Does MT check for hacked clients ?
- LMD
- Member
- Posts: 1386
- Joined: Sat Apr 08, 2017 08:16
- GitHub: appgurueu
- IRC: appguru[eu]
- In-game: LMD
- Location: Germany
- Contact:
Does MT check for hacked clients ?
I believe MT Servers should (be able to) check whether somebody uses a client that has a differing checksum from the official one... Else, anybody can just compile his own MT with some hacks...
- rubenwardy
- Moderator
- Posts: 6972
- Joined: Tue Jun 12, 2012 18:11
- GitHub: rubenwardy
- IRC: rubenwardy
- In-game: rubenwardy
- Location: Bristol, United Kingdom
- Contact:
Re: Does MT check for hacked clients ?
No
No
NO
N
O
NOOOO
No.
No
NO
N
O
NOOOO
No.
- GreenXenith
- Member
- Posts: 1356
- Joined: Wed Oct 28, 2015 01:26
- GitHub: GreenXenith
- Location: UTC-8:00
- Contact:
Re: Does MT check for hacked clients ?
Clients already label themselves as -dirty when they are modified, the problem being there is no way to know if it is just PR testing or a developer vs a "hacked client".
YouTube | Mods | Patreon | Minetest Discord @greenxenith
You should not be able to read this message.
You should not be able to read this message.
- rubenwardy
- Moderator
- Posts: 6972
- Joined: Tue Jun 12, 2012 18:11
- GitHub: rubenwardy
- IRC: rubenwardy
- In-game: rubenwardy
- Location: Bristol, United Kingdom
- Contact:
- GreenXenith
- Member
- Posts: 1356
- Joined: Wed Oct 28, 2015 01:26
- GitHub: GreenXenith
- Location: UTC-8:00
- Contact:
Re: Does MT check for hacked clients ?
+1rubenwardy wrote:
YouTube | Mods | Patreon | Minetest Discord @greenxenith
You should not be able to read this message.
You should not be able to read this message.
- Krock
- Developer
- Posts: 4650
- Joined: Thu Oct 03, 2013 07:48
- GitHub: SmallJoker
- Location: Switzerland
- Contact:
Re: Does MT check for hacked clients ?
Look, I programmed a bug for you. >> Mod Search Engine << - Mods by Krock - DuckDuckGo mod search bang: !mtmod <keyword here>
- Linuxdirk
- Member
- Posts: 3218
- Joined: Wed Sep 17, 2014 11:21
- In-game: Linuxdirk
- Location: Germany
- Contact:
Re: Does MT check for hacked clients ?
This is only for features devs dislike or don"t want to work on. ;)rubenwardy wrote:
The correct tag here would be “Impossible to add as long as the server is not 100% authoritative”.
- rubenwardy
- Moderator
- Posts: 6972
- Joined: Tue Jun 12, 2012 18:11
- GitHub: rubenwardy
- IRC: rubenwardy
- In-game: rubenwardy
- Location: Bristol, United Kingdom
- Contact:
Re: Does MT check for hacked clients ?
Even if it were possible, it won't be accepted and no one should want it
-
- Member
- Posts: 3476
- Joined: Sun Jul 12, 2015 22:51
- GitHub: BBmine
- IRC: BBmine
- In-game: Baggins
- Location: USA
Re: Does MT check for hacked clients ?
What if I want to modify my client? Not to cheat, but to just have a different style. Would the checksum know the difference? No.
Re: Does MT check for hacked clients ?
It would, depending on the changes you may have done the checksum will change and the changes will be noticed.BBmine wrote:What if I want to modify my client? Not to cheat, but to just have a different style. Would the checksum know the difference? No.
Have a nice day! :D
- rnd
- Member
- Posts: 220
- Joined: Sun Dec 28, 2014 12:24
- GitHub: ac-minetest
- IRC: ac_minetest
- In-game: rnd
Re: Does MT check for hacked clients ?
you could make simple mark that would tell server you use nonoriginal client ( no penalty in gameplay, just server would know 'client is modified').
Basically you add secret key in several places in source thats not (without a LOT of dedication and knowledge) readable from looking at binary and when connecting to server client sends extra response hash(challenge .. secret key). It can be done. The only question is are the 'devs' to be trusted not to add some other shit.Well, are you? :)
Then when you put out official 'minetest ' everything is same just this thing is added. Normal source is released as now.
Basically you add secret key in several places in source thats not (without a LOT of dedication and knowledge) readable from looking at binary and when connecting to server client sends extra response hash(challenge .. secret key). It can be done. The only question is are the 'devs' to be trusted not to add some other shit.Well, are you? :)
Then when you put out official 'minetest ' everything is same just this thing is added. Normal source is released as now.
1EvCmxbzl5KDu6XAunE1K853Lq6VVOsT
-
- Member
- Posts: 54
- Joined: Tue Apr 17, 2018 02:51
Re: Does MT check for hacked clients ?
Would it be possible for servers to ask periodic checksum of user privs? This would have nothing to do with validating clients but busting a cheater when he/she suddenly gained a new priv. I'm not a coder, sorry if sounds stupid.
Re: Does MT check for hacked clients ?
What about checking the players vers_string to get some information like -dirty?
So you can disallow this clients on servers.
EDIT: The vers_string is debug build only :-(
So you can disallow this clients on servers.
EDIT: The vers_string is debug build only :-(
- Linuxdirk
- Member
- Posts: 3218
- Joined: Wed Sep 17, 2014 11:21
- In-game: Linuxdirk
- Location: Germany
- Contact:
Re: Does MT check for hacked clients ?
Do whatever you want with the client. And if the server asks for the checksum just send whatever the server wants and do with the client whatever you want.BBmine wrote:What if I want to modify my client? Not to cheat, but to just have a different style. Would the checksum know the difference? No.
The server has to be 100% authoritative. Never trust a client. The client is in "enemy hands". Whatever a client tells the server has to be seen as a lie in the first place.
The goal should not be securing the client but securing the server. So checking if the client was hacked becomes obsolete at the same moment the server becomes 100% authoritative because then a hacked client has no chance to trick the server.
Irrelevant for the same reason a checksum does not work. A hacked client can send whatever it wants if the server requests something.Lejo wrote:What about checking the players vers_string to get some information like -dirty?
Re: Does MT check for hacked clients ?
What about sending the client an clientside mod, that checks the Client?
- Linuxdirk
- Member
- Posts: 3218
- Joined: Wed Sep 17, 2014 11:21
- In-game: Linuxdirk
- Location: Germany
- Contact:
Re: Does MT check for hacked clients ?
As soon as you have full control over the client absolutely no client verification/certification mechanisms work because the client can simply spoof the answer.Lejo wrote:What about sending the client an clientside mod, that checks the Client?
EVERYTHING coming from a client has to be seen as untrusted and potentially invalid. Neither should any input used without sanitation nor should any information a client sends be taken as granted.
A server can NEVER trust a client. Not only in the Minetest world but in general. As soon as the user has a way to modify the client or the data a client sends or has a way to input something into the client, the client should be seen as compromised.
Cheating protection or anything to prevent hacked clients to do their thing has to be done 100% server-side. If the server is 100% authoritative hacked clients automatically become useless.
-
- Member
- Posts: 4534
- Joined: Mon Oct 03, 2011 17:58
- GitHub: Jordach
- IRC: Jordach
- In-game: Jordach
- Location: Blender Scene
Re: Does MT check for hacked clients ?
tl;dr Cyber Security 101.Linuxdirk wrote:As soon as you have full control over the client absolutely no client verification/certification mechanisms work because the client can simply spoof the answer.
- Festus1965
- Member
- Posts: 4181
- Joined: Sun Jan 03, 2016 11:58
- GitHub: Festus1965
- In-game: Festus1965 Thomas Thailand Explorer
- Location: Thailand ChiangMai
- Contact:
Re: Does MT check for hacked clients ?
