Hi,
I’m developing at the University a module to improve security in online games (the implementation is based on W:ET).
The server-side is partly done - it’s working as a proxy between ET engine and ET mod (like ETPro). Currently it supports clients groups (levels of privileges), assigning to them access to server commands (with inheritance) and banning by networks’ addresses (CIDR) with exceptions.
I would base client authentication and authorization on GnuPG (or SSL) - as GUIDs can be changed and cheater could easily gain access to server.
The problem is emerging: needs of client-side to handle authentication of an admin/player. The client can be cheated by dishonest server admin, forcing him (the client) to download a faked module, which could steal the key and log the passphrase typed by the player.
Does someone have any ideas how to prevent this?
Thanks in advance for any hints.
Module improving security
work with a checksum?
then if client detects, that the server is not pure then u can’t connect or so?
don’t think it’s possible to completely eliminate this problem though, but i haven’t come across that many dishonest server admins.
[QUOTE=stealth6;227984]work with a checksum?
then if client detects, that the server is not pure then u can’t connect or so?[/QUOTE]
At first, thanks for response.
The problem is at client-side: the player should ensure that he downloaded the trusted module - because here he will type his passphrase.
Besides, checking if the other side is pure is not easy - faked module can allways says you whatever you wanted to hear.
Partial solution is that my module (at client-side) will allways be present when ET is running to detect potentional violations.
hmm, not sure if this is possible basically every way i can think of can be hacked or whatever.
maybe using a master server, then if a server bans somebody it is reported to the master server.
If this server turns out to be using a hacked module, then those bans are removed and the passwords are reset.
But then somebody could still make a dummy module that is not linked to the master server.
But I don’t think there is a way to make it 100% fail proof, if the client has to get his module from the server.
If you Make a small client part with a checksum and then peoplehave to manually download it from your site, then this would kinda fix it a bit, but then it wouldn’t be as easy as just joining a server.
They way you are thinking of it really impossible I think :s for example you have runescape, there a player logs in with his info etc… but there are still retards that give out their password, or go to a fake site and enter there info there.
So you could make a disclaimer saying you are responsible for your account.
If you loose it it’s your problem.
but I would at least say to give some kind of password recovery/change system.
Maybe a crazy solution would be to make like a “leasing system” Like DHCP you get a passcode for a certain amount of time, then you need to renew it?
Anyway hopefully these ideas can help your brainstorming a bit 
EDIT: actually that last idea might do the trick, generate random passwords with the click of a button, and every x amount of time your password is regenerated.
This way even if hackers start collecting passwords, they will only be active for x amount of time.
Without knowing the details of how your system operates, it’s hard to find an appropriate answer.
stealth6’s approach sounds right. It has some semblance to oAuth - a central authority (e.g. Twitter, or in your case, a master server) stores user’s login details, and external services (e.g. Tweetdeck, or in your case, a game server) are granted an authorisation token by the authority that is a unique service/user pair.
Should the service (game server) be compromised, the user can tell the central authority to revoke that particular token, thereby making it useless. However, tokens given to different services (game servers) will continue to work, as each one is distinct.
Of course, this requires that there’s some “central authority” that all game servers using your software report to, but it is really the only way I can think for you to get the service security you want, and already works well for the web.
If an admin would be really determined to crack your system he could;
Make a client module which either gets that local key file, or loads your client module to simulate as if W:ET calls your client module.
One way I could imagine see working is the use of a client service, like punkbuster services.
The service would be in touch with the clientmodule, and verifies if the server, the player wants to connect on, is valid or not.
The downside is that players hate to manually download something. And an automated download/install system via the client module is really hard/quite imposible to realise because of the various security systems throughout multiple OS’s.
Let me know when you’ve finished it, I’d be happy to find a ‘backdoor’ in your system 
Good luck.
PS. did you make a QMM-like server system?
Thanks all for answers.
I will be messing with this trying to find the best solution.
