Does MT check for hacked clients ?

User avatar
LMD
Member
Posts: 1386
Joined: Sat Apr 08, 2017 08:16
GitHub: appgurueu
IRC: appguru[eu]
In-game: LMD
Location: Germany
Contact:

Does MT check for hacked clients ?

by LMD » Post

I believe MT Servers should (be able to) check whether somebody uses a client that has a differing checksum from the official one... Else, anybody can just compile his own MT with some hacks...
My stuff: Projects - Mods - Website

User avatar
rubenwardy
Moderator
Posts: 6972
Joined: Tue Jun 12, 2012 18:11
GitHub: rubenwardy
IRC: rubenwardy
In-game: rubenwardy
Location: Bristol, United Kingdom
Contact:

Re: Does MT check for hacked clients ?

by rubenwardy » Post

No

No

NO

N
O

NOOOO

No.
Renewed Tab (my browser add-on) | Donate | Mods | Minetest Modding Book

Hello profile reader

User avatar
GreenXenith
Member
Posts: 1356
Joined: Wed Oct 28, 2015 01:26
GitHub: GreenXenith
Location: UTC-8:00
Contact:

Re: Does MT check for hacked clients ?

by GreenXenith » Post

Clients already label themselves as -dirty when they are modified, the problem being there is no way to know if it is just PR testing or a developer vs a "hacked client".
YouTube | Mods | Patreon | Minetest Discord @greenxenith

You should not be able to read this message.

User avatar
rubenwardy
Moderator
Posts: 6972
Joined: Tue Jun 12, 2012 18:11
GitHub: rubenwardy
IRC: rubenwardy
In-game: rubenwardy
Location: Bristol, United Kingdom
Contact:

Re: Does MT check for hacked clients ?

by rubenwardy » Post

Image
Renewed Tab (my browser add-on) | Donate | Mods | Minetest Modding Book

Hello profile reader

User avatar
GreenXenith
Member
Posts: 1356
Joined: Wed Oct 28, 2015 01:26
GitHub: GreenXenith
Location: UTC-8:00
Contact:

Re: Does MT check for hacked clients ?

by GreenXenith » Post

rubenwardy wrote:Image
+1
YouTube | Mods | Patreon | Minetest Discord @greenxenith

You should not be able to read this message.

User avatar
Krock
Developer
Posts: 4649
Joined: Thu Oct 03, 2013 07:48
GitHub: SmallJoker
Location: Switzerland
Contact:

Re: Does MT check for hacked clients ?

by Krock » Post

Image

FTFY (added a link to the relevant issue)
Look, I programmed a bug for you. >> Mod Search Engine << - Mods by Krock - DuckDuckGo mod search bang: !mtmod <keyword here>

User avatar
LMD
Member
Posts: 1386
Joined: Sat Apr 08, 2017 08:16
GitHub: appgurueu
IRC: appguru[eu]
In-game: LMD
Location: Germany
Contact:

Re: Does MT check for hacked clients ?

by LMD » Post

Ok, I take your point...
My stuff: Projects - Mods - Website

User avatar
Linuxdirk
Member
Posts: 3217
Joined: Wed Sep 17, 2014 11:21
In-game: Linuxdirk
Location: Germany
Contact:

Re: Does MT check for hacked clients ?

by Linuxdirk » Post

rubenwardy wrote:Image
This is only for features devs dislike or don"t want to work on. ;)

The correct tag here would be “Impossible to add as long as the server is not 100% authoritative”.

User avatar
rubenwardy
Moderator
Posts: 6972
Joined: Tue Jun 12, 2012 18:11
GitHub: rubenwardy
IRC: rubenwardy
In-game: rubenwardy
Location: Bristol, United Kingdom
Contact:

Re: Does MT check for hacked clients ?

by rubenwardy » Post

Even if it were possible, it won't be accepted and no one should want it
Renewed Tab (my browser add-on) | Donate | Mods | Minetest Modding Book

Hello profile reader

BBmine
Member
Posts: 3476
Joined: Sun Jul 12, 2015 22:51
GitHub: BBmine
IRC: BBmine
In-game: Baggins
Location: USA

Re: Does MT check for hacked clients ?

by BBmine » Post

What if I want to modify my client? Not to cheat, but to just have a different style. Would the checksum know the difference? No.

User avatar
MineYoshi
Member
Posts: 5373
Joined: Wed Jul 08, 2015 13:20
Contact:

Re: Does MT check for hacked clients ?

by MineYoshi » Post

BBmine wrote:What if I want to modify my client? Not to cheat, but to just have a different style. Would the checksum know the difference? No.
It would, depending on the changes you may have done the checksum will change and the changes will be noticed.
Have a nice day! :D

User avatar
rnd
Member
Posts: 220
Joined: Sun Dec 28, 2014 12:24
GitHub: ac-minetest
IRC: ac_minetest
In-game: rnd

Re: Does MT check for hacked clients ?

by rnd » Post

you could make simple mark that would tell server you use nonoriginal client ( no penalty in gameplay, just server would know 'client is modified').

