Geri, your posts on this forum have been fantastic reads for me. I have some private comments I'd like to share with you but the forums will not allow me to PM yet.
If you understand browsing posts at pastebin, you can find what my PM contents should have been at paste rJqkdpxS. I'd love to hear from you, thanks.
Joined: 09 May 2003 Posts: 25288 Location: The netherlands
Posted: Mon May 16, 2011 4:16 pm Post subject:
Don't mind me, just bursting into the conversation but I just had to say this: (again and again)
Adding security after the design phase, and even worse, after the implementation is the worst kind of development order game developers can use, especially when it's online
Anyhow, first thing would be: Make sure your client doesn't have direct access to the database where it has write access to all tables and issues database commands (e.g issuing select passwordasplaintext from users where username='$username' and then compare the password to be the same as inputed is not such a good idea, and yes, I have seen some online applications do this)
Also, you can also ask me specific questions, and pm'ing me is available for everyone (Tip: Don't waste time detecting Cheat Engine itself, spend more time on the changes cheat engine makes instead. CE is opensource and there are quite a lot of ce versions out that you never even heard off, including a CE version that runs outside of the system) _________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping
Don't worry, all of the database stuff is written by the server. The client can send things such as "I won the match", but the server is what says "Okay, add 100xp for match win to the database", the client can't modify those instructions or the amount of XP / gold gain. The server uses a unique token for each game so the client can send cloned encrypted packets over and over to rack up game wins, HOWEVER you can modify the client to think you've won and it will generate the encrypted "I win" packet and send it for you. This is a problem right now
Luckily we've implemented logging so we can write a script to detect when wins are happening in too quick of succession.
There are several other vulnerabilities as well, but the most dangerous ones are those that allow a player to force a defeat against another player (by setting the opponents HP to 0). I already pointed this out to the developer and he implemented some variable obfuscation and address shifting to counter it. I haven't been successful in recreating the hack yet, but I have gotten uncomfortably close (I can lock the encrypted variables for instance and keep the HP from going down), so I feel someone better experienced could still do this hack.
I agree there is no point wasting time in detecting CE, but rather forcing stricter server checks on the client responses, such as checking the other clients HP variables before assuming the hacked clients response of 0 is correct.
So this is why I'm reaching out to Geri to help me prove the insecurity of the client (so the developer will listen and implement the server checks I'm suggesting), but also primarily for me to improve my debugging knowledge and to make contacts who can help me as I continue to learn reverse engineering. Thank you for taking an interest in my problem.
Don't mind me, just bursting into the conversation but I just had to say this: (again and again)
Adding security after the design phase, and even worse, after the implementation is the worst kind of development order game developers can use, especially when it's online
Anyhow, first thing would be: Make sure your client doesn't have direct access to the database where it has write access to all tables and issues database commands (e.g issuing select passwordasplaintext from users where username='$username' and then compare the password to be the same as inputed is not such a good idea, and yes, I have seen some online applications do this)
Also, you can also ask me specific questions, and pm'ing me is available for everyone (Tip: Don't waste time detecting Cheat Engine itself, spend more time on the changes cheat engine makes instead. CE is opensource and there are quite a lot of ce versions out that you never even heard off, including a CE version that runs outside of the system)
Did any companies eventually try to sue you for the design of cheat engine and how it enables certain players to have an advantage over other, on a game that can be payed for? _________________
Some Retarded Muslim who crys ad hominem every chance he can get wrote:
btw, since im a leech i have to get a job, arent u a 4x leech by having 4?
//A script to disable Xlive's memory check protection
//Made by Geri with Cheat Engine 6.0
//18th May, 2011
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
label(xlivekiller)
registersymbol(xlivekiller)
aobscan(aobxlive,74 14 FF 75 14 8B CE FF 75 10 53 E8)
aobxlive:
xlivekiller:
db EB 14
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
xlivekiller:
db 74 14
unregistersymbol(xlivekiller)
Code:
//A script to disable Xlive's memory check protection
//Made by Geri with Cheat Engine 6.0
//18th May, 2011
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
label(xlivekiller)
registersymbol(xlivekiller)
aobscan(aobxlive,74 14 FF 75 14 8B CE FF 75 10 53 E8 * * * * 8B F8 85 FF)
aobxlive:
xlivekiller:
db EB 14
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
xlivekiller:
db 74 14
unregistersymbol(xlivekiller)
4. If the aobscan would not work anymore, here is the code that you need to scan for:
If you are totally stuck and you have no idea what to do, here is a radical but working way to use the debugger with games that are using Xlive. Basically the method is killing Xlive so all of it's features will be disabled. Of course it is not the right way to handle the situation but I don't want to bother with an Xlive anti-debug bypass as I don't need it at all at the moment.
This patch is always fine! But, after I installed this windows update "Windows6.1-KB2670838-x64", the game crashed at 'd3d11.dll'. I mean, is there sth. check in this new d3d11.dll? Microsoft! _________________
All times are GMT - 6 Hours Goto page Previous1, 2, 3Next
Page 2 of 3
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum