Anti-hack methods

[hellang3l]

Hey guys,
I'm developing an anti-hack for my server, current features :

• Packet encryption.
• Dexterity check : any "big" change of dexterity value on client is is known as an hack attempt => report, close client.
• Hack program title and .exe dictionary check.

The question is : can they still cheat on my server ? Does packet hack still work ?

 

[Bakuya]

speed check is stupid because it will read lag as hack so you'll get dc...

 

[commandcom]

idiots will bever die... they find a way to hack/piss you off anyway

 

[wolfulus]

idiots will bever die... they find a way to hack/piss you off anyway

that's true. :glare:

 

[Stifi]

Ok, buy or make some anticheat, post the client without /data folder and watch how d-magic rlz d-wrld
if you think ,you or someone els` can stops ppls like me u are in big fantazy , c'mo .. back on Earth!
for some ppl d-crckg` is more important than the game!
Have fun and be happy
Cheers! tt1:

 

[hellang3l]

Here u go

You must be registered to see links

Just tell me how u pass through my anti-hack

 

[laudaicat]

1. Packet encryption. >> Easy to bypass
2. Dexterity check : any "big" change of dexterity value on client is is known as an hack attempt => report, close client. >> hacker can lock speed value without change Dexterity and more !
3. Hack program title and .exe dictionary check. >> Hide Process, Change Title ?

 

[sachav]

About that dexterity check. I found a similar way that seems pretty effective to prevent speed hacking (and I'm currently using it in my server).

The idea is to make some sort of "buffer" that blocks packets after it gets filled. And that buffer gets cleared every second.

I have observed that the number of packets received and treated by the GS per second never gets past ~35 (that value would need to be adjusted if you're using 65K max stats -- just use a sniffer or output the number of packets that were received a second, and see what value you never reach, while it not being too far away from the max you got to, or it would be useless).
That is also a good way to make the gameplay independant from your ping, as we all know laggers hit huge damage, and people that are very close to the server can pot fast as hell.

This is what I've implemented :

int CheckPRate(int aIndex)
{
	SYSTEMTIME cTime;
	GetSystemTime(&cTime);
	SPEEDHACKSTRUCT * sh = &(SpeedHack[aIndex - MIN_PLAYERID]);
	sh->aIndex = aIndex;
        /* buffer filled, return 0 */
	if(sh->timeRecv == cTime.wSecond && sh->packets >= 35)
	{
		return 0;
	}
	sh->packets++;
        /* second passed, clear buffer */
	if(sh->timeRecv != cTime.wSecond) {
		sh->packets = 0;
	}
	sh->timeRecv = cTime.wSecond;
	return 1;
}

Where SpeedHack is a global variable:

SPEEDHACKSTRUCT SpeedHack[MAX_PLAYERID - MIN_PLAYERID];

And where SPEEDHACKSTRUCT is a struct:

typedef struct SPEEDHACKSTRUCT {
	int aIndex;
	long int packets;
	WORD timeRecv;
};

The function is then implemented in the very beginning of ProtocolCore the following way:

if(!CheckPRate(aIndex)) return true;

This way, if CheckPRate returns 0, then the buffer is filled, and ProtocolCore exits without handling the packet. As you can see

You must be registered to see links

the SH has almost no effect after the function is implemented.

 

[hellang3l]

Correct me if i wrong ...

We need anti-hack cuz the gameserver is bugged ... fix the gameserver will solve every problem, but we choose the client-side anti-hack because it's much more easier.

The clientside antihack can be bypassed easily if you know how it work, so our job is make it harder. I can bypass myself antihack and a few antihack by write another program, patch some offset in the game memory, kill some thread (by using process explorer)

Most gameserver have attack speed bugged. Again, correct me about the attack speed fomular :
- Base attack speed is one hit per second.
- The attack speed displayed in the game is the increased attack speed - by percent.
- Ex : with 1000 attack speed, you can deal 10 attack per second.
- Each skill have their own delay time, i don't know how to calculate this.

One more thing, about the dupe bug, does titanstech server 1.07.35 and later have dupe bug ?

 

[kristians521]

This as well can give some security...

DWORD g_dwLoadLibraryAJMP;

DWORD WINAPI JMPHookAdr( DWORD AddressToPerformJump, DWORD AddressOfMyFunction, DWORD LenghOfTheAreaToPerformTheJump	)
{
	if( LenghOfTheAreaToPerformTheJump < 5 )
		return 0;

	DWORD RelativeJump, 
		  NextInstructionAddress,
		  Flag;

	if ( ! VirtualProtect((LPVOID)AddressToPerformJump, LenghOfTheAreaToPerformTheJump, PAGE_EXECUTE_READWRITE, &Flag) )
		return 0;

	NextInstructionAddress = AddressToPerformJump + LenghOfTheAreaToPerformTheJump;

	*(BYTE*)AddressToPerformJump = 0xE9;

	for( DWORD i = 5; i < LenghOfTheAreaToPerformTheJump; i++)
		*(BYTE*)(AddressToPerformJump+i) = 0x90;

	RelativeJump = AddressOfMyFunction - AddressToPerformJump - 0x5;

	*(DWORD*)(AddressToPerformJump + 0x1) = RelativeJump;

	VirtualProtect((LPVOID)AddressToPerformJump, LenghOfTheAreaToPerformTheJump, Flag, &Flag);

	return NextInstructionAddress; 
}

HMODULE WINAPI hLoadLibraryA( LPCSTR lpLibFileName )
{	
	__asm
	{
		mov eax, dword ptr ss:[esp + 0x18]
		cmp dword ptr ds:[eax-0x12], 0x8B55FF8B
		je erro
	}
	

	if( lpLibFileName )
	{
		if( !strcmp( lpLibFileName, "twain_32.dll" ) )
			__asm jmp g_dwLoadLibraryAJMP
	}			

	return LoadLibraryExA( lpLibFileName, 0, 0 );


	ExitProcess( 0 );

	return 0;
}

void DisableLoadLibraryA()
{
	g_dwLoadLibraryAJMP = (DWORD)GetModuleHandle( "kernel32" ) + 0x6E2A1;

	JMPHookAdr( (DWORD)LoadLibraryA, (DWORD)&hLoadLibraryA, 57 );
}

 

[hellang3l]

Finally i figured out attack speed formula on SS6 1.07v+ client tt:

- Each skill have it's own base APM - attacks per minute which is the attack animation in Player.bmd : Ex : Twisting slash (40), evil spirits (49)

- The attack speed displayed on client side is the increased APM by percent. Ex : attack speed 100 mean u have 100% increased attack speed.

My anti hack now have better speed check (server side)

TestAPM = APM / 4
if ( (AttackCount in 15 sec) > TestAPM ) then DoHackReport();

Can anyone plz tell me the random item packet for ss6

 

[Nissin]

How it works?

---------- Post added at 02:21 PM ---------- Previous post was at 02:19 PM ----------

Will you teach how to do that?