[Tutorial] Implement an addictional server protection

Results 1 to 4 of 4
  1. #1
    struct { int:-!!(1); } Aesir is offline
    SubscriberRank
    May 2015 Join Date
    MadnessLocation
    270Posts

    config [Tutorial] Implement an addictional server protection

    It's so funny to see how servers go down for this specific problem, sometimes it's really hilarious, but after some massive PM spam on FB (ty dudes, i hate all of you), where people does not reach the level of "sir solve dat!!!!" , i decided to share this with you.

    What i will show you today is how to add an addictional protection to your server from the unencrypted packets.
    This will allow you to protect yourself from server crashes from those kind of attacks.
    So, you will require "your" source code and a bit of brain to understand how we will fix that.
    I will be clear, im not going to share the fixed code because this is a gift to all the people that really want to learn and work at a project. People that are lazy wont get anything from me.

    We have 2 ways to fix this security issue, one of them is to edit the RecvPacket class. This one handles all the received packets and is shared between all AO projects, including server, client and tools.

    MasangSoft, for some reasons unknown to me, decided to handle aswell the unencrypted packet, this allows everybody who knows atleast how build an header to send an invalid content which lead in a crash bypassing the XOR_ENCODE_BYTES macro. Therefor a change of the XOR Key doesnt provide a solution to this problem.


    In the following selection:

    Code:
    if (m_DecodingInfo.bIsPacketEncoded)
    in the AddTail method, you can see that the packet can be handled aswell even if its not encoded, continuing the reading.
    This is, atleast for me, a big security issue and, for start, you can just return a negative value in the function for terminate the reading or just set the packet invalid through the bool defined in the class.

    Another method to fix this is just to disallow the packet handling from the dispatch method in the WinSocket for receiving the packet directly from the WSA class.

    Here you can disable the unencrypted packets, in EP4 servers you have aswell a Masang log for detecting where the selection is.

    If you have a doubt, you can send me a PM here at RZ, but i won't help anybody who just wants to get the code for this problem or to get a working source code.

    Hope that this will be helpful for all who want to get up a server by their own work. Dont expect me to solve your problems if you are struggling with the code itself or other problems. I dont have that much freetime to spend and i dont want to spend it with helping all random leechers here.


    Aesir


  2. #2
    Member xxradicaldxx is offline
    MemberRank
    Sep 2014 Join Date
    27Posts

    Re: [Tutorial] Implement an addictional server protection


    something that may be useful. until now






    - - - Updated - - -

    good security but it's not all to be able to protect the entire game


  3. #3
    Hardcore Member 4TheEnjoy is offline
    MemberRank
    Feb 2016 Join Date
    105Posts

    Re: [Tutorial] Implement an addictional server protection

    a lot of trouble with here, somethings
    checktoolip
    socketlists
    returning actions
    filter standard, or when filter must use.
    Last edited by Future; 19-04-18 at 08:47 PM. Reason: Would appreciate if we could not fight wars between posts

  4. #4
    Member xxradicaldxx is offline
    MemberRank
    Sep 2014 Join Date
    27Posts

    Re: [Tutorial] Implement an addictional server protection

    the source is full of problems

    but you always have to give ideas on how to solve it.







Advertisement