How to Encrypt

DEP is part of the OS, it defaults to on in 2003 Server, and off in XP... it isn't available on XP pre-SP2, and isn't supported by all CPUs in hardware, but can be implemented in software. Many KPT clients fail DEP testing anyway, especially the ones which use the KPTTrans section, as DEP requires that no section be declared Writeable, and Executable in the kernel, which is why a decent DEP implementation is good at stopping hacks.

Many linux kernels are built with DEP enforced. It is possible, theoretically, to build a Windows program which implements DEP in software, or hardware where available, regardless of the OS... but it would have to give way to the OS on systems above XP SP2 where DEP is handled via the kernel, and only kick in if the OS doesn't support DEP. The other option is to check the OS supports DEP, and disallow the program from running unless it is enabled.

In short, it's a heck of a lot of work, and it's implementation would be similar to anti-debug implementation.

I wouldn't like to recommend a firewall, as there are many many good options out there. However, I can tell you that running a firewall on your gateway, rather than on your server will interfere with your server executable less, and being able to control the firewall programatically from your server will help you stop hackers quicker than if you have to manually check logs and block IPs.

Running the firewall in a gateway often means in your router / switch box, though you can use a second server. Controlling it programatically often means accessing it via telnet / SSH / scripted web browser... catching hackers in the logs is the sort of thing that PT Protector does, but that disables user IDs, not IPs, so some adaptation would be required to do the job so thoroughly. I know DKs original idea was to re-write it as a proxy, then detected logs could be blocked in the proxy... DeleGate proxy supports a plug-in system for new protocols, so it may be possible to write an effective log alert IP block via that proxy.

Your description of CLSAFE_CODE is an example of it doing exactly what it is supposed to. It will disconnect anyone who connects with a client who's checksum does not match the one passed as it's parameter. The checksum of any client disconnected because it does not match is logged in the server logs. Take the code your OFFICIAL client uses (the one your good players have) and use that as the parameter for CLSAFE_CODE.

After that, any attempt to log in with a modified (or similar protocol compatible version correct) version of that client with cause a DC and server log entry.

Ty again for the information.

You told me what parameter to put in the CLSafe_Code , but what about the *DISCONNECT_CLSAFE_CODE, which parameter put in it ?
Also what's the defferent between *CLSafe_Code and *CONNECT_CLIENT_CODE ?
And may you explain me how to write an effective log alert IP block with DeleGate proxy ? or give me any guide ?

Ty,
Avi

This thread contains one of quantumfusions attempts to stop the remote server connection GM mode attack, ULTIMATEDEF. I have seen some crippled versions of this that he was trying to sell, and some versions that are old betas and have some vulnerabilities remaining.

I've managed to implement one form of this attack on my own server, and can partially block (catch) it... but UD does more, and I've not had time to research it's operations to understand just how it works.

I have no experience of writing a DeleGate plug-in, but suspect that DarkKnightH20's PTProtector could be re-written as one. You'd have to convert his VB source into a C / C++ program compiled against the API headers for DeleGate... I think it's quite well documented, but I've not looked in about 2 years when I used to use DeleGate a lot. I'm also sure that there will be many other possible solutions. Including writing a proxy in VB6 along with DKs' PT-Protector.

The CLSafe_Code thing I picked up from a guide hereabouts on protecting your server better than just by the version string... I'm hunting for that guide, since it seems not to have made it into the Tutorial section.

Quote:

---

Originally Posted by tnrh1

how you do that?"hack" GM-like skills into their client in memory how they do that more correctly i mean when u log with hotuk to another game you get dc..
if you know how they do that u will know how to stop it =]

---

You can do that... basically what you have to do is inject .dll files into the client containing the specific code you wish to use (in this case the gm commands) and it bypasses the checksums as you haven't actually modified the hotuk, etc so you don't get disconnected from the server. In original pristonale (ept by suba) there is someone I know who was an ex BloodPT admin and has the .dll in his client which allows him to have gm functions.

The most popular hack, isn't actually GM commands... they are just hacks, but many (flying, porting to any map, walking through walls etc.) look very much like GM skillz. ;)

You don't issue GM commands with it, the abilities are all mapped to hot-keys. In most incarnations.

It is available as a source code project, and hackers adapt the source to match specific clients. Therefore, they can also adapt the interface (hot-keys, pop-up dialogues or what ever) to meet their own desires.

XTrap blocks many implementations of it, killing the game.exe task from the task list as soon as they are spotted, but a cleaver hacker can disable XTrap just prior to injection, and provided the game has already passed it's checksum authentication, it will carry on running.

Basically, it's harder to make this "hack" work if the client uses XTrap, but it's still only "skript kiddie" proofing.