Does MT check for hacked clients ?

User avatar
LMD
Member
 
Posts: 287
Joined: Sat Apr 08, 2017 08:16
Location: Bonn, Germany
GitHub: appgurueu
In-game: LMD + PRO_LMD + Limo

Does MT check for hacked clients ?

by LMD » Mon May 21, 2018 15:27

I believe MT Servers should (be able to) check whether somebody uses a client that has a differing checksum from the official one... Else, anybody can just compile his own MT with some hacks...
 

User avatar
rubenwardy
Moderator
 
Posts: 5298
Joined: Tue Jun 12, 2012 18:11
Location: United Kingdom
GitHub: rubenwardy
IRC: rubenwardy
In-game: rubenwardy
 

User avatar
GreenDimond
Member
 
Posts: 1089
Joined: Wed Oct 28, 2015 01:26
Location: Yes.
GitHub: GreenXenith
IRC: GreenDimond
In-game: GreenDimond

Re: Does MT check for hacked clients ?

by GreenDimond » Mon May 21, 2018 15:43

Clients already label themselves as -dirty when they are modified, the problem being there is no way to know if it is just PR testing or a developer vs a "hacked client".
My YuTube channel | I moderate the HOMETOWN Server. | Click here to see my (6) mods! ~Using gradient signatures since 2017. ✂️- - - - -
 

User avatar
rubenwardy
Moderator
 
Posts: 5298
Joined: Tue Jun 12, 2012 18:11
Location: United Kingdom
GitHub: rubenwardy
IRC: rubenwardy
In-game: rubenwardy
 

User avatar
GreenDimond
Member
 
Posts: 1089
Joined: Wed Oct 28, 2015 01:26
Location: Yes.
GitHub: GreenXenith
IRC: GreenDimond
In-game: GreenDimond

Re: Does MT check for hacked clients ?

by GreenDimond » Mon May 21, 2018 15:47

rubenwardy wrote:Image

+1
My YuTube channel | I moderate the HOMETOWN Server. | Click here to see my (6) mods! ~Using gradient signatures since 2017. ✂️- - - - -
 

User avatar
Krock
Developer
 
Posts: 3920
Joined: Thu Oct 03, 2013 07:48
Location: Switzerland
GitHub: SmallJoker

Re: Does MT check for hacked clients ?

by Krock » Mon May 21, 2018 15:59

Image

FTFY (added a link to the relevant issue)
Mod Search Engine - Mods by Krock - DuckDuckGo mod search bang: !mtmod <keyword here>
 

User avatar
LMD
Member
 
Posts: 287
Joined: Sat Apr 08, 2017 08:16
Location: Bonn, Germany
GitHub: appgurueu
In-game: LMD + PRO_LMD + Limo
 

User avatar
Linuxdirk
Member
 
Posts: 1458
Joined: Wed Sep 17, 2014 11:21
Location: Germany
In-game: Linuxdirk

Re: Does MT check for hacked clients ?

by Linuxdirk » Mon May 21, 2018 21:03

rubenwardy wrote:Image

This is only for features devs dislike or don"t want to work on. ;)

The correct tag here would be “Impossible to add as long as the server is not 100% authoritative”.
 

User avatar
rubenwardy
Moderator
 
Posts: 5298
Joined: Tue Jun 12, 2012 18:11
Location: United Kingdom
GitHub: rubenwardy
IRC: rubenwardy
In-game: rubenwardy

Re: Does MT check for hacked clients ?

by rubenwardy » Mon May 21, 2018 21:13

Even if it were possible, it won't be accepted and no one should want it
Core Developer | Donate | My Twitter | Mods | Mods 4 Android | Node Box Editor | Minetest Modding Book

Hello profile reader

LgiOxMFYXOqtqVqMPhbw1Bn3oNRvEC7j
 

User avatar
BBmine
Member
 
Posts: 3397
Joined: Sun Jul 12, 2015 22:51
Location: USA
IRC: BBmine
In-game: Baggins

Re: Does MT check for hacked clients ?

by BBmine » Mon May 21, 2018 21:38

What if I want to modify my client? Not to cheat, but to just have a different style. Would the checksum know the difference? No.
 