Basically you add secret key in several places in source thats not (without a LOT of dedication and knowledge) readable from looking at binary and when connecting to server client sends extra response hash(challenge .. secret key). It can be done. The only question is are the 'devs' to be trusted not to add some other shit.Well, are you? :)

Then when you put out official 'minetest ' everything is same just this thing is added. Normal source is released as now.
1EvCmxbzl5KDu6XAunE1K853Lq6VVOsT

HONEYBOOBOOCHILD
Member
Posts: 54
Joined: Tue Apr 17, 2018 02:51

Re: Does MT check for hacked clients ?

by HONEYBOOBOOCHILD » Post

Would it be possible for servers to ask periodic checksum of user privs? This would have nothing to do with validating clients but busting a cheater when he/she suddenly gained a new priv. I'm not a coder, sorry if sounds stupid.

User avatar
Lejo
Member
Posts: 718
Joined: Mon Oct 19, 2015 16:32
GitHub: Lejo1
In-game: Lejo

Re: Does MT check for hacked clients ?

by Lejo » Post

What about checking the players vers_string to get some information like -dirty?
So you can disallow this clients on servers.
EDIT: The vers_string is debug build only :-(

User avatar
Linuxdirk
Member
Posts: 3217
Joined: Wed Sep 17, 2014 11:21
In-game: Linuxdirk
Location: Germany
Contact:

Re: Does MT check for hacked clients ?

by Linuxdirk » Post

BBmine wrote:What if I want to modify my client? Not to cheat, but to just have a different style. Would the checksum know the difference? No.
Do whatever you want with the client. And if the server asks for the checksum just send whatever the server wants and do with the client whatever you want.

The server has to be 100% authoritative. Never trust a client. The client is in "enemy hands". Whatever a client tells the server has to be seen as a lie in the first place.

The goal should not be securing the client but securing the server. So checking if the client was hacked becomes obsolete at the same moment the server becomes 100% authoritative because then a hacked client has no chance to trick the server.
Lejo wrote:What about checking the players vers_string to get some information like -dirty?
Irrelevant for the same reason a checksum does not work. A hacked client can send whatever it wants if the server requests something.

User avatar
Lejo
Member
Posts: 718
Joined: Mon Oct 19, 2015 16:32
GitHub: Lejo1
In-game: Lejo

Re: Does MT check for hacked clients ?

by Lejo » Post

What about sending the client an clientside mod, that checks the Client?

User avatar
Linuxdirk
Member
Posts: 3217
Joined: Wed Sep 17, 2014 11:21
In-game: Linuxdirk
Location: Germany
Contact:

Re: Does MT check for hacked clients ?

by Linuxdirk » Post

Lejo wrote:What about sending the client an clientside mod, that checks the Client?
As soon as you have full control over the client absolutely no client verification/certification mechanisms work because the client can simply spoof the answer.

EVERYTHING coming from a client has to be seen as untrusted and potentially invalid. Neither should any input used without sanitation nor should any information a client sends be taken as granted.

A server can NEVER trust a client. Not only in the Minetest world but in general. As soon as the user has a way to modify the client or the data a client sends or has a way to input something into the client, the client should be seen as compromised.

Cheating protection or anything to prevent hacked clients to do their thing has to be done 100% server-side. If the server is 100% authoritative hacked clients automatically become useless.

Jordach
Member
Posts: 4534
Joined: Mon Oct 03, 2011 17:58
GitHub: Jordach
IRC: Jordach
In-game: Jordach
Location: Blender Scene

Re: Does MT check for hacked clients ?

by Jordach » Post

Linuxdirk wrote:As soon as you have full control over the client absolutely no client verification/certification mechanisms work because the client can simply spoof the answer.
tl;dr Cyber Security 101.

User avatar
Festus1965
Member
Posts: 4181
Joined: Sun Jan 03, 2016 11:58
GitHub: Festus1965
In-game: Festus1965 Thomas Thailand Explorer
Location: Thailand ChiangMai
Contact:

Re: Does MT check for hacked clients ?

by Festus1965 » Post

GreenDimond wrote:Clients already label themselves as -dirty when they are modified, the problem being there is no way to know if it is just PR testing or a developer vs a "hacked client".
Is that so ? Clients are label them selfs ?

And if, so what is the Server doing then ?
Human has no future (climate change)
If urgend, you find me in Roblox (as CNXThomas)

User avatar
Lejo
Member
Posts: 718
Joined: Mon Oct 19, 2015 16:32
GitHub: Lejo1
In-game: Lejo

Re: Does MT check for hacked clients ?

by Lejo » Post

Festus1965 wrote:And if, so what is the Server doing then ?
Nothing, it can also be a PR test or a not yet released dev-release.

User avatar
Festus1965
Member
Posts: 4181
Joined: Sun Jan 03, 2016 11:58
GitHub: Festus1965
In-game: Festus1965 Thomas Thailand Explorer
Location: Thailand ChiangMai
Contact:

Re: Does MT check for hacked clients ?

by Festus1965 » Post

Lejo wrote:Nothing, it can also be a PR test or a not yet released dev-release.
oh nothing yet (!!!), but would I be able to catch the false report and kick them ?

as in my opinion, testers know what happen and can go other way,
and the modifiers I get off = very nice !
Human has no future (climate change)
If urgend, you find me in Roblox (as CNXThomas)

User avatar
rubenwardy
Moderator
Posts: 6972
Joined: Tue Jun 12, 2012 18:11
GitHub: rubenwardy
IRC: rubenwardy
In-game: rubenwardy
Location: Bristol, United Kingdom
Contact:

Re: Does MT check for hacked clients ?

by rubenwardy » Post

Worth noting that the OP's "brother" has since been banned for cheating on my server using a custom Java program and csm
Renewed Tab (my browser add-on) | Donate | Mods | Minetest Modding Book

Hello profile reader

User avatar
LMD
Member
Posts: 1386
Joined: Sat Apr 08, 2017 08:16
GitHub: appgurueu
IRC: appguru[eu]
In-game: LMD
Location: Germany
Contact:

Re: Does MT check for hacked clients ?

by LMD » Post

@rubenwardy :

At first : Please mention all the details. He did not only use Java, but also Python ; Java doesnt feature real-time process output processing. Python processes MT output generated by CSM, and then invokes Java to simulate mouse+keypress events using java.awt.Robot class.

I guess this is the wrong topic for your post. This topic is about hacked CLIENTS, which my brother did NOT, if you would have read what he wrote you. He just used allowed client-side-mods plus made some programs capable of simulating mouseclicks.

"Worth noting"
that I was banned, too. Please also tell your moderators how nice it was of them and some other CTF users to make fun of us afterwards. Also insanely "true" things were spread(not by the mods). I could read them as I connected using freenode, from where I was banned multiple times only for writing really not bad things and for just being LMD which permitted me being able to READ which further bad things were said about us. So I wasnt even allowed to know what other very, very "true" things & co have been spread by some really nice and social people.

Furthermore, I would be incredibly grateful if your moderators could stop banning people - such as me - from freenode for no reason. There's a variety of different VPNs, so your mods' bans are like jokes to me, but it felt pretty senseless to me when I just came in again after they banned me, and so on... which would just have resulted in a giant waste of time. Instead, I started coding a new CTF with my brother.

On top, if we'd just restart our router, we could join again. But after this huge disappointment, I am not willing to do so.

BTW, from my point of view it's not that polite of you to put the word brother in quotation marks. That kinda abstracts it. I am asking you : Please be more respectful. Thanks in advance.


I apologize for my strange language, I'm not a native speaker and am using metaphors & co. as they are in my language.
Last edited by LMD on Fri Jun 01, 2018 13:50, edited 15 times in total.
My stuff: Projects - Mods - Website

User avatar
KGM
Member
Posts: 191
Joined: Mon Nov 14, 2016 19:57
Location: Bonn, Germany

Re: Does MT check for hacked clients ?

by KGM » Post

@rubenwardy : plz define CHEATING before u (mis) use that term.
PS : I will leak my "cheat", and as it's not in c++ client, you won't be able to check for it! (as there are players performing as good as my program themselves, you can't even check who performs that well, and kick them!)
then anyone will "cheat" and you can't stop!
I will make an easy installable deb, so any ubuntu user can use it, for others i will publish instructions how to install it manually...
but not now, now I and LMD are working on better ctf!
(that my csm helps me that much is your games fault! If your game was good there would be no way to split a task solvable by program off the task of playing your game!)
In our new ctf, such "cheats" wont change anything, as it will be so complex a program can't help anyway!
Our ctf will be wonderful, and the license will forbid u to use, host, ... it!
PS max_becker@saeuferleber.de is just one of my "anonymous" emails! my true name is of course Kai Gerd Müller
"he" is the one who get's the spam!
PS:
(extract from your email response to max_becker@...)
"
> I am great programmer and i can do much betther than u!

https://en.m.wikipedia.org/wiki/Dunning–Kruger_effect
"
not polite and smart!
primitive and rude!
u always talk that way to strangers?
Last edited by KGM on Fri Jun 01, 2018 13:58, edited 1 time in total.
When I first came here, this was all swamp. Everyone said I was daft to build a castle on a swamp, but I built in all the same, just to show them.

User avatar
rubenwardy
Moderator
Posts: 6972
Joined: Tue Jun 12, 2012 18:11
GitHub: rubenwardy
IRC: rubenwardy
In-game: rubenwardy
Location: Bristol, United Kingdom
Contact:

Re: Does MT check for hacked clients ?

by rubenwardy » Post

Lol, thanks for proving me right


I suggest you familiarise yourself with the forum rules before doing anything stupid: viewtopic.php?f=3&t=17151
Renewed Tab (my browser add-on) | Donate | Mods | Minetest Modding Book

Hello profile reader

Locked

Who is online

Users browsing this forum: Blockhead and 10 guests