Mirage Source

REGISTRY BANNING SYSTEM
Ok, since I saw Nemisis's idea for HD Serial banning, and i wanted to work with the Registry for MS, I began to create a Registry Key-Based Banning System.
Here is how it works:

First Time Run on that Computer:
Client.exe is run.
Client initializes TCP.
Client Reads a certain Keypath and then if it does exist it asks the server for a key
Server Recieves Request
Server Generates a Key
Server Checks in the DB to see if this Key is in use by another person
If not in use it sends the key to the client
The client then writes the key to the key path
Person goes in game

After First Time Run:
Client.exe is Run.
Client initializes TCP.
Client reads key.
Client sends key to server.
Server checks if the key is banned.
If banned the client shuts down
If not banned the client proceeds in-game

With this way of banning, the person must FIND and DELETE the key (note there is a backup if they manage to find it), they cannot mask their ip, make a new account or anything. They are 100% banned unless they reformat their computer or go on another Windows Installation or find the key and all its copies.

EVERYONE MUST CHANGE THE KEYPATH (this will be defined in modConstants) TO A DIFFERENT KEY PATH OR THIS WILL CAUSE PROBLEMS BETWEEN GAMES

Hopefully when i get the system done and 100% working then i will figure out a way to negate the between game problem as i might just have part of the path be the game name or server ip

Hopefully, because i dont think this has been done on ANY other game before, that this will force even experienced hackers to think a lot to break through. Also if Nemisis gets a working HD Serial ban then i will intergrate that in as well to make it even harder for hackers (no matter how you ban there is always a loophole)

after i get everything working so it also wont collide between games, i will convert it to MySQL-less MS4

_________________
:d

I think having a Hardware ban would probably be better, but this is a nice idea but the only downflaw is that if you intercept the packet then you wont get banned. But with hardware bans it would be much better due to the fact that it would be harder to get yourself unbanned but probably would be more effective, but they probably could still scan for the packet thats being sent, So all in all most bans can be packet intercepted >.>. But i say the safest option would be hardware bans instead of Keys, and also with the keys it would slow the client and server down due to the fact of sending alot of packets for just 1 key, and yet the hardware ban would be just a packet which would ban there hardware for a certain amount of time and also save alot of stress on the server compared to the Key ban. That is my few amount of points. I may be wrong but thats what i think.

Hardware Ban over Key ban =)

_________________

the ban has backups. a hacker can intercept the packet but it wont matter. the server will have a keyban and ip ban together. When a player starts the client for the first time, it registers an IP and a Key, so if a player bypasses an IP ban the Key still bans them, and if they bypasss the key ban the IP bans them. if they manage to intercept the packet and mask their ip, they still have the problem of the server wont auth you for login and/or registration without the packet. if they CHANGE the packet, it will still keep them out, because the client then has to receive an auth packet from the server or it still wont load. i dont see how they could mimic the server's packet, do you? either way youll still have account bans, and i am also adding email bans so if they register with the same email again, it wont work, and i doubt anyone would try to hack one of our games and repeat the same steps EVERY SINGLE TIME (put emphasis, i would be plain annoying) if they could ACTUALLY bypass all the bans. I am STILL going to add the HDS ban to add extra precaution.

_________________
:d

Ok, I like the idea tell me when its completed i want to try this =)

_________________

mmk. im testing it right now (ive been busy, programming monopoly for class extra credit is spanish ii and a HUGE Pre-AP World G project which leads up to next years AP World History Project) hopefully i have it done and working.

_________________
:d

obscurity is not security

_________________

Why not try my app, ColorEye, on your Android devlce?
Do you like social gaming? Fight it out in Battle Juice!

I am a professional software developer in Salt Lake City, UT.

Couldn't you catch the packet being sent from the client to have a clean key?

This isn't much better than an ip ban because the key is easily manipulated... ip's are harder to change than registry keys. Really all you have to do to beat it is clear out the key, & the backup and use a proxy.


Exactly.

What you could do, is randomly generate a specific key to each account and make it save it to the account and the registry key, that way, if they clear it out, the server will check for that key and it won't be there, so it will reban them.

There are ways to make this work properly.

Banning never works on smart people. Add a level 10 limit to global talking, and get some mods. If I use VMWare(virtual windows) + a proper proxy, g/l banning me.