User avatar
MineYoshi
Member
 
Posts: 5339
Joined: Wed Jul 08, 2015 13:20

Re: Does MT check for hacked clients ?

by MineYoshi » Tue May 22, 2018 01:39

BBmine wrote:What if I want to modify my client? Not to cheat, but to just have a different style. Would the checksum know the difference? No.

It would, depending on the changes you may have done the checksum will change and the changes will be noticed.
la mandra sempre hi és aquí; l'avorriment no té pietat.
 

User avatar
rnd
Member
 
Posts: 199
Joined: Sun Dec 28, 2014 12:24
IRC: ac_minetest
In-game: rnd

Re: Does MT check for hacked clients ?

by rnd » Tue May 22, 2018 05:40

you could make simple mark that would tell server you use nonoriginal client ( no penalty in gameplay, just server would know 'client is modified').

Basically you add secret key in several places in source thats not (without a LOT of dedication and knowledge) readable from looking at binary and when connecting to server client sends extra response hash(challenge .. secret key). It can be done. The only question is are the 'devs' to be trusted not to add some other shit.Well, are you? :)

Then when you put out official 'minetest ' everything is same just this thing is added. Normal source is released as now.
 

HONEYBOOBOOCHILD
Member
 
Posts: 13
Joined: Tue Apr 17, 2018 02:51

Re: Does MT check for hacked clients ?

by HONEYBOOBOOCHILD » Tue May 22, 2018 06:17

Would it be possible for servers to ask periodic checksum of user privs? This would have nothing to do with validating clients but busting a cheater when he/she suddenly gained a new priv. I'm not a coder, sorry if sounds stupid.
 

User avatar
Lejo
Member
 
Posts: 310
Joined: Mon Oct 19, 2015 16:32
GitHub: Lejo1
In-game: Lejo

Re: Does MT check for hacked clients ?

by Lejo » Tue May 22, 2018 07:55

What about checking the players vers_string to get some information like -dirty?
So you can disallow this clients on servers.
EDIT: The vers_string is debug build only :-(
 

User avatar
Linuxdirk
Member
 
Posts: 1458
Joined: Wed Sep 17, 2014 11:21
Location: Germany
In-game: Linuxdirk

Re: Does MT check for hacked clients ?

by Linuxdirk » Tue May 22, 2018 11:27

BBmine wrote:What if I want to modify my client? Not to cheat, but to just have a different style. Would the checksum know the difference? No.

Do whatever you want with the client. And if the server asks for the checksum just send whatever the server wants and do with the client whatever you want.

The server has to be 100% authoritative. Never trust a client. The client is in "enemy hands". Whatever a client tells the server has to be seen as a lie in the first place.

The goal should not be securing the client but securing the server. So checking if the client was hacked becomes obsolete at the same moment the server becomes 100% authoritative because then a hacked client has no chance to trick the server.

Lejo wrote:What about checking the players vers_string to get some information like -dirty?

Irrelevant for the same reason a checksum does not work. A hacked client can send whatever it wants if the server requests something.
 

User avatar
Lejo
Member
 
Posts: 310
Joined: Mon Oct 19, 2015 16:32
GitHub: Lejo1
In-game: Lejo

Re: Does MT check for hacked clients ?

by Lejo » Thu May 24, 2018 15:31

What about sending the client an clientside mod, that checks the Client?
 

User avatar
Linuxdirk
Member
 
Posts: 1458
Joined: Wed Sep 17, 2014 11:21
Location: Germany
In-game: Linuxdirk

Re: Does MT check for hacked clients ?

by Linuxdirk » Thu May 24, 2018 16:03

Lejo wrote:What about sending the client an clientside mod, that checks the Client?