I have made a lua-based scripts called !NGAdmin, but due the lack of interest i have abandone it.
Currently working on this Cpp module which will implement some of previous ideas.
Hello again,
I have decided to use RSA public/private keys for now; maybe I will enhance it with central authority server in future.
I met some problems with cgame module:
[ul]
[li] client initiates authorization procedures by: trap_SendClientCommand(“rsa key_id”);
[/li][li] server recives this information and tries to encrypt private random value with public key of the player, sends it back: trap_SendServerCommand(clientNum, “rsa encrypted_data_and_base64_coded”);
[/li][li] client to get servercommands have to listen snapshots and search for “rsa” command in trap_GetServerCommand - and it does well
[/li][li] now it decodes data and decrypts them and tries to send decrypted value back to server: trap_SendClientCommand(“rsa decrypted_value”) but IT DOESN’T.
[/li][/ul]
If i try to send any other command, for example: “score rsa VALUE” - it works. It’s strange, because sending “rsa” command at 1st line worked. Moreover, if I try to type manualy “rsa decrypted_value” it works.
I think that’s something wrong with these snapshots here is that code (I know, it’s a mess, but i’m desperated and tries everything)
Thanks in advance for any help and sorry for my english
I got your !NGAdmin from the etpro forum and i read the functions you add to this module there and in the etpro lua mods wiki page but i think the link you place to download it in etpro forum is not for the last version you made, maybe you can send me the code of this lua module?? i want to take a look at it because i want to add to my lua module a function to ban etpro guids and i cant firgure out how to get it working correctly in my module. If you can send it to me i will aprecciate it.
Thanks in advance.
In my code i had to reconstruct the way a client handles server commands (get into CG_ServerCommand in cgame; the code from above does it):
[ul]
[li]CG_DrawActiveFrame
[/li][li]CG_ProcessSnapshots
[/li][li]CG_TransitionSnapshot
[/li][li]CG_ExecuteNewServerCommands
[/li][li]CG_ServerCommand
[/li][/ul]
and here i’m able to see commends recived from snapshots (for example: print them).
Now my proxy have to handle “rsa encrypted_data” command recived from server and send response back (“rsa decrypted_data”), but response doesn’t reach the server. However if I try (in the same place where i tried sent a “rsa” command) to send any other command like “score” or even “score rsa decrypted_data” - it’s done well. Of course, I can inject my code into “score” command, but it doesn’t make me feel good.
Well, then it seems that the server doesn’t understand the ‘rsa’ command, which confirms the fact that it does understand the ‘score’ command.
Did you debug the incomming messages from the server ?
When I try to type “rsa” command directly in the client’s terminal, it works and gets recognized by server. The same when the client sends the command, for example: from CG_INIT or CG_CONSOLE_COMMAND (invoked by local command like “do_rsa_now”). It just doesn’t work when I parse retrived commands from snapshots and want to reply.
Can you print out every command coming in from the snapshots ? this will verify if the rsa commands gets included in the snapshot collection.
Let’s forget about it and return to the main problem.
I have done some brainstorming already with friends and people from #etpro and #iowolfet (thanks a lot to them). Generally it’s trivial to cheat a client and there is no good solution. Some ideas I have by now:
- cl_allowdownload 0 (not everyone will like it)
- whitelist of trusted modules verified by ET client engine (such feature doesn’t exist)
- using my service as a daemon that will starts and performs authentication procedures before ET’s module loading (requires manual download)
- one-time passwords/tokens from certified website (centralization; need of visiting the website every time you want to join a server - it’s lame)
Thanks in advance for any hints
As I said before the only system that will work is the last idea. Certified passwords etc…
But even for that there are many loopholes, but I think that’s the best bet.
… 10 minutes later
Been thinking about the problem again and it is literally impossible to stop a hacker without putting malicious software on their computer.
You’d need a way to control their every move
Well the problem is literally every bit of information you get from the client can be spoofed, if you could fix this problem then you could make a working authentication app.