Reply
 
Thread Tools Rating: Thread Rating: 3 votes, 5.00 average. Display Modes
Old 05-08-2015, 00:59   #1
sundancerx
Registered User
 
Join Date: Sep 2004
Posts: 2,672
sundancerx has a reputation beyond reputesundancerx has a reputation beyond reputesundancerx has a reputation beyond reputesundancerx has a reputation beyond reputesundancerx has a reputation beyond reputesundancerx has a reputation beyond reputesundancerx has a reputation beyond reputesundancerx has a reputation beyond reputesundancerx has a reputation beyond reputesundancerx has a reputation beyond reputesundancerx has a reputation beyond repute
ini edits

im no programmer so i dunno, but is it possible to include the ini files inside co.exe or just compile them to a different program/file.

if peope hack these new files, then co has legit case to jail them coz of using 3rd party program to alter their files.
__________________
Originally Posted by awakening
tranny can be awesome, but I can't say the same for your level of intelligent.
sundancerx is offline   Reply With Quote Share with Facebook
Old 05-08-2015, 05:33   #2
Kachun
Registered User
 
Join Date: Nov 2014
Posts: 323
Kachun is on a distinguished road
They don't need to do that, but they should harden the code and/or cryptographically very the ini file.

Modified files should be detected and blocked.

The binary should use encryption and memory hardening to block exploits.
Kachun is offline   Reply With Quote Share with Facebook
Old 05-08-2015, 05:45   #3
§mugglaz
Banned
 
§mugglaz's Avatar
 
Join Date: Feb 2015
Posts: 578
§mugglaz has a reputation beyond repute§mugglaz has a reputation beyond repute§mugglaz has a reputation beyond repute§mugglaz has a reputation beyond repute§mugglaz has a reputation beyond repute§mugglaz has a reputation beyond repute§mugglaz has a reputation beyond repute§mugglaz has a reputation beyond repute§mugglaz has a reputation beyond repute§mugglaz has a reputation beyond repute§mugglaz has a reputation beyond repute
Quote:
Originally Posted by Kachun View Post
They don't need to do that, but they should harden the code and/or cryptographically very the ini file.

Modified files should be detected and blocked.

The binary should use encryption and memory hardening to block exploits.
Wow tq should hire you
§mugglaz is offline   Reply With Quote Share with Facebook
Old 05-08-2015, 06:14   #4
Deathclaw
Soon™
 
Deathclaw's Avatar
 
Join Date: Apr 2007
Location: Germany
Posts: 10,127
Deathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond repute
Quote:
Originally Posted by Kachun View Post
They don't need to do that, but they should harden the code and/or cryptographically very the ini file.

Modified files should be detected and blocked.

The binary should use encryption and memory hardening to block exploits.
__________________
Quote:
There are only two hard problems in Computer Science: cache invalidation and naming things
Quote:
Let the hate flow through you.
Computer Scientist
Deathclaw is offline   Reply With Quote Share with Facebook
Old 05-08-2015, 07:01   #5
Schnifschnaf
Registered User
 
Join Date: Mar 2011
Posts: 308
Schnifschnaf has a reputation beyond reputeSchnifschnaf has a reputation beyond reputeSchnifschnaf has a reputation beyond reputeSchnifschnaf has a reputation beyond reputeSchnifschnaf has a reputation beyond reputeSchnifschnaf has a reputation beyond reputeSchnifschnaf has a reputation beyond reputeSchnifschnaf has a reputation beyond reputeSchnifschnaf has a reputation beyond reputeSchnifschnaf has a reputation beyond reputeSchnifschnaf has a reputation beyond repute
Ben ull botar!
Schnifschnaf is offline   Reply With Quote Share with Facebook
Old 05-08-2015, 07:25   #6
sundancerx
Registered User
 
Join Date: Sep 2004
Posts: 2,672
sundancerx has a reputation beyond reputesundancerx has a reputation beyond reputesundancerx has a reputation beyond reputesundancerx has a reputation beyond reputesundancerx has a reputation beyond reputesundancerx has a reputation beyond reputesundancerx has a reputation beyond reputesundancerx has a reputation beyond reputesundancerx has a reputation beyond reputesundancerx has a reputation beyond reputesundancerx has a reputation beyond repute
Quote:
Originally Posted by Kachun View Post
They don't need to do that, but they should harden the code and/or cryptographically very the ini file.