As soon as you have full control over the client absolutely no client verification/certification mechanisms work because the client can simply spoof the answer.

EVERYTHING coming from a client has to be seen as untrusted and potentially invalid. Neither should any input used without sanitation nor should any information a client sends be taken as granted.

A server can NEVER trust a client. Not only in the Minetest world but in general. As soon as the user has a way to modify the client or the data a client sends or has a way to input something into the client, the client should be seen as compromised.

Cheating protection or anything to prevent hacked clients to do their thing has to be done 100% server-side. If the server is 100% authoritative hacked clients automatically become useless.
 

User avatar
Jordach
Member
 
Posts: 4484
Joined: Mon Oct 03, 2011 17:58
Location: Blender Scene
GitHub: Jordach
IRC: Jordach
In-game: Jordach

Re: Does MT check for hacked clients ?

by Jordach » Tue May 29, 2018 11:46

Linuxdirk wrote:As soon as you have full control over the client absolutely no client verification/certification mechanisms work because the client can simply spoof the answer.


tl;dr Cyber Security 101.
viewtopic.php?f=10&t=19056 Solar Plains Dev Server
 

User avatar
Festus1965
Member
 
Posts: 180
Joined: Sun Jan 03, 2016 11:58
Location: Thailand - Chiang Mai (+5-6h to MEZ)
In-game: Thomas Explorer

Re: Does MT check for hacked clients ?

by Festus1965 » Thu May 31, 2018 01:17

GreenDimond wrote:Clients already label themselves as -dirty when they are modified, the problem being there is no way to know if it is just PR testing or a developer vs a "hacked client".


Is that so ? Clients are label them selfs ?

And if, so what is the Server doing then ?
 

User avatar
Lejo
Member
 
Posts: 310
Joined: Mon Oct 19, 2015 16:32
GitHub: Lejo1
In-game: Lejo

Re: Does MT check for hacked clients ?

by Lejo » Thu May 31, 2018 07:07

Festus1965 wrote:And if, so what is the Server doing then ?

Nothing, it can also be a PR test or a not yet released dev-release.
 

User avatar
Festus1965
Member
 
Posts: 180
Joined: Sun Jan 03, 2016 11:58
Location: Thailand - Chiang Mai (+5-6h to MEZ)
In-game: Thomas Explorer

Re: Does MT check for hacked clients ?

by Festus1965 » Fri Jun 01, 2018 00:56

Lejo wrote:Nothing, it can also be a PR test or a not yet released dev-release.


oh nothing yet (!!!), but would I be able to catch the false report and kick them ?

as in my opinion, testers know what happen and can go other way,
and the modifiers I get off = very nice !
 

User avatar
rubenwardy
Moderator
 
Posts: 5298
Joined: Tue Jun 12, 2012 18:11
Location: United Kingdom
GitHub: rubenwardy
IRC: rubenwardy
In-game: rubenwardy

Re: Does MT check for hacked clients ?

by rubenwardy » Fri Jun 01, 2018 02:07

Worth noting that the OP's "brother" has since been banned for cheating on my server using a custom Java program and csm
Core Developer | Donate | My Twitter | Mods | Mods 4 Android | Node Box Editor | Minetest Modding Book

Hello profile reader

LgiOxMFYXOqtqVqMPhbw1Bn3oNRvEC7j
 

User avatar
LMD
Member
 
Posts: 287
Joined: Sat Apr 08, 2017 08:16
Location: Bonn, Germany
GitHub: appgurueu
In-game: LMD + PRO_LMD + Limo

Re: Does MT check for hacked clients ?

by LMD » Fri Jun 01, 2018 13:00

@rubenwardy :

At first : Please mention all the details. He did not only use Java, but also Python ; Java doesnt feature real-time process output processing. Python processes MT output generated by CSM, and then invokes Java to simulate mouse+keypress events using java.awt.Robot class.

