.com.unity Forums
  The Official e-Store of Shrapnel Games

This Month's Specials

BCT Commander- Save $8.00
winSPWW2- Save $5.00

   







Go Back   .com.unity Forums > Illwinter Game Design > Dominions 2: The Ascension Wars

Reply
 
Thread Tools Display Modes
  #161  
Old August 12th, 2004, 09:44 PM

Leif_- Leif_- is offline
Sergeant
 
Join Date: Sep 2003
Location: Norway
Posts: 346
Thanks: 0
Thanked 0 Times in 0 Posts
Leif_- is on a distinguished road
Default Re: Mumbling about MP security

Quote:
And Im more hacker to whom no absolute security is considered possible.
Oh, it's quite possible to make a computer program without any security flaws - the tricky thing is <i>knowing</i> that there aren't any security flaws in it. :-p
__________________
"Freefall, my old nemesis! All I have to do is activate my compressed gas rocket boots and I will cheat you once again! Belt control ON!…On?" [i]Othar Trygvasson[i]
Reply With Quote
  #162  
Old August 13th, 2004, 12:55 AM

nakomus nakomus is offline
Private
 
Join Date: Feb 2004
Posts: 18
Thanks: 0
Thanked 0 Times in 0 Posts
nakomus is on a distinguished road
Default Re: Mumbling about MP security

The methods of cheating discussed in this forum (with the exception of Taqwus) seem to focus on alteration of *data* files of the game in question, in two forms:

1. The machine on which the game was hosted was compromised and the fatherland file was edited to change game state. Than the modified, but structurally valid fatherland file was used the hosting Dominions 2 system generate the next turn

2. Either trn or 2h files were modified such that an illegal (but structurally valid) 2h file was returned to the server, which failed to detect the inconsistency in the game state.

Both of these methods assume that the hosting installation of Dominions was operating correctly on the input it was given (although it may be insufficiently paranoid).

If 1) is the true scenario than this clearly need not be the case, the attack would have had access to the executable, configuration information, and runtime state during hosting.

Even if the attacker does not have root access on the hosting server, there is the possibility of a remote exploit in Dominions, either through structurally invalid 2H files or attacks through the network connection.
In short, it may be that the server was coerced to generate invalid turn files, rather than failing to detect subtle modification of an otherwise valid input.

I won’t speculate further as to how this could be carried out.

Of course, the devs may have reason to rule these sorts of attacks out.
Reply With Quote
  #163  
Old August 27th, 2004, 08:36 PM

Anglachel Anglachel is offline
Corporal
 
Join Date: Apr 2004
Location: Winter Park, Florida
Posts: 81
Thanks: 0
Thanked 0 Times in 0 Posts
Anglachel is on a distinguished road
Default Re: Mumbling about MP security

OMG! I have figured it out! Stormbinder and Norfleet are the same person! You all fell for it suckers!!!!
__________________
Where the lion's skin will not reach, you must patch it out with the fox's.
Plutarch
Reply With Quote
  #164  
Old August 27th, 2004, 08:41 PM

jarenko jarenko is offline
Private
 
Join Date: Aug 2004
Location: California
Posts: 39
Thanks: 0
Thanked 0 Times in 0 Posts
jarenko is on a distinguished road
Default Re: Mumbling about MP security

Is this thread about baseball?
Reply With Quote
  #165  
Old August 27th, 2004, 11:33 PM

Cheezeninja Cheezeninja is offline
Sergeant
 
Join Date: Mar 2004
Location: cali
Posts: 325
Thanks: 0
Thanked 0 Times in 0 Posts
Cheezeninja is on a distinguished road
Default Re: Mumbling about MP security

No this thread got started after a particularly ugly thread about cheating by a very prominent member of the forum got locked. The title is a sentence commonly used in the USA as a way to change the subject when the current subject is uncomfortable or for some reason taboo.
Reply With Quote
  #166  
Old August 28th, 2004, 07:44 AM
PhilD's Avatar

PhilD PhilD is offline
First Lieutenant
 
Join Date: Sep 2003
Location: Bordeaux, France
Posts: 794
Thanks: 0
Thanked 0 Times in 0 Posts
PhilD is on a distinguished road
Default Re: So how \'bout those Mets?

Having just read this thread (after a few weeks off the forum), I must say I'm very surprised that, apparently, .2h (orders) files are not what (I believe it was Taqwus) suggested, ie, purely a list of orders to be compiled by the server, so they can be checked for consistency. If anything is trusted on the client and the .trn file (like gem/gold/whatever management), then this means someone can "hack" the easily accessed file (.trn files for his own nation) and cheat, with some trial and error (encrypting the .trn files would somewhat hamper this, though not prevent it).

Basic security - heck, I'd call it common sense, and always feel stupid for pointing this to my students - says, don't trust the client. The .trn files should not contain any information not available to the player "by the rules", either. Then, if it takes attacking the server to cheat, of course there are some people out there that will be able to do that, but (1) there will be fewer of them, (2) a security-conscious host will be able to at least add protection to his server, and (3) people with these kind of attack skills will probably have something better to do than cheat in some obscure TBS game
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump


All times are GMT -4. The time now is 10:20 AM.


Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©1999 - 2024, Shrapnel Games, Inc. - All Rights Reserved.