Modified files should be detected and blocked.

The binary should use encryption and memory hardening to block exploits.
whatever it is ,something has to be done.

saying it;s ok to edit files is a big fail.
__________________
Originally Posted by awakening
tranny can be awesome, but I can't say the same for your level of intelligent.
sundancerx is offline   Reply With Quote Share with Facebook
Old 05-08-2015, 08:19   #7
Kachun
Registered User
 
Join Date: Nov 2014
Posts: 323
Kachun is on a distinguished road
Quote:
Originally Posted by Deathclaw View Post
Why?
Kachun is offline   Reply With Quote Share with Facebook
Old 05-08-2015, 08:40   #8
Deathclaw
Soon™
 
Deathclaw's Avatar
 
Join Date: Apr 2007
Location: Germany
Posts: 10,127
Deathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond repute
Quote:
Originally Posted by Kachun View Post
Why?
You are an idiot. That's why.
__________________
Quote:
There are only two hard problems in Computer Science: cache invalidation and naming things
Quote:
Let the hate flow through you.
Computer Scientist
Deathclaw is offline   Reply With Quote Share with Facebook
Old 05-08-2015, 09:45   #9
Conondrum
Fading..
 
Conondrum's Avatar
 
Join Date: Jul 2007
Location: Denmark
Posts: 1,942
Conondrum has a reputation beyond reputeConondrum has a reputation beyond reputeConondrum has a reputation beyond reputeConondrum has a reputation beyond reputeConondrum has a reputation beyond reputeConondrum has a reputation beyond reputeConondrum has a reputation beyond reputeConondrum has a reputation beyond reputeConondrum has a reputation beyond reputeConondrum has a reputation beyond reputeConondrum has a reputation beyond repute
Quote:
Originally Posted by sundancerx View Post
im no programmer so i dunno, but is it possible to include the ini files inside co.exe or just compile them to a different program/file.

if peope hack these new files, then co has legit case to jail them coz of using 3rd party program to alter their files.
Are you thinking all ini files?
I'm editing the flash.ini file to turn down the volume on the login-screen. I don't need an audible reminder each time I type a letter or a number in my password.
I have done so for years, each time that particular ini file is updated, I go in and set the volume to 0.
I even asked a GM back then if it was ok, got a green light to do so.
__________________
Conondrum (Aries/Aquarius) Monk - Warrior - Archer
Banisher (Sunshine) Pure Warrior
Mystra (Sunshine) Water - Warrior - Archer
Conondrum is offline   Reply With Quote Share with Facebook
Old 05-08-2015, 10:46   #10
sundancerx
Registered User
 
Join Date: Sep 2004
Posts: 2,672
sundancerx has a reputation beyond reputesundancerx has a reputation beyond reputesundancerx has a reputation beyond reputesundancerx has a reputation beyond reputesundancerx has a reputation beyond reputesundancerx has a reputation beyond reputesundancerx has a reputation beyond reputesundancerx has a reputation beyond reputesundancerx has a reputation beyond reputesundancerx has a reputation beyond reputesundancerx has a reputation beyond repute
Quote:
Originally Posted by Conondrum View Post
Are you thinking all ini files?
I'm editing the flash.ini file to turn down the volume on the login-screen. I don't need an audible reminder each time I type a letter or a number in my password.
I have done so for years, each time that particular ini file is updated, I go in and set the volume to 0.
I even asked a GM back then if it was ok, got a green light to do so.
ones that affect the pvp of the game obv. appearance, sounds etc, dont really matter.