I guess this is the wrong topic for your post. This topic is about hacked CLIENTS, which my brother did NOT, if you would have read what he wrote you. He just used allowed client-side-mods plus made some programs capable of simulating mouseclicks.

"Worth noting"
that I was banned, too. Please also tell your moderators how nice it was of them and some other CTF users to make fun of us afterwards. Also insanely "true" things were spread(not by the mods). I could read them as I connected using freenode, from where I was banned multiple times only for writing really not bad things and for just being LMD which permitted me being able to READ which further bad things were said about us. So I wasnt even allowed to know what other very, very "true" things & co have been spread by some really nice and social people.

Furthermore, I would be incredibly grateful if your moderators could stop banning people - such as me - from freenode for no reason. There's a variety of different VPNs, so your mods' bans are like jokes to me, but it felt pretty senseless to me when I just came in again after they banned me, and so on... which would just have resulted in a giant waste of time. Instead, I started coding a new CTF with my brother.

On top, if we'd just restart our router, we could join again. But after this huge disappointment, I am not willing to do so.

BTW, from my point of view it's not that polite of you to put the word brother in quotation marks. That kinda abstracts it. I am asking you : Please be more respectful. Thanks in advance.


I apologize for my strange language, I'm not a native speaker and am using metaphors & co. as they are in my language.
Last edited by LMD on Fri Jun 01, 2018 13:50, edited 15 times in total.
 

User avatar
KGM
Member
 
Posts: 116
Joined: Mon Nov 14, 2016 19:57
Location: Bonn, Germany

Re: Does MT check for hacked clients ?

by KGM » Fri Jun 01, 2018 13:05

@rubenwardy : plz define CHEATING before u (mis) use that term.
PS : I will leak my "cheat", and as it's not in c++ client, you won't be able to check for it! (as there are players performing as good as my program themselves, you can't even check who performs that well, and kick them!)
then anyone will "cheat" and you can't stop!
I will make an easy installable deb, so any ubuntu user can use it, for others i will publish instructions how to install it manually...
but not now, now I and LMD are working on better ctf!
(that my csm helps me that much is your games fault! If your game was good there would be no way to split a task solvable by program off the task of playing your game!)
In our new ctf, such "cheats" wont change anything, as it will be so complex a program can't help anyway!
Our ctf will be wonderful, and the license will forbid u to use, host, ... it!
PS max_becker@saeuferleber.de is just one of my "anonymous" emails! my true name is of course Kai Gerd Müller
"he" is the one who get's the spam!
PS:
(extract from your email response to max_becker@...)
"
> I am great programmer and i can do much betther than u!

https://en.m.wikipedia.org/wiki/Dunning–Kruger_effect
"
not polite and smart!
primitive and rude!
u always talk that way to strangers?
Last edited by KGM on Fri Jun 01, 2018 13:58, edited 1 time in total.
My Lord of the Rings subgame:https://https://wiki.minetest.net/LOTH

Note: I try to avoid dependencies in my Mods:
To install a mod, just unzip it and
paste it into the /mods directory of
the concerning subgame.
[License:LGPL-2.1]
 

User avatar
rubenwardy
Moderator
 
Posts: 5298
Joined: Tue Jun 12, 2012 18:11
Location: United Kingdom
GitHub: rubenwardy
IRC: rubenwardy
In-game: rubenwardy

Re: Does MT check for hacked clients ?

by rubenwardy » Fri Jun 01, 2018 13:49

Lol, thanks for proving me right


I suggest you familiarise yourself with the forum rules before doing anything stupid: viewtopic.php?f=3&t=17151
Core Developer | Donate | My Twitter | Mods | Mods 4 Android | Node Box Editor | Minetest Modding Book

Hello profile reader

LgiOxMFYXOqtqVqMPhbw1Bn3oNRvEC7j
 

Next

Return to General Discussion



Who is online

Users browsing this forum: Bing [Bot] and 3 guests