As I said, it will give a little bit security
And by adding the XOR Encryption a little bit more security is added on top of that.
| Mirage Source http://www.miragesource.net/forums/ |
|
| Correct Client for Server http://www.miragesource.net/forums/viewtopic.php?f=210&t=1480 |
Page 1 of 1 |
| Author: | William [ Fri Mar 09, 2007 3:57 pm ] |
| Post subject: | Correct Client for Server |
Introduction This is very basic, what it will do is upon login. It will send a code with that packet checking if that code is the same on the client as on the server. The code can be as long as you wish it to be. Do not use the same security code as on this example. Client Side Find: Code: Sub SendLogin(ByVal Name As String, ByVal Password As String) Dim Packet As String Packet = "login" & SEP_CHAR & Trim(Name) & SEP_CHAR & Trim(Password) & SEP_CHAR & App.Major & SEP_CHAR & App.Minor & SEP_CHAR & App.Revision & SEP_CHAR & END_CHAR Call SendData(Packet) End Sub Then add this part to it: Code: & SEP_CHAR & "code35FO36F" So it eventually look like this: Code: Sub SendLogin(ByVal Name As String, ByVal Password As String) Dim Packet As String Packet = "login" & SEP_CHAR & Trim(Name) & SEP_CHAR & Trim(Password) & SEP_CHAR & App.Major & SEP_CHAR & App.Minor & SEP_CHAR & App.Revision & SEP_CHAR & "code35FO36F" & SEP_CHAR & END_CHAR Call SendData(Packet) End Sub Server Side Inside: Code: ' :::::::::::::::::: ' :: Login packet :: ' :::::::::::::::::: If LCase(Parse(0)) = "login" Then Just below: Code: If IsMultiAccounts(Name) Then Call AlertMsg(Index, "Multiple account logins is not authorized.") Exit Sub End If Add: Code: If Trim$(Parse$(6)) <> "code35FO36F" Then
Call AlertMsg(Index, "Your client do not match the servers security code.") Exit Sub End If Yes I know it's very basic. But it's always something. |
|
| Author: | Robin [ Fri Mar 09, 2007 5:27 pm ] |
| Post subject: | |
Still, people can just sniff it in plain text and see that a little bit has been added at the end and then add it to a blank ms. |
|
| Author: | William [ Fri Mar 09, 2007 5:38 pm ] |
| Post subject: | |
As I said, it will give a little bit security And by adding the XOR Encryption a little bit more security is added on top of that.
|
|
| Author: | Joost [ Fri Mar 09, 2007 7:47 pm ] |
| Post subject: | |
I'd let the server send a string to client, instead of the other way around. It's harder to edit incoming than outcoming packets, I think. |
|
| Author: | William [ Fri Mar 09, 2007 7:51 pm ] |
| Post subject: | |
Joost wrote: I'd let the server send a string to client, instead of the other way around. It's harder to edit incoming than outcoming packets, I think.
Might be, I dont have any knowledge when it comes to snipping up packets. Why not have it both ways then. With different codes. So if the client code is correct, like this example. It send one back again Kinda useless actually since if the first check is correct, the client is correct.. but still.
|
|
| Author: | Robin [ Sat Mar 10, 2007 12:19 pm ] |
| Post subject: | |
William wrote: Kinda useless actually since if the first check is correct, the client is correct.. but still.
Erm, no it's not 
|
|
| Author: | William [ Sat Mar 10, 2007 2:17 pm ] |
| Post subject: | |
Joost, didnt write that.. I did, and whats the meaning on making it check first if the client is correct for the server. And after that check if the server is correct for the client =/ |
|
| Author: | Robin [ Sat Mar 10, 2007 2:52 pm ] |
| Post subject: | |
No, we check if the client is right for the server, then check if the client is right for the server, but using a server packet instead
Also, that quote messed up and I don't know why o.o |
|
| Author: | El_Dindonnier [ Fri Jun 13, 2008 12:48 pm ] |
| Post subject: | Re: Correct Client for Server |
Thanks you, it's work perfectly 
|
|
| Author: | William [ Sat Jun 14, 2008 2:06 pm ] |
| Post subject: | Re: Correct Client for Server |
Of course it works
|
|
| Author: | Tosuxo [ Fri Nov 14, 2008 12:57 am ] |
| Post subject: | Re: Correct Client for Server |
sorry for the 6-month bump, but I have some pretty good ideas for improvement: if you used a code generator such as: ((version * subversion / revision) * day * week / month) / variable (random * / + etc) variable is sent by the server on attempt at login, the server stores the outcome it should receive back, and if the number from the client is different then it kicks them obviously use a different combination for each version and revision of your game so the script kiddies really have to work to get their number, and since the variable is random from the server it just gives them more problems... if you make it take more than 1 minute's work then they'll get bored and move on normally what you think? obviously I haven't put the code in here 'cos it's only a theory I have at the moment of course there's a slight flaw, with the date possibly being different in different places, but you can see where i'm coming from, maybe just the full version number should be used? |
|
| Author: | William [ Fri Nov 14, 2008 12:56 pm ] |
| Post subject: | Re: Correct Client for Server |
Or you could just add XOR Encryption or another simple encryption to the actual key. |
|
| Page 1 of 1 | All times are UTC |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|