Jump to content
Report a V1.0 Bug!

Hacking by WeMod and similar tools... Whats wrong with your client-server-approach?!

White-Gandalf

By White-Gandalf
in General Discussion

 Share

Recommended Posts

White-Gandalf Hunter

White-Gandalf

Posted
Posted

A few moments ago, a hacking nipper showed me that he can do everything what SHOULD only be possible with admin rights when he simply joins a game of me.

 

If, in a client-server-system, the client has the possibility to activate things on the server that he shoud not be able to do, then said client-server system has a crucial flaw in its communication system. If it would have been designed correctly, those actions would NEVER be possible.

 

Every commercial client-server system crawling on its last toenail does this right. The principles were developed more than half a century ago. How in the hell does 7 Days get this that wrong?

Link to comment
Share on other sites
meganoth Guppycurian Forum Whore

meganoth

Posted
Posted (edited)

Different doctrine. They probably assume/depend on that the client should not be patchable by a hacker with EAC enabled so the client program is part of the safe zone. If they can't it will have consequences for network performance.

 

One problem is that there are clients who need to do admin stuff, otherwise a headless server could only be managed by telnet or web interface. This means there needs to be some authentication step that isn't implemented but (in my view) there is no way around this, at least for console commands.

 

Which still leaves a lot of other stuff possible for hackers if they can circumvent EAC or just insert hand-crafted packets into the communication.

Edited by meganoth (see edit history)
2
Link to comment
Share on other sites
Boidster Leader

Boidster

Posted
Posted
3 hours ago, White-Gandalf said:

The principles were developed more than half a century ago.

 

The principles of secure client-server gaming netcode over TCP/IP were developed by 1971? Do tell...

 

I do remember the FPS on these things was horrible unless I kept texture resolution on "low".

220px-IBM_3277_Model_2_terminal.jpg

 

3 hours ago, White-Gandalf said:

Every commercial client-server system crawling on its last toenail does this right.

 

Seriously. C'mon, man. Commercial client-server systems - and other gaming client-server systems - get hacked every damn day. There are legitimate gripes about 7D2D; no need to use hyperbole to make them The Worst Ever.

5
Link to comment
Share on other sites
Star69 Colony Founder

Star69

Posted
Posted

Most games have anticheat systems to combat people with these hacks but every time the react to one particular hack, the hackers find another way to exploit the system. It’s a cat and mouse game that has not been won. It’s no different than the hackers exploiting operating systems and the same cat and mouse game with antivirus companies. If the OS keeps getting hacked, how do you expect a piece of software from being hacked? The onus for this, at least with 7 Days to Die is with EAC not the Fun Pimps. Hackers be hackers.

Link to comment
Share on other sites
Maharin Leader

Maharin

Posted
Posted
2 hours ago, Roland said:

You can password protect your server and the hackers can sit and spin. My family has a private server that has never once been hacked.

 

 

Post your IP address and I'm sure it could be arranged.  :p

 

1
Link to comment
Share on other sites
  • 4 weeks later...
White-Gandalf Hunter

White-Gandalf

Posted
  • Author
Posted
On 2/28/2022 at 5:51 PM, Boidster said:

The principles of secure client-server gaming netcode over TCP/IP were developed by 1971?

 

Well: Unix was invented 1969. Not 1971. You have my commisaration :D

And, by the way: Unix is only one little example of correct client-server division of accountability.

 

For Noobs in programming: Make a simple google search for keywords like "top ten programmers mistakes client authentication". The Top-10-Lists nowadays mostly don't even include the crucial mistake to let clients do the authentication by and fpr themselves. This blatant beginners mistake is so abysmal wrong that only in beginners courses for web programming, you will have a chance of getting instructed to NOT do it. In all other cases, it is taken for granted that a programmer has no way of being THAT bloody dumb to fall for such a basic pit.

Link to comment
Share on other sites
Boidster Leader

Boidster

Posted
Posted
3 hours ago, White-Gandalf said:

And, by the way: Unix is only one little example of correct client-server division of accountability.

 

I'm unsure how to interpret this in the context of your argument about 7D2D's claimed horrible netcode. Are you talking about OS kernel communications as an example to follow for a client-server game? Or are you claiming that client-server apps running on Unix are inherently "correct"? Have we moved out of a discussion of games running client-server over TCP/IP and into an OS war?

 

Just this very week I had to work with a vendor to correct a problem in their node-based app which was not properly handling HTTPS-over-HTTP tunnelling through Squid proxy. They allow non-SSL traffic to the server, but of course that would be stupid so they need to correctly configure a tunnel. This was on CentOS 7, which I presume meets your definition for "Unix", though perhaps you are a purist. Should this client-server comms be labeled "correct" since it's on *nix?

 

Anyway, my point is that client-server app code - game or otherwise - is not "solved" by any means. There are best practices and risks and mitigations and a lot of cat-and-mouse as mentioned above. 7D2D might be pretty bad in this area; I don't actually have a strong argument there. But "solved in 1971" (or 1969) seems like an unserious argument.

1
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...