Is that so ? Clients are label them selfs ?GreenDimond wrote:Clients already label themselves as -dirty when they are modified, the problem being there is no way to know if it is just PR testing or a developer vs a "hacked client".
And if, so what is the Server doing then ?
Human has no future (climate change)
If urgend, you find me in Roblox (as CNXThomas)
If urgend, you find me in Roblox (as CNXThomas)
Re: Does MT check for hacked clients ?
Nothing, it can also be a PR test or a not yet released dev-release.Festus1965 wrote:And if, so what is the Server doing then ?
- Festus1965
- Member
- Posts: 4181
- Joined: Sun Jan 03, 2016 11:58
- GitHub: Festus1965
- In-game: Festus1965 Thomas Thailand Explorer
- Location: Thailand ChiangMai
- Contact:
Re: Does MT check for hacked clients ?
oh nothing yet (!!!), but would I be able to catch the false report and kick them ?Lejo wrote:Nothing, it can also be a PR test or a not yet released dev-release.
as in my opinion, testers know what happen and can go other way,
and the modifiers I get off = very nice !
Human has no future (climate change)
If urgend, you find me in Roblox (as CNXThomas)
If urgend, you find me in Roblox (as CNXThomas)
- rubenwardy
- Moderator
- Posts: 6972
- Joined: Tue Jun 12, 2012 18:11
- GitHub: rubenwardy
- IRC: rubenwardy
- In-game: rubenwardy
- Location: Bristol, United Kingdom
- Contact:
Re: Does MT check for hacked clients ?
Worth noting that the OP's "brother" has since been banned for cheating on my server using a custom Java program and csm
- LMD
- Member
- Posts: 1386
- Joined: Sat Apr 08, 2017 08:16
- GitHub: appgurueu
- IRC: appguru[eu]
- In-game: LMD
- Location: Germany
- Contact:
Re: Does MT check for hacked clients ?
@rubenwardy :
At first : Please mention all the details. He did not only use Java, but also Python ; Java doesnt feature real-time process output processing. Python processes MT output generated by CSM, and then invokes Java to simulate mouse+keypress events using java.awt.Robot class.
I guess this is the wrong topic for your post. This topic is about hacked CLIENTS, which my brother did NOT, if you would have read what he wrote you. He just used allowed client-side-mods plus made some programs capable of simulating mouseclicks.
"Worth noting" that I was banned, too. Please also tell your moderators how nice it was of them and some other CTF users to make fun of us afterwards. Also insanely "true" things were spread(not by the mods). I could read them as I connected using freenode, from where I was banned multiple times only for writing really not bad things and for just being LMD which permitted me being able to READ which further bad things were said about us. So I wasnt even allowed to know what other very, very "true" things & co have been spread by some really nice and social people.
Furthermore, I would be incredibly grateful if your moderators could stop banning people - such as me - from freenode for no reason. There's a variety of different VPNs, so your mods' bans are like jokes to me, but it felt pretty senseless to me when I just came in again after they banned me, and so on... which would just have resulted in a giant waste of time. Instead, I started coding a new CTF with my brother.
On top, if we'd just restart our router, we could join again. But after this huge disappointment, I am not willing to do so.
BTW, from my point of view it's not that polite of you to put the word brother in quotation marks. That kinda abstracts it. I am asking you : Please be more respectful. Thanks in advance.
I apologize for my strange language, I'm not a native speaker and am using metaphors & co. as they are in my language.
At first : Please mention all the details. He did not only use Java, but also Python ; Java doesnt feature real-time process output processing. Python processes MT output generated by CSM, and then invokes Java to simulate mouse+keypress events using java.awt.Robot class.
I guess this is the wrong topic for your post. This topic is about hacked CLIENTS, which my brother did NOT, if you would have read what he wrote you. He just used allowed client-side-mods plus made some programs capable of simulating mouseclicks.
"Worth noting" that I was banned, too. Please also tell your moderators how nice it was of them and some other CTF users to make fun of us afterwards. Also insanely "true" things were spread(not by the mods). I could read them as I connected using freenode, from where I was banned multiple times only for writing really not bad things and for just being LMD which permitted me being able to READ which further bad things were said about us. So I wasnt even allowed to know what other very, very "true" things & co have been spread by some really nice and social people.
