Experienced Elementalist
- Joined
- Feb 5, 2014
- Messages
- 244
- Reaction score
- 39
Looking for your thoughts on an antihack scheme I have in mind.
Has a few client-side components as well as server side packet forwarder, monitor & authorization processes.
Launcher starts an initiator which contacts a server registration process. Registration process will register (authorize the client's IP address).
Registration process responds with an encrypted list of hacking and packet sniffer programs that the client side monitor uses.
The initiator kicks off the monitor that uses the received memory hacker/sniffer signatures. Monitor polls the the task list for any of these to show up. Meanwhile a subtask is started to respond to gateway heartbeat messages.
Once everything is in place and running, the game client is launched and client connects to the server at a custom port. That port is to a gateway function rather than the 'real' game server process.
The gateway examines the source IP of each packet and matches it to the authorized IP list. If matches the packet is forwarded to the real server's port. If not, the client connection is terminated. The other side of the gateway is the heartbeat function that connects to the client monitor on each registered client. Any that IP fails to connect are removed from the authorized table (effectively blocking that client). The packet check/forwarding requires very little overhead that can be done within a few milliseconds. Likewise responses returning to the clietn from the server can be forwarded on through without even that check since we already know the client is authorized.
The idea is that the server ends up with a simple packet forwarding firewall based on arrival of authorized packets. The authorization is driven by the continued health of the client-side components.
The idea behind all this is that most game hacking required the use of a packet sniffer and/or a process memory editor. If we block the use of these (much the same idea ad behind gameguard), we reduce the tools available to game hackers. It won't stop them all and those that have modified clients to circumvent game restrictions can still get around this (until I put in things like client authenticity verifications), but It seems somewhat better than a lot of the solutions I have seen so far. As well the blacklist of tools can be updated on the server side at any time, without shutting down or restarting and be immediately available for use on the next client to register. The list is not stored on disk at the client in either encrypted or clear format.
Oh, and the client components will be protected from casual decompiling
What do you guys think? Suggestions/critique welcome.
Has a few client-side components as well as server side packet forwarder, monitor & authorization processes.
Launcher starts an initiator which contacts a server registration process. Registration process will register (authorize the client's IP address).
Registration process responds with an encrypted list of hacking and packet sniffer programs that the client side monitor uses.
The initiator kicks off the monitor that uses the received memory hacker/sniffer signatures. Monitor polls the the task list for any of these to show up. Meanwhile a subtask is started to respond to gateway heartbeat messages.
Once everything is in place and running, the game client is launched and client connects to the server at a custom port. That port is to a gateway function rather than the 'real' game server process.
The gateway examines the source IP of each packet and matches it to the authorized IP list. If matches the packet is forwarded to the real server's port. If not, the client connection is terminated. The other side of the gateway is the heartbeat function that connects to the client monitor on each registered client. Any that IP fails to connect are removed from the authorized table (effectively blocking that client). The packet check/forwarding requires very little overhead that can be done within a few milliseconds. Likewise responses returning to the clietn from the server can be forwarded on through without even that check since we already know the client is authorized.
The idea is that the server ends up with a simple packet forwarding firewall based on arrival of authorized packets. The authorization is driven by the continued health of the client-side components.
The idea behind all this is that most game hacking required the use of a packet sniffer and/or a process memory editor. If we block the use of these (much the same idea ad behind gameguard), we reduce the tools available to game hackers. It won't stop them all and those that have modified clients to circumvent game restrictions can still get around this (until I put in things like client authenticity verifications), but It seems somewhat better than a lot of the solutions I have seen so far. As well the blacklist of tools can be updated on the server side at any time, without shutting down or restarting and be immediately available for use on the next client to register. The list is not stored on disk at the client in either encrypted or clear format.
Oh, and the client components will be protected from casual decompiling
What do you guys think? Suggestions/critique welcome.
Last edited: