Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

[Tutorial] Implement an addictional server protection

Experienced Elementalist
Joined
May 10, 2015
Messages
278
Reaction score
146
It's so funny to see how servers go down for this specific problem, sometimes it's really hilarious, but after some massive PM spam on FB (ty dudes, i hate all of you), where people does not reach the level of "sir solve dat!!!!" , i decided to share this with you.

What i will show you today is how to add an addictional protection to your server from the unencrypted packets.
This will allow you to protect yourself from server crashes from those kind of attacks.
So, you will require "your" source code and a bit of brain to understand how we will fix that.
I will be clear, im not going to share the fixed code because this is a gift to all the people that really want to learn and work at a project. People that are lazy wont get anything from me.

We have 2 ways to fix this security issue, one of them is to edit the RecvPacket class. This one handles all the received packets and is shared between all AO projects, including server, client and tools.

MasangSoft, for some reasons unknown to me, decided to handle aswell the unencrypted packet, this allows everybody who knows atleast how build an header to send an invalid content which lead in a crash bypassing the XOR_ENCODE_BYTES macro. Therefor a change of the XOR Key doesnt provide a solution to this problem.


In the following selection:

Code:
if (m_DecodingInfo.bIsPacketEncoded)

in the AddTail method, you can see that the packet can be handled aswell even if its not encoded, continuing the reading.
This is, atleast for me, a big security issue and, for start, you can just return a negative value in the function for terminate the reading or just set the packet invalid through the bool defined in the class.

Another method to fix this is just to disallow the packet handling from the dispatch method in the WinSocket for receiving the packet directly from the WSA class.

Here you can disable the unencrypted packets, in EP4 servers you have aswell a Masang log for detecting where the selection is.

If you have a doubt, you can send me a PM here at RZ, but i won't help anybody who just wants to get the code for this problem or to get a working source code.

Hope that this will be helpful for all who want to get up a server by their own work. Dont expect me to solve your problems if you are struggling with the code itself or other problems. I dont have that much freetime to spend and i dont want to spend it with helping all random leechers here.


Aesir
 
Junior Spellweaver
Joined
Sep 12, 2014
Messages
119
Reaction score
34
Aesir - [Tutorial] Implement an addictional server protection - RaGEZONE Forums
Aesir - [Tutorial] Implement an addictional server protection - RaGEZONE Forums
Aesir - [Tutorial] Implement an addictional server protection - RaGEZONE Forums

something that may be useful. until now




Aesir - [Tutorial] Implement an addictional server protection - RaGEZONE Forums




good security but it's not all to be able to protect the entire game

 
Junior Spellweaver
Joined
Feb 7, 2016
Messages
109
Reaction score
6
a lot of trouble with here, somethings
checktoolip
socketlists
returning actions
filter standard, or when filter must use.
 
Last edited by a moderator:
Junior Spellweaver
Joined
Sep 12, 2014
Messages
119
Reaction score
34
the source is full of problems

but you always have to give ideas on how to solve it.




 
Junior Spellweaver
Joined
Sep 12, 2014
Messages
119
Reaction score
34
Captura.PNG - [Tutorial] Implement an addictional server protection - RaGEZONE Forums i think now tutorial are done
 

Attachments

You must be registered for see attachments list
Back
Top