tq saying it's ok to edit the files is just unacceptable.
__________________
Originally Posted by awakening
tranny can be awesome, but I can't say the same for your level of intelligent.
sundancerx is offline   Reply With Quote Share with Facebook
Old 05-08-2015, 11:25   #11
Kachun
Registered User
 
Join Date: Nov 2014
Posts: 323
Kachun is on a distinguished road
Quote:
Originally Posted by Deathclaw View Post
You are an idiot. That's why.
these things are trivial to program..
Kachun is offline   Reply With Quote Share with Facebook
Old 05-08-2015, 12:24   #12
Deathclaw
Soon™
 
Deathclaw's Avatar
 
Join Date: Apr 2007
Location: Germany
Posts: 10,127
Deathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond repute
Quote:
Originally Posted by Kachun View Post
these things are trivial to program..
Cool story bro but irrelevant.

1.) Encryption is useless in case. It is used to protect your data against attacks of 3rd parties. Encryption is broken in general if someone has access to the client and/or server. One simply had to disassemble the CO client binary in this case.

2.) Some config files are "encrypted" already.

3.) How does using the OS/CPU security features help in any way to avoid that someone modifies those files?
__________________
Quote:
There are only two hard problems in Computer Science: cache invalidation and naming things
Quote:
Let the hate flow through you.
Computer Scientist

Last edited by Deathclaw; 05-08-2015 at 12:28.
Deathclaw is offline   Reply With Quote Share with Facebook
Old 05-09-2015, 01:18   #13
Kachun
Registered User
 
Join Date: Nov 2014
Posts: 323
Kachun is on a distinguished road
I see your point, however everything CO can do to make it more difficult to hack the files and exe is a welcome bonus.

In the end its always an endless game of cat and mouse.

Obviously the server should also be much better at detecting impossible inputs/movements

things like ASLR will make it harder to do in memory hacks, but i guess binary hacks are more common?
Kachun is offline   Reply With Quote Share with Facebook
Old 05-09-2015, 01:58   #14
Deathclaw
Soon™
 
Deathclaw's Avatar
 
Join Date: Apr 2007
Location: Germany
Posts: 10,127
Deathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond reputeDeathclaw has a reputation beyond repute
Quote:
Originally Posted by Kachun View Post
I see your point, however everything CO can do to make it more difficult to hack the files and exe is a welcome bonus.

In the end its always an endless game of cat and mouse.

Obviously the server should also be much better at detecting impossible inputs/movements

things like ASLR will make it harder to do in memory hacks, but i guess binary hacks are more common?
Well this thread is about avoiding that they edit the files in the ini folder. Using an encryption is useless.

Harder? Anyone that is capable of using a PE header editor can simply clear the ASLR and DEP flags. Those features are not designed to protect a binary against people that have access to the system. They are supposed to protect against attackers that don't have access to the system.
__________________
Quote:
There are only two hard problems in Computer Science: cache invalidation and naming things
Quote:
Let the hate flow through you.
Computer Scientist
Deathclaw is offline   Reply With Quote Share with Facebook
Old 05-10-2015, 01:54   #15
§mugglaz
Banned
 
§mugglaz's Avatar
 
Join Date: Feb 2015
Posts: 578
§mugglaz has a reputation beyond repute§mugglaz has a reputation beyond repute§mugglaz has a reputation beyond repute§mugglaz has a reputation beyond repute§mugglaz has a reputation beyond repute§mugglaz has a reputation beyond repute§mugglaz has a reputation beyond repute§mugglaz has a reputation beyond repute§mugglaz has a reputation beyond repute§mugglaz has a reputation beyond repute§mugglaz has a reputation beyond repute
you think they gonna reject this

SlowMO
§mugglaz is offline   Reply With Quote Share with Facebook
Reply

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -7. The time now is 18:14.


You Rated this Thread: