Mirage Source

Introduction
This is very basic, what it will do is upon login. It will send a code with that packet checking if that code is the same on the client as on the server. The code can be as long as you wish it to be.

Do not use the same security code as on this example.

Client Side
Find:

Then add this part to it:

So it eventually look like this:


Server Side
Inside:

Just below:

Add:

Yes I know it's very basic. But it's always something.

_________________

Still, people can just sniff it in plain text and see that a little bit has been added at the end and then add it to a blank ms.

_________________

As I said, it will give a little bit security And by adding the XOR Encryption a little bit more security is added on top of that.

_________________

I'd let the server send a string to client, instead of the other way around. It's harder to edit incoming than outcoming packets, I think.

Might be, I dont have any knowledge when it comes to snipping up packets. Why not have it both ways then. With different codes. So if the client code is correct, like this example. It send one back again Kinda useless actually since if the first check is correct, the client is correct.. but still.

_________________

Erm, no it's not

_________________

Joost, didnt write that.. I did, and whats the meaning on making it check first if the client is correct for the server. And after that check if the server is correct for the client =/

_________________

No, we check if the client is right for the server, then check if the client is right for the server, but using a server packet instead

Also, that quote messed up and I don't know why o.o

_________________

Thanks you, it's work perfectly

Of course it works

_________________

sorry for the 6-month bump, but I have some pretty good ideas for improvement:

if you used a code generator such as:
((version * subversion / revision) * day * week / month) / variable
(random * / + etc)
variable is sent by the server on attempt at login, the server stores the outcome it should receive back, and if the number from the client is different then it kicks them


obviously use a different combination for each version and revision of your game so the script kiddies really have to work to get their number, and since the variable is random from the server it just gives them more problems... if you make it take more than 1 minute's work then they'll get bored and move on normally


what you think? obviously I haven't put the code in here 'cos it's only a theory I have at the moment

of course there's a slight flaw, with the date possibly being different in different places, but you can see where i'm coming from, maybe just the full version number should be used?

_________________
Fallen Phoenix Online:
An online game world based on the Harry Potter books
www.fallenphoenix.org

Or you could just add XOR Encryption or another simple encryption to the actual key.

_________________