I'm writing a toon validator wich works well so far, but I wonder what is the best approach to use against memory editors? Is there a way to prevent such intrusions?
Thanks in advance.
Kato
Modifié par Kato_Yang, 18 mars 2012 - 11:40 .
Character validation vs memory editors?
Débuté par
Kato -
, mars 18 2012 11:37
#1
Posté 18 mars 2012 - 11:37
Kato -
-
- Members
- 392 messages
Hi there,
I'm writing a toon validator wich works well so far, but I wonder what is the best approach to use against memory editors? Is there a way to prevent such intrusions?
Thanks in advance.
Kato
I'm writing a toon validator wich works well so far, but I wonder what is the best approach to use against memory editors? Is there a way to prevent such intrusions?
Thanks in advance.
Kato
Retour en haut
#2
Posté 19 mars 2012 - 04:32
FunkySwerve
-
- Members
- 1 308 messages
If someone is able to edit characters in your server's memory, you're already completely screwed, because they have access to your entire server. I've yet to see anyone manage this - it'd require some pretty epic hacking or them getting hold of a password.
The things you need to worry about are not in-memory edits, but weaknesses in the client during character creation and leveling. During creation, it's possible to swap out the character file created with one made clientside. You can guard against this by verifying characters that are new. You can ALWAYS tell new characters because they will have 0 xp - that's one of the things that cannot be edited for a successful swap to take place. After verification, given them a point of xp, and they won't pass through verification again. This type of verification will prevent many 2da edits, as well, where they aren't explicitly replacing one toon with another, just using altered 2das to gain access to feats, abilities, etc, they wouldn't otherwise have.
The other weakness is during levelup. For reasons beyond me, bioware chose to use clientside 2das for some things during levelup, rather than serverside. You must therefore verify on levelup as well, to ensure than haven't, for example, made a CC skill a primary skill. Such edits are a vanishingly small minority, however, and it may not be worth your trouble - they're just not a big enough advantage to appeal to the typical ex_plo%it*ers mentality.
Funky
The things you need to worry about are not in-memory edits, but weaknesses in the client during character creation and leveling. During creation, it's possible to swap out the character file created with one made clientside. You can guard against this by verifying characters that are new. You can ALWAYS tell new characters because they will have 0 xp - that's one of the things that cannot be edited for a successful swap to take place. After verification, given them a point of xp, and they won't pass through verification again. This type of verification will prevent many 2da edits, as well, where they aren't explicitly replacing one toon with another, just using altered 2das to gain access to feats, abilities, etc, they wouldn't otherwise have.
The other weakness is during levelup. For reasons beyond me, bioware chose to use clientside 2das for some things during levelup, rather than serverside. You must therefore verify on levelup as well, to ensure than haven't, for example, made a CC skill a primary skill. Such edits are a vanishingly small minority, however, and it may not be worth your trouble - they're just not a big enough advantage to appeal to the typical ex_plo%it*ers mentality.
Funky
#3
Posté 19 mars 2012 - 05:40
Kato -
-
- Members
- 392 messages
Okay, I'll consider all this, thank you Funky. The thing is, I have tried to hack my own server toons(to test the validator) with Quick Memory Editor and it worked, yet the modifs did not seem to persist, even after exporting the toon after applying the modifs, yet I feared that wise cheaters could have achieved this, wich does not seem to be the case according to what you mention(and even then if the toons are validated after level up it should not be a problem), so thanks again for the infos. 
Kato
Kato
Modifié par Kato_Yang, 19 mars 2012 - 06:06 .
