just have the server double check all client actions
_________________
SubSpace Discretion: A Third Generation SubSpace Client
Back to top
View users profile Send private message Add User to Ignore List AIM Address
k0zy
Server Help Squatter


Gender:Gender:Male
Joined: Jan 11 2003
Posts: 571
Location: Germany
Offline

PostPosted: Mon Aug 11, 2008 4:27 am    Post subject: Reply to topic Reply with quote

If I settle for the closed source security module:

How do I keep modified clients from simply linking/using it? I don't get it...
Back to top
View users profile Send private message Add User to Ignore List
doc-flabby-no-logged-in
Guest


Offline

PostPosted: Mon Aug 11, 2008 5:22 am    Post subject: Reply to topic Reply with quote

Bob Dole.. Bob Dole... Bob Dole...... bob dole.... bob... dole.... wrote:
If I settle for the closed source security module:

How do I keep modified clients from simply linking/using it? I don't get it...

You have a piece of code in the loader of the module (that has to be run before module can be used that checks the exe is the unmodified one. The module can either refuse to run, or more usefully silently report the user to the server. By not providing immeidate feedback its less clear how there hack is being detected icon_smile.gif
Back to top
k0zy
Server Help Squatter


Gender:Gender:Male
Joined: Jan 11 2003
Posts: 571
Location: Germany
Offline

PostPosted: Mon Aug 11, 2008 6:25 am    Post subject: Reply to topic Reply with quote

Thanks!
I'll go for the closed-source security module. icon_biggrin.gif
Back to top
View users profile Send private message Add User to Ignore List
Display posts from previous:   
Post new topic   Reply to topic    Server Help Forum Index -> Non-Subspace Related Coding All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum
View online users | View Statistics | View Ignored List


Software by php BB © php BB Group
Server Load: 686 page(s) served in previous 5 minutes.

phpBB Created this page in 0.415578 seconds : 34 queries executed (92.0%): GZIP compression disabled