Furthermore, I would be incredibly grateful if your moderators could stop banning people - such as me - from freenode for no reason. There's a variety of different VPNs, so your mods' bans are like jokes to me, but it felt pretty senseless to me when I just came in again after they banned me, and so on... which would just have resulted in a giant waste of time. Instead, I started coding a new CTF with my brother.
On top, if we'd just restart our router, we could join again. But after this huge disappointment, I am not willing to do so.
BTW, from my point of view it's not that polite of you to put the word brother in quotation marks. That kinda abstracts it. I am asking you : Please be more respectful. Thanks in advance.
I apologize for my strange language, I'm not a native speaker and am using metaphors & co. as they are in my language.
Last edited by LMD on Fri Jun 01, 2018 13:50, edited 15 times in total.
Re: Does MT check for hacked clients ?
@rubenwardy : plz define CHEATING before u (mis) use that term.
PS : I will leak my "cheat", and as it's not in c++ client, you won't be able to check for it! (as there are players performing as good as my program themselves, you can't even check who performs that well, and kick them!)
then anyone will "cheat" and you can't stop!
I will make an easy installable deb, so any ubuntu user can use it, for others i will publish instructions how to install it manually...
but not now, now I and LMD are working on better ctf!
(that my csm helps me that much is your games fault! If your game was good there would be no way to split a task solvable by program off the task of playing your game!)
In our new ctf, such "cheats" wont change anything, as it will be so complex a program can't help anyway!
Our ctf will be wonderful, and the license will forbid u to use, host, ... it!
PS max_becker@saeuferleber.de is just one of my "anonymous" emails! my true name is of course Kai Gerd Müller
"he" is the one who get's the spam!
PS:
(extract from your email response to max_becker@...)
"
> I am great programmer and i can do much betther than u!
https://en.m.wikipedia.org/wiki/Dunning–Kruger_effect
"
not polite and smart!
primitive and rude!
u always talk that way to strangers?
PS : I will leak my "cheat", and as it's not in c++ client, you won't be able to check for it! (as there are players performing as good as my program themselves, you can't even check who performs that well, and kick them!)
then anyone will "cheat" and you can't stop!
I will make an easy installable deb, so any ubuntu user can use it, for others i will publish instructions how to install it manually...
but not now, now I and LMD are working on better ctf!
(that my csm helps me that much is your games fault! If your game was good there would be no way to split a task solvable by program off the task of playing your game!)
In our new ctf, such "cheats" wont change anything, as it will be so complex a program can't help anyway!
Our ctf will be wonderful, and the license will forbid u to use, host, ... it!
PS max_becker@saeuferleber.de is just one of my "anonymous" emails! my true name is of course Kai Gerd Müller
"he" is the one who get's the spam!
PS:
(extract from your email response to max_becker@...)
"
> I am great programmer and i can do much betther than u!
https://en.m.wikipedia.org/wiki/Dunning–Kruger_effect
"
not polite and smart!
primitive and rude!
u always talk that way to strangers?
Last edited by KGM on Fri Jun 01, 2018 13:58, edited 1 time in total.
When I first came here, this was all swamp. Everyone said I was daft to build a castle on a swamp, but I built in all the same, just to show them.
- rubenwardy
- Moderator
- Posts: 6972
- Joined: Tue Jun 12, 2012 18:11
- GitHub: rubenwardy
- IRC: rubenwardy
- In-game: rubenwardy
- Location: Bristol, United Kingdom
- Contact:
Re: Does MT check for hacked clients ?
Lol, thanks for proving me right
I suggest you familiarise yourself with the forum rules before doing anything stupid: viewtopic.php?f=3&t=17151
I suggest you familiarise yourself with the forum rules before doing anything stupid: viewtopic.php?f=3&t=17151
Who is online
Users browsing this forum: No registered users and